is a
Computer Virus , discovered October 1989 on the campus of
Hebrew University in Jerusalem.
Alabama is a fairly standard file infector outside its odd behaviour of deciding what files to infect. When an infected file is executed, Alabama goes
Memory Resident . Whenever a .
EXE file is executed from this point on, Alabama will search out for another file to infect. This is probably intended to place blame on the file that is being executed instead of the virus itself. Files infected by Alabama increase in size by 1,560 bytes.
A number of symptoms are associated with Alabama:
- EXE files will increase by 1,560 bytes in size upon infection.
- On Fridays, Alabama will begin to modify the File Allocation Table . As a result, when a file is executed, another may appear in its place. This is potentially dangerous. For more information, see the payload section.
- One hour after an infected program is run, Alabama will bring up a flashing box with the text "SOFTWARE COPIES PROHIBITED BY INTERNATIONAL LAW..............Box 1055 Tuscambia ALABAMA USA."
The third symptom is by far the clearest indication of an Alabama infection. It is unknown what the , as Tuscambia is not a city. This supports the theory that the virus originated in Israel.
On Fridays, Alabama will begin to modify the File Allocation Table in an odd way. Instead of searching for a file to infect, Alabama searches for a file to cross-reference. The virus modifies the FAT entry so that when the user executes one file, another will appear. For instance, on a machine where Alabama is resident, executing PROGRAM1.EXE on a Friday may cause the virus to search for another program and find PROGRAM2.EXE. Alabama will then modify the FAT so that whenever PROGRAM1.EXE is executed, PROGRAM2.EXE displays instead. This certainly can result in confusion, and may result in programs being lost or incorrectly deleted.
The WildList
{Link without Title} , an organisation tracking computer viruses, never reported Alabama as being in the field. It was isolated spreading in Israel, but this may have been a limited local outbreak.
Since the advent of
Windows , even successful DOS viruses have become increasingly rare. As such, Alabama can be considered obsolete.
There is one known variant of Alabama. Alabama.B was distributed as a modified SDIR.COM. SDIR.COM was a program created to replace the DOS
DIR command. Like the original Alabama, the "B" variant does not infect .COM files. The modified SDIR.COM is simply used as a dropper.
