Throwback Thursday: Riotous Assembly

Posted by   Virus Bulletin on   Jul 30, 2015

This Throwback Thursday, we turn the clock back to January 1994, shortly after Cyber Riot had emerged as the first virus capable of infecting the Windows kernel.

Today, malware that affects the Windows kernel is ubiquitous - the majority of sophisticated attacks against Windows users have at least one component executing in the operating system kernel. But in 1993, the Windows kernel remained untouched by malware - and indeed Windows viruses were somewhat cumbersome and technically quite simple. That was until Cyber Riot came along.

While previous Windows viruses had operated fairly simply, Cyber Riot was the first Windows-specific virus to remain resident and to intercept the execute function by infecting KRNL386.EXE. Not only that, but Cyber Riot used several Windows functions not documented in any of the Developers' Kits. Indeed, it can be said that Cyber Riot was one of the first advanced Windows viruses.

VB's full analysis of Cyber Riot, from January 1994, can be read here in HTML-format, or downloaded here as a PDF (no registration or subscription required).

Posted on 30 July 2015 by Helen Martin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

Top 5 reasons why leading security companies are sending their teams to VB2025

VB2025 is coming up September 24-26 in Berlin, and teams from major enterprises, government agencies, and security companies are already planning their attendance. Here's why people keep coming back.

What cybersecurity experts are talking about in 2025

The cybersecurity field moves quickly, with new research surfacing regularly and threat actors constantly shifting their approaches. We've gathered five recent research topics that caught our attention, each offering a different angle on the current…

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.