Misplaced Pages

Compression virus

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

A compression virus is an example of a benevolent computer virus, invented by Fred Cohen. It searches for an uninfected executable file, compresses the file and prepends itself to it. The virus can be described in pseudo code

program compression-virus:=
{01234567;
subroutine infect-executable:=
 {loop:file = get-random-executable-file;
 if first-line-of-file = 01234567 then goto loop;
 compress file;
 prepend compression-virus to file;
 }
main-program:=
 {if ask-permission then infect-executable;
 uncompress the-rest-of-this-file into tmpfile;
 run tmpfile;}
}

The 01234567 is the virus signature, and is used to make sure (if first-line-of-file = 01234567) the file is not already infected. The virus then asks for permission (ask-permission) to infect a random executable (get-random-executable-file). If the permission is granted, it compresses the executable (infect-executable), prepends itself to it (prepend), uncompresses the current executable file (uncompress the-rest-of-this-file) into a temporary file (tmpfile) and runs it (run tmpfile).

Cruncher is an example of a compression virus, a strain of which – Cruncher.2092 – is described by McAfee as memory-resident virus that infects all but small com files, making them smaller. The reason for excluding small programs is that their infected versions will be bigger than their originals.

References

  1. "Fred Cohen & Associates". all.net.
  2. Mark A. Ludwig 1995, Giant Black Book of Computer Viruses p.10
  3. "McAfee article on Cruncher.2092, read Characteristics". Archived from the original on 2010-08-23. Retrieved 2009-07-29.
Category: