The Center for Education and Research in Information Assurance and Security, or CERIAS, is the world's foremost University center for multidisciplinary research and education in areas of information security. Our areas of research include computer, network, and communications security as well as information assurance.

This site's design is only visible in a graphical browser that supports web standards, but its content is accessible to any browser or Internet device. (Why?)

Center for Education and Research in Information Assurance and Security

COAST Security Archive Logo Category Index: /pub/doc/viruses

No Pointing!

This WWW page was generated automatically. Link makers should not point their links to this page. If you must, please make a link to the search entry point.

Suzana Stojakovic-Celustka, Magazine on computer viruses and artificial life
Keywords: artificial life, viruses
Abstract: Electronic magazine about computer viruses and artificial life. Has contributions from practioners working in the field of both viruses and Alife. Discusses issues relating to viruses in a more general computer science/evolution setting.

Alan Fedeli, Organizing a Corporate Anti-Virus Effort
Abstract: This document describes how IBM has learned to cope with viruses and related threats. It is based on two years' experience establishing and operating corporate-wide CERT's.

InterPath Corp , Anti-Virus Measures
Abstract: This document outlines the various types of commonly found viruses and suggests measures that can be taken to minimize the risks of infection and procedures that may be used to recover from infected systems.

Vesselin Bontchev, The Bulgarian and Soviet Virus Factories
Abstract: It is now well known that Bulgaria is leader in computer virus production and the USSR is following closely. This paper tries to answer the main questions: Who makes viruses there, What viruses are made, and Why this is done. It also underlines the impact of this process on the West, as well as on the national software industry.

Tom Sirianni, Sally Nueman , The Dirty Dozen-An Abbreviated Trojan Alert List
Abstract: List of Trojan programs and their symptoms.

Alan Solomon, Epidemiology and computer viruses
Abstract: It has been suggested in the press that computer viruses spread at an exponential rate; figures suggesting a doubling every two or three months have been suggested. These figures tend to be arrived at by fitting such a simple curve to two points, one of which is a rather arbitrary point a few years ago, when it is supposed that only one copy of one virus existed, and the other datum is an estimate of the current position.

Jim Goodwin, Anti-Viral Product Evaluation
Abstract: Evaluation of various Anti-Viral Scanners for IBM PCs.

David S. Stodolsky, Infection Control assuming Cooperation among Computers
Abstract: A new type of infection control mechanism based upon contact tracing is introduced. Detection of an infectious agent triggers an alerting response that propagates through an affected network. A result of the alert is containment of the infectious agent as all hosts at risk respond automatically to restrict further transmission of the agent. Individually specified diagnostic and treatment methods are then activated to identify and destroy the infective agent. The title "Net Hormones" was chosen to indicate the systemic nature of this programmed response to infection.

Steve R. White, David M. Chess, Chengi Jimmy Kuo, Coping with Computer Viruses and Related Problems
Abstract: This paper discusses computer viruses and related problems. The author's intent is to help both executive and technical managers understand the problems that viruses pose, and to suggest practical steps they can take to help protect their computing systems.

Luca Sambucci, ICARO Files (Italian Computer Anti-Virus Research Organisation)
Abstract: Descriptions (in English and Italian) of various viruses found in the wild. Also included are tests of various anti-viral products to see how well they detect these viruses. Includes tests of polymorphic viruses.

Tim Sankary , Developing Virus Identification Products
Abstract: This is a short history of viruses and then details on the operation of anti-viral programs.

Jeffrey O. Kephart, A Biologically Inspired Immune System for Computers
Abstract: Computer viruses are thefirst and only form of artificial life to have had a measurable impact on society. Currently, they are a relatively manageable nuisance. However, two alarming trendsare likely to make computer viruses a much greater threat. First, the rate at which new viruses are being written is high, and accelerating. Second, the trend towards increasing interconnectivity and interoperability among computers will enable computer viruses and worms to spread much morerapidly than they do today. To address these problems, we have designedan immune system for computers and computer networks that takes much of its inspiration from nature. Like the vertebrate immune system, our system develops antibodies to previously unencountered computer viruses or worms and remembers them so as to recognize and respond to them more quicklyin the future. We are careful to minimize the risk of an autoimmune response, in which the immune system mistakenly identifies legitimate software as being undesirable. Wealso employ nature's technique of fighting self-replication with self-replication, which our theoretical studies have shown to be highlyeffective. Many components of the proposed immune system are already beingused to automate computer virus analysis in our laboratory, and we anticipate that this technology will gradually be incorporated into IBM's commercial anti-virus product during the next year or two.

John McAfee, Implementing Anti-Viral Programs
Abstract: Problems in testing and evaluating Anti-Viral software are discussed. Then the operation of virus detection and prevention programs is explained. The key aspects of Detection, Prevention and Identification are listed. Finally, a test methodology for each is given.

Stephen E. Kiel, Raymond K. Lee, The Infection of PC Compatible Computers
Abstract: The recent publicity over computer viruses has produced mixed reactions and much confusion inside, as well as outside, of the computing industry. The conflicting opinions are caused either by a misunderstanding of what viruses are or a lack of understanding of their potential problems. This paper answers those questions and in addition, gives a description of currently suggested methods for IBM PC's and compatibles for detecting, preventing, and eliminating viruses. A highly technical discussion is not the objective, but rather a broad overview is given along with sources of additional information and assistance.

George Woodside, Virus 101-An Introduction to Viruses
Abstract: The operation of viruses, worms and trojan horses on both IBM PCs and Atari STs is discussed.

