Building The Ubervirus 229
Johnath writes: "The HNN has a rather eye-opening article about a potential disaster dangling overhead. It's not so much that the ideas presented are revolutionary -- most /. readers would probably come up with a similar scheme, if called upon to design a killer net virus, but nevertheless, it pretty lucidly addresses the potential damage."
Second post! (Score:2)
-russ
Aaaarrrgh! (Score:1)
Large corporate filters don't like us to visit seedy places like HNN.
Mucho Thanks
Slashdotted. (Score:1)
Re:Aaaarrrgh! (Score:1)
_________
uber-virus - yeah right (Score:2)
Sadly they are also the type most likely to grow exponentially as the internet becomes even more KEWL.
we're doomed *sigh*
Da Warez D00d
Not really news (Score:3)
Re:Second post! (Score:2)
Isn't this, like, old? (Score:1)
Kaa
diversity = increased security? (Score:1)
Phrack has discussed similar stuff (Score:2)
More social engineering needed in viruses (Score:4)
Let's say the point of the virus is not to physically disrupt the mail system, but to mentally disrupt it. People should be afraid to open mail messages, and disbelieve the ones they do open, rather than have the mail server crash.
So, step one is to send out the messages gradually so that people don't realise immediately that something is wrong. You don't want to make people wary at the begining. After some interval when you've infected enough machines, then go for the full virus crash.
Step two is to vary the subject. One way would be by making the subject be Re: of something already in the mailbox from the person you are sending the current message to. Make all others that you can't find messages to reply to start with Fwd:.
Step three is to look in the mailbox to see if you can find an administrator of some sort. Look for system administrator or something similar in the title, or look for membership of the admin group or similar. If you manage to get on an administrator's machine then send out a virus alert message to everyone in the address book. Include in the alert a copy of the virus with instructions to double click to disinfect the machine. If you are not on an administrator's machine then send to one or two people in the address book a message that says in the subject Fwd: Virus loose (from admin name here) to see if you can fool people that way.
Anyway don't try any of the above because they probably don't work, and I certainly don't want to be responsible if it does. I'd guess this is the sort of stuff that a professional/governmental virus would try to do. If you were China (for example) and wanted to disrupt email in the US (why I don't know) social engineering to produce a lack of trust in the system is more likely to be successful and effective than the sort of spam attacks we've been seeing lately.
AOL to the rescue! (Score:3)
--
Slashdotted? (Score:1)
That was fast.
Re:Aaaarrrgh! (Score:1)
how many supervirii are out there already? (Score:2)
loev,
waiting for... (Score:1)
Research being done? (Score:2)
I'm not an expert so I'm not going to try to defend the following statement, I'm just going to make it. I recently finished "Chaos" by James Gleick. He mentioned that one of the places you can find chaotic behavior was in the spread of an epidemic. In fact, efforts to step up vaccination (and other disease prevention techniques) actually caused an increase in the rate of infection (sometimes and short- to mid-term). Apparently this has something to do with perturbing an oscillating phenomena.
I bring this up as a warning to those who think we should all immediately rush out and start locking things down. We might make it worse if we do. I know this statement sounds ridiculous--I'm just saying that maybe we should slow down and think before rushing off to act. Do the research, ask the questions.
--
Can anyone mirror it? (Score:1)
Shades of Shockwave Rider (Score:3)
Nick Halflinger (an uberhacker who can cracka system using a touchtone phone) travels the world coding a giant worm designed to be launched as a simultaneous, distributed attack from hundreds of different computers, quaintly visiting each site in person.
Portions of the head of the worm are used for replication, other parts are used to detect and deter anti-virus attempts, the middle part breaks into secret archives, and the tale is the contents of the secret archives.
I can't recommend this book highly enough.
George
Re:Aaaarrrgh! (Score:1)
Virus = 1st real a-life? (Score:3)
Das Uebervirus (Score:3)
Oh, sure, it seems all-powerful, but doesn't it still suffer from the same problems that plauge other worms? Namely, you have to a) be running an insecure system or b) be a sucker.
