|Place of Origin||Columbia Heights, MN, USA|
|Infection Length||1,260 bytes|
When a file infected with Chameleon is executed the virus will infect all .com files in the current directory. It sets the seconds field of a newly infected file's timestamp to the impossible value of 62.
Almost the entire virus is encrypted with many individual bytes having their own levels of encryption on top of that. In addition to this, many important features of the virus are obscured by junk code that does nothing. To make things worse for virus researchers, many of the virus's instructions are scrambled with every new infection.
Chameleon itself is sometimes considered a variant of Vienna. Some variants are very similar to the original with the exception of their size.
Chameleon.Casper is 1,200 bytes long and a subvariant is 1,190 bytes. It was introduced in August of 1990. The virus body contains the text "Hi! I'm CASPER The Virus, And On April 1st I'm Gonna Fuck Up Your Hard Disk REAL BAD! In Fact It Might Just Be Impossible To Recover! How's That Grab Ya! GRIN". It will not be visible as it is encrypted.
Chameleon.V2P6 is 1,808 bytes long with a subvariant that is 1,993 bytes.
Chameleon.Adolph was discovered in May of 1991. It is 2,109 to 2,445 bytes long.
Chameleon is one of many names this virus goes by. Other names used in descriptions of the virus or by scanners include Variable, Camouflage, Stealth, 1260, V2P1 and V2PX. The main name as well as the first three aliases are a reference to the virus's encryption. Others name Chameleon as a variant of Vienna with a number.
There is also a polymorphic Microsoft Word macro virus named Chameleon.
Chameleon is derived largely from the Vienna virus, but is too different and original in many other aspects to itself be considered a variant. It was coded by Mark Washburn in Columbia Heights in Minnesota. The source code for Vienna was published in Ralph Burger's Computer Viruses: A High-Tech Disease and for this reason, along with its simplicity, was used as a template for many viruses. Another innovative virus that uses Vienna code as its base is the multipartite Ghostballs.
Morton Swimmer, University Hamburg, Virus Test Center. Reports collected and collated by PC-Virus Index, 1260. 1991.02.12
Kaspersky Lab, History of Malware, 1990.
McAfee Antivirus, CASPER. 1990.08.15
Patricia Hoffman. VSUM, V2P6.
-. -, Adolph.