The story of the Ghostball virus is a story worth revisiting as Cyber Security Awareness Month draws to a close this Halloween. As some PC users discovered in October 1989, it can be difficult to expel malware from your system.
Ghostball – discovered by Icelandic security expert Fredrik Skolason – was one of the first known multilateral viruses. While a typical virus attacks the system, the program files, or In the boot sector, a multipart virus (also known as a hybrid virus) targets the boot sector And program files at a time. When the user boots his computer, the boot sector launches the virus, and then the program files run the destructive payloads.
The Ghostball virus works differently from its predecessor
Ghostball has placed a virus code on the device’s boot sector. Additionally, whenever an infected .COM file is run, the virus scans the machine for other .COM files to be infected. (The .COM file was previously the .EXE file type that was no larger than 64KB.) The malware collects code from two previous viruses. The .COM file attack code was based on the Vienna virus, while its code targeting boot sectors was inspired by the Ping Pong virus.
The primary symptom of the Ghostball attack was a specific increase in file size, with infected files growing by 2,351 bytes. The infected file may also display a message that reads “GhostBalls, Product of Iceland Copyright © 1989, 4418 and 5F10 MS DOS 3.2.”
The only cure for Ghostball? Get rid of all infected .COM files from the device completely. Although he would never have encountered the need for cybersecurity, Benjamin Franklin’s saying about Ghostball and other malware sounds true: An ounce of prevention is worth a pound of cure.
Photo: Lemon Tree Pictures/Shutterstock