Cruncher | |
---|---|
Type | File virus |
Creator | Masud Khafir |
Date Discovered | 1993.06 |
Place of Origin | The Netherlands |
Source Language | |
Platform | DOS |
File Type(s) | .com |
Infection Length | 2,352 bytes* |
Reported Costs |
Cruncher is a .com infecting virus from 1993. It is probably most famous for the fact that it compresses the files that it infects. It was coded by Masud Khafir, coder of the first Windows virus, Winvir.
Behavior
When Cruncher is first executed, it installs itself near the top of memory, just below the DOS 640k boundary. Cruncher takes 2,352 bytes of memory. It infects .com programs as they are executed. It avoids COMMAND.COM. Most programs infected with this virus will decrease in size. Programs under 3 kilobytes may show a small increase in size.
The virus contains two text strings, "[ MK / Trident ]" and "Cruncher V1.0". THe first identifies its creator, Masud Khafir of the Dutch Trident hacker group. The second is the name of the virus.
Variants
The creator gave his variants version numbers, similar to other software. Cruncher 2.0 infects .exe files as well as .com. It takes 4,256 bytes in memory. Cruncher 2.1 asks for permission to become memory resident and infect files and takes up 5,056 bytes. They both contain relatively similar text, different only with regard to the copyright date:
*** CRUNCHER V2.0 *** Automatic file compression utility
Written by Masud Khafir of the TridenT group (c) 31/12/92
Greetings to Fred Cohen, Light Avenger, and Teddy Matsumoto
In 2.1, the date is 23/8/93.
Name and Origin
Some texts contained in later variants of the Cruncher virus seem to suggest that this virus was coded much earlier than its discovery date would suggest. Cruncher 2.0 contains text strings indicating it was created on New Year's Eve.
The virus borrows some code from the freeware Diet compression program, coded by Teddy Matsumoto.
Other Facts
Most examples of potentially beneficial viruses have been with those that attack other viruses, like Denzuko. File-compressing viruses had been proposed, but never actually coded until Cruncher. While some view this virus as an example of a beneficial virus, others take a more cynical view of it as an attempt to get past virus scanners.
Masud Khafir describes Cruncher as one of the more difficult viruses he coded, along with Gotcha and Winvir.
Sources
Patricia Hoffman. Online VSUM, Cruncher Virus.
Trident. Interview with Masud Khafir.
Alan Solomon. A Guide to Evaluating Anti-Virus Software.