On (07 Jan 97) Kurt Wismer wrote to Manuel Llorens...
 -=> Mocking Manuel to Kurt <=-
 KW>   (Mock, mOck, moCk, mocK)
 KW> cannot infect a file without changing something somewhere... (and a
 ML> Not necesary. Beleave me ;-)
 KW> yes, it is necessary... a companion infector changes the contents of the
 KW> directory, a cluster infector changes the file allocation table, an
 KW> appending infector changes the contents of the file, an overwriting
 KW> infector changes the contents of the file...
 KW> the act of infection means that some change has occured, the change from
 KW> non-infected to infected...  change is completely unavoidable during
 KW> infection...
I here by second that LAW.  To infect any thing the IP pointer of 
the cpu MUST point to A entry point of the virus.  2) when the 
virus is active the virus MUST change the file, or directory entry 
some WAY so that program file when ran or excuted that the IP 
pointer of the cpu will again point to one of the virus code entry 
point.  NO change in the program file or directory entry, there is 
no way the cpu's (instruction pointer) will ever point to a virus  
program's entry point, 1) the virus code will never be load.
The ONLY exception is the computer has a virus active in memory 
already.
Gordon
... Authority and Responsibility should NEVER be separated!
--- PPoint 1.92
---------------