Cascade virus

The Cascade virus for MS-DOS was quite famous in the late 80’s due to its “payload”, after which the malware got its name. Once activated, the virus caused characters on the screen to cascade down, making normal computer operation impossible. Another Cascade’s feature was the piece of code that would prevent the virus from running on computers in which BIOS it found a “COPR. IBM” string. However, all known versions of Cascade contained a bug in the piece of code that allows the virus to infect IBM computers as well.

The virus infects COM files and consists of two parts: the virus body and an encryption routine. The latter encrypted the body of the virus so that it appeared different for every infected file. After loading the file, control was transferred to the encryption routine which decoded the virus body and transferred control to it. The size of the infected file was used as a decryption key, and the decryption routine remained unchanged from copy to copy, which allows modern antivirus solutions to detect the virus with relative ease.

Cascade has left a trace both on victims’ computers and in popular culture, the latter in a Star Trek: Deep Space Nine episode that featured a computer virus by the same name.