Westwood (computer virus)

Westwood
Common name Westwood
Technical name Jerusalem.Westwood
Aliases Jeru.Westwood.1829
Jerusalem-Westwood
Family Jerusalem
Classification Computer virus
Type DOS
Subtype DOS file infector
Isolation August 1990
Point of isolation Westwood, Los Angeles, California, United States
Point of origin Unknown
Author(s) Unknown

Westwood is a computer virus, a variant of the Jerusalem family, discovered August 1990, in Westwood, Los Angeles, California. The virus was isolated by a UCLA engineering student who discovered it in a copy of the "speed.com" program distributed with a new motherboard. Viral infection was first indicated when an early version of Microsoft Word reported internal checksum failure and failed to run.

Infection

Westwood was an early variant of the Jerusalem virus, which was the first DOS file infector to become common. Upon execution of an infected file, Westwood becomes memory resident. Any file of COM, EXE, or OVL types is infected upon execution, except COMMAND.COM.

Symptoms

A number of symptoms are associated with Westwood:

These symptoms are not indicative of a Westwood infection, although the final symptom is certainly not regular program behaviour, and any automatic file size increase of executables is suspicious. The infection mechanism in Westwood is better-written than the original Jerusalem's. The original would re-infect files until they grew to ridiculous sizes. Westwood infects only once.

As with most Jerusalem variants, Westwood contains a destructive payload. On every Friday the 13th, interrupt 22 will be hooked. All programs executed on this date while the virus is memory resident will be deleted.

Westwood is functionally similar to Jerusalem, but the coding is quite different in many areas. Because of this, virus removal signatures used to detect the original Jerusalem had to be modified to detect Westwood. Organisations such as Virus Bulletin used to use Westwood to test virus scanners for ability to distinguish Jerusalem variants.

Prevalence

The WildList , an organization tracking computer viruses, never reported Westwood as being in the field. However, its isolation was made after the virus had made infections in the community of Westwood. It is unknown how much Westwood spread outside California (with a few reports in neighbouring states), especially as Westwood is easily mis-diagnosed as Jerusalem.

Since the advent of Windows, even successful Jerusalem variants have become increasingly uncommon. As such, Westwood is considered obsolete.

This article is issued from Wikipedia - version of the 10/11/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.