fu@unix.sri.com (Christina Fu) (08/29/89)
Recently, I have had a chance to investigate the 1280, 1168 and DATACRIME II viruses, and found some interesting differences between the first two versions and DATACRIME II. As a result, I have developed an antidote for both 1280 and 1168, and an antidote for the DATACRIME II. Among the differences between these viruses, the most significant one for developing antidotes is that the DATACRIME II virus generates a mutually exclusive signature set than the other two. Because of the said difference, the antidote for the 1280 and 1168 becomes a de-antidote for the DATACRIME II, and vice versa. Which means, if a file is infected with either 1280 or 1168, it is still vulnerable of contracting DATACRIME II, and vice versa (this situation does not exist between 1280 and 1168, however). If we view these viruses as two different strains, then these antidotes make more sense, otherwise, they can be useless. Another interesting thing is that the DATACRIME II purposely avoids infecting files with a "b" as the second character in the name (such as IBMBIO.COM and IBMDOS.COM), while the other two avoids to infect files with a "d" as the seventh character in the name (such as COMMAND.COM), and aside from that, the DATACRIME II virus can also infect EXE files, unlike the other two. I am looking into providing them to the public free of charge (I do not claim responsibility or ask for donation). Any interested archive sites please let me know. By the way, I need a sample disclaimer for programs distributed in this manner.