frisk@rhi.hi.is (Fridrik Skulason) (03/05/91)
We have seen viruses evolve in various direction. In some virus families, the variants tend to become more sophisticated, harder to detect or add new functions. In other families the viruses just become smaller and smaller. When I first became involved in viruses, the smallest virus known was Vienna, 648 bytes long, but the latest Bulgarian variants of the Vienna family are much smaller, only around 350 bytes. Another family of small viruses are the 'Burger' viruses. The naming of the variants is in a mess, and I have several identical samples with different names from various sources. In this family we have 5 560 byte variants, the '405' virus and the '382'. The Kennydy virus is small, only 333 bytes, but the related 'Tiny' virus was for a while the smallest virus known - 163 bytes. Then the Bulgarian wirus writers started writing really small viruses. The "Bulgarian Tiny" family has several members, the smallest of which is only 132 bytes long. An unrelated virus, which I propose to call "Micro-128", written by a different person (but also in Bulgaria) is currently the smallest resident virus - only 128 bytes long. It is of course possible to write an even smaller non-resident virus, and (naturally) a Bulgarian virus writer did just that - the result, which I propose to call 'Minimal' is only 45 bytes. Yes, 45 According To Vesselin Bontchev, the author could theoretically remove some unnecessary code - reducing the size to 30 bytes or so. The chances of becoming infected with this virus are practically nil, as it is not known in the wild, but users of F-PROT can add the following line to SIGN.TXT to detect it. Minimal-45 dOT5v5ememVLstmMnMLdjSmmWtMpGfnBv2w7U7GFTBWdhvtgjLErsbwR71YJI1xfLd - -frisk Fridrik Skulason University of Iceland | Technical Editor of the Virus Bulletin (UK) | Reserved for future expansion E-Mail: frisk@rhi.hi.is Fax: 354-1-28801 |