-- respodendo a mensagem de Mike Bilow para Peter Fitzsimmons (Virus Hysteria) --

 MB> Peter Fitzsimmons wrote in a message to Pierre Vandevenne:

 

 PF> Someone (I think it was you) sent me the source for the

 PF> virus from that magazine.  It works by doing a

 PF> FindFirst/FindNext for "*.EXE" and "infecting" the

 PF> non-running programs by overwriting the entry point with

 PF> itself -- thus destroying the function of the original

 PF> program.  This is just one level above a trojan horse,  and

 PF> has little chance of spreading very far since the damage is

 PF> detected immediately when an "infected" (I'd rather use the

 PF> word "destroyed") program is run.



 MB> If the original Trojan program happened to be designed so that it

 MB> would infect only EXEs belonging to system device drivers, the virus

 MB> could conceivably be running at Ring 0 after a reboot.  Of course, the

 MB> EXE entry point does not have the usual meaning on a device driver,

 MB> but there is still an opportunity to make serious trouble. 

 PF> So it IS a virus,  and does work with simple standard OS/2

 PF> api calls --but it will never be a successful (measured by

 PF> how far it will  spread) virus. 

 

 PF> The fact that this is the best thing so far that anyone has

 PF> come up with simply buttresses what we've been saying all

 PF> along.



 MB> Anyone would agree that an OS/2 virus would be difficult, and that

 MB> most DOS techniques will not work. 



	Even the fact that OS/2 has 2 file system by default, and not 1 as dos,

is a headake to the virus writer.  It's  not simple to know where a file is

stored, and how  to  change.   Besides  a  lot  of  viruses  uses  internal

structures of FAT to work better.



 PF> I don't think even dos has such a simple virus,  as it will

 PF> not stroke the ego of the virus writer,  who wants to be

 PF> thought of as deviously clever. 



 MB> I don't really know what motivates virus writers.  The majority

 MB> probably use something like the "Virus Construction Kit."
 Personally,

 MB> I will not be too impressed until someone figures out how to write a

 MB> virus, put it in boxes, and get the public to pay money for it -- at

 MB> which time Microsoft and Apple will sue, claiming they had the idea

 MB> first. 



	Microsoft  has  done  it,  Windows  3.1, it will harm your computer and

spread like fire in dry grass. And it's not detected by no virus scaner.



                ÚÄÄÄ¿

              m  o o  m

       ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿

       ³[]s Victor Bogado da Silva Lins  ³

       ³Bogado{at}lyric.labma.ufrj.br       ³

       ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ





... Press "+" to see another tagline.

--- Blue Wave/Max v2.12 OS/2 [NR]