Le portail francophone de la géomatique

bonjour,

J'ai decouvert par hasard ce qui suit : etonnant, non ?

bonne journee,
RP

Trouve là : http://www.viruslibrary.com/virusinfo/MBA.First.htm et là : http://viruslist.com/eng/viruslist.html?id=65994

MBA.First

Last Modified: August 27, 2003
The first known virus to infect MapInfo tables. It activates upon the
opening of infected tables and proceeds to infect the MapInfo environment
and every table subsequently opening in MapInfo.

The virus has a payload routine that is triggered according to specific
system dates; the payload corrupts table files.

What is MapInfo

MapInfo is a Geo-Information System, one of the world's leading software
solutions for mapping and geographic analysis. It is developed by the
MapInfo Corporation. MapInfo uses the MapBasic programming language to
create custom applications for use with MapInfo Professional or special
MapInfo runtimes . It is very similar in syntax to Microsoft Visual Basic
but has additional 'statements' for tables and map manipulations.

Virus details

The virus is written in the MapBasic language and is compiled into a binary
application that executes with MapInfo. When the infected table is opened
the virus gains control and infects the MapInfo environment. To do this the
virus copies itself into the MapInfo program directory (the directory where
MapInfo is installed) under the name 0gPiSs1.dll. The 'startup.wor' file has
its own 'startup workspace'. The virus places into the startup workspace of
the startup.wor file the commands that launch the virus code. The startup
workspace is automatically executed prior to the launching of any other
workspace, and thus the virus gains control each time MapInfo is started.

When active, the virus silently collects the filenames of open tables to be
used at a later time.

When MapInfo is closed the virus checks the system time. On Monday it runs
its first payload routine that catalogs (numbers) the table filenames
collected during the current session. With the probability of 1% the virus
tries to delete the table files with the following extensions:

.map, .tif, .pcx or .jpg.
The second payload routine triggers on Friday the 13th and does the same as
the first payload routine but deletes table files with a 14% probability. In
addition it overwrites the mapinfow.prj file with the following text written
in Russian (encoding - Cyrillic KOI-8R):

--- eÏÏÒÄÉÎÁÔÙ ---
aÏÌÇÏÔÁ / uÉÒÏÔÁ , 3, 62, 8, -74, 40.5, 40.6666666667, 41.0333333333, 2000000, 100000
If the payload routines did not trigger, the virus infects all the collected
tables. To do this the virus overwrites the .mif table file with virus code
and inserts the command to run this file upon table opening.

Disinfection

Kaspersky Anti-Virus removes the virus code from files, but cannot restore
files deleted by virus payloads. You have to restore missing .map, .tif,
.pcx and .jpg files from backup. Also you may need to restore the
mapinfow.prj file in the MapInfo program directory from backup or from the
Tools subfolder.