Category Index:
/pub/doc/viruses Category Index:
/pub/doc/viruses
No Pointing!Suzana
Stojakovic-Celustka, Magazine
on computer viruses and artificial life
Keywords: artificial life, viruses
Abstract: Electronic magazine about computer viruses and
artificial life. Has contributions from practioners working in
the field of both viruses and Alife. Discusses issues relating to
viruses in a more general computer science/evolution
setting.
Alan Fedeli,
Organizing a Corporate Anti-Virus Effort
Abstract: This document describes how IBM has learned to
cope with viruses and related threats. It is based on two years'
experience establishing and operating corporate-wide
CERT's.
InterPath Corp ,
Anti-Virus Measures
Abstract: This document outlines the various types of
commonly found viruses and suggests measures that can be taken to
minimize the risks of infection and procedures that may be used
to recover from infected systems.
Vesselin Bontchev,
The
Bulgarian and Soviet Virus Factories
Abstract: It is now well known that Bulgaria is leader in
computer virus production and the USSR is following closely. This
paper tries to answer the main questions: Who makes viruses
there, What viruses are made, and Why this is done. It also
underlines the impact of this process on the West, as well as on
the national software industry.
Tom Sirianni, Sally Nueman , The
Dirty Dozen-An Abbreviated Trojan Alert List
Abstract: List of Trojan programs and their
symptoms.
Alan Solomon,
Epidemiology and computer viruses
Abstract: It has been suggested in the press that computer
viruses spread at an exponential rate; figures suggesting a
doubling every two or three months have been suggested. These
figures tend to be arrived at by fitting such a simple curve to
two points, one of which is a rather arbitrary point a few years
ago, when it is supposed that only one copy of one virus existed,
and the other datum is an estimate of the current position.
Jim Goodwin,
Anti-Viral Product Evaluation
Abstract: Evaluation of various Anti-Viral Scanners for
IBM PCs.
David S. Stodolsky,
Infection
Control assuming Cooperation among Computers
Abstract: A new type of infection control mechanism based
upon contact tracing is introduced. Detection of an infectious
agent triggers an alerting response that propagates through an
affected network. A result of the alert is containment of the
infectious agent as all hosts at risk respond automatically to
restrict further transmission of the agent. Individually
specified diagnostic and treatment methods are then activated to
identify and destroy the infective agent. The title "Net
Hormones" was chosen to indicate the systemic nature of this
programmed response to infection.
Steve R. White, David M. Chess, Chengi Jimmy Kuo,
Coping with Computer Viruses and Related Problems
Abstract: This paper discusses computer viruses and
related problems. The author's intent is to help both executive
and technical managers understand the problems that viruses pose,
and to suggest practical steps they can take to help protect
their computing systems.
Luca Sambucci, ICARO
Files (Italian Computer Anti-Virus Research
Organisation)
Abstract: Descriptions (in English and Italian) of various
viruses found in the wild. Also included are tests of various
anti-viral products to see how well they detect these viruses.
Includes tests of polymorphic viruses.
Tim Sankary ,
Developing Virus Identification Products
Abstract: This is a short history of viruses and then
details on the operation of anti-viral programs.
Jeffrey O. Kephart,
A
Biologically Inspired Immune System for Computers
Abstract: Computer viruses are thefirst and only form of
artificial life to have had a measurable impact on society.
Currently, they are a relatively manageable nuisance. However,
two alarming trendsare likely to make computer viruses a much
greater threat. First, the rate at which new viruses are being
written is high, and accelerating. Second, the trend towards
increasing interconnectivity and interoperability among computers
will enable computer viruses and worms to spread much morerapidly
than they do today. To address these problems, we have designedan
immune system for computers and computer networks that takes much
of its inspiration from nature. Like the vertebrate immune
system, our system develops antibodies to previously
unencountered computer viruses or worms and remembers them so as
to recognize and respond to them more quicklyin the future. We
are careful to minimize the risk of an autoimmune response, in
which the immune system mistakenly identifies legitimate software
as being undesirable. Wealso employ nature's technique of
fighting self-replication with self-replication, which our
theoretical studies have shown to be highlyeffective. Many
components of the proposed immune system are already beingused to
automate computer virus analysis in our laboratory, and we
anticipate that this technology will gradually be incorporated
into IBM's commercial anti-virus product during the next year or
two.
John McAfee,
Implementing Anti-Viral Programs
Abstract: Problems in testing and evaluating Anti-Viral
software are discussed. Then the operation of virus detection and
prevention programs is explained. The key aspects of Detection,
Prevention and Identification are listed. Finally, a test
methodology for each is given.
Stephen E. Kiel, Raymond K. Lee,
The Infection of PC Compatible Computers
Abstract: The recent publicity over computer viruses has
produced mixed reactions and much confusion inside, as well as
outside, of the computing industry. The conflicting opinions are
caused either by a misunderstanding of what viruses are or a lack
of understanding of their potential problems. This paper answers
those questions and in addition, gives a description of currently
suggested methods for IBM PC's and compatibles for detecting,
preventing, and eliminating viruses. A highly technical
discussion is not the objective, but rather a broad overview is
given along with sources of additional information and
assistance.
George Woodside,
Virus 101-An Introduction to Viruses
Abstract: The operation of viruses, worms and trojan
horses on both IBM PCs and Atari STs is discussed.
