Vesselin Bontchev
Virus Bulletin, Oct 1997, pp. 10-11
ISSN 0956-9979
October 1997
Vicis is a polymorphic macro virus... that is the very least that can be said about it-and it is a major understatement. Polymorphism in DOS viruses is usually achieved by encrypting most of the virus body and prepending a randomly generated decryptor to it. The same idea has been tried in the macro virus world as well (e.g., in the Slow virus [Qin97]). However, WordBasic is a slow language, not very suitable for character manipulation, so the encryption/decryption process is always slow-which makes such a virus very noticeable. WordBasic is much more suitable for string manipulation, however. Furthermore, WordBasic is a syntactically simple language. All these properties make it easy to implement a different kind of polymorphism-polymorphism not based on encryption. The basic idea was described by Dr. Fred Cohen several years ago, but this is the first time we see it properly implemented in a computer virus.