I'd like to think that most people don't use the dummy settings of Outlook (or even use it at all), and that they scan files they download for viruses, and that they don't blindly accept (or auto-accept) DCC sends.
Of course, I also think the succeptible masses don't really use IRC anyway. Now, if the virus could infiltrate various Instant Messenger networks...
I guess it would be nice to think that worm viruses shouldn't work, but as we all know, this is not the case. So, I'll just sit here with my Mac, running Eudora, and wait for this new worm to come out, as it inevitably will, and not affect me.
Killer Net Virus Can Happen Anytime (Score:4)
Whenever I read about a Mellissa or an I Love You I smile to myself and think "I would have trashed their hard drives after spamming myself to all their friends.". If Mellissa or I Love You hadn't been content with simply bogging down net servers and had decided to set the file length of all
In my opinion the article is overkill, a virus doesn't have to be particularly clever or well designed to cause havok anymore thanks to the beauty of MSFT operating systems. Any script kiddie or MSCE with a passable knowledge of Virus Building Script can bring it all toppling down.
Off course, none of us will ever do it because we know it would do so much damage to the 'Net (government would step in hard) and also hurt many of us financially in some indirect way.
WHY C SUCKS
-----------
int i =0;
i = i + 1;
Re:Second post! (Score:1)
loev,
Very scary NOT (Score:3)
It's a nice scaremongering document, but the hypothetical worm is a *worm*. We've already been bitten by vbs and StagesA, so the potential for a virus that self-replicates is, IMHO, diminished.
As for having web-servers which relay instructions/recieve data, the 'bot would have to know how to fill out registration forms/upload information, and even then the server would have to have some kind of handshake with the worm, which could be detected by the hosts of the web-site.(i.e. geocities)
Why not have the server host misc. content, with the instuctions embedded in the HTML?
In any case, is it a good thing to have people publishing design documents for killer virii? The script kiddies which came up with ILOVEYOU weren't smart enough to design something really nasty, and HNN are just providing inspiration, which means they'd be liable in the event such a worm was released.
So what? (Score:1)
Viruses (Score:5)
Now look at the state of the virus world - ILOVEYOU.vbs (OK, it's a trojan, but still replicates like a virus) and the damage it caused. I'm not talking about the x billion the media claim it cost, just the panic in my IT department when virused email couldn't be deleted fast enough. Look at the code for ILOVEYOU.vbs - it is a doddle. No real inspiration involved - just patch 4 entries out off bugtraq together, and there you go.
What we have now is a state of play where the entry level in writing malicious code is dropping rapidly as more and more people get into computers. Don't want to spend a few years learning to code? Hah, our whizbang COMActiveXCORBA plugin gives you the power on your desktop!!!
Don't worry that your soft underbelly is now exposed because we can't give you the ease of use you want, without you knowing what you're doing!!! And you're too stupid to realise!!!
So now that the learning curve has been removed, you will have people all over the net trying to write and run viruses, without a clue of the repercussions it may cause. Because they don't really understand what they are doing.
Strong data typing is for those with weak minds.
slashed and dotted (Score:1)
/.ed (Score:2)
people need to quit blindly trusting their computers and the benevolance of other internet users. it's like driving.. you don't have to know how your car works under the hood, but you MUST know how to operate it.
Computers are the same way. You don't have to know what goes on inside the box, or how the kernel works, but you have to know how to operate your computer, and part of computer operation is security.
having a computer is a responsibility just like having a car. if you use your computer carelessly, and by doing so your system gets compromised and used to attack other systems, are YOU not responsible for that? Just as if you failed to pay attention at the wheel and killed someone with your car?
Ignorance is not an excuse for carelessness.
wish
---
Re:Killer Net Virus Can Happen Anytime (Score:1)
Eye-opener? Maybe later. (Score:1)
I know people are going to yell "What disaster? These viruses affects only Micros~1!" but face it, that's where the majority of the money invested in information are.
I _do_ think that should a larger newsprovider, like cnn, post these facts, albeit 'dumbed down', we would see a genuine eye-opening of the general public, PHB's included.
