Scores (computer virus)

Last updated
Scores
Technical nameScores
AliasEric
Vult
NASA
San Jose Flu
Type Macintosh
SubtypeCategorisation needed
Classification Virus
FamilyUnknown
OriginUnknown
AuthorsUnknown

Scores was a computer virus affecting Macintosh machines. It was first discovered in Spring 1988. It was written by a disgruntled programmer and specifically attacks two applications that were under development at his former company. These programs were never released to the public. [1] [2] [3]

Overview

Scores infects the System, Notepad, and Scrapbook files under System 6 and System 7. There is a simple way to identify infection. Normal Notepad and Scrapbook icons will have specific icons under System 7, or little Macintosh icons under System 6. If the icons are blank document icons, it is a good indication the system is infected.

Scores begins to spread to other applications two days after infection. The Finder and DA Handler often become infected as well.

The second payload, activated after 4 days, will start causing crashes if programs with the ERIC or VULT signatures are run. Both signatures are found on programs written by Electronic Data Systems of Plano, Texas. If a program from the company is run, the virus will crash the system after 25 minutes.

The third payload activates after 7 days, and will actively try to stop programs with the VULT signature from writing to disk. If no write to disks happen within 10 minutes, the virus will crash the system.

The alleged author of the virus was questioned by the Federal Bureau of Investigation (FBI) soon after the virus was discovered. There were no federal laws with which to charge the author, so they remain free to this day. This loophole resulted in the "Computer Virus Eradication Act of 1988" [4]

Related Research Articles

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

The Morris worm or Internet worm of November 2, 1988, is one of the oldest computer worms distributed via the Internet, and the first to gain significant mainstream media attention. It resulted in the first felony conviction in the US under the 1986 Computer Fraud and Abuse Act. It was written by a graduate student at Cornell University, Robert Tappan Morris, and launched on 8:30 p.m. November 2, 1988, from the Massachusetts Institute of Technology network.

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

<span class="mw-page-title-main">CIH (computer virus)</span> Windows 9x computer virus

CIH, also known as Chernobyl or Spacefiller, is a Microsoft Windows 9x computer virus that first emerged in 1998. Its payload is highly destructive to vulnerable systems, overwriting critical information on infected system drives and, in some cases, destroying the system BIOS. The virus was created by Chen Ing-hau, a student at Tatung University in Taiwan. It was believed to have infected sixty million computers internationally, resulting in an estimated NT$1 billion (US$35,801,231.56) in commercial damages.

Norton AntiVirus is an anti-virus or anti-malware software product founded by Peter Norton, developed and distributed by Symantec since 1990 as part of its Norton family of computer security products. It uses signatures and heuristics to identify viruses. Other features included in it are e-mail spam filtering and phishing protection.

Disinfectant was a popular antivirus software program for the classic Mac OS. It was originally released as freeware by John Norstad in the spring of 1989. Disinfectant featured a system extension that would detect virus infections and an application with which users could scan for and remove viruses. New versions of Disinfectant were subsequently released to detect additional viruses. Bob LeVitus praised and recommended Disinfectant in 1992. In May 1998, Norstad retired Disinfectant, citing the new danger posed by macro viruses, which Disinfectant did not detect, and the inability of a single individual to maintain a program that caught all of them.

Jerusalem is a logic bomb DOS virus first detected at Hebrew University of Jerusalem, in October 1987. On infection, the Jerusalem virus becomes memory resident, and then infects every executable file run, except for COMMAND.COM. COM files grow by 1,813 bytes when infected by Jerusalem and are not re-infected. Executable files grow by 1,808 to 1,823 bytes each time they are infected, and are then re-infected each time the files are loaded until they are too large to load into memory. Some .EXE files are infected but do not grow because several overlays follow the genuine .EXE file in the same file. Sometimes .EXE files are incorrectly infected, causing the program to fail to run as soon as it is executed.

nVIR is an obsolete computer virus which can replicate on Macintosh computers running any System version from 4.1 to OS 8. The source code to the original nVIR has been made widely available, and so numerous variants have arisen. Each variant causes somewhat different symptoms, such as: application crashes, printing errors on laser printers, slow system response time, or unpredictable system crashes. nVIR spreads through any nVIR-infected program, but due to the long period of time nVIR lies basically dormant in a host system, nVIR generally finds its way into system backups and is not detected until the first overt symptoms appear. For example, if a disk used in an infected Macintosh is removed and inserted in a second Macintosh, the other machine will become infected if any application on that disk is executed in the second machine. Further, any method used to transfer programs between Macintoshes will spread nVIR, including file transfer over a network. However, nVIR cannot spread via a print network's hardware.

