[Mono-list] First .NET virus discovered

Jason Whittington jasonw@develop.com
Thu, 10 Jan 2002 10:28:10 -0700


> If you want a little bit more information try:
> http://securityresponse.symantec.com/avcenter/venc/data/w32.donut.html

This is a totally obvious virus, we talked about this same idea at DM
close to a year ago.  It has zero chance of working if people sign
their assemblies with public/private key pairs - The runtime should
throw an InvalidImageException if the stub has been tampered with.  It 
also won't work on other platforms like Mono that presumably simply 
ignore that 5 byte stub.

Jason