That would be something!
How a Ubervirus should work (Score:1)
Oh - it would be better if the virus could cope with as many different platforms as possible.
An ideal method for 'mass distribution' would be a crack to put it in a MS Website upgrade patch, then release a mini-virus targetting against MS system to 'encourage' people to download the infected patch file. Obviously, you'll probably need someone inside Microsoft, but...
Richy C. [beebware.com]
--
Uber "Slashdot" Virus (Score:3)
1) Post an article on Slashdot reffering to a particular web site
Now sit back and watch the fun! The Slashdot Virus is guaranteed to take down ANY website within seconds!!!
Re:So what? (Score:1)
Da Warez D00d
Re:Aaaarrrgh! (Score:1)
HNN's still bein slashdotted, so I can't read the article anyway.. bah
Can we be 100% virus free? (Score:2)
Microsoft is the primary cause for the proliferation of viruses in the past few years. Scripting ability is a nice feature in software, but should it be defaulted to be active upon installation of the software? A vast majority of users don't need scripting in spreadsheets and word processors.
But with all of the holes in older software (sendmail, etc), it seems that the problem is getting worse, not better.
So, where does the problem lie? Programmers not willing to look back over their own code and eliminate such holes? Corporations that are pushing for release, regardless of the security issues (hmmm, could it be... M$!!!)? Users that blindly open attachments without looking to see what they are opening?
Spell Checker Blues? (Score:1)
Is this a case of a unenlighten spell checker, or is Line an operating system I've never heard of?
---
Viruses (Score:2)
Networks threatened... (Score:1)
The network is always going to be vulnerable to some sort of attack -- be it DDS, electro-magnetic pulse, SYN Flood, email virus, spam or whatever. Some well placed, unexpected volume will even do the trick.
Let's think outside the M$ box for a minute and consider what a 'virus' could do to routers and switches. Everything that carries configurable software is vulnerable to some sort of attack!.
--
Re:Viruses (Score:1)
he outlined the the types of viruses (basic stuff) and discussed the progression of virus writing from an actual skill to a 10 minute joke. he also discussed the future of *nix viruses. very informative. very cool guy too.
Trial Lawyers Will Save us All (Score:1)
ahh, but... (Score:2)
As a corrorlary to this, given sufficient diversity, it becomes impractical for a particular virus to carry the code necessary to infect all of the availible machines.
Putting all your eggs in one basket is never a good idea. You might be a smaller target, but if you do get hit (and it's foolish to think you're invulnerable), you're automatically 100% dead.
Among other things, this is borne out by quite a few thousand years of agricultural experience.
You'd be hard-pressed to find any farmers or biologists who would argue that monoculture is the best way to limit your vulnerablity to crop diseases, just because there are fewer possible diseases that could infect your crops.
Re:Das Uebervirus (Score:1)
Whilst it may not _directly_ affect you, don't you think your internet connection & mail delivery will be a tad slower, as a virus emails itself 2000 times from each infected machine, simultaneously? Routers, switches, firewalls... A certain sort of virus could, in effect, be aimed at one whole massive DoS, and not targeted at any particular site/piece of hardware. The fact is, if a massive net intensive virus decided at one point to start generating internet traffic internationally, with enough infected machines, you'd be lucky to see the internet again for at least a week...
Strong data typing is for those with weak minds.
Re:Research being done? (Score:1)
I strongly concur with this statement and it doesn't sound ridiculous to me at all. I cannot speak to the 'perturbing an oscillating phenomena' or even any underlying chaos theory. What I can speak to is how my parents, brothers, and sisters would react to the situation.
Once they start hearing about new improved virii filters, improved protection from viral infections, they will stop taking the extra precautions they take now. Their confidence in the system will be increased without just cause. That is when they start downloading any ol' thing, not paying attention to what is being sent to them, and the like. Virii that aren't caught by traps and other protections suddenly run rampant.
