frisk%rhi.hi.is@vma.cc.cmu.edu (Fridrik Skulason) (11/22/89)
Most of the viruses we have seen to date seem to be written in
assembly language. However, it is possible to write viruses in a High
Level Language (HLL), and a few such viruses have been reported. The
AIDS virus, written in TURBO Pascal is probably the best known one.
Compared to an assembly language virus, a HLL virus will have the following
"features":
* It is bigger. The AIDS virus, for example, is around 12K,
which makes it the biggest virus known.
* It is more difficult to select good signature strings, since
most of the code produced by the compiler is probably also
present in a number of other (legitimate) programs. This makes
the job of detecting HLL viruses a bit harder.
* Is is much harder to write a good .EXE file infector in Pascal
or C than a .COM infector.
* Just about any programmer could write an usable .COM infector in
C or Pascal in less than an hour. (I mention C and Pascal because
they are the most popular languages, but a virus could just as
easily be written in other languages, Forth, Basic or even APL
or Cobol. Can anybody imagine what a Cobol or APL virus would
look like... ;-)
Comments ...?
- -frisk