|
| |
PC Cyborg Trojan
|
| |
Aids Info Disk/PC Cyborg Trojan
|
| |
AIDS Trojan
|
| |
AIDS!Trojan, AidsinfoA trojan, AidsinfoB trojan, Cyborg, Trj/AidsInfoA, TrojanAidsInfoa, Trj/AidsInfoB, TrojanAidsInfob, Trojaids!Trojan, Love virus
|
| |
Trojan
|
| |
DOS
|
| |
DOS scrambler
|
| |
1989
|
| |
Europe
|
| |
United States
|
| |
Dr Joseph Popp
|
, also known as '''Aids Info Disk''' or '''PC Cyborg Trojan''', is a (rendering the system unusable), at which time the user is asked to 'renew the license' and contact PC Cyborg Corporation for payment (which would involve sending 378
US$ to a
PO Box in
Panama ). There exists more than one version of AIDS, and at least one version does not wait to
Munge drive C:, but will hide directories and encrypt file names upon the first boot after AIDS is installed. The AIDS software also presented to the user an interesting EULA, some of which read:
: If you install
{Link without Title} on a microcomputer...
: then under terms of this license you agree to pay PC Cyborg Corporation in full for the cost of leasing these programs...
: In the case of your breach of this license agreement, PC Cyborg reserves the right to take legal action necessary to recover any outstanding debts payable to PC Cyborg Corporation and to use program mechanisms to ensure termination of your use...
: These program mechanisms will adversely affect other program applications...
: You are hereby advised of the most serious consequences of your failure to abide by the terms of this license agreement; your conscience may haunt you for the rest of your life...
: and your
{Link without Title} will stop functioning normally...
: You are strictly prohibited from sharing
product with others...
AIDS was introduced into systems through a disk called the "AIDS Information Introductory Diskette", which had been mailed to a mailing list of which the AIDS author, Dr. Joseph Popp, subscribed.
Popp was eventually identified by the British anti-virus industry, named on a
New Scotland Yard Arrest Warrant , and eventually extradited to
Brixton Prison. Though charged with eleven counts of
Blackmail and clearly tied to the AIDS trojan, Popp defended himself by saying money going to the PC Cyborg Corporation was to go to
AIDS research and sufferring a psychotic episode so severe he was returned to the
United States .
Jim Bates analyzed the AIDS Trojan in detail and published his
findings in the Virus Bulletin
{Link without Title} . He wrote that
the AIDS Trojan did not alter the contents of any of the user's
files, just their file names. He explained that once the extension
and filename encryption tables are known, restoration is
possible. AIDSOUT was a reliable removal program for the Trojan and
the CLEARAID program recovered encrypted plaintext after the Trojan
triggered. CLEARAID automatically reversed the encryption without
having to contact the extortionist.
The AIDS Trojan was analyzed even further a few years later.
Young and Yung pointed out the fatal weakness in malware such as
the AIDS Trojan, namely, the reliance on symmetric cryptography.
They showed how to use public key cryptography to implement a
secure information extortion attack. They published this discovery
(and expanded upon it) in a 1996 IEEE Security and Privacy paper
{Link without Title} .
A cryptovirus, cryptotrojan, or cryptoworm hybrid encrypts the
victim's files using the public key of the author and the victim
must pay (with money, information, etc.) to obtain the needed session
key. This is one of many attacks, both overt and covert, in the
field known as
Cryptovirology .
The AIDS trojan is not to be confused with the
AIDS II Virus or the
AIDS Virus .
{Link without Title} J. Bates, "Trojan Horse: AIDS Information Introductory
Diskette Version 2.0," In: Wilding E, Skulason F (eds) Virus
Bulletin. Virus Bulletin Ltd., Oxon, England, Jan., pages 3-6, 1990.
{Link without Title} J. Bates, "High Level-Programs & the AIDS Trojan,"
In: Wilding E, Skulason F (eds) Virus Bulletin.
Virus Bulletin Ltd., Oxon, England, Feb., pages 8-10, 1990.
{Link without Title} A. Young, M. Yung, "Cryptovirology: Extortion-Based
Security Threats and Countermeasures," In: McHugh J, Dinolt G
(eds) Symposium on Security & Privacy. IEEE Computer Society
Press, Washington DC, pages 129-141, 1996.
