BRUNNSTEIN@RZ.INFORMATIK.UNI-HAMBURG.DBP.DE (06/03/89)
- ------ Computer Virus Catalog 1.0: "Virusname" (Date of Entry) --------
Entry...............: "Virusname" (=Name of virus)
Alias(es)...........: Alternate Name(s)
Virus Strain........: "Family" (if any) to which this virus belongs
Virus detected when.: Date of first appearance
where.: Where has Virus been produced or detected
Classification......: System Virus (BootSector, Command.Com, BAT V.)
Link or Program Virus (Overwriting/Relocating V.)
Length of Virus.....: Length (Byte) if applicable.
- --------------------- Preconditions -----------------------------------
Operating System(s).: e.g. AMIGA-DOS, ATARI-TOS, MacOS, MS-DOS,
UNIX, VMS, MVS, VM
Version/Release.....: Special Version of OS (e.g. UNIX System V,
UNIX BSD, VMS etc) if needed, and Release
(e.g. MS-DOS 3.2, UNIX BSD 4.2)
Computer model(s)...: The Computer models (e.g. ROM BIOS versions)
on which the Virus runs.
- --------------------- Typical Attributes ------------------------------
Identification......: Typical texts, either messages (e.g. screen),
or texts in Virus body (readable with HexDump-
facilities), Volume Labels etc.
Type of infection...: Self-Identification methods;
Executable File infection(.COM,.EXE):overwriting,
dislocating; permanent/transient; RAM or File
(Direct Action) Infection; WCS infection (e.g.
CMOS store at initialisation setup);
System infection: RAM-Resident, Reset-Resident,
Bootblock/Bootsectors, Command.Com, BAT, Device
Handlers/Libraries etc;
Infection of unlinked Object Files;
Source Code Infection.
Damage..............: Permanent Damage: e.g. overwriting bootblock,
repeated restart/format, zeroing of sectors,
Bad Sectors in FAT etc;
Transient Damage: e.g. screen buffer manipulation,
audio effects, blinking LEDs
Particularities.....: special effects e.g. process velocity slowed-down
Similarities........: dis/similarities to other viruses ( either from
same "family" (=strain) or different viruses);
names of related viruses.
- --------------------- Agents ------------------------------------------
Tested vaccines.....: Names of those Antivirus programs tested
Vaccines successful.: Names of those Antivirus programs which, without
any restriction, were `successful' to identify and
destroy, without any side effect, the given virus
(details of Vaccine in Antivirus Catalog)
Standard means......: Means in the respective System which may be
used to identify/destroy this virus.
- --------------------- Classification ---------------------------------
Location............: e.g. Virus Test Center, University Hamburg, FRG
Classification by...: Author(s) of Reverse-Engineering Document
Documentation by....: Author(s) of this Catalog Entry;
Translator of Non-English document (if applicable)
Date................: Production/last Update of this Catalog Entry
(this information also in the 1st line)
Information Source..: Information used for Documentation (only in cases
where Reverse-Analysis was not possible).
- --------------------------End of "Virusname"-Virus---------------------
- -----------------------------------------------------------------------
PostAdress: Prof.Dr. Klaus Brunnstein
Faculty for Informatics, Univ.Hamburg
Schlueterstr.70
D 2000 Hamburg 13
Tel: (40) 4123-4158 / -4162 Secr.
ElMailAdr: Brunnstein@RZ.Informatik.Uni-Hamburg.dbp.de
FromINTERNET:Brunnstein%RZ.Informatik.Uni-Hamburg.dbp.de@Relay.CS.Net
FromBITNET: Brunnstein%RZ.Informatik.Uni-Hamburg.dbp.de@DFNGate.Bitnet
FromUUCP: brunnstein%rz.informatik.uni-hamburg.dbp.de@unido.uucp
- -----------------------------------------------------------------------