Analysis of insider virus

Authors:

  • Vidström Arne

Publish date: 2002-01-01

Report number: FOI-R--0750--SE

Pages: 53

Written in: Swedish

Abstract

This report describes the analysis of the formerly unknown virus "Insider Virus". The Department of Systems Analysis and IT Security received an infected floppy disk for analysis from a person who had participated in a course held by FOI. Insider Virus is a polymorphic virus with stealth technology and it infects boot and partition sectors. It contains code that circumvents BIOS protection against partition sector viruses, and an overwrite protection that prevents the virus from being removed from an infected hard drive when it is active. The virus does not include any destructive payload.