fu@unix.sri.com (Christina Fu) (08/29/89)
Recently, I have had a chance to investigate the 1280, 1168 and
DATACRIME II viruses, and found some interesting differences between
the first two versions and DATACRIME II. As a result, I have
developed an antidote for both 1280 and 1168, and an antidote for the
DATACRIME II. Among the differences between these viruses, the most
significant one for developing antidotes is that the DATACRIME II
virus generates a mutually exclusive signature set than the other two.
Because of the said difference, the antidote for the 1280 and 1168
becomes a de-antidote for the DATACRIME II, and vice versa. Which
means, if a file is infected with either 1280 or 1168, it is still
vulnerable of contracting DATACRIME II, and vice versa (this situation
does not exist between 1280 and 1168, however). If we view these
viruses as two different strains, then these antidotes make more
sense, otherwise, they can be useless.
Another interesting thing is that the DATACRIME II purposely
avoids infecting files with a "b" as the second character in the name
(such as IBMBIO.COM and IBMDOS.COM), while the other two avoids to
infect files with a "d" as the seventh character in the name (such as
COMMAND.COM), and aside from that, the DATACRIME II virus can also
infect EXE files, unlike the other two.
I am looking into providing them to the public free of charge (I
do not claim responsibility or ask for donation). Any interested
archive sites please let me know.
By the way, I need a sample disclaimer for programs distributed in
this manner.