BRUNNSTEIN@RZ.INFORMATIK.UNI-HAMBURG.DBP.DE (06/02/89)
=============================
Computer Virus Catalog Index:
May 25, 1989
=============================
Content/Short description of Catalog entries:
[(*) Viruses presently under reverse analysis,
catalogue entry will soon be available.]
1) Amiga DOS:
- -------------
*A.S.S. Virus BootBl/ResetRes? Antivirus-Virus (L=1024)
Byte Bandit Virus BootBl/ResetRes2 TransDamage (L=1024)
Byte Warrior BootBl/ResetRes2 Antivirus-Virus (L=1024)
*Camouflage Virus BootBl/ResetRes2 ????Damage (L=1024)
*Disk Doctors Virus BootBl/ResetRes? ????Damage (L=1024)
*Gaddafi-Virus BootBl/ResetRes. ????Damage (L=1024)
GYROS Virus BootBl/ResetRes1 TransDamage (L=1024)
IRQ-Team Virus Program/ResRes2/Disl. TransDamage L=1096
*Lamer Virus BootBl/ResetRes/SelfDisl.????Damage (L=1024)
NorthStar Virus Strain BootBl/ResetRes1 Antivirus-Virus (L=1024)
1.North Star I Virus
2.*North Star II Virus
Obelisk Virus BootBl/ResetRes1 TransDamage (L=1024)
*Paramount Virus BootBl/ResetRes? ????Damage (L=1024)
SCA-Virus Strain: BootBl/ResetRes. TransDamage (L=1024)
1.SCA-Virus: Swiss Cracking Association
2.AEK-Virus: SCA-text modified
*System Z 3.0 Virus BootBl/ResetRes? Antivirus-Virus(L=1024)
*UNKNOWN I Virus BootBl/ResetRes? ????Damage (L=1024)
*UNKNOWN II Virus BootBl/ResetRes? ????Damage (L=1024)
[BootBl: AMIGA-DOS uses two standardized bootsectors as one BootBlock;
ResetRes1: GYROS, NorthStar I/II, Obelisk and SCA/AEK Viruses become
"Reset Resident" via manipulation of Capture Vector
ResetRes2: Byte Bandit, Byte Warrior, Camouflage, IRG-Team and Lamer
viruses become "reset Resident" via manipulation of KickTag
Pointer)]
(Remark: unqualified information about several more viruses, including
names WARHAWK-V. and LSD-V. could not be confirmed up to date)
2) Atari TOS:
- -------------
ANTHRAX-Virus Prog(.PRG)Disl. PermDamage
=Milzbrand-Virus
c't Virus BootS/ResetRes PermDamage:FORMAT-HD (L<512)
Emil 1A-Virus BootS/ResetRes TransDamage (L<512)
Emil 2A-Virus BootS/ResetRes TransDamage (L<512)
*Mouse Virus BootS/??? PermDamage:Mouse up/down
=SIGNUM Virus
Zimmermann-Virus Prog(.PRG)Disl. TransDamage L=1414
3) MacIntosh:
- -------------
Aladin-Virus Prog/Disl.Code0 PermDamage L=3 kByte
Frankie-Virus Prog/Disl.Code0 PermDamage L=3 kByte
(Remark: several more viruses, such as nVIR, are under reverse-analysis;
for special knowledge of 68000: refer to David Ferbrache, Heriot-Watt-
University, Scotland/UK).
4) MS-DOS:
- ----------
Autumn(=Herbst)Virus Prog(.COM)Disl. TransDamage L=1704/1701
Bouncing Ball Virus BootS/--- TransDamage (L=1024)
Israeli Virus #1 Prog(.COM/.EXE)Disl.PermDamage L=1813/n*1808
Oropax Virus Prog(.COM)disl. TransDamage L=2756-2806
*SHOE Virus BootS/--- TransDamage
(Remark: Out of the multiplicity of MSDOS viruses, only a few have
in FRG; it is therefore difficult to receive copies for analysis)
5) Information Policy:
- ----------------------
5.1 Entries published in the Computer Virus Catalogue may be copied and
edited if the original source ("Computer Virus Catalogue, Virus Test
Center, University of Hamburg/Germany") is properly referenced and
changes applied are mentioned.
5.2 Several "NoName" Viruses have been produced in or are known to Virus
Test Center, Hamburg; such systems include MVS and VM, VMS and UNIX;
moreover, viruses with different replication strategies in MSDOS and
other PC systems have been tested. Since such "Test" viruses are
only produced to analyse proper defense methods (which maybe needed
in some future), it is the general information policy *not to dis-
tribute further information* in the Computer Virus Catalogue until
such viruses appear in "real world".
- ----------------------------------------------------------------------
PostAdress: Prof.Dr. Klaus Brunnstein
Faculty for Informatics, Univ.Hamburg
Schlueterstr.70
D 2000 Hamburg 13
Tel: (40) 4123-4158 / -4162 Secr.
ElMailAdr: Brunnstein@RZ.Informatik.Uni-Hamburg.dbp.de
FromINTERNET:Brunnstein%RZ.Informatik.Uni-Hamburg.dbp.de@Relay.CS.Net
FromBITNET: Brunnstein%RZ.Informatik.Uni-Hamburg.dbp.de@DFNGate.Bitnet
FromUUCP: brunnstein%rz.informatik.uni-hamburg.dbp.de@unido.uucp
- -----------------------------------------------------------------------