<span class="mw-page-title-main">Microsoft Write</span> Basic word processor formerly included with Microsoft Windows

Microsoft Write is a basic word processor included with Windows 1.0 and later, until Windows NT 3.51. Throughout its lifespan, it was minimally updated, and is comparable to early versions of MacWrite. Early versions of Write only work with Write Document (.wri) files, which are a subset of the Rich Text Format (RTF). After Windows 3.0, Write became capable of reading and composing early Word Document (.doc) files. With Windows 3.1, Write became OLE capable. In Windows 95, Write was replaced with WordPad; attempting to open Write from the Windows folder will open WordPad instead.

Blackworm is an Internet worm discovered on January 20, 2006 that infects several versions of Microsoft Windows. It is also known as Grew.a, Grew.b, Blackmal.e, Nyxem.e, Nyxem.d, Mywife.d, Tearec.a, CME-24, and Kama Sutra.

The Oompa-Loompa malware, also called OSX/Oomp-A or Leap.A, is an application-infecting, LAN-spreading worm for Mac OS X, discovered by the Apple security firm Intego on February 14, 2006. Leap cannot spread over the Internet, and can only spread over a local area network reachable using the Bonjour protocol. On most networks this limits it to a single IP subnet.

Form was a boot sector virus isolated in Switzerland in the summer of 1990 which became very common worldwide. The origin of Form is widely listed as Switzerland, but this may be an assumption based on its isolation locale. The only notable characteristics of Form are that it infects the boot sector instead of the Master Boot Record (MBR) and the clicking noises associated with some infections. Infections under Form can result in severe data damage if operating system characteristics are not identical to those Form assumes.

<span class="mw-page-title-main">Stoned (computer virus)</span> Computer virus

Stoned is a boot sector computer virus created in 1987. It is one of the first viruses and is thought to have been written by a student in Wellington, New Zealand. By 1989 it had spread widely in New Zealand and Australia, and variants became very common worldwide in the early 1990s.

The Ping-Pong virus is a boot sector virus discovered on March 1, 1988, at the Politecnico di Torino in Italy. It was likely the most common and best known boot sector virus until outnumbered by the Stoned virus.

<span class="mw-page-title-main">MacMag</span> Computer virus

The MacMag virus, also known by various other names, is a computer virus introduced in 1988 by Richard Brandow, who at the time was editor and publisher of MacMag computer magazine in Montréal.

KoKo Virus is a memory resident computer virus created in March 1991. KoKo's name came from the creator himself, which was a nickname used by his friends. Many on-line virus databases refer to KoKo as Koko.1780. KoKo is written in the Assembly programming language and the executable file usually has an approximate file size of around 1780 bytes.

<span class="mw-page-title-main">Computer virus</span> Computer program that modifies other programs to replicate itself and spread

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses.

<span class="mw-page-title-main">Macintosh startup</span> Startup sequence for Macintosh computers

The Macintosh startup sequence for Apple Macintosh computers, or Macs, includes hardware tests and diagnostics which can trigger the startup chimes or other indications of startup success or failure. The startup sequence provides auditory and visual symbols of the computer's status and condition as it powers up, providing users with immediate feedback on the machine's soundness. Additionally, they allow the user to quickly identify any potential problems and take any appropriate actions to rectify faults.

<span class="mw-page-title-main">System 1</span> First major release of classic Apple Macintosh operating system (1984)

The Macintosh "System 1" is the first major release of the classic Mac OS operating system. It was developed for the Motorola 68000 microprocessor. System 1 was released on January 24, 1984, along with the Macintosh 128K, the first in the Macintosh family of personal computers. It received one update, "System 1.1" on December 29, 1984, before being succeeded by System 2.

ANTI is a computer virus affecting Apple Macintosh computers running classic Mac OS versions up to System 6. It was the first Macintosh virus not to create additional resources within infected files; instead, it patches existing CODE resources.

References

  1. "Virus:MacOS/Scores.A". www.microsoft.com. Retrieved 2016-03-23.
  2. "Scores - The Virus Encyclopedia". virus.wikidot.com. Retrieved 2016-03-23.
  3. "Scores Virus". agn-www.informatik.uni-hamburg.de. Retrieved 2016-03-23.
  4. Tribune, Chicago (1988-10-10). "CONGRESS ON TRAIL OF THE CURE FOR COMPUTER VIRUSES". Chicago Tribune. Retrieved 2024-11-24.