There is no panacea. We need to progress slowly, fully aware that we might miss something. I'm a paranoid user and I still got nailed by a Trojan Horse once. It was all my fault because it could have been easily avoided, but I felt confident in my 'virus protocol' to protect me. Too bad I failed to update the software for that month.
Mirror/cache of article on google! (Score:1)
Re:Second post! (Score:3)
Re:More social engineering needed in viruses (Score:2)
I can't recall how many times people at my workplace (and at least one other; I could relate stories of one friend who suffers the same problems) CONTINUE to open up those damn Melissa-deriviative virus emails. They'll even open different copies of the SAME virus.. multiple times!
I tell them "if you see an email with a
Basically, the ignorance of users would undermine any of the deviousness of your stated plan; it's too complicated for them.
The only way to get the attention of a luser is to beat them over the head with something. Erase their hard drive, and THEN they start to wake up. It's not their problem until they suffer data loss.
Offtopic????? (Score:1)
I describe a book, in 1975, that had a very similar subject.
This is offtopic?
I could care less about the kharma loss, I have tons, but really, is watching Barney and having the intellect of a 2 year old a pre-requesite to be a moderator now?
Let me try to shamelessly get my kharma back now.
Killer virus possible becuase of too many Windows.
Use Linux to stop this.
Linux good, Windows bad.
George
Re:Phrack has discussed similar stuff (Score:1)
But really, who is going to code something like this? I mean, if somebody has the time and know how to do something like create an awesome ubervirus, are they really going to it?
...Wait a minute... I'm forgetting about the Unabomber.
Anyway, what I was going to day is that it seems that most of these new, terrible viruses are created by people who have some know how, but for the most part, are pretty much idiots
It would have to take either a brilliant madman, or a corporate/government sponsored team of bright people to create something like that - not script kiddies and hacker wannabes (not even your typical /.'er). :P Besides, what incentive (I mean really) would these entities have to do so?
Re:More social engineering needed in viruses (Score:3)
Ever notice how most current worms aren't even in the best english? It seems that nobody in the US is writing worms, and so we get people with a bad knowledge of the language trying to fool people into clicking on the stuff.
Hey, where's the "This is more informative" link-trap?
Re:So what? (Score:1)
I mean, if you're doing business you should have at least some kind of a contigency plan for a partial or even total failure (whatever the reason) of your network connection. Fax, phones and the good old fashioned mail haven't gone anywhere. Use FedEx/UPS/DHL to ship critical documents and data on CD-ROM, DLT-tape or DVD-RAM if necessary. Isolate critical systems from the net physically, maintain a room of backup workstations to keep the priority work going on even in the case of a complete infection of the bulk of the workstations, etc.
It would be plain silly should a company come to a grinding halt due to a virus, denial of service attack or any net related event.
Re:Virus = 1st real a-life? (Score:1)
The ultimate stealth virus. and people are even making money off it! One could argue that windows is not a virus because it is not self replicating, but I would say that it _is_ self replicating, just not via an electronic means.
How are you looking at the problem? (Score:2)
Re:Can we be 100% virus free? (Score:1)
Re:Killer Net Virus Can Happen Anytime (Score:1)
Re:Can we be 100% virus free? (Score:2)
...phil
We need computer control now (Score:5)
We have to stop this madness now.
Right now, computers are less regulated than lawnmowers or automobiles. We require drivers to pass a proficiency test, why not computer buyers? It's time we registered computers and performed background checks on people who buy them. This is the only way to keep computers out of the hands of children and criminals.
I am proposing a Million Geek March. We will have speakers telling stories of how their lives were destroyed by computers. Let's send a message to Washington now: "We need to be safe from computers!" It is absurd that in the year 2000, I have to scan every attachment I receive and every program I download. We need to make our information infrastructure safe again.
All of you who oppose my plan, I ask, "What do you have to fear?" We're not planning to take away your computers. We just want some common-sense legislation for the safety of all. It will be a tough fight -- the rich lobbyists from Dell and Microsoft will try to stop us. They'll claim that the right to access information cannot be restricted. They'll claim that computers aren't the problem. We know they're wrong. Modern computers make it easier than ever to create destructive programs. A computer in the home is a tragedy waiting to happen.
