%%File: VIRS0245.TXT
%%Name/Aliases: Commander Bomber, DAME
%%Platform: PC/MS-DOS
%%Type: Program., 
%%Disk Location: COM application., EXE application.
%%Features: Direct acting., Polymorphic
%%Damage: 
%%Size: 
%%See Also: 
%%Notes: Written by "Dark Avenger" this virus infects by putting parts 
of itself in between commands of the executible file.  Basically, the 
virus code is split up and exists in various places within the infected 
file.  
Not encrypted, but you have to check the entire file for the virus.
attacks against known virus scanning techniques       
v6-130: Try to find VirusBulletin December'92, page 10.
A brief info:  It's a harmless memory resident polymorphic virus. It 
hooks int 21h and infects COM-file except COMMAND.COM on their 
execution. It contains the internal text messages "COMMANDER BOMBER WAS 
HERE" and "[DAME]".  The characteristic feature of this infector consist 
of new polymorphic algorithm. Upon infection the virus reads 4096 bytes 
from the random selected offset and writes this code at the and of the 
file. Then it writes its code into this 'hole' and starts to 
polymorphism. This virus contains several subroutines which generate 
random (but successfully executed!) code, the virus inserts those parts 
of random code into the random chosen position into the host file. There 
are about 90% of all the i8086 instructions are present into those 
parts. The part of code takes the control from the previous part by JMP, 
CALL, RET, RET xxxx instructions. The first part is inserted into the 
file beginning and jumps to next part, the next part jumps the third 
etc. The last part returns control to the main virus body. At the end 
the infected file looks like at 'spots' of inserted code.