BRUNNSTEIN@RZ.INFORMATIK.UNI-HAMBURG.DBP.DE (06/02/89)
After having reverse-engineered several viruses on different PCs
(AMIGA, Atari, MacIntosh and IBM), we have developped (and
experimentally tested, in a German mailbox of the national Informatics
society, since December 1988) a format in which we describe essential
features of computer viruses: the Computer Virus Catalog. Thanks to
Y.Radai, David Ferbrache and Otto Stolz, this Catalog is now available
in a revised form. The goal is to describe all those features which a
(not too well-informed) user needs to analyse whether and what virus
may have reached his machine; moreover, the catalog should contain
some hints which established tools help him to erase the virus.
At this time, about 25 viruses (maybe some of which exist in German
locations have been catalogued. At the Virus Test Center of Hamburg
University/Informatics (with a group of students, who participate in
my 4-semester course on Computer Security), we have concentrated on
AMIGA and IBM PC viruses, but in the latter case, we have difficulties
to get virus code 1) because the German IBM PC virus scene doesnot
offer the internationally reported manifold, and 2) we refuse to
exchange viruses, like stamps (we also don't publish virus code or the
`dossiers' which we produced by reverse-engineering). We therefore
appreciate any help which we can get from competent and cooperative
experts in the field.
As a separat document I send:
1st: the format of the Computer Virus Catalog,
2nd: the index on entries at this time.
To minimize the transfer problems to `remote locations' (seen from a
Germanocentric world view), we try to find locations where the actual
entries may be invoked (e.g. in US). Moreover, in order to guarantee
some degree of completeness, we ask groups/persons with developped
knowledge in the field, to take on the task of adding information
about viruses not yet catalogued. We plan to establish a committee
which controls new or updated entries; while Y.Radai, and D.Ferbrache
have accepted to cooperate in this Virus Catalog Editorial Committee,
we hope for a few more experts to cooperate in this task.
Thank you in advance for comments. Klaus Brunnstein.
- -----------------------------------------------------------------------
PostAdress: Prof.Dr. Klaus Brunnstein
Faculty for Informatics, Univ.Hamburg
Schlueterstr.70
D 2000 Hamburg 13
Tel: (40) 4123-4158 / -4162 Secr.
ElMailAdr: Brunnstein@RZ.Informatik.Uni-Hamburg.dbp.de
FromINTERNET:Brunnstein%RZ.Informatik.Uni-Hamburg.dbp.de@Relay.CS.Net
FromBITNET: Brunnstein%RZ.Informatik.Uni-Hamburg.dbp.de@DFNGate.Bitnet
FromUUCP: brunnstein%rz.informatik.uni-hamburg.dbp.de@unido.uucp
- -----------------------------------------------------------------------