Let's get some common-sense computer regulation now. Thank you.
You could easily get much more nasty than that (Score:5)
The Samba folks don't publicize it, but they have found a number of buffer overflows in the stacks of every single OS out there. (They patched the ones they found in Linux.:-) A truly nasty critter would be set up to transmit itself using those overflows.
If done right you would get a worm or virus that can transmit from computer to computer without any manual intervention. There has to date been exactly one such on the internet. The Morris worm. It went out of its way to be nice, and it still shut down the Internet through sheer speed of reproduction.
You see getting a human in the loop slows things down. If you want to be truly nasty, automate it from start to finish. Then the first people will hear about it is when their networks go down.
Cheers,
Ben
Re:Offtopic????? (Score:2)
I don't worry about the loss of kharma for myself, I have lots to spare, but I worry about,
the children.
What if a young child had posted here, a young child of little kharma, eager to impress the moderators with a literary reference that they thought was directly relevant to the discussion.
Instead, they get a -1 offtopic. Their spirits would be crushed, they would disillusioned, they had played by the rules, tried to make
A few, well adjusted children could shake that off, but some, well, some might feel angry and bitter, and give into the dark side, and start posting about grits, or Natalie Portman.
Please, moderators, consider, when you mark down a poster as off-topic, they may rise up again as a troll.
George
evolver virus? (Score:2)
1. reproduces without human intervention
2. is harmless (doesn't try to crash anything)
3. occasionally mutates itself at a random time
We could have a whole virus ecosystem evolving out there right under our noses without us even having a clue. Part of their strategies for surviving would necessarily include not crashing the systems they were "living" on.
In fact this sounds like one of those things that because it CAN happen, it MUST eventually happen. Eventually somebody will do it and there will be no way to undo it once done. Maybe the first Artificial Intelligence created on Earth will be an internet-dweller who has never even met a human being before.
Security by obscurity is bad for your health (Score:4)
One of worst things that can happen is the information about virii and other security threats to be shared only among some selected few. You may have seen the story about a 3 year old AOL security hole this weekend. The only way to prevent this kind of problem to become a major problem is to publicize the risk to the maximun possible extend. It guarantees that every system administrator in the world will hear about it and take the necessary steps to protect his/her piece of the network.
Re:We need computer control now (Score:2)
I am proposing a Million Geek March. We will have speakers telling stories of how their lives were destroyed by computers.
And just how do you expect to get a million geeks out of their homes? Do you have any idea how much free beer, pizza, and pr0n you'll need?
Re:ahh, but... (Score:2)
I'd much rather not see monolithic anything (although Jeppe does make some good points in his reply, which I'll have to think about).
Since you brought it up, though, if I was forced to choose a monolithic environment, I'm not sure that a Linux-dominated IT world would be worse than the current Windows-dominated one.
Although I've seen some stupid things done on both sides, at least on the Linux/Unix side, you see coders actually bothering to do simple things like putting their VB implementations in security sandboxes (i.e. Gnome Basic [gnome.org]).
Physically Dangerous Virus (Score:2)
My dealings with an uber virus... (Score:2)
My favorite was a little randomly mutating virus. I wrote the little bugger to duplicate twice and erase itself. On each duplication the virus could chose to mutate or not (50% chance), if it did mutate it could either randomly alter or add data to it's data section, or randomly alter or add an opcode at any point in the instruction section. Also if there was a floppy in the floppy drive it would append itself to the largest executable file.
I ran this on my 90Mhz Pentium running DOS and after about an hour my computer froze. I rebooted and nothing happened. I whipped out Norton Disk Utilities and looked at the contents of the drive. One of the little buggers copied itself into the MBR but didn't know how to boot.
The lesson here is that the Uber virus could very well take very little planning and simply be a genetic mutation of a simple assembly program.
If I were to write this program today, I would give it networking libraries, code to try the 10 most commen sploits on target machines, binary formats to run on all the major platforms and mabey even a DB of opcodes for different arcitectures so it can translate itself from an x86 bug to an Alpha bug and so on.
