frisk@rhi.hi.is (Fridrik Skulason) (02/19/90)
Some time ago I reported that 1704 seemed able to infect the same file over and over on a Novell network. I now have a copy of the virus in question, and it appears that this has nothing to do with Novell networks - it is just a new variant of the virus. It is possible that this virus was created by a random mutation, which seems to have changed one JA instruction into JNE, but it is not certain. Because the author of 1704 did not include self-correcting Hamming code in the virus :-), the mutation spread - and spread faster than the original, "healthy" variant. All programs which are able to detect and remove the "standard" 1704 virus should also be able to handle this variant. - -- Fridrik Skulason, University of Iceland E-Mail: frisk@rhi.hi.is Technical Editor, Virus Bulletin (UK). Fax: 354-1-28801
swimmer@fbihh.informatik.uni-hamburg.de (Morton Swimmer) (03/03/90)
>I now have a copy of the virus in question, and it appears that this >has nothing to do with Novell networks - it is just a new variant of >the virus. >It is possible that this virus was created by a random mutation, which >seems to have changed one JA instruction into JNE, but it is not >certain. I hate to disapoint you, but there are literally dozens of variations of the Cascade/1704 virus. Most of the reside mainly in Vienna, and most seem to have stayed there. This goes also for the Vienna virus. Although it may be useful to have looked at all of them, at the moment I have enough to do. Perhaps one should say that Vienna can be dangerous to your computer's health, but soon we can say that of nearly everywhere, so whats the point. >Because the author of 1704 did not include self-correcting Hamming >code in the virus :-), the mutation spread - and spread faster than Now that would indeed be funny. As I am sure some virus programmers read virus-l, perhaps we'll see one soon. >All programs which are able to detect and remove the "standard" 1704 >virus should also be able to handle this variant. But should they? Say a new variant of 1704 comes along where the original code is not saved at the same location, what then? Cheers, Morton Virus Test Center, University of Hamburg Morton Swimmer, Virus Test Center, University of Hamburg, Schlueterstr. 70, 2000 Hamburg 20, FRG. dnet: swimmer@fbihh.informatik.uni-hamburg.de