Compression virus explained

A compression virus is an example of a benevolent computer virus, invented by Fred Cohen. It searches for an uninfected executable file, compresses the file and prepends itself to it. The virus can be described in pseudo code[1]

program compression-virus:=
{01234567;

subroutine infect-executable:=
 {loop:file = get-random-executable-file;
 if first-line-of-file = 01234567 then goto loop;
 compress file;
 prepend compression-virus to file;
 }

main-program:=
 {if ask-permission then infect-executable;
 uncompress the-rest-of-this-file into tmpfile;
 run tmpfile;}
}

The 01234567 is the virus signature, and is used to make sure (if first-line-of-file = 01234567) the file is not already infected. The virus then asks for permission (ask-permission) to infect a random executable (get-random-executable-file). If the permission is granted, it compresses the executable (infect-executable), prepends itself to it (prepend), uncompresses the current executable file (uncompress the-rest-of-this-file) into a temporary file (tmpfile) and runs it (run tmpfile).

Cruncher is an example of a compression virus,[2] a strain of which – Cruncher.2092[3] – is described by McAfee as memory-resident virus that infects all but small com files, making them smaller. The reason for excluding small programs is that their infected versions will be bigger than their originals.

References

  1. Web site: Fred Cohen & Associates. all.net.
  2. Mark A. Ludwig 1995, Giant Black Book of Computer Viruses p.10
  3. Web site: McAfee article on Cruncher.2092, read Characteristics . 2009-07-29 . https://web.archive.org/web/20100823073607/http://vil.nai.com/vil/content/v_318.htm . 2010-08-23 . dead .