frisk@rhi.hi.is (Fridrik Skulason) (09/18/90)
More about the 'Whale' virus....
John McAfee is correct in saying that the signature string I posted
recently will not detect all infected files - it will only detect the
first few generations, before the virus starts to mutate.
I have not observed some of the more unusual things reported regarding
this virus - the ability to modify other viruses for example. The
virus may be related to the 'Fish' variant of 'Frodo', but as far as I
know this relationship is only a speculation.
One interesting item, though - hidden within the virus, under three
levels of encryption, is the following string
THE WHALE IN SEARCH OF THE 8 FISH
I AM '~knzyvo}' IN HAMBURG addr error D9EB,02
The following (anonymous) note was posted on the VIRUS ECHO on Fidonet
- - rather interesting....
If you have the motherfish, you are entitled to an
explanation...when we discovered the motherfish, the
decision was made to disavow its existence and any
public comment on it was prohibited...the file was
never made available through normal distribution based
on two findings 1. the virus can not be detected by
present methods 2. the virus is modularly constructed
to allow it to "learn" the methods used to detect it,
and then integrate this coded thought into its arsenal
of defense mechanisms.........the motherfish is
not just a virus, it is a virtual living, breathing
entity that is capable of teaching itself its pursuers
techniques and then increasing its code level
sophistication as its environment becomes increasingly
hostile...this characteristic made it imperative that
distribution be kept at an absolute minimum...it would
be appreciated if you kept that in mind.
Saying that 'the virus can not be detected by present methods' is not
100% correct - McAfee has already announced a detector and disinfector
and I am working on another myself - it will be included in version
1.14 of F-PROT.
- -friskstevet@ihlpm.att.com (Stephen E Turpin) (03/27/91)
Does anyone have information or a cure for the WHALE virus? Apparently, it writes a large file to your disk until the disk is unusable. Thanks. Steve Turpin