Cyber Riot was found in USA at the end of 1993. Cyber Riot is the first advanced Windows virus. Before it, Windows viruses were cumbersome, slow to spread, and technically quite rudimentary. Cyber Riot, however, is a real threat in Windows environment.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
What makes this virus remarkable is that it is able to use the Windows dynamic-linking structure and pass control smoothly to the programs it has infected when its own execution has run through. Previous Windows viruses have been unable to do this. Cyber Riot also stays resident in the background when Windows is active.
Cyber Riot spreads through Windows applications. When an infected application is run, the virus strives to strike at the Windows kernel file. Once the kernel file is infected, the virus starts together with Windows and infects every Windows application that is run on the computer.
The virus activates on certain dates, displaying message boxes. After the user clicks OK to remove the box, the virus overwrites a part of the hard disk.
Cyber Riot infects only Windows applications and the Windows kernel file. The virus is unable to spread under DOS. However, since many people use only Windows in their computers, this handicap does not necessarily slow the virus's spread to any great degree.
Other Windows viruses include:
- Twitch - WinSurfer - Win_Viking.A - Win_Viking.B - Win_Vir - WinTiny
Description Created: Mikko Hypponen, F-Secure