The Violator Virus - Burger’s Continuing Legacy

Edward Wilding
Virus Bulletin, April 1991, pp. 22-23
ISSN 0956-9979
April 1991

The technical competence of virus writers varies considerably, from abysmally poor to reasonably proficient but this is not usually a consideration which affects the actual functioning of virus code (apart, of course, from programming bugs).

Over a period of time, a researcher will develop a “feel” for the style and structure of particular viruses and may even be able to link apparently dissimilar programs and reasonably ascribe them to the same original author. Such stylistic analyses have little value to computer users but they may become extremely useful as computer misuse legislation is adopted worldwide and law enforcement agencies begin to home in on the criminals responsible for the problem.

One of the most obvious links discovered to date concerns the origins of the Violator virus and it highlights the undoubted advantages of detailed disassembly of virus code over the faster (but less effective) sparse analysis technique. Before examining the conclusions of a stylistic analysis, I will first describe Violator.

