XRJDM%SCFVM.BITNET@VMA.CC.CMU.EDU (Joe McMahon) (10/28/89)
1) Read this digest. There are probably more contributors here than in any other spot around. 2) Study Inside Macintosh, particularly the sections on ROM patches, INITs, and VBL tasks. These are the principle attack vectors for Mac viruses. 3) Become adept at using TMON, Macsbug, or some other disassembler/ debugger. This will help you track down what is happening during a given infection. I don't know of anything equivalent to the "microscope and tweezers" report on the Internet worm for any Mac virus, so I can't refer you to any articles which talk about the mechanics of any virus in great detail. The only one which might be of use to you is an article in MacTutor magazine (last year? check the MacTutor anthologies) which has a description of an nVIR infection and a primitive but useful removal program. --- Joe M.