WereWolf is a stealth virus, but it will only stealth the change in
file sizes. Virus is not encrypted and contains the following text:
WereWolf avoids infecting the following programs:
CLEAN - McAfee CLEAN
AVP - Antiviral Toolkit Pro
TB - ThunderByte Antivirus
QB - QBasic
SCAN - McAfee SCAN
COMM - Many communication programs
NAV - Norton Antivirus
V - Anything starting with a 'V'
FINDV - S&S Findvirus
GUARD - S&S VirusGuard
FV - S&S Findvirus
CHKDS - DOS CHKDSK
F-PR - F-PROT
-D - AVP TSR
This polymorphic variant got widespread distribution in April 1996, as
it was attached to a shareware game called 'PackMan', which was
available in the upload directory of a major shareware ftp server.
This variant has been found in the wild in several countries.
Werewolf.1500.B corrupts data randomly and slowsly while it is being
written to the hard drive by any other program. Such changes are very
difficult to locate and repair afterwards.
Werewolf.1500.B contains this text:
[Analysis: Mikko Hypponen, F-Secure]