Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Backform

These are resident COM and EXE infectors. Backform.2345 is encrypted. These viruses contain the interrupt INT 21h, the variant Backform.2000 also INT 13h. Both viruses are interesting because they use the old technique of COMMAND.COM infection which was introduced by the legendary virus Lehigh. The technique functions like this: the virus writes itself into the area in COMMAND.COM where zeros are present. As a result the COMMAND.COM length is not changed after it was infected. In other COM type files the virus analyzes the first instruction. If it finds a jump it will attach itself to the code in location pointed by the jump. If the first instruction is not a jump, the virus will infect in classical way: it rewrites the fist three bytes by a jump and attaches itself to the end of the program. Backform.2000, depending on generation and system date, formats diskette backwards (from the ninth sector to the first one). This is true only for 360 kB diskettes. Backform.2345 occasionally damages data that are being written.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.