frisk@RHI.HI.IS (Fridrik Skulason) (07/20/89)
I got a letter yesterday. Translated to English, it reads:
Dear Fridrik,
Thanks for the publicity you have given to our virus. To show our
gratitude, we have placed you on our distribution list. You will
from now on receive FREE copies of all our viruses.
Enclosed is an update of our first virus, that will bypass every
virus protection programs.
Expect our program for "improving" SYS-files Real Soon Now.
(signed) 4418 and 5F19
The signature is the same as the last two words in the Icelandic virus.
By "publicity" they are probably referring to the fact that I have alerted
every computer dealer in Reykjavik (all 12 of them that is) to the existence
of an Icelandic virus.
I guess the last sentence in the letter is the first vaporware announcement
by virus authors.
The bad news is that the virus will indeed bypass some anti-virus
programs. Not all of them - programs that check for file length changes
will find infected programs.
But - the virus will infect programs, even if programs like Flushoot+
(or my own programs) are installed. It probably will also bypass
all programs that just monitor interrupts.
I have not finished disassembling it, but I will send a copy of the listing
to those who received the disassembly of the first version of the Icelandic
virus.