Burglar has stealth features: it will hide the change in the size of the
infected files when viewed with the DIR command.
Every time the virus is infecting files, it checks the time. If the minute
field is 14, the virus activates and writes a flashing message in the
top left corner of the screen:
The virus contains also an unencrypted text which is never showed:
AT THE GRAVE OF GRANDMA
Burglar has anti-heuristics mechanisms. Burglar checks for and does not
infect Windows programs or programs which contain 'V' or 'S' in the
file name (covering programs like VIRSTOP, SCAN, VSHIELD, MSAV, NAV,
Since Burglar is resident, a clean boot is necessary before disinfecting
and infected hard drive. Burglar contains programming error, which cause
it to occasionally corrupt EXE files. Such programs do not work and they
can not be disinfected.
Burglar contains several bugs, and it can cause problems with several
Burglar was found in the wild internationally in January 1996.
It has been spread in an infected version of a demo called 'Dawn',
in a copy-protect crack for a game called Dune 2 and in a pirated
beta of PKLite v2.00.
[Analysis: Peter Szor, F-Secure, 1996]