Threat Description

Cyber Riot

Details

Aliases: Cyber Riot, Chicago 7, Windows virus
Category: Malware
Type: Virus
Platform: W32

Summary



Cyber Riot was found in USA at the end of 1993. Cyber Riot is the first advanced Windows virus. Before it, Windows viruses were cumbersome, slow to spread, and technically quite rudimentary. Cyber Riot, however, is a real threat in Windows environment.



Removal



Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details



What makes this virus remarkable is that it is able to use the Windows dynamic-linking structure and pass control smoothly to the programs it has infected when its own execution has run through. Previous Windows viruses have been unable to do this. Cyber Riot also stays resident in the background when Windows is active.

Cyber Riot spreads through Windows applications. When an infected application is run, the virus strives to strike at the Windows kernel file. Once the kernel file is infected, the virus starts together with Windows and infects every Windows application that is run on the computer.

The virus activates on certain dates, displaying message boxes. After the user clicks OK to remove the box, the virus overwrites a part of the hard disk.

Cyber Riot infects only Windows applications and the Windows kernel file. The virus is unable to spread under DOS. However, since many people use only Windows in their computers, this handicap does not necessarily slow the virus's spread to any great degree.

Other Windows viruses include:

- Twitch
  - WinSurfer
  - Win_Viking.A
  - Win_Viking.B
  - Win_Vir
  - WinTiny





Description Created: Mikko Hypponen, F-Secure


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More