Path: utzoo!attcan!uunet!cs.utexas.edu!csd4.milw.wisc.edu!uakari.primate.wisc.edu!indri!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: CHESS@YKTVMV.BITNET (David M. Chess)
Newsgroups: comp.virus
Subject: DataCrime II - tiny clarification (PC)
Message-ID: <0002.8908101123.AA06574@ge.sei.cmu.edu>
Date: 9 Aug 89 00:00:00 GMT
Sender: Virus Discussion List <VIRUS-L@IBM1.CC.Lehigh.EDU>
Lines: 12
Approved: krvw@sei.cmu.edu

Alan Roberts is basically right about the oddness of the "DataCrime II"s
self-degarbling code.   One small point (just so we don't get too
impressed with these virus-writers): while the trick that Alan refers
to does prevent the virus from degarbling itself if you single-step
through it, it's still trivial to disassemble; just set a breakpoint
right after the degarbling loop (there's even one clear byte there
to make it easy!), and let it run until then.  The virus writer
was probably trying to show off, and no doubt thinks him/her/itself
very clever, but in fact the trick added about 90 seconds to the
time required to analyze the virus, and was hardly worth the effort...

DC