AIDS (Trojan horse) on:
[Wikipedia]
[Google]
[Amazon]
AIDS, also known as Aids Info Disk or PC Cyborg Trojan, is a
AIDS was introduced into systems through a floppy disk called the "AIDS Information Introductory Diskette", which had been mailed to a mailing list. Harvard-taught evolutionary biologist Dr. Joseph Popp, was identified as the author of the AIDS trojan horse and was a subscriber to this list.
Popp was eventually discovered by the British anti-virus industry and named on a
An early analysis of the trojan
THE COMPUTER INCIDENT ADVISORY CAPABILITY
by CIAC, on AIDS infection and distribution
The Original Anti-Piracy Hack
by George Smith, on the interesting AIDS EULA
Computer Viruses (A)
by Probert Encyclopedia
AIDS Information Trojan
by CA
Aids Trojan
by CA Ransomware Trojan horses
DOS
DOS is shorthand for the MS-DOS and IBM PC DOS family of operating systems.
DOS may also refer to:
Computing
* Data over signalling (DoS), multiplexing data onto a signalling channel
* Denial-of-service attack (DoS), an attack on a communicat ...
Trojan horse
The Trojan Horse was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer's ''Iliad'', with the poem ending before the war is concluded, ...
whose payload mungs and encrypts the names of all directories on drive C:. It was developed by Dr. Joseph Popp, an evolutionary biologist who graduated from Harvard. The virus was isolated in 1989.
Description
AIDS replaces theAUTOEXEC.BAT
AUTOEXEC.BAT is a system file that was originally on DOS-type operating systems. It is a plain-text batch file in the root directory of the boot device. The name of the file is an abbreviation of "automatic execution", which describes its functio ...
file, which would then be used by AIDS to count the number of times the computer has booted. Once this boot count reaches 90, AIDS hides directories and encrypts the names of all files on drive C: (rendering the system unusable), at which time the user is asked to 'renew the license' and contact PC Cyborg Corporation for payment (which would involve sending US$189 to a post office box
A post office box (commonly abbreviated as P.O. box, or also known as a postal box) is a uniquely addressable lockable box located on the premises of a post office.
In some regions, particularly in Africa, there is no door to door delivery ...
in Panama
Panama ( , ; es, link=no, Panamá ), officially the Republic of Panama ( es, República de Panamá), is a transcontinental country spanning the southern part of North America and the northern part of South America. It is bordered by Co ...
). There exists more than one version of AIDS, and at least one version does not wait to mung drive C:, but will hide directories and encrypt file names upon the first boot after AIDS is installed. The AIDS software also presented to the user an end user license agreement
An end-user license agreement or EULA () is a legal contract between a software supplier and a customer or end-user, generally made available to the customer via a retailer acting as an intermediary. A EULA specifies in detail the rights and restr ...
, some of which read:
: ''If you install hison a microcomputer...''
: ''then under terms of this license you agree to pay PC Cyborg Corporation in full for the cost of leasing these programs...''
: ''In the case of your breach of this license agreement, PC Cyborg reserves the right to take legal action necessary to recover any outstanding debts payable to PC Cyborg Corporation and to use program mechanisms to ensure termination of your use...''
: ''These program mechanisms will adversely affect other program applications...''
: ''You are hereby advised of the most serious consequences of your failure to abide by the terms of this license agreement; your conscience may haunt you for the rest of your life...''
: ''and your Cwill stop functioning normally...''
: ''You are strictly prohibited from sharing his product
His or HIS may refer to:
Computing
* Hightech Information System, a Hong Kong graphics card company
* Honeywell Information Systems
* Hybrid intelligent system
* Microsoft Host Integration Server
Education
* Hangzhou International School, in ...
with others...''
AIDS is considered to be an early example of a class of malware known as "ransomware
Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, ...
".
