Lamer Exterminator, or how a 22 year old malware can still piss you off.

As usual I need to step back for my obligatory back story.

-VIC-20 from 1981 to 1985
-C64 from 1986 to 1994 (even logged onto my University account with it!)
-Various PCs and Mac's from then on.

Didn't see the word Amiga there? Normal, only very rich kids had them where I came from. Only relatively recently did I start to indulge in that world, and what a 'fun' ride this still is. Amiga literate people can stop reading now, or continue and have a laugh at my expense...

Broadening my quest on early digital sound chips, a look at Paula (MOS8364) was inevitable, although as an 8bit DMA sample playback device, it didn't really fit the original intent of chipsounds. (no oscillators, classic samples are copyrighted, etc).

Nevertheless there are a bunch of things I plan to do following my current OCS Amiga research but I'll keep this for a series of future articles...
... So I got a bunch of gear and disks from various places.


1)Top is my ebay.co.uk bought PAL A500, which I recently upgraded and tweaked (more in a future article).
2)Middle is an Original NTSC Amiga (later re dubbed A1000), a loaner from XC3N which wasn't his in the 80's.
3)Bottom one is my most important Amiga and the first one I found in a recycling center for 20$ a few years ago: an NTSC B2000 (rev6.2a) with 1MB of chip and 2MB of 'fast/slow' ram, and a 'A2320 Display Enhancer' VGA card . This was originally a Video Toaster machine but that particular addon was already removed when I acquired it.  The most important feature of that particular Amiga for me is its generous amount of ram, since this allows transferring PC<->AMIGA floppy images transfers much easily (maybe the subject of a THIRD Amiga article)
I of course also have a weird collection of disks, some that have been recently transferred from the net, but most others are from the 'era' itself, including.... various bootlegged copies of Workbench.

Working on a complex platform that you are not familiar with is daunting for many people, but it is much more so when you get this horrible feeling that everything is flaky and unreliable. Machines that reboots randomly, Disk errors which suddenly appear on what were perfectly good disks just the day before. Since I dealt with 80s technology I just figured this was due to its age and condition...

But NO, it was ME .. the LAMER...  being exterminated!


Only this virus was made 22 years ago and it made me lose PRECIOUS RESEARCH TIME THIS YEAR, since I only figured out what was happening the day I downloaded X-Copy because of its advanced disk checking features .. or so I've read... but as I found out it also scans the boot sectors of each disks for known viruses.

This virus is apparently quite famous for Amiga people, it even has its own wikipedia page. In any case, I was quite happy to wipe all infected disks clean and redoing much of my workbench, utilities, and test disks. Yes you can laugh, but I don't recall ever getting a C64 virus in my day, so I laugh back.. boot disks .... Pffft shush...

And ... That A1000 loaner I got a month ago also came with a bunch of surprises of itself:



Yes XC3N, I've quarantined those for you for when you want to get it back.  :) Don't worry, those last ones didn't make me lose any data, I had learned my lesson by then.

Conclusion: I hate script kiddies, present and past.

Comments

  1. Looking forward to hear about your Paula probing. I still don't really understand why mod-files sound so much better on Amiga...

    I tweeted about this because I think it's funny that Lamer Exterminator has attacked science. Still, sorry to hear about your data-loss.

    Amigaaaaaaaaaaaaaaaaaaaaaaaaa

    ReplyDelete
  2. There are a few things that a real amiga does that typical PC/Mac mod playback software dont accurately reproduce. Its not rocket science that much, just a matter of implementing it right.

    See Alankila's post here for parts of the answer:
    http://www.bel.fi/~alankila/modguide/interpolate.txt

    ReplyDelete
  3. Thanks, btw,
    I didnt lose that much important data more than actual time :) I usually record _everything_ on a separate machine at 24/96KHz and sometimes 192KHz and back those up frenetically.

    ReplyDelete
  4. That's quite a story! As always, thanks for sharing. The more posts the better! I love your blog. Can't wait for the new product!

    ReplyDelete
  5. Man, the story... made my day! :)

    ReplyDelete
  6. Hi :)
    Does it tell you it's the Lamer Exterminator when it ruins the disk?
    or do you only find out when you have started looking?

    ReplyDelete
  7. Just when you start looking (did this using X-Copy) otherwise, the floppies just get randomly thrashed sectors.

    ReplyDelete
  8. This reminds me of experience with Lamer Exterminator.

    When I was a new user on Amiga and obtained an anti virus program I detected LE on one of my disk. So I did what anyone else would do I went through all of my disks and looked for bot block viruses. I found many of them. I also did the same thing for a friend of mine.

    After a month or two I was told by my friend that he lost his data due to Saddam virus (http://www.teyko.com/View.aspx?id=346&name=Saddam+Virus).

    Turns out that when I was going through all of mine (and my friend's) floppies, I started infecting all of my floppies even the good ones. In fact my disk with the antivirus program was infected. :)

    After I found a better AV program and disinfected all my flopies. I developed a habit, always making sure disks are write protected before inserting them.

    Be aware that there are different type of viruses, not just bot block. Since it looks like you are running Kickstart 1.2 or 1.3 you are also vulnerable to disk-validator based viruses.

    ReplyDelete
  9. Thanks for the tip!
    Good thing my research is mostly complete. Will surely find a reason to boot my 500/2000 in the future.

    ReplyDelete
  10. Write protection always was my sharpest sword against virusses. I wish we had this today. Oh, SD cards have it. But as the cards become older the write protection switch can be toggled when inserting the card into the reader slot.
    My second strategy: Put a custom boot sector on each bootable disk that shows a message and checks for boot resident programs and make all data disks non-bootable. Every disk not showing this message at boot time was moved by me to virus inspection immediately.

    ReplyDelete
  11. Paula playback was so clean because you had a custom sampling rate per channel! That is, no interpolation was necessary for 4-channel music. I know of no other computer sound hardware with this capability.

    ReplyDelete
  12. I am sure this virus was spread by a software house with its release for the Commodore Amiga DENARIS (factor 5?)

    ReplyDelete
  13. interesting story... after 25 years without my first amiga I bought amiga 500 again and started to work in assembler again. then U got Saddam. I fou d couple of virus killers but none of them was suitable for me and didnt aolve problem. so, now I made my own Saddam killer called DeSaddam and now Iam testing it. it works fine,decrypts blocks crypted by saddam and writes new disk-validator on disk and saves all data corrupted by saddam. if you want i can send you test version. contact: desaddamvk@gmail.com

    ReplyDelete

Post a Comment