Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!wuarchive!sdd.hp.com!mips!pacbell.com!iggy.GW.Vitalink.COM!widener!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: CHESS@YKTVMV.BITNET (David.M.Chess) Newsgroups: comp.virus Subject: The Shape of the World (PC) Message-ID: <0001.9105091351.AA04501@ubu.cert.sei.cmu.edu> Date: 8 May 91 14:30:15 GMT Sender: Virus Discussion List Lines: 36 Approved: krvw@sei.cmu.edu This is an open note to other folks in the anti-virus field, to see if some (potentially significant) things that we've noticed about (primarily PC-DOS) viruses look the same from other people's perspectives. Some informal questions to individuals suggest that these are reasonably common observations; is there anyone out there who would disagree with them? (Or have other comments, for that matter?) 1) Most viruses in the collections of anti-virus workers have, as far as anyone knows, never been found on an end-user system. (We, for instance, have a few hundred viruses, but know of only about 50 that have ever bothered an end user.) 2) When a virus shows up on an end-user system ("in the wild", as we say) that has never been seen on an end-user system before, it's usually a brand-new virus, rather than a virus that's previously been in collectors' collections. That is, it's very rare for a virus from the "collectors only" category to move into the "in the wild" category. Do these two things match the experience of other anti-virus workers? Can anyone give some examples of viruses that were at one time thought to be "collector only", but later showed up in the wild? (Very isolated incidents, such as the rather obvious direct 'seeding' of an end-user machine with a stupid virus like the Whale, don't really count.) As a sort of a spot-check, has anyone ever seen any of the "Anti-Pascal" viruses (AP-400, -440, -480, -529, -605, I think they are; something like that) infecting an end-user machine? (I ask about these just because they're sort of prototypical "collector-only" viruses; rather stupid, and seemingly unlikely to spread.) DC