Westwood (computer virus)

Westwood (computer virus)
Westwood
Common name Westwood
Technical name Jerusalem.Westwood
Aliases Jeru.Westwood.1829
Jerusalem-Westwood
Family Jerusalem
Classification Virus
Type DOS
Subtype DOS file infector
Isolation August 1990
Point of isolation Westwood, California, United States
Point of Origin Unknown
Author(s) Unknown

Westwood is a computer virus, a variant of the Jerusalem family, discovered August 1990, in Westwood, California. The virus was isolated by a UCLA engineering student who discovered it in a copy of the "speed.com" program distributed with a new motherboard. Viral infection was first indicated when an early version of Microsoft Word reported internal checksum failure and failed to run.

Contents

Infection

Westwood was an early variant of the Jerusalem virus, which was the first DOS file infector to become common. Upon execution of an infected file, Westwood becomes memory resident. Any file of COM, EXE, or OVL types is infected upon execution, except COMMAND.COM.

Symptoms

A number of symptoms are associated with Westwood:

  • COM files executed will increase by 1,829 bytes in size; EXE and OVL files will increase by between 1,819 and 1,829 bytes.
  • Interrupts 8 and 21 will be hooked; on Friday the 13th, interrupt 22 will also be hooked.
  • Thirty minutes after the virus goes memory resident, the system will slow down, and a small black box will appear in the bottom left-hand corner of the machine, as common among most Jerusalem variants.

These symptoms are not indicative of a Westwood infection, although the final symptom is certainly not regular program behaviour, and any automatic file size increase of executables is suspicious. The infection mechanism in Westwood is better-written than the original Jerusalem's. The original would re-infect files until they grew to ridiculous sizes. Westwood infects only once.

As with most Jerusalem variants, Westwood contains a destructive payload. On every Friday the 13th, interrupt 22 will be hooked. All programs executed on this date while the virus is memory resident will be deleted.

Westwood is functionally similar to Jerusalem, but the coding is quite different in many areas. Because of this, virus removal signatures used to detect the original Jerusalem had to be modified to detect Westwood. Organisations such as Virus Bulletin [1] used to use Westwood to test virus scanners for ability to distinguish Jerusalem variants.

Prevalence

The WildList [2], an organization tracking computer viruses, never reported Westwood as being in the field. However, its isolation was made after the virus had made infections in the community of Westwood. It is unknown how much Westwood spread outside California (with a few reports in neighbouring states), especially as Westwood is easily mis-diagnosed as Jerusalem.

Since the advent of Windows, even successful Jerusalem variants have become increasingly uncommon. As such, Westwood is considered obsolete.

External links


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Jerusalem (computer virus) — Jerusalem Common name Jerusalem Classification Unknown Type Computer virus Operating system(s) affected DOS Jerusalem is a DOS virus first detected in Jerusalem, Israel, in October 1987. On infection, the Jerusalem virus becomes memory resident… …   Wikipedia

  • Westwood — may refer to:Places;Australia *Westwood, Queensland;Canada *Westwood, Asphodel Norwood, Ontario *Westwood (Edmonton), a neighbourhood in Edmonton, Alberta *Westwood Plateau, an area of Coquitlam, British Columbia *Westwood Motorsport Park, a race …   Wikipedia

  • List of fictional computers — Computers have often been used as fictional objects in literature, movies and in other forms of media. Fictional computers tend to be considerably more sophisticated than anything yet devised in the real world. This is a list of computers that… …   Wikipedia

  • Spy High — Infobox Book | name = Spy High book series = Spy High title orig = Spy High Series translator = image caption = Cover for The Frankenstein Factory . author = A. J. Butcher illustrator = Lee Gibbons cover artist = country = United Kingdom language …   Wikipedia

  • Alarmstufe Rot 3 — Command Conquer: Alarmstufe Rot (Originaltitel: Red Alert) ist ein von den Westwood Studios entwickeltes Echtzeit Strategiespiel und der zeitliche (in Hinsicht auf das Erscheinungsdatum), nicht aber handlungsbezogene Nachfolger von Command… …   Deutsch Wikipedia

  • Alarmstufe Rot 3: Der Aufstand — Command Conquer: Alarmstufe Rot (Originaltitel: Red Alert) ist ein von den Westwood Studios entwickeltes Echtzeit Strategiespiel und der zeitliche (in Hinsicht auf das Erscheinungsdatum), nicht aber handlungsbezogene Nachfolger von Command… …   Deutsch Wikipedia

  • Command & Conquer: Alarmstufe Rot — Command Conquer: Alarmstufe Rot (Originaltitel: Red Alert) ist ein von den Westwood Studios entwickeltes Echtzeit Strategiespiel und der zeitliche (in Hinsicht auf das Erscheinungsdatum), nicht aber handlungsbezogene Nachfolger von Command… …   Deutsch Wikipedia

  • Command & Conquer: Alarmstufe Rot - Yuris Rache — Command Conquer: Alarmstufe Rot (Originaltitel: Red Alert) ist ein von den Westwood Studios entwickeltes Echtzeit Strategiespiel und der zeitliche (in Hinsicht auf das Erscheinungsdatum), nicht aber handlungsbezogene Nachfolger von Command… …   Deutsch Wikipedia

  • Command & Conquer: Alarmstufe Rot 2 — Command Conquer: Alarmstufe Rot (Originaltitel: Red Alert) ist ein von den Westwood Studios entwickeltes Echtzeit Strategiespiel und der zeitliche (in Hinsicht auf das Erscheinungsdatum), nicht aber handlungsbezogene Nachfolger von Command… …   Deutsch Wikipedia

  • Command & Conquer: Alarmstufe Rot 3 — Command Conquer: Alarmstufe Rot (Originaltitel: Red Alert) ist ein von den Westwood Studios entwickeltes Echtzeit Strategiespiel und der zeitliche (in Hinsicht auf das Erscheinungsdatum), nicht aber handlungsbezogene Nachfolger von Command… …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”