翻訳と辞書 |
OneHalf
OneHalf is a DOS-based polymorphic computer virus (hybrid boot and file infector) discovered in October 1994.〔(【引用サイトリンク】url=http://wiw.org/~meta/vsum/view.php?vir=994 )〕 It is also known as Slovak Bomber, Freelove or Explosion-II.〔http://www.f-secure.com/v-descs/one_half.shtml〕 It infects the master boot record (MBR) of the hard disk, and any files with extensions .COM, .SCR and .EXE.〔(【引用サイトリンク】url=http://www.pspl.com/virus_info/dos/onehalf.htm )〕 However, it will not infect files that have SCAN, CLEAN, FINDVIRU, GUARD, NOD, VSAFE, MSAV or CHKDSK in the name.〔http://virus.wikidot.com/onehalf〕 It is also known as one of the first viruses to implement a technique of "patchy infection", introduced in Bomber. OneHalf has about 20 different variants, all with functionally similar behaviour.〔(【引用サイトリンク】url=http://go.eset.com/us/threat-center/encyclopedia/threats/onehalf/ )〕 == Payload == OneHalf is known for its peculiar payload: at every boot, it encrypts two unencrypted cylinders of the user's Hard disk, but then temporarily decrypts them when they are accessed. This makes sure the user does not notice that their hard disk is being encrypted like this, and lets the encryption continue further. It also hides the real MBR from programs on the computer, to make detection harder. The encryption is done by bitwise XORing by a randomly generated key, which can be decrypted simply by XORing with the same bit stream again. Once the virus has encrypted half of the disk, and/or on the 4th, 8th, 10th, 14th, 18th, 20th, 24th, 28th and 30th of any month and under some other conditions, the virus will display the message:〔 Dis is one half. Press any key to continue ...〔(【引用サイトリンク】url=http://www.symantec.com/security_response/writeup.jsp?docid=2000-121513-2517-99 )〕
抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「OneHalf」の詳細全文を読む
スポンサード リンク
翻訳と辞書 : 翻訳のためのインターネットリソース |
Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.
|
|