BRUNNSTEIN@RZ.INFORMATIK.UNI-HAMBURG.DBP.DE (06/03/89)
- ------ Computer Virus Catalog 1.0: "Virusname" (Date of Entry) -------- Entry...............: "Virusname" (=Name of virus) Alias(es)...........: Alternate Name(s) Virus Strain........: "Family" (if any) to which this virus belongs Virus detected when.: Date of first appearance where.: Where has Virus been produced or detected Classification......: System Virus (BootSector, Command.Com, BAT V.) Link or Program Virus (Overwriting/Relocating V.) Length of Virus.....: Length (Byte) if applicable. - --------------------- Preconditions ----------------------------------- Operating System(s).: e.g. AMIGA-DOS, ATARI-TOS, MacOS, MS-DOS, UNIX, VMS, MVS, VM Version/Release.....: Special Version of OS (e.g. UNIX System V, UNIX BSD, VMS etc) if needed, and Release (e.g. MS-DOS 3.2, UNIX BSD 4.2) Computer model(s)...: The Computer models (e.g. ROM BIOS versions) on which the Virus runs. - --------------------- Typical Attributes ------------------------------ Identification......: Typical texts, either messages (e.g. screen), or texts in Virus body (readable with HexDump- facilities), Volume Labels etc. Type of infection...: Self-Identification methods; Executable File infection(.COM,.EXE):overwriting, dislocating; permanent/transient; RAM or File (Direct Action) Infection; WCS infection (e.g. CMOS store at initialisation setup); System infection: RAM-Resident, Reset-Resident, Bootblock/Bootsectors, Command.Com, BAT, Device Handlers/Libraries etc; Infection of unlinked Object Files; Source Code Infection. Damage..............: Permanent Damage: e.g. overwriting bootblock, repeated restart/format, zeroing of sectors, Bad Sectors in FAT etc; Transient Damage: e.g. screen buffer manipulation, audio effects, blinking LEDs Particularities.....: special effects e.g. process velocity slowed-down Similarities........: dis/similarities to other viruses ( either from same "family" (=strain) or different viruses); names of related viruses. - --------------------- Agents ------------------------------------------ Tested vaccines.....: Names of those Antivirus programs tested Vaccines successful.: Names of those Antivirus programs which, without any restriction, were `successful' to identify and destroy, without any side effect, the given virus (details of Vaccine in Antivirus Catalog) Standard means......: Means in the respective System which may be used to identify/destroy this virus. - --------------------- Classification --------------------------------- Location............: e.g. Virus Test Center, University Hamburg, FRG Classification by...: Author(s) of Reverse-Engineering Document Documentation by....: Author(s) of this Catalog Entry; Translator of Non-English document (if applicable) Date................: Production/last Update of this Catalog Entry (this information also in the 1st line) Information Source..: Information used for Documentation (only in cases where Reverse-Analysis was not possible). - --------------------------End of "Virusname"-Virus--------------------- - ----------------------------------------------------------------------- PostAdress: Prof.Dr. Klaus Brunnstein Faculty for Informatics, Univ.Hamburg Schlueterstr.70 D 2000 Hamburg 13 Tel: (40) 4123-4158 / -4162 Secr. ElMailAdr: Brunnstein@RZ.Informatik.Uni-Hamburg.dbp.de FromINTERNET:Brunnstein%RZ.Informatik.Uni-Hamburg.dbp.de@Relay.CS.Net FromBITNET: Brunnstein%RZ.Informatik.Uni-Hamburg.dbp.de@DFNGate.Bitnet FromUUCP: brunnstein%rz.informatik.uni-hamburg.dbp.de@unido.uucp - -----------------------------------------------------------------------