Path: utzoo!attcan!uunet!decwrl!apple!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw
From: 70033.1271@CompuServe.COM (Steve Albrecht)
Newsgroups: comp.virus
Subject: 4096 Virus and Checksums (PC)
Message-ID: <0006.9008031127.AA06769@ubu.cert.sei.cmu.edu>
Date: 2 Aug 90 17:39:32 GMT
Sender: Virus Discussion List <VIRUS-L@LEHIIBM1>
Lines: 24
Approved: krvw@sei.cmu.edu

In browsing through the April 1990 issue of Computers and Security,
Volume 9, No. 2, I read the following comments of Dr. Harold
Highland on the 4096 virus:

     "This recently published computer virus is particularly
     disturbing in that...checksum techniques likewise appear to
     be useless, the virus `disappears' during the checksum
     process..."

Can someone please elaborate on how the virus avoids the checksum
process, or perhaps direct me to more detailed information on this
virus?

In particular, does it avoid all checksum algorithms, or only
certain ones?  How does it avoid detection from the checksum
operation?

Any help would be most appreciated.


Steve Albrecht
MIS Field Services
PLAN International
70033,1271@compuserve.com