McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• Crudshot

• Lopez

• Merry2Xmas

Characteristics

This HyperCard virus works only Apple Macintosh computers that have HyperCard scripting installed. Its several variants infect HyperCard stacks by appending viral code to the end of the stack script. When an infected stack is run, it first attempts to infect the HyperCard Home stack.

Subsequent stacks that are run will receive the infection from the Home stack. A "bug" in the most common strains causes the entire host stack script to be appended to the "Home" stack script when it is infected. If the host stack script contains any handler routines, unexpected Home stack behaviour may result. One strain replaces the Home stack script and deletes any stack that is run after the Home stack is infected.

The virus carries an XCMD which will shut down the system without saving open documents. However, the virus script does not contain any command to execute this XCMD.

There is a Hyper Card virus called MacHC/Antibody which hops between stacks and removes MacHC/MerryXmas virus. It also insert a short script which blocks future infections.

Symptoms

The virus starts for "on openbackground --merryxmas" string and ends with "end getxmas".

Method of Infection

The infected stack has XCMD 69 "openbackground" and XCMD 405 "viralcopy" resources. Virus will infect other scripts when an infected stack is opened. An uninfected Home stack will be infected first.

Removal

The MacHC/MerryXmas virus can cause irreparable damage because it sometimes deletes scripts or carries unrelated script routines from its host stack to the Home stack. For this reason, Network Associates recommends that you replace infected stacks rather than repair them whenever possible.

Write-protecting the Hypercard Home stack is a good countermeasure against Merryxmas virus and other similar threats.

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• Crudshot

• Lopez

• Merry2Xmas

Characteristics

Characteristics -

This HyperCard virus works only Apple Macintosh computers that have HyperCard scripting installed. Its several variants infect HyperCard stacks by appending viral code to the end of the stack script. When an infected stack is run, it first attempts to infect the HyperCard Home stack.

Subsequent stacks that are run will receive the infection from the Home stack. A "bug" in the most common strains causes the entire host stack script to be appended to the "Home" stack script when it is infected. If the host stack script contains any handler routines, unexpected Home stack behaviour may result. One strain replaces the Home stack script and deletes any stack that is run after the Home stack is infected.

The virus carries an XCMD which will shut down the system without saving open documents. However, the virus script does not contain any command to execute this XCMD.

There is a Hyper Card virus called MacHC/Antibody which hops between stacks and removes MacHC/MerryXmas virus. It also insert a short script which blocks future infections.

Symptoms

Symptoms -

The virus starts for "on openbackground --merryxmas" string and ends with "end getxmas".

Method of Infection

Method of Infection -

The infected stack has XCMD 69 "openbackground" and XCMD 405 "viralcopy" resources. Virus will infect other scripts when an infected stack is opened. An uninfected Home stack will be infected first.

Removal -

Removal -

The MacHC/MerryXmas virus can cause irreparable damage because it sometimes deletes scripts or carries unrelated script routines from its host stack to the Home stack. For this reason, Network Associates recommends that you replace infected stacks rather than repair them whenever possible.

Write-protecting the Hypercard Home stack is a good countermeasure against Merryxmas virus and other similar threats.

Variants

Variants -

N/A