Sandeep Kumar, Eugene H. Spafford, A Generic Virus Scanner in C++
Abstract: This paper describes a virus detection tool: a generic virus scanner in C++ with no inherent limitations on the file systems, files types, or host architectures that can be scanned. The tool is completely general and is structured in such a way that it can easily be augmented to recognize viruses different system platforms with varied file types.

David J. Ferbrache, List of known Macintosh viruses
Abstract: This digest includes a list of all known Apple Macintosh viruses together with a selection of reports (published in virus-l) describing the virus, its symptoms, propogation and detection.

Matt Bishop, An Overview of Computer Viruses in a Research Environment
Abstract: The threat of attack by computer viruses is in reality a very small part of much more general threat, specifically attacks aimed at subverting computer security. This paper examines computer viruses as malicious logic in a research and development environment, relates them to various model of security and integrity, and examines current research techniques aimed at controlling the threats viruses in particular, and malicious logic in general, pose to computer systems. Finally, a brief examination of the vulnerabilities of research and development systems that malicious logic and computer viruses may exploit is undertaken.

Alan Solomon, List of New PC viruses
Abstract: Recgonition and detection of a newer strain of viruses for IBM PCs and compatibles.

Joe Hirst, List of PC viruses
Abstract: This list is intended to give enough information to identify a virus or a variant form of a virus. It is not intended by itself to supply enough information for a programmer to deal with a virus. If any virus is found which does not exactly match any of the following descriptions the Centre requests that a copy of the virus be sent to us, or to a local researcher known to be in contact with us.

John Norstad, Viruses Review
Abstract: This directory contains a large collection of viruses review documents.

Unknown, MS-Dos and Macintosh Virus Scanners
Abstract: This directory contains msdos and Macintosh virus scanners. Of particular interest is the current version of McAfee's scan programs (currently version 89b). F-PROT is also a very good MS-DOS scanner. Also. . . The freeware version of Norton Anti-Virus Michelangelo Edition (NAV_MIKE.ZIP)

Padgett Peterson, Six Bytes for Virus Detection In The MS-DOS Environment
Abstract: We have seen how system viruses and other malicious software rely on two things, the lack of any integrity checking on either the part of DOS or the user, and the simplicity of creating a "hole" in memory to hide in. So far, those viruses that attempt other concealment or fail to go resident simply have not spread very far. Since a large portion of viruses are "Boot Sector Infectors" that become resident before any normal software can execute, these could be difficult to detect at the DOS level. Luckily, current viruses have operating system impacts that make them relatively simple to detect. Hardware ROM extensions or non-standard partition table software would be necessary for increased protection. Even at the user level, integrity checking of attempts for a program to go resident is a simple matter as a stand-alone and would be both trivial and fast. Such a check could be incorporated as one layer of an integrity shell or Command Line Interpreter. Several program have attempted this in the past only to fail through excessive screens irritating the user. An "intelligent" program that knows what is permitted to go resident and how would be simple to program and only flag "unregistered" attempts. The surprising fact is that no-one seems to have done so as yet.

Eugene H. Spafford, Computer Viruses as Artificial Life
Abstract: This paper begins with a description of how computer viruses operate and their history, and of the various ways computer viruses are structured. It examines ow viruses meet properties associated with life as defined by some researchers in the area of artificial life and self-organizing systems. The paper concludes with some comments directed towards the definition of artificially "alive" systems and experimentation.

Muttik I.G., STARSHIP - interesting file-boot virus.
Abstract: STARSHIP virus (file and boot simultaneously) is described. It infects IBM PC and compatibles running DOS. Virus is called STARSHIP : this string can be easily found in the memory dump of virus. Virus infects masterboot record on harddisk and executable files files created on floppy drives. The virus is encrypted. Infected executable files have no descriptor longer than 2 bytes. Virus appears to have no destructive code, it uses music and video effects when active. The abnormal operation of the infected computers was sometimes detected.

Eldar A.Musaev, Computer Viruses In The USSR
Abstract: This is a paper on the situation with viruses in the USSR. It was written in Oct-Nov of 1990, so it does not names all viruses in the SU, but this number is NOT too high. Maybe there are a couple of dozens, not more. Vienna virus is dated 1987 there. Author also listed a list of paper and books that deal with the viruses in USSR.

David Chess, Virus Verification and Removal tools and Techniques
Abstract: A prototype virus verifier and remover is described.

Jim Goodwin, PC Virus Listing
Abstract: Description and Classification of a variety of PC viruses.

Joe Wells, PC Viruses in the Wild
Abstract: This is a cooperative listing of viruses reported as being in the wild by 16 virus information professionals. The basis for these reports are virus incidents where a sample was received, and positively identified by the participant. Rumors and unverified reports have been excluded.

Patricia M. Hoffman, Virus Information Summary List
Abstract: This document contains the compiled information from a continuing research effort by the author into the identification, detection and removal of MS-DOS Computer Viruses. Hopefully, this listing will provide some assistance to those who wish to know more about a particular computer virus. It is not intended to provide a very detailed technical description, but to allow the reader to understand what a virus generally does, how it activates, what it is doing to their system, and most importantly, how to get rid of it.


O Built by Mark Crosbie and Ivan Krsul.

Security Archive Page Security Archive Homepage.

COAST Homepage COAST Project (CERIAS)Page.

Purdue CS Homepage Purdue CS Dept page. (COAST Security Archive)