The story of the Ghostball virus is a worthwhile tale to revisit as Cybersecurity Awareness Month draws to a close on Halloween. As some PC users found out in October 1989, malware can be difficult to exorcise from your system.
Ghostball—discovered by Icelandic security expert Fridrik Skulason—was one of the first known multipartite viruses. While a typical virus attacks the system, program files, or the boot sector, a multipartite virus (also known as a hybrid virus) targets the boot sector and program files simultaneously. When a user turns on their computer, the boot sector triggers the virus, and then program files launch destructive payloads.
Ghostball virus works differently from those before it
Ghostball placed a viral code on a machine’s boot sector. In addition, whenever an infected .COM file was launched, the virus scanned the machine for other .COM files to infect. (A .COM file was a predecessor to the .EXE file type that was limited to no more than 64KB in size.) The malware combined code from two previous viruses. Its .COM file attack code was based on the Vienna virus, while its code targeting boot sectors was inspired by the Ping Pong virus.
The primary symptom of a Ghostball attack was a specific increase in file size, as infected files grew by 2,351 bytes. An infected file might also display a message reading “GhostBalls, Product of Iceland Copyright © 1989, 4418 and 5F10 MS DOS 3.2.”
The only cure for Ghostball? Eradicate all infected .COM files from a machine completely. Although he would have never encountered the need for cybersecurity, Benjamin Franklin’s saying rings true about Ghostball and other malware: An ounce of prevention is worth a pound of cure.
Photo: Lemon Tree Images / Shutterstock