Tech Time Warp: Malware in the “Form” of a boot sector virus
Although this week’s Tech Time Warp topic is not as prevalent today, boot sector viruses were a widespread issue in the 1990s and 2000s. Especially common during the days of MS-DOS and floppy disks, a boot sector virus attacks a computer’s startup files and often spread via removable storage. The idea was to wreak havoc before any anti-virus or security software had a chance to launch.
One such virus was the Form virus, known by its variants: Form.A., Form.B., etc. First discovered in 1990 in Switzerland, Form’s most intriguing symptom was a keyboard click that appeared on the 18th of every month. The malware also occupied 2 KB of memory and displayed the message: “The FORM-Virus sends greetings to everyone who’s reading this text. FORM doesn’t destroy data! Don’t panic! F***ings go to Corinne.” The virus may have been spread by an infected demo disk.
The Computer Incident Advisory Capability (CIAC)—the original U.S. Department of Energy cybersecurity team—shared on its bulletin board that the way to eradicate Form from your system was to boot the device from a clean disk and rewrite the boot sector. CIAC cautioned that Form would attack anything marked bootable, whether it was a FAT-formatted partition or not. In cases where it was not, Form was particularly damaging.
While this type of malware has largely been eradicated, the boot sector virus Stoned reappeared in 2014 among some users running Microsoft Security Essentials to conduct blockchain transactions.
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.
Photo: aaekung / Shutterstock