History
AIDS was introduced into systems through a floppy disk called the "AIDS Information Introductory Diskette", which had been mailed to a mailing list. Harvard-taught evolutionary biologist Dr. Joseph Popp, was identified as the author of the AIDS trojan horse and was a subscriber to this list.
Popp was eventually discovered by the British anti-virus industry and named on a New Scotland Yard
Scotland Yard (officially New Scotland Yard) is the headquarters of the Metropolitan Police, the territorial police force responsible for policing Greater London's 32 boroughs, but not the City of London, the square mile that forms London' ...
arrest warrant
An arrest warrant is a warrant issued by a judge or magistrate on behalf of the state, which authorizes the arrest and detention of an individual, or the search and seizure of an individual's property.
Canada
Arrest warrants are issued by a ...
. He was detained in Brixton Prison
HM Prison Brixton is a local men's prison, located in Brixton area of the London Borough of Lambeth, in inner-South London. The prison is operated by His Majesty's Prison Service.
History
The prison was originally built in 1820 and opened a ...
. Though charged with eleven counts of blackmail
Blackmail is an act of coercion using the threat of revealing or publicizing either substantially true or false information about a person or people unless certain demands are met. It is often damaging information, and it may be revealed to fa ...
and clearly tied to the AIDS trojan, Popp defended himself by saying money going to the PC Cyborg Corporation was to go to AIDS
Human immunodeficiency virus infection and acquired immunodeficiency syndrome (HIV/AIDS) is a spectrum of conditions caused by infection with the human immunodeficiency virus (HIV), a retrovirus. Following initial infection an individual ma ...
research. A Harvard-trained anthropologist, Popp was actually a collaborator of the Flying Doctors, a branch of the African Medical Research Foundation ( AMREF), and a consultant for the WHO
Who or WHO may refer to:
* Who (pronoun), an interrogative or relative pronoun
* Who?, one of the Five Ws in journalism
* World Health Organization
Arts and entertainment Fictional characters
* Who, a creature in the Dr. Seuss book '' Horton He ...
in Kenya, where he had organized a conference in the new Global AIDS Program that very year. Popp had been behaving erratically since the day of his arrest during a routine baggage inspection at Amsterdam Schiphol Airport. He was declared mentally unfit to stand trial and was returned to the United States
The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country Continental United States, primarily located in North America. It consists of 50 U.S. state, states, a Washington, D.C., ...
.
Jim Bates analyzed the AIDS Trojan in detail and published his findings in the ''Virus Bulletin''. He wrote that the AIDS Trojan did not alter the contents of any of the user's
files, just their file names. He explained that once the extension and filename encryption tables are known, restoration is possible. AIDSOUT was a reliable removal program for the Trojan and the CLEARAID program recovered encrypted plaintext after the Trojan triggered. CLEARAID automatically reversed the encryption without having to contact the extortionist.
The AIDS Trojan was analyzed even further a few years later. Young and Yung pointed out the fatal weakness in malware such as the AIDS Trojan, namely, the reliance on symmetric cryptography. They showed how to use public key cryptography to implement a secure information extortion attack. They published this discovery (and expanded upon it) in a 1996 IEEE Security and Privacy paper. A cryptovirus, cryptotrojan, or cryptoworm hybrid encrypts the victim's files using the public key of the author and the victim must pay (with money, information, etc.) to obtain the needed session key. This is one of many attacks, both overt and covert, in the field known as cryptovirology
Cryptovirology refers to the use of cryptography to devise particularly powerful malware, such as ransomware and asymmetric backdoors. Traditionally, cryptography and its applications are defensive in nature, and provide privacy, authentication, ...
.
References
{{reflistExternal links
An early analysis of the trojan
THE COMPUTER INCIDENT ADVISORY CAPABILITY
by CIAC, on AIDS infection and distribution
The Original Anti-Piracy Hack
by George Smith, on the interesting AIDS EULA
Computer Viruses (A)
by Probert Encyclopedia
AIDS Information Trojan
by CA
Aids Trojan
by CA Ransomware Trojan horses