Blackflash
Introduction
Blackflash is a computer virus written for the Commodore Amiga. It is a simple bootvirus.
Summary
- Overwriting the original bootblock of an unprotected disk inserted in the floppydrive
- The virus is not crypted
- Uses DoIO()-vector from the exec.library for infection
- Makes itself reset resident by using the CoolCapture
Details
After booting with an infected disk the virus copies itself to memory-location $7F000. Unlike other typically old bootviruses on the Amiga this memory location can't be overwritten by the AmigaOS afterwards because the virus sets this memory area as allocated by using AllocAbs() of the exec.library.
Then the virus makes itself reset resident by using the CoolCapture and finally hooks the DoIO()-vector of the exec.library for infection of other disks.
At the beginning of the bootblock you can read the following text:
0000h: 44 4F 53 00 DF BC 62 F9 00 00 03 70 60 00 00 18 ; DOS.ß¼bù...p`...
0010h: 62 6C 61 63 6B 66 6C 61 73 68 20 76 69 72 75 73 ; blackflash virus
0020h: 20 56 32 2E 30 22 0C B9 66 00 00 0E 00 07 F0 30 ; V2.0".¹f.....ð0
and at the end the following text:
02f0h: 00 00 48 45 4C 4C 4F 2C 20 49 20 41 4D 20 41 4D ; ..HELLO, I AM AM
0300h: 49 47 41 20 21 20 20 50 4C 45 41 53 45 20 48 45 ; IGA ! PLEASE HE
0310h: 4C 50 20 4D 45 20 21 20 20 20 20 49 20 46 45 45 ; LP ME ! I FEE
0320h: 4C 20 53 54 49 43 4B 20 21 20 20 20 20 49 20 48 ; L STICK ! I H
0330h: 41 56 45 20 41 20 56 49 52 55 53 20 21 20 20 A1 ; AVE A VIRUS ! ¡
0340h: 20 42 59 20 42 4C 41 43 4B 46 4C 41 53 48 20 21 ; BY BLACKFLASH !
0350h: 20 58 61 00 00 16 2C 79 00 00 00 04 49 FA FD 90 ; Xa...,y....Iúý
This text is part of a graphical routine which will be started each 19th infection:
