Jump to content

Compression virus

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Anon126 (talk | contribs) at 19:58, 20 April 2015 (remove extra link from end). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

A compression virus is an example of a benevolent computer virus, invented by Fred Cohen. It searches for an uninfected executable file, compresses the file and prepends itself to it. The virus can be described in pseudo code[1]

program compression-virus:=
{01234567;

subroutine infect-executable:=
 {loop:file = get-random-executable-file;
 if first-line-of-file = 01234567 then goto loop;
 compress file;
 prepend compression-virus to file;
 }

main-program:=
 {if ask-permission then infect-executable;
 uncompress the-rest-of-this-file into tmpfile;
 run tmpfile;}
}

The 01234567 is the virus signature, and is used to make sure (if first-line-of-file = 01234567) the file is not already infected. The virus then asks for permission (ask-permission) to infect a random executable (get-random-executable-file). If the permission is granted, it compresses the executable (infect-executable), prepends itself to it (prepend), uncompresses the current executable file (uncompress the-rest-of-this-file) into a temporary file(tmpfile) and runs it (run tmpfile).

Cruncher is an example of a compression virus,[2] a strain of which - Cruncher.2092[3] is described by McAfee as memory-resident virus that infects all but small com files, making them smaller. The reason for excluding small programs is that their infected versions will be bigger than their originals.

References

  1. ^ 1984, Computer Viruses - Theory and Experiments
  2. ^ Mark A. Ludwig 1995, Giant Black Book of Computer Viruses p.10
  3. ^ McAfee article on Cruncher.2092, read Characteristics