Home Page
Search
Site Contents

Name: Matra R-440 Crotale April Fool's Hoax
Description:

There is no virus by this name. However, there was a widespread April Fools joke distributed discussing a hypotethical virus by this name. The actual message consisted of several other well-known hoax messages.

The actual message was posted to several newsgroups on 29th of March, 1997, and looked like this: 

****
   From: Kenhert
   Subject: !!!!!!!! VIRUS ALERT !!!!!!!!!!
   Date: Sat, 29 Mar 1997 06:16:23 GMT
   !!! Virus Alert !!!
   Matra R-440 Crotale Virus
        The Virus (or Viruses, rather)
   The worlds first multi-platform, multi-environment, and multi-sytems
   virus surfaced in Missouri on March 14, 1997. It was
   written in Pakistan by a group called Intollerant I-Rads. It seems to
   have been written by some extremely talented people. The
   extrodinary thing about it is it can infect any system and any OS and
   any chipset. It is not just one virus, but rather a series of
   them with an identical purpose.
   The first virus was sent about 3,000 people world wide via email. It
   is not a self-starting trojan as some people believe these
   types of things are, but rather a document attached to the email. This
   version of the virus is a MacroTrojan. It was sent to
   people using Netscape Navigator Mail and because Netscapes mail
   supports HTML tags they just used a simple tag that
   would autoload the DOC. The document containes the macros AARTS0,
   NTYAAA, PayLoad, and AutoOpen. When the
   document is opened the virus becomes active and infects all other
   documents opened after that the original. It then writes its
   code to the boot sector so it automatically loads with any type of
   reboot. From then it infects any COM/EXE file opened.
   Also, the next time you send someone email the virus uses the Netscape
   address book to send itself to anyone you've ever sent
   e-mail to.
   The second virus distributes itself on the modem sub-carrier present
   in all newer modems. The sub-carrier is used for ROM
   and register debugging purposes only, and otherwise serves no other
   purpose. The virus sets a bit pattern in one of the internal
   modem registers. A modem that has been "infected" with this virus will
   then transmit the virus to other modems that use a
   subcarrier. The virus then attaches itself to all binary incoming data
   and infects the host computer's hard disk. The only way to
   get rid of this virus is to completely reset all the modem registers
   by hand.
   The third virus is the last known version of this virus. This virus
   works on the same principles of the second version instead it
   travels through powerlines. It gets into the line by traveling on the
   60 Hz sub-carrier. It works by reversing the I/O port pinouts
   thus achieving control over the CPU and the rest is history.
        Sole Purpose
   It seems that this is a rather, actually, extremely distructive virus.
   Although it may enter you system differently, once inside it
   behaves the exact same way. The virus contains the text "(c)1997 by
   Intollerant I-Rads. All rights reserved. Unauthorized
   reproduction is prohibited by law." and "Matra R-440 Virus, the
   Almighty!". The virus has a self-changing encryption
   algorythm, so every time it is written to disk it appears differently,
   making it nearly impossible to detect. When a computer is
   booted up the virus automatically loads before command.com trapping
   13h disabling any virus scanner that might be loaded
   after command.com. It then checks the real time clock using 17Ah, if
   it returns that the date is Jan. 6 then the virus becomes
   activated.
   Any time after Jan. 6 the virus will become active if the computer is
   left idle for 30 minutes. The virus then displays the message,
   "Do not turn off you computer until this virus is finished working on
   your hard drive or you will lose everything." What the virus
   is doing is encrypting all the data on the drive with XOR. While it is
   encrypting the data this virus does one of two things. It
   either focuses part of the cathode ray beam in your monitor, burning a
   hole in your screen, or it modifies the horizontal scan
   frequency of you multisync CRT so that the monitors begins to
   overheat. This in turn causes the monitor case to melt! The next
   thing the virus does is gain access to the basic functions of your IDE
   controller and reversing the spin of your hard disk.
        Solution
   We have yet to discover a solution for this virus and we are working
   around the clock at it. But PLEASE! Befor you do
   anything else. Send this message to everyone you know, so that they
   may take whatever precautions they feel nessary.
   Dr. Kenhert, Cambridge University
****
Again, ignore this message and do no pass it on.