Westwood (computer virus)
Encyclopedia
Westwood is a computer virus
, a variant of the Jerusalem
family, discovered August 1990, in Westwood, California
.
The virus was isolated by a UCLA engineering student who discovered it in a copy
of the "speed.com" program distributed with a new motherboard. Viral infection was first indicated when an early version of Microsoft Word reported internal checksum failure and failed to run.
, EXE
, or OVL types is infected upon execution, except COMMAND.COM
.
These symptoms are not indicative of a Westwood infection, although the final symptom is certainly not regular program behaviour, and any automatic file size increase of executables is suspicious. The infection mechanism in Westwood is better-written than the original Jerusalem's. The original would re-infect files until they grew to ridiculous sizes. Westwood infects only once.
As with most Jerusalem variants, Westwood contains a destructive payload. On every Friday the 13th
, interrupt 22 will be hooked. All programs executed on this date while the virus is memory resident will be deleted.
Westwood is functionally similar to Jerusalem, but the coding is quite different in many areas. Because of this, virus removal signatures used to detect the original Jerusalem had to be modified to detect Westwood. Organisations such as Virus Bulletin http://www.virusbtn.com/ used to use Westwood to test virus scanners for ability to distinguish Jerusalem variants.
Since the advent of Windows
, even successful Jerusalem variants have become increasingly uncommon. As such, Westwood is considered obsolete.
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
, a variant of the Jerusalem
Jerusalem (computer virus)
Jerusalem is a DOS virus first detected in Jerusalem, Israel, in October 1987. On infection, the Jerusalem virus becomes memory resident , and then infects every executable file run, except for COMMAND.COM. .COM files grow by 1,813 bytes when infected by Jerusalem and are not re-infected. .EXE...
family, discovered August 1990, in Westwood, California
Westwood, California
Westwood is a census-designated place in Lassen County, California, United States. Westwood is located west-southwest of Susanville, at an elevation of 5128 feet...
.
The virus was isolated by a UCLA engineering student who discovered it in a copy
of the "speed.com" program distributed with a new motherboard. Viral infection was first indicated when an early version of Microsoft Word reported internal checksum failure and failed to run.
Infection
Westwood was an early variant of the Jerusalem virus, which was the first DOS file infector to become common. Upon execution of an infected file, Westwood becomes memory resident. Any file of COMCOM file
In many computer operating systems, a COM file is a type of executable file; the name is derived from the file name extension .COM. Originally, the term stood for "Command file", a text file containing commands to be issued to the operating system , on many of the Digital Equipment Corporation mini...
, EXE
EXE
EXE is the common filename extension denoting an executable file in the DOS, OpenVMS, Microsoft Windows, Symbian, and OS/2 operating systems....
, or OVL types is infected upon execution, except COMMAND.COM
COMMAND.COM
COMMAND.COM is the filename of the default operating system shell for DOS operating systems and the default command line interpreter on Windows 95, Windows 98 and Windows Me...
.
Symptoms
A number of symptoms are associated with Westwood:- COM files executed will increase by 1,829 bytes in size; EXE and OVL files will increase by between 1,819 and 1,829 bytes.
- InterruptInterruptIn computing, an interrupt is an asynchronous signal indicating the need for attention or a synchronous event in software indicating the need for a change in execution....
s 8 and 21 will be hooked; on Friday the 13th, interrupt 22 will also be hooked. - Thirty minutes after the virus goes memory resident, the system will slow down, and a small black box will appear in the bottom left-hand corner of the machine, as common among most Jerusalem variants.
These symptoms are not indicative of a Westwood infection, although the final symptom is certainly not regular program behaviour, and any automatic file size increase of executables is suspicious. The infection mechanism in Westwood is better-written than the original Jerusalem's. The original would re-infect files until they grew to ridiculous sizes. Westwood infects only once.
As with most Jerusalem variants, Westwood contains a destructive payload. On every Friday the 13th
Friday the 13th
Friday the 13th occurs when the thirteenth day of a month falls on a Friday, which superstition holds to be a day of bad luck. In the Gregorian calendar, this day occurs at least once, but at most three times a year...
, interrupt 22 will be hooked. All programs executed on this date while the virus is memory resident will be deleted.
Westwood is functionally similar to Jerusalem, but the coding is quite different in many areas. Because of this, virus removal signatures used to detect the original Jerusalem had to be modified to detect Westwood. Organisations such as Virus Bulletin http://www.virusbtn.com/ used to use Westwood to test virus scanners for ability to distinguish Jerusalem variants.
Prevalence
The WildList http://www.wildlist.org/, an organization tracking computer viruses, never reported Westwood as being in the field. However, its isolation was made after the virus had made infections in the community of Westwood. It is unknown how much Westwood spread outside California (with a few reports in neighbouring states), especially as Westwood is easily mis-diagnosed as Jerusalem.Since the advent of Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
, even successful Jerusalem variants have become increasingly uncommon. As such, Westwood is considered obsolete.