# Virdem

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Virdem
> Markdown URL: https://mediated.wiki/source/Virdem.md
> Source: https://en.wikipedia.org/wiki/Virdem
> Source revision: 1345627336
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

First file virus created

**Virdem** was the first file virus for [MS-DOS](/source/MS-DOS).[1] It was written by [Ralf Burger](https://en.wikipedia.org/w/index.php?title=Ralf_Burger&action=edit&redlink=1) in 1986 as a demonstration program for the [Chaos Computer Club](/source/Chaos_Computer_Club) conference. The virus spread by attaching itself to files with the .[COM file](/source/COM_file) extension. It is one of the oldest MS-DOS viruses.[2]

In December 1986, Burger distributed the virus at the [Chaos Computer Club](/source/Chaos_Computer_Club) conference in [Hamburg, Germany](/source/Hamburg).[3] The virus could copy itself and attach that copy to any .COM files. Virdem was fairly harmless as it announces its presence clearly.[*[failed verification](https://en.wikipedia.org/wiki/Wikipedia:Verifiability)*][4]

## Infection and symptoms

Virdem overwrites the host with its own code and saves the original program at the very end. It was a direct-action virus and did not spread fast.[*[failed verification](https://en.wikipedia.org/wiki/Wikipedia:Verifiability)*] It infected only files that had a COM extension.[5] When an infected file is run, the next uninfected program becomes infected.

When infected, small COM files, less than 11k, grow by 2559 bytes and larger files grow by 1336 bytes. Infected programs ask to guess the user a number between 0 and n such that the number matches the generation number of the virus plus one. A correct guess allows that program to run. Otherwise, it exits.

### Technical details

It doesn't intercept interrupt 24h so a write-protected disk gives an "Abort, Retry, Ignore" message. Read-only files are set to read/write, infected and then not set back to read-only. The virus had two [NOP](/source/NOP_(code)) instructions at the beginning of the file.[6]

## References

1. **[^](#cite_ref-1)** Bhargav, Abhay (2010-09-14). [*Secure Java: For Web Application Development*](https://books.google.com/books?id=io-ml0EcH8AC&dq=Virdem+virus&pg=PA31). CRC Press. [ISBN](/source/ISBN_(identifier)) [978-1-4398-2356-9](https://en.wikipedia.org/wiki/Special:BookSources/978-1-4398-2356-9).

1. **[^](#cite_ref-2)** Skoudis, Ed; Zeltser, Lenny (2004). [*Malware: Fighting Malicious Code*](https://books.google.com/books?id=TKEAQmQV7O4C&dq=Virdem+virus&pg=PA30). Prentice Hall Professional. [ISBN](/source/ISBN_(identifier)) [978-0-13-101405-3](https://en.wikipedia.org/wiki/Special:BookSources/978-0-13-101405-3).

1. **[^](#cite_ref-3)** Salomon, David (2010-08-05). [*Elements of Computer Security*](https://books.google.com/books?id=vyyoPz9OKfcC&dq=Virdem+virus&pg=PA372). Springer Science & Business Media. [ISBN](/source/ISBN_(identifier)) [978-0-85729-006-9](https://en.wikipedia.org/wiki/Special:BookSources/978-0-85729-006-9).

1. **[^](#cite_ref-4)** Danesh, Arman; Lau, Felix; Mehrassa, Ali (2002). [*Safe and Secure: Secure Your Home Network, and Protect Your Privacy Online*](https://books.google.com/books?id=xpsYmdDaTG8C&dq=Virdem+virus&pg=PA101). Sams Publishing. [ISBN](/source/ISBN_(identifier)) [978-0-672-32243-3](https://en.wikipedia.org/wiki/Special:BookSources/978-0-672-32243-3).

1. **[^](#cite_ref-5)** Szor, Peter (2005-02-03). [*The Art of Computer Virus Research and Defense*](https://books.google.com/books?id=XE-ddYF6uhYC&dq=Virdem+virus&pg=RA1-PT806). Pearson Education. [ISBN](/source/ISBN_(identifier)) [978-0-672-33390-3](https://en.wikipedia.org/wiki/Special:BookSources/978-0-672-33390-3).

1. **[^](#cite_ref-6)** Solomon, Alan (2012-12-06). [*PC Viruses: Detection, Analysis and Cure*](https://books.google.com/books?id=XTT2BwAAQBAJ&dq=Virdem+virus&pg=PA110). Springer Science & Business Media. [ISBN](/source/ISBN_(identifier)) [978-1-4471-1031-6](https://en.wikipedia.org/wiki/Special:BookSources/978-1-4471-1031-6).

## External links

- Malware Example: [VIRDEM.COM](https://archive.org/details/malware_VIRDEM.COM)

v t e Hacking in the 1980s ← 1970s Timeline of security hacking incidents Timeline of computer viruses and worms 1990s → Individuals Daniel Sentinelli Fernando Bonsembiante Justin Tanner Petersen Kevin Mitnick Lewis De Payne Lenny DiCicco Markus Hess Hans Heinrich Hübner Pablo Kleinman Raúl Barragán Susan Headley Groups The 414s Piratas Unidos Argentinos Malware 4K AIDS Trojan horse AIDS virus Alabama ANTI Brain Byte Bandit Cascade Christmas Tree EXEC CyberAIDS EGABTR Elk Cloner Father Christmas Festering Hate Ghostball HyperCard viruses Jerusalem Lamer Exterminator MacMag Morris nVIR Ping-Pong SCA Scores Stoned Virdem WANK

---
Adapted from the Wikipedia article [Virdem](https://en.wikipedia.org/wiki/Virdem) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Virdem?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.