home *** CD-ROM | disk | FTP | other *** search
/ HPAVC / HPAVC CD-ROM.iso / pc / MAGS.ZIP / VLAD#4.ZIP / ARTICLE.4_1 < prev    next >
Encoding:
Text File  |  1995-04-27  |  10.9 KB  |  178 lines
  1.  
  2.  
  3.   Virus Descriptions
  4.   +----------------+
  5.  
  6.   Andropinis                    -       Author: Rajaat
  7.                                         Origin: United Kingdom
  8.                                         Type:   Multipartite infector of COM
  9.                                                 files and the hard disk
  10.                                                 master boot record.  Uses
  11.                                                 anti-heuristic tricks to
  12.                                                 avoid TBScan.  Full stealth
  13.                                                 on the infected MBR.
  14.                                         Note:   This is not a VLAD virus but
  15.                                                 a contribution by an
  16.                                                 independant author.
  17.  
  18.   Super Virus-2                 -       Author: Burglar
  19.                                         Origin: Taiwan
  20.                                         Type:   TSR Polymorphic Semi-Stealth
  21.                                                 infector of COM and EXE
  22.                                                 format files.  Uses 286
  23.                                                 instructions and has a
  24.                                                 payload where it writes a
  25.                                                 hello message to the screen.
  26.                                                 Finds the original Int21
  27.                                                 using the Int30h trick.  Uses
  28.                                                 Int2f AH=13h to get the
  29.                                                 original Int13 and sets Int13
  30.                                                 to this before infecting.
  31.                                                 Semistealth as it hides the 
  32.                                                 file size on functions 11 and
  33.                                                 12. Uses unusual undocumented
  34.                                                 methods to go resident. 
  35.                                                 After opening the file to
  36.                                                 infect, the virus duplicates
  37.                                                 the file handle, closes the
  38.                                                 original handle, and
  39.                                                 continues to infect using the
  40.                                                 new handle.  Uses the
  41.                                                 Phantasie Polymorphic Engine
  42.                                                 which makes the virus hard to
  43.                                                 detect without the use of
  44.                                                 difficult algorithmic
  45.                                                 scanning.
  46.                                         Note:   This is not a VLAD virus but
  47.                                                 a contribution by an
  48.                                                 independant author.
  49.  
  50.   VTBoot Variant 18             -       Author: Dark Fiber
  51.                                         Group:  Australian Institute of
  52.                                                 Hackers (AIH)
  53.                                         Origin: Australia
  54.                                         Type:   Full stealth floppy boot
  55.                                                 sector, hard disk MBR
  56.                                                 infector.  Most remarkable
  57.                                                 for its small size.
  58.                                         Note:   This is not a VLAD virus but
  59.                                                 a contribution by an
  60.                                                 independant author from a
  61.                                                 different group.
  62.  
  63.  
  64.   Ebbelwoi Subversion Qux-7     -       Author: Sirius
  65.                                         Origin: Germany
  66.                                         Type:   Semi-Stealth infector of COM
  67.                                                 files.  Is semi-polymorphic.
  68.                                                 (Three stable bytes)
  69.                                         Note:   This is not a VLAD virus but
  70.                                                 a contribution by an
  71.                                                 independant author.
  72.  
  73.   Ender Wiggin                  -       Author: Rhincewind
  74.                                         Origin: Unknown
  75.                                         Type:   Parasitic TSR COM infector.
  76.                                                 Infects by writing itself
  77.                                                 into the empty cluster space
  78.                                                 behind the end of files.
  79.  
  80.   WinSurfer                     -       Author: Qark and Quantum
  81.                                         Origin: Australia
  82.                                         Type:   Parasitic TSR NewEXE
  83.                                                 infector.  One of the only
  84.                                                 windows based viruses in the
  85.                                                 world, this creation only
  86.                                                 runs in protected mode,
  87.                                                 infecting the windows
  88.                                                 executable upon execution.
  89.  
  90.   Antipode V2.0                 -       Author: Automag
  91.                                         Origin: France
  92.                                         Type:   Parasitic semi-stealth
  93.                                                 resident COM infector.
  94.                                                 Specifically targets TBAV,
  95.                                                 containing many tricks to
  96.                                                 defeat and bypass the
  97.                                                 resident utilities and
  98.                                                 scanner.
  99.  
  100.   Bane                          -       Author: Quantum
  101.                                         Origin: Australia
  102.                                         Type:   Full stealth EXE header
  103.                                                 virus.  Writes itself into
  104.                                                 the space at the end of the
  105.                                                 EXE header and will stealth
  106.                                                 reads to that same place by
  107.                                                 monitoring int13 reads.
  108.  
  109.   RHINCE                        -       Author: Rhincewind
  110.                                         Origin: Unknown
  111.                                         Type:   Not a virus at all, but a
  112.                                                 small, compact polymorphic
  113.                                                 engine.  Generates random
  114.                                                 code which, when executed,
  115.                                                 writes a small xor decyptor
  116.                                                 to undo the encryption.
  117.  
  118.   Tasha Yar - II                -       Author: Quantum
  119.                                         Origin: Australia
  120.                                         Type:   Full Stealth TSR COM/EXE
  121.                                                 infector.  Contains a payload
  122.                                                 where infected files can't
  123.                                                 be deleted, and if a fossil
  124.                                                 driver is detected, an ansi
  125.                                                 is sent to the modem.
  126.  
  127.   Replicator                    -       Author: Darkman
  128.                                         Origin: Denmark
  129.                                         Type:   Resident EXE infector.
  130.                                                 Unencrypted, semi-stealth
  131.                                                 virus with an error handler.
  132.                                                 Infects all EXE files in
  133.                                                 the current directory when
  134.                                                 the user changes drive or
  135.                                                 directory.
  136.  
  137.   Antigens Radical Tunneler 2.2 -       Author: Antigen
  138.   (ART v2.2)                            Origin: USA
  139.                                         Type:   The most advanced tunneler
  140.                                                 ever made, surpassing even
  141.                                                 the previous version.
  142.                                                 It no longer uses int1 and
  143.                                                 the trap flag, instead it
  144.                                                 calculates the length of the
  145.                                                 instruction, copies it
  146.                                                 into a buffer and executes
  147.                                                 it.  Get's past every AV
  148.                                                 TSR it has been tested
  149.                                                 against.
  150.  
  151.   Good Times                    -       Author: Qark
  152.                                         Origin: Australia
  153.                                         Type:   Polymorphic TSR COM/EXE
  154.                                                 Infector.  Flexible entry
  155.                                                 point on COM files because it
  156.                                                 checks the code for jmp/call
  157.                                                 instructions.  Is only
  158.                                                 polymorphic due to use of
  159.                                                 the RHINCE engine.
  160.  
  161.   DOS Idle                      -       Author: Darkman
  162.                                         Origin: Denmark
  163.                                         Type:   Resident COM/EXE infector.
  164.                                                 Uses trivial 16bit xor
  165.                                                 encryption.  Has an error
  166.                                                 handler, no stealth, hooks
  167.                                                 int 28h and infects the
  168.                                                 owner of the environment.
  169.  
  170.   Neither here, nor there       -       Author: Metabolis
  171.                                         Origin: Australia
  172.                                         Type:   Direct action infector of
  173.                                                 COM files.  Unusual in that
  174.                                                 it prepends half the virus
  175.                                                 body and appends the other
  176.                                                 half.
  177.  
  178.