When run, the virus decrypts the original program and writes it to the
file called HOOTERS.EXE. Then it executes this file and finally deletes
it - sometimes leaving a zero byte HOOTERS.EXE behind.
A side-effect of this is that the memory map might list - for example
- an infected mouse driver as HOOTERS.EXE instead of MOUSE.EXE.
Hooters was found in the wild in Australia in September 1996.
It has been spread over the internet.
[Analysis: Mikko Hypponen, F-Secure]