drsolly@ibmpcug.co.uk (Alan Solomon) (10/10/89)
In his article dated 5-10-89, Yisrael Radai says that he has
discovered that Datacrime II does the low level format on every day
between Jan 1 and Oct 12 except Sundays.
I have a specimen of what I believe is Datacrime II. My analysis of
it is different - it does the low level format on every day between
October 13th and December 31st inclusive, except *Mondays*. Perhaps my
specimen is different to the one that Yisrael is reporting? It
certainly announces itself as "DATACRIME II", and matches the rest of
his description in file size and avoidance of files whose second
letter is "B" and infection of both COM and EXE files. Another
possible explanation is that the date comparison has not been
disassembled correctly by whoever did the disassembly, so could I ask
that Yisrael check his specimen; if he is correct, then we have two
Datacrime IIs.
While on the subject of Datacrime in general, although the virus
certainly exists, there has not been a single reported infection in
the field in the UK, and I rather think very few indeed elsewhere. On
the other hand, there seems to be a considerable tidal wave of media
scare building up in the run up to October 13th. My advice to anyone
who might be concerned is: work normally, take normal backups
regularly using Dos BACKUP or any other back up utility.
One thing that will happen is this: there are, say, 10 million PCs in
the world. If the average computer lasts 10 years, 3650 days, then on
average about 3000 computers go down per day; I've been deliberately
conservative about these figures. There is no reason to suppose that
October 13th will see significantly fewer of these normal failures.
Please remember that computers fail all the time, for assorted
non-virus reasons.
Myself, and a number of other researchers, have noticed that there
seem to be a number of viruses emerging that do not seem to exist in
significant numbers (or indeed, perhaps at all) in the field. Could
it be thet virus authors are writing viruses and sending them directly
to the virus research community, so cutting out the middle man? Or is
it that we are more alert now, and trap viruses before they get very
far?
Dr Alan Solomon Day voice: +44 494 791900
S&S Anti Virus Group Eve voice: +44 494 724201
Water Meadow Fax: +44 494 791602
Germain Street, BBS: +44 494 724946
Chesham, Fido node: 254/29
Bucks, HP5 1LP Usenet: drsolly@ibmpcug.co.uk
England Gold: 83:JNL246
CIX, CONNECT drsolly