Journal Space cowboy's Journal: Viruses and aftermaths
[This is actually just here for reference - it's a post from my history that I've referred to a couple of times, and it's a pain to find...It's been slightly updated for formatting, clarity and grammar. Here's the original Post]
Some history:
Waaay back in the mists of time (1988) I was a 1st-year undergrad in Physics. Together with a couple of friends, I wrote a virus, just to see if we could, and let it loose on just one of the networked machines in the year-1 lab.
I guess I should say that the virus was completely harmless, it just prepended 'Copyright (c) 1988 The Virus' to the start of directory listings. It was written for Acorn Archimedes/BBC micro's (the lab hadn't got onto PC's by this time, and the Acorn range had loads of ports, which physics labs like
[edit: the above is misleading - it only worked on BBC's. The lab had 50 or so BBC's and 2 Archimedes, and I was trying to convey that as well, and mixed up the words]
It spread like wildfire. People would come in, log into the network, and become infected because the last person to use their current computer was infected. It would then infect their account, so wherever they logged on in future would also infect the computer they were using then. A couple of hours later, and most of the lab was infected.
You have to remember that viruses in those days weren't really networked. They came on floppy disks for Atari ST's and Amiga's. I witnessed people logging onto the same computer "to see if they were infected too". Of course, the act of logging in would infect them...
Of course "authority" was not amused. Actually they were seriously unamused, not that they caught us. They shut down the year-1,2,3 network and disinfected all the accounts on the network server by hand. Ouch.
There were basically 3 ways the virus could be activated:
- Typing any '*' command (eg: "*.", which gave you a directory listing. Sneaky, I thought, since the virus announced itself when you did a '*.' When you thought you'd beaten it, you'd do a '*.' to see if it was still there
- The events (keypress, network, disk etc.) all activated the virus if inactive, and also re-enabled the interrupts, if they had been disabled
- The interrupts (NMI,VBI,..) all activated the virus if inactive, and also re-enabled the events, if they had been deactivated.
On activation, the virus would replicate itself to the current mass-storage media. This was to cause problems because we hadn't really counted on just how effective this would be. Within a few days of the virus being cleansed (and everyone settling back to normal), it suddenly made a re-appearance again, racing through the network once more within an hour or two. Someone had put the virus onto their floppy disk (by typing *. on the floppy rather than the network) and had then brought the disk back into college and re-infected the network.
If we thought authority was unamused last time, this time they held a meeting for the entire department, and calmly said the culprit when found would be expelled. Excrement and fans came to mind. Of course, they thought we'd just re-released it, but in fact it was just too successful for comfort...
Since we had "shot our bolt", owning up didn't seem like a good idea. The only solution we came up with was to write another (silent, this time
We had actually built in a kill-switch to the original virus, which would disable and remove it - we didn't want to be infected ourselves (at the start). Of course, it became a matter of self-preservation to be infected later on in the saga - 3 accounts unaccountably (pun intended
So, everyone was happy. Infected with the counter-virus, but happy. "Authority" thought they'd laid down the law, and been taken seriously (oh if they knew...) and we'd not been expelled. Everyone else lost their infections within a few months
Anyway. I've never written anything remotely like a virus since [grin]
Simon.
Viruses and aftermaths More Login
Viruses and aftermaths
Slashdot Top Deals