Alan_J_Roberts@Sun.COM (08/06/89)
I just began an analysis of the Typo virus and, as with all new reported viruses, I ran McAfee's ViruScan against it as a first step. Imagine my surprise when it identified it as the Ping Pong virus! After tearing it apart, it turned out to be 90% original Ping Pong. Someone has taken the Ping Pong Carrier mechanism and modified the code that displays the bouncing dot to effect the typographical errors reported by Y Radai. I gave the disassembly to John and I believe Scan version 33 discriminates between the two viruses. John also just gave me a copy of the new Datacrime-2 virus, which is a strange beast. The encryption at the front of the virus is very different from the 1701/4 encryption method. Included in the decryption code is a routine to prevent looking at the code through debug, Codeview or other single step utility. I'll report back when I've ripped the beast apart, meanwhile I gave John sufficient info to update ViruScan so it can identify it (I think it's also included in V33). Alan