A virus like that would suck and I haven't touched Assembly for two years so I'm not going to code it up but somebody might...
...but I hope anybody with that much talent would rather do somthing constructive like make video games
a true infowar virus (Score:2)
If someone wanted to write a virus to do really lasting damage, it wouldn't do boring stuff like delete files or steal credit card information. Come on, who cares.
The road to immortality is to hack people, to change relationships permanently. So here's what you do: propagate like iloveyou, but with vastly more discretion. When launched on a new machine, take the following steps:
Nobody should do this, of course!
SlashDot effect = DDOS? (Score:2)
submit a story that was interesting, but is slightly stale.
Watch it make the front page
watch the site get slash dotted.
Presto chango! instant DDOS!
the poor guys trying to run the site probably haven't even figured out what is going on yet - They just know it looks like legit traffic, and they likely have an account that that charges big bucks for heavy traffic.
so for them they are likely just standing back in awe at an attack that looks like it is coming in from maybe 100,000 sites.
Imagine if the site is hosted on some kids home machine?
My idea for a virus (Score:2)
Re:We need computer control now (Score:2)
Not to mention requiring a keyboard lock, it only costs a few pennies after all.
And no one should be in such a hurry that they can't handle a 5 day cooling off period before picking up a new computer.
And we REALLY need to do something about those high capacity hard drives, did you know one 20 gig drive can store tens of thousands of ILLEGALLY obtained MP3 files?
And don't get started about "easily concealed computing devices" like the palm pilot, especially the inexpensive "saturday night special" variation, the Palm IIIe.
Stop the insanity!
Bill
Re:Killer Net Virus Can Happen Anytime (Score:2)
Obviously you do not have *nix background. In Unixland there is this concept called security which implies that a user's email program would never be able to run as root. It is ludicrous to think that a script in an email can modify your registry... were the Outlook team drunk when they designed Outlook without any sort of sandbox?
WHY C SUCKS
-----------
int i =0;
i = i + 1;
Re:We need computer control now (Score:2)
We have regulations on our lawnmowers and automobiles (yes, seatbelts are a good thing!). Imagine if your car didn't come with brakes - or if they did, you had to install them yourself after spending hours upgrading your car to the latest version.
This is like Microsoft asking you to upgrade your Exchange version to turn off a "feature" which should never have been the default in the first place. This is the class action lawsuit that should really be taking place - thousands of businesses suing Microsoft for the time lost due to monkey scripts for features they never wanted in the first place and couldn't turn off without a CS degree...
Any OS vendor which provides an OS which connects to the Internet should have to have a default level of security that requires the level of knowledge for hacking to rise above kiddie scripting...
--
Windows 2000. Security and Stability from the company that brought you the "ILOVEYOU" virus and the Blue Screen of Death...
Re:Viruses (Score:2)
Re: (Score:2)
Re:We need computer control now (Score:2)
Uh - won't that new computer just about be obsolete in 5 days ?
Re:Viruses (Score:2)
And you're too stupid to realise!!!
I think the term you were looking for was "uninformed".
Apart from that though, I have to agree with you. I don't think people should be put in jail for picking up stray banknotes off the bank entrace hall floor. It's the bank managers that need grabbing. Being open to attack from VBS is like the bank leaving it's money in the street.
If this sort of think keeps happening, we may have to see legislation of 'professional negligence' like you see with doctors, engineers etc.
Hiding code for a trojan to execute (Score:2)
Bzzt bzzt!
I still can't get to the HNN article, but I can tell you that such a virus is indeed possible, because I've written one.
As well as trapping filing system calls to stealth the virus, it is possible to take the opportunity (while a file is being accessed, so the user wouldn't notice a slowdown) to scan through the file for magic words that cause embedded code to execute locally. You need a CRC to avoid executing random code of course, and a text encoding scheme (I used a 64-bit code starting at '?').
