Westwood (computer Virus)
   HOME

TheInfoList



Click Here for Items Related To - Westwood (computer Virus)
OR:
Westwood (computer Virus) on:   [Wikipedia]   [Google]   [Amazon]

Westwood is a
computer virus A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. If this replication succeeds, the affected areas are then said to be "infected" with a compu ...
, a variant of the Jerusalem family, discovered August 1990, in Westwood, Los Angeles, California. The virus was isolated by a UCLA engineering student who discovered it in a copy of the "speed.com" program distributed with a new motherboard. Viral infection was first indicated when an early version of Microsoft Word reported internal checksum failure and failed to run.


Infection

Westwood was an early variant of the Jerusalem virus, which was the first
DOS file infector DOS is shorthand for the MS-DOS and IBM PC DOS family of operating systems. DOS may also refer to: Computing * Data over signalling (DoS), multiplexing data onto a signalling channel * Denial-of-service attack (DoS), an attack on a communicati ...
to become common. Upon execution of an infected file, Westwood becomes memory resident. Any file of
COM Com or COM may refer to: Computing * COM (hardware interface), a serial port interface on IBM PC-compatible computers * COM file, or .com file, short for "command", a file extension for an executable file in MS-DOS * .com, an Internet top-level d ...
, EXE, or OVL types is infected upon execution, except COMMAND.COM.


Symptoms

A number of symptoms are associated with Westwood: *COM files executed will increase by 1,829 bytes in size; EXE and OVL files will increase by between 1,819 and 1,829 bytes. * Interrupts 8 and 21 will be hooked; on Friday the 13th, interrupt 22 will also be hooked. *Thirty minutes after the virus goes memory resident, the system will slow down, and a small black box will appear in the bottom left-hand corner of the machine, as common among most Jerusalem variants. These symptoms are not indicative of a Westwood infection, although the final symptom is certainly not regular program behaviour, and any automatic file size increase of executables is suspicious. The infection mechanism in Westwood is better-written than the original Jerusalem's. The original would re-infect files until they grew to ridiculous sizes. Westwood infects only once. As with most Jerusalem variants, Westwood contains a destructive payload. On every
Friday the 13th Friday the 13th is considered an unlucky day in Western superstition. It occurs when the 13th day of the month in the Gregorian calendar falls on a Friday, which happens at least once every year but can occur up to three times in the same year. ...
, interrupt 22 will be hooked. All programs executed on this date while the virus is memory resident will be deleted. Westwood is functionally similar to Jerusalem, but the coding is quite different in many areas. Because of this, virus removal signatures used to detect the original Jerusalem had to be modified to detect Westwood. Organisations such as Virus Bulleti

used to use Westwood to test virus scanners for ability to distinguish Jerusalem variants.


Prevalence

The WildLis

an organization tracking computer viruses, never reported Westwood as being in the field. However, its isolation was made after the virus had made infections in the community of Westwood. It is unknown how much Westwood spread outside California (with a few reports in neighbouring states), especially as Westwood is easily mis-diagnosed as Jerusalem. Since the advent of Microsoft Windows, Windows, even successful Jerusalem variants have become increasingly uncommon. As such, Westwood is considered obsolete.


External links


McAfee Description
{{DEFAULTSORT:Westwood (Computer Virus) DOS file viruses