frisk@rhi.hi.is (Fridrik Skulason) (10/31/90)
I just received a package of the latest collection of Bulgarian viruses from Vesselin Bontchev. Some of the viruses were previously known, but quite a few are new. It included the following viruses: 1024 (2 variants) 1226 2100 Amstrad-852 Anthrax Anti-Pascal (5 variants) Dir Evil Kamikazi MG Proud Tiny family (10 variants) Trackswap VFSI So, as you can see, the Bulgarians are still quite active - the total of Bulgarian virus variants is now well over 100. Some notes: The Bulgarian "Tiny Family" is not related to the Danish "Tiny" virus at all. The Bulgarians may have seen that virus as a challenge to write an even smaller virus, which they did - the smallest virus is 134 byte long. Evil, Proud, 1226 and Phoenix were all made available in three different ways: A standard infected .COM file, A "-M" file. A "-D" file. This should not be interpreted as if there are three different variants of each virus. The "-M" file is just a sample .COM file infected with multiple copies of the virus, as it is occasionally unable to recognize existing infections. The "-D" file is just a memory dump of an infected .COM file, created by Vesselin Bontchev, after the virus has decrypted itself in memory. This file will replicate as well, as the virus contains code to check if it is already encrypted or not. - -frisk - -- Fridrik Skulason University of Iceland | Technical Editor of the Virus Bulletin (UK) | Reserved for future expansion E-Mail: frisk@rhi.hi.is Fax: 354-1-28801 |