Thus you can turn any non-executable piece of content (mail, web page, news posting) into a harbour for native executable code, something that up to now Microsoft have at least only been doing by accident. ;-) The advantage is that the client itself accesses the code; unless BO and co., the virus supplier doesn't need to make a connection to the victim machine to execute things on it.
Obviously I no intention of letting this see the light of day, but it's also unlikely to take over the 'net since it doesn't run on Windows. I guess it'd be possible, but I don't have enough knowledge of Windows internals (shurely m4d sk1llz? -Ed.) to write it.
Anyway, it'd have to be rewritten into a mail worm, since actual viruses are terribly out-of-fashion these days. <g>
--
This comment was brought to you by And Clover.
Re:Killer Net Virus Can Happen Anytime (Score:2)
Unix is not immune to viruses. Check out Communications of the ACM 32, 6 (June 1989) pages 678-687
The article dissects an Internet Worm from 1988 that spread across the Internet infecting Sun 3 and VAX machines running BSD 4.
The point that Captain Derivation is making is that Windows is the most popular platform at this point and therefore the ideal target for exploiting security flaws.
Yes, the flaws that exist there are braindead, but there are plenty of even less secure operating systems in existence; why not target them? Because it would be pointless, they aren't POPULAR.
Unix programs still have plenty of security flaws. They aren't targetted as much because there's less bang for the buck in doing that.
Re:Killer Net Virus Can Happen Anytime (Score:2)
All the admin needs to do is restore from the most recent set of backups. If the user refuses to listen to reason and does the same thing again, the admin still doesn't need to worry, untarring stuff is trivial, much easier than spending ten minuted talking to a clueless user.
It'd be like if you properly maintained a Windows LAN, a local drive C with just the OS, apps remotely read from the server, and all data stored on a mapped drive D which the server backs up every night. The worst a virus could do would be force you to toss in a network recovery CD, ghost C and restore D from backup. But, few admins do this, I guess MSCEs don't teach practical methods.
I'm sick of hearing... (Score:2)
"Don't get me wrong; nobody should do this"
"It would be really cool but please don't take me seriously"
Uh...if you wanna talk about building viruses, fine. Free country, etc. But don't try to cover your shiny little butt with a little disclaimer at the end.
"So here's the step-by-step procedure on how to steal 14 million dollars without getting caught...but, uh...please don't do it."
Please.
Re:So what? (Score:2)
Re:Killer Net Virus Can Happen Anytime (Score:2)
OK, I'll bite.
Granted, it is pretty bad how Microsoft's scripting system will let an e-mailed script screw up anything and everything. I'm not disputing that.
However, you can't blame the OS for everything. In the end, it's the user's fault for running those scripts. It doesn't matter how secure the OS is, if the user is going to do something incredibly stupid to compromise everything. Quick anecdote: where I work, one of the salesman associated with the company ran the ILOVEYOU virus more than three weeks after all the news reports, warnings, and magazine articles about it! You have to use the security built into the OS for it to do anything.
And yes, although I am only learning about *nix-type systems, it seems to me you don't have to be logged in as root to do damage. For example, ILOVEYOU didn't screw with any system files. It targetted data files like mp3s and jpegs. Maybe I'm just a newbie, but wouldn't it be possible to delete a user's mp3s and graphics files without logging in as root? It's still destructive, and sure, it doesn't bring the entire system down. But then, ILOVEYOU didn't cripple the computer itself either.
Here we get back to a clueless user. Of course a networked *nix box will have some decent security on it. But if Joe user buys the latest version of Red Hat Linux and installs it on his machine, what's stopping him from always logging in as root? Sure it's a terrible idea, but he doesn't know that. For him, it lets him get into Linuxconf more easily, and it's the only way he knows how to mount his Windows volume. (OK, he's not a complete idiot, but being fresh from Windows, he isn't familiar with system security procedures.)
Obviously, a script kiddie will choose the path of least resistance if he wants to damage a nameless person's computer. If Windows is the most open to attack, he'll use VBScript. But like I believe I mentioned before, script kiddies use r00tkits to hack into *nix machines, and they have about the same level of expertise as it takes to find a VBScript virus and send that.
