Details
Burglar family

These are not dangerous memory resident parasitic viruses. “Burglar.1365″ is an encrypted virus. They hook INT 21h and write themselves to the end of EXE files that are accessed. The viruses check the name of the file, and do not infect the file if its name contains “V” or “S” symbols, or begins with: “CL”, “HW”, “TB”, “F-”, “WC”, or “TK”, according to the string (two letters per name):
CLHWTBF-WCTK

Several versions (”Burglar.1150,1365″) also search for EXE files and infect them when DOS functions GetDiskSpace or DeleteFCB (AH=13h,36h) are called. The viruses search for EXE files in the current directory only.
“Burglar.1365″ also drops a silly nonmemory resident overwriting virus “SillyOC.100″.
The viruses depending on the system timer display the messages:
“Burglar.820″: BURGLAR
“Burglar.824″: BURGLAR!
“Burglar.833″: BURGLAR/Type D
“Burglar.877″: BURGLAR/Type E
“Burglar.1004″: BURGLAR/Type F
“Burglar.1050″: BURGLAR/G by SVS
“Burglar.1150″: Burglar/H
“Burglar.1365″: Burglar/I

The viruses also contain the text strings:
“Burglar.777″: Burglar
“Burglar.1004″: [_THE KNIGHT OF A DOLL - PART I_]
“Burglar.1050″: [Yally livesallsomewhere in Mind]
“Burglar.1150″: AT THE GRAVE OF GRANDMA…
“Burglar.1365″:
Burglar VIRUS (Type I/Last Ver) with Miny1.100 9192/3/12-4/1
by Corean Virus’ leader : KOV (Knight Of Virus).

Related Posts

This entry was posted on Saturday, July 29th, 2006 at 6:00 am and is filed under Virus Threats.