Alan_J_Roberts@Sun.COM (09/14/90)
This is a forward from John McAfee: ================================================================= Fridrik Skulason posted an identification string for the Whale virus (Mother Fish) in yesterday's Virus-L. Unfortunately, the posted string does not work. Neither will any string, for that matter. Even a string allowing sophisticated wild card configurations will not work. The Whale virus is a new entity in the world of viruses. It uses multiple levels of encryption, each of which are continually modified. Unlike the V2Px series of variable encrypting viruses -- which used functionally similar but mechanically diverse decryption routines, the Whale virus decryption routines seem to have nothing in common with succeeding or preceding generations of the virus. I spoke with Fridrik shortly after his posting and he seems to have also come to this same conclusion after further analysis. We have not delved into the inner workings of this virus as much as some other investigators, but have instead focused on detection and removal. We have a reliable detector and disinfector at this point, and it is available to anyone who is also working on this virus (or anyone else, I guess, for that matter). It should prove helpful for containment and checking purposes, and is a lot faster and more accurate than visual inspection. We will fold this detector/disinfector into SCAN for its next release. I'm afraid this virus represents a new and nasty turn in the evolution of viruses. Of the more than 9,000 bytes of code in the virus, more than 7,000 bytes appear to be dedicated solely to avoiding detection and removal. It seems fairly effective. I anticipate that variations of this virus will shortly pose major problems to the public domain. Anyone wanting a copy of the detector/disinfector should call us (McAfee Associates) at 408 988 3832. Or leave a message on the HomeBase BBS - 408 988 4004. Or drop us a fax - 408 970 9727. Or pick up a copy from Patti Hoffman, Kelly Goen, or anyone else who also has a copy. John McAfee
landman@hanami.Eng.Sun.COM (Howard A. Landman) (09/18/90)
portal!cup.portal.com!Alan_J_Roberts@Sun.COM writes: >This is a forward from John McAfee: > > I'm afraid this virus represents a new and nasty turn in the >evolution of viruses. Of the more than 9,000 bytes of code in the >virus, more than 7,000 bytes appear to be dedicated solely to avoiding >detection and removal. It seems fairly effective. Computer "organisms" have always had the potential to alter their own "genetic code" at will. Encryption is far easier than changing DNA to something else. How complicated and effective does a "virus" have to be before you call it a bacterium? And have we yet seen the computer equivalent of a multicellular organism (maybe the Internet worm?)? (Only in a multitasking OS, of course ...) Will the future bring a "social insect", identical programs operating cooperatively, ant-like, on multiple nodes of a large network, seeking storage space and CPU time for their own ends? I wonder what fraction of the human genetic code is "dedicated solely to avoiding detection and removal"? Perhaps as much as that dedicated to avoiding starvation, or failure to reproduce. - -- Howard A. Landman landman@eng.sun.com -or- sun!landman