Sandeep
Kumar, Eugene
H. Spafford,
A Generic Virus Scanner in C++
Abstract: This paper describes a virus detection tool: a
generic virus scanner in C++ with no inherent limitations on the
file systems, files types, or host architectures that can be
scanned. The tool is completely general and is structured in such
a way that it can easily be augmented to recognize viruses
different system platforms with varied file types.
David J. Ferbrache,
List of known Macintosh viruses
Abstract: This digest includes a list of all known Apple
Macintosh viruses together with a selection of reports (published
in virus-l) describing the virus, its symptoms, propogation and
detection.
Matt Bishop, An
Overview of Computer Viruses in a Research
Environment
Abstract: The threat of attack by computer viruses is in
reality a very small part of much more general threat,
specifically attacks aimed at subverting computer security. This
paper examines computer viruses as malicious logic in a research
and development environment, relates them to various model of
security and integrity, and examines current research techniques
aimed at controlling the threats viruses in particular, and
malicious logic in general, pose to computer systems. Finally, a
brief examination of the vulnerabilities of research and
development systems that malicious logic and computer viruses may
exploit is undertaken.
Alan Solomon,
List of New PC viruses
Abstract: Recgonition and detection of a newer strain of
viruses for IBM PCs and compatibles.
Joe Hirst,
List of PC viruses
Abstract: This list is intended to give enough information
to identify a virus or a variant form of a virus. It is not
intended by itself to supply enough information for a programmer
to deal with a virus. If any virus is found which does not
exactly match any of the following descriptions the Centre
requests that a copy of the virus be sent to us, or to a local
researcher known to be in contact with us.
John Norstad, Viruses
Review
Abstract: This directory contains a large collection of
viruses review documents.
Unknown, MS-Dos
and Macintosh Virus Scanners
Abstract: This directory contains msdos and Macintosh
virus scanners. Of particular interest is the current version of
McAfee's scan programs (currently version 89b). F-PROT is also a
very good MS-DOS scanner. Also. . . The freeware version of
Norton Anti-Virus Michelangelo Edition (NAV_MIKE.ZIP)
Padgett Peterson, Six
Bytes for Virus Detection In The MS-DOS Environment
Abstract: We have seen how system viruses and other
malicious software rely on two things, the lack of any integrity
checking on either the part of DOS or the user, and the
simplicity of creating a "hole" in memory to hide in. So far,
those viruses that attempt other concealment or fail to go
resident simply have not spread very far. Since a large portion
of viruses are "Boot Sector Infectors" that become resident
before any normal software can execute, these could be difficult
to detect at the DOS level. Luckily, current viruses have
operating system impacts that make them relatively simple to
detect. Hardware ROM extensions or non-standard partition table
software would be necessary for increased protection. Even at the
user level, integrity checking of attempts for a program to go
resident is a simple matter as a stand-alone and would be both
trivial and fast. Such a check could be incorporated as one layer
of an integrity shell or Command Line Interpreter. Several
program have attempted this in the past only to fail through
excessive screens irritating the user. An "intelligent" program
that knows what is permitted to go resident and how would be
simple to program and only flag "unregistered" attempts. The
surprising fact is that no-one seems to have done so as
yet.
Eugene
H. Spafford, Computer
Viruses as Artificial Life
Abstract: This paper begins with a description of how
computer viruses operate and their history, and of the various
ways computer viruses are structured. It examines ow viruses meet
properties associated with life as defined by some researchers in
the area of artificial life and self-organizing systems. The
paper concludes with some comments directed towards the
definition of artificially "alive" systems and
experimentation.
Muttik I.G., STARSHIP
- interesting file-boot virus.
Abstract: STARSHIP virus (file and boot simultaneously) is
described. It infects IBM PC and compatibles running DOS. Virus
is called STARSHIP : this string can be easily found in the
memory dump of virus. Virus infects masterboot record on harddisk
and executable files files created on floppy drives. The virus is
encrypted. Infected executable files have no descriptor longer
than 2 bytes. Virus appears to have no destructive code, it uses
music and video effects when active. The abnormal operation of
the infected computers was sometimes detected.
Eldar A.Musaev, Computer
Viruses In The USSR
Abstract: This is a paper on the situation with viruses in
the USSR. It was written in Oct-Nov of 1990, so it does not names
all viruses in the SU, but this number is NOT too high. Maybe
there are a couple of dozens, not more. Vienna virus is dated
1987 there. Author also listed a list of paper and books that
deal with the viruses in USSR.
David Chess,
Virus Verification and Removal tools and Techniques
Abstract: A prototype virus verifier and remover is
described.
Jim Goodwin,
PC Virus Listing
Abstract: Description and Classification of a variety of
PC viruses.
Joe Wells,
PC Viruses in the Wild
Abstract: This is a cooperative listing of viruses
reported as being in the wild by 16 virus information
professionals. The basis for these reports are virus incidents
where a sample was received, and positively identified by the
participant. Rumors and unverified reports have been
excluded.
Patricia M. Hoffman,
Virus
Information Summary List
Abstract: This document contains the compiled information
from a continuing research effort by the author into the
identification, detection and removal of MS-DOS Computer Viruses.
Hopefully, this listing will provide some assistance to those who
wish to know more about a particular computer virus. It is not
intended to provide a very detailed technical description, but to
allow the reader to understand what a virus generally does, how
it activates, what it is doing to their system, and most
importantly, how to get rid of it.
Built by Mark Crosbie
and Ivan
Krsul.
Security Archive Homepage.
Purdue CS Dept page.
