The following text is copyright (c) 1987-1990 CompuServe Magazine and may not be reproduced without the express written permission of CompuServe. CompuServe Magazine's Virus History Timeline CompuServe Magazine is published monthly by the CompuServe Information Service, the world's largest on-line information service with over 600,000 subscribers worldwide. If you would like to become a CompuServe subscriber, call 1-800-848-8199 to receive a copy of the CompuServe Information Service membership kit. - 1987 - "VIRUS" INFECTS COMMODORE COMPUTERS (Nov. 20) A "virus" has been infecting Commodore's Amiga computers, and what was once considered an innocent bit of hacking has turned into a disaster for some users. The "virus" is a secret modification to the boot block, an area on many disks using operating system facilities of the Amiga. In addition to its transparent purpose --- starting the operating system -- the virus contains code that can infect other disks. Once a virus infected disk is used on a computer, the computer's memory becomes a breeding ground and all other bootable disks that find their way to that computer will eventually become infected. Any exchange of diskettes with another computer then infects the new computer. Although the original intention of the virus apparently was benign, it may have spread to thousands of Amiga computers and disrupted their normal operations. Since some commercial software developers use coded information in the boot block of their distribution disks, the virus can inadvertently damage these disks and render the software useless. Knowledgeable users say the virus was meant to be a high-tech joke that displayed a message after it had completely infiltrated a user's disks library. According to Amiga technical support personnel, the only sure way for users to keep the virus out of their systems is to avoid warm starting the computer. It should always be �'wered down first. --James Moran VIRUS MOVES TO IBM COMPUTERS (Dec. 7) On the heels of the Amiga virus, reported recently in Online Today, a new apparently less benign virus has been making the rounds of IBM personal computers. The IBM-related virus was first noted at Lehigh University where, last week, a representative in the User Services section reported its discovery by student consultants. As with other similar viruses, this one is spread by means of an infected system file. In this case, a hacked version of IBM's COMMAND.COM processor is the host that harbors the virus. Once infected, the host PC will then infect the first four computers with which it comes in contact. In all cases, the virus is spread through an illegally modified version of the IBM command processor. Once the host has infected four other computers, the host virus is reported to purposely destroy the boot tracks and allocation tables for all disks and diskettes that are online to the host computer. The action renders the disks completely unreadable, even when reconstructs are attempted with popular disk repair software. The consultant at Lehigh University who first alerted general users to the virus says that it can be detected by examining the date on the COMMAND.COM file. A recent date would suggest that the file had been illegally modified. --James Moran CHRISTMAS GREETINGS MESSAGE TIES UP IBM'S ELECTRONIC MAIL SYSTEM (Dec. 12) IBM nearly lost its Christmas spirit yesterday. It seems that a digital Christmas card sent through its electronic mail system jammed computers at plants across the United States for up to 90 minutes. The Associated Press quotes IBM spokesman Joseph Dahm as saying the incident caused no permanent damage, but forced the company to turn off links between computer terminals for a while. AP says, "Curious employees who read the message discovered an illustration of a Christmas tree with 'Holiday Greetings' superimposed on it. A caption advised, 'Don't browse it, it's more fun to run it.' Once a person opened the computer message on their screen, it rarely accepted a command to stop the message from unfolding on the screen. As a result, several people shut off their computers and lost reports or mail that had not previously been filed." Apparently the message also automatically duplicated itself and was sent to other workstations. Online plants in Texas and New York were affected, Dahm said. Meanwhile, sources said that other facilities in Charlotte, N.C.; Lexington, Ky.; California and Europe also received the message. Federal agents even may investigate the incident, the wire service says, since the message apparently crossed state lines. --Charles Bowen