Disk-Validator-Virus

A Disk-Validator-Virus is a special virus-type on the Amiga. To understand how Disk-Validator-Viruses work, you have first to understand what a Disk-Validator does:

The Disk-Validator is a 1848 byte long executable file which has been developed by Commodore itself. It is located in a directory called L on a disk, or let's say expected by the AmigaOS in a directory called L, and has the filename Disk-Validator (surprise :-)).

If you enter a disk which has been invalidated1 the AmigaOS will automatically look for the Disk-Validator on this disk and loads and executes it automatically if found. Then the program will correct the Rooblock so the disk is in a valid state afterwards.

The Disk-Validator is not mandatory, this means that if a disk doesn't have this file it just won't be loaded and the disk stays invalid (a requester will tell you that the disk is in an invalid state and you need to correct it):

To cut a long story short:

If a disk is in an invalid state the AmigaOS will look for a small program called L:Disk-Validator

If not found the AmigaDOS will pop-up a requester telling you that something is wrong with the disk

If found the program will be loaded an executed. Then the program will try to solve the problem on the just inserted disk.

Disk-Validator-Viruses take advantage of the AmigaOS automatism which loads and executes this file by making the disk deliberately invalid2 and writing its virus file as L:Disk-Validator on this disk.

Next time you enter it the AmigaOS checks if it is invalid. It is and therefore the AmigaOS loads and executes the program Disk-Validator automatically but this time it is the virus itself!

The brilliant3 idea behind that is that the virus becomes active just by inserting an infected disk. No need to start an infected file or booting with an infect disks - even better: the AmigaOS itself becomes active and handles the execution automatically.

The good news is that Disk-Validator-Viruses are only working on Amigas until Kickstart 1.3 because in later Kickstart revisions (2.0, 3.0, 3.1 etc..) Commodore integrated the Disk-Validator in the ROM, so there is no need to load the Disk-Validator as a seperate applicaton anymore. Even if there is a Disk-Validator on disk, it simply will be ignored.

The virus which introduced this technique on the Amiga is called Saddam virus4.

1 Possible reasons could be that you copied a file on disk and removed the disk while the AmigaDOS was able to finish writing or AmigaDOS wasn't able to update the Rootblock properly.

2 There is a flag located in the Rootblock which tells the AmigaOS if the disk is invalid or not. Disk-Validator-Viruses will set this flag deliberately to force a Disk-Validator call!

3 Yes, it is a brilliant idea although it is evil :-)

4 There are only a few Disk-Validator-Viruses on the Amiga, most ones are clones of the Saddam virus.