Finally, I know Linux mail programs don't allow scripts to run as root. But last time I checked, viruses existed before MS Outlook became the norm under Windows. VBScript might make them easier to write, but when that disappears, they'll target a less insecure platform.
In conclusion, although Microsoft might^H^H^H^H OK, does make it easier for viruses to entire a system, you can't blame them for the entire problem. Someone still has to create the thing (no matter how easy or unsophisticated it is), and the user still has to run the script. My original post was in response to the dozen or so posts that did little more than say "It's all Microsoft's fault!" That's a sure-fire way to getting lax about safeguarding other platforms.
--
"Better dead than smeg."
Re:Viruses (Score:2)
you forgot something (Score:2)
Obviously, the only way to protect ourselves from these nuts is to also implement a mandatory five day waiting period to buy a computer.
Also, what possible need does anyone have for more than a Pentium 166? It does word processing, email, web browsing and runs solitaire. Any more power can only be used by someone with dangerous intent. We need to start worrying about these assault-computers, namely those with 64-bit processors. The evil PC makers (such as Dell and Micron) are already planning to unleash these weapons on the consumer market. They need to be stopped now with sensible legistlation that outlaws assault computers.
Yes, it *IS* terrible... (Score:2)
>support in their OS, that means they're to blame
>for script viruses! How dare they have scripts
>that run under Windows! Wait a minute...doesn't
>Linux also support scripts? Never mind that --
>more MS bashing!
>But seriously (read before moderating this as
>Troll of Flamebait), the reason that the e-mail
>script viruses we've seen all attack MS Outlook
>isn't because of how terrible Windows is.
Yes, windows *IS* terrible (ESPECIALLY from a security context). Or have you simply not been paying attention for the last year and a half?
The DEFAULT configuration of the DEFAULT mail client will run a script with the windoze equivelent of root permissions when you open it. It is ridiculously STUPID to allow a user-space email client to run amok in system space. Absolutely poor design, and worse implimentation.
And worse, they have known about this for a good YEAR AND A HALF! Ever since Melissia, this has been a known flaw... but gates REFUSES to fix it!!!
Now, since you complain that Linux includes scripting as well as windoze, let's look at the equivelent sequence of events that would have to happen for a malicious script to be a problem:
Say that someone sends me a malicious perl script as an attachment to an email. Well, when I open up that attachment, pine DISPLAYS it as a TEXT file. It is NOT run by default when I open it. I have a chance to examine it BEFORE I let it run, if I run it at all (not bloody likely unless I'm about to switch distros and am already backed up). Now, in order for it to be run in such a way that it could trash my system, I would have to:
1) Save it as virus.pl, or whatever
2) su to root
3) Run it by typeing "perl virus.pl"
Or, if I am doubtful as to wether it is harmful or not, I could run it in user space with NO CHANCE of it trashing anything important.
Now... which security paradigm is better?
Not that Linux (or any given xBSD or Unix) is PERFECT... but it is by all means hella-better than anything that hath spewed forth from redmond.
john
Resistance is NOT futile!!!
Haiku:
I am not a drone.
Remove the collective if
Re:Physically Dangerous Virus (Score:2)
A nice idea, but it had the unfortunate timing of coming immediately after the Melissa virus, when people were still paranoid. It didn't make it very far.
Re:Physically Dangerous Virus (Score:2)
You missed one or two... (Score:3)
Ever hear of network.vbs? that ones sneaky but doesnt use buffer overflows or other sploits at all.. It just randomly scanns IP addys for windows machines with drive C shared and no password on it. When it finds one it installs itself.
If your firewall is getting hammered by UDP-netbios crap its a fair bet thats where its coming from. If you're a windows user just look for a file called NETWORK.VBS in your startup folder, in c:\windows\system and the root of drive C... if you got them, you got it and are portscanning other folks networks whenever you are online.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
It's already been done! (Score:3)
Building a killer virus for fun and profit
By Bill Gates
1- Buy "Quick and Dirty Virus" from some other guy.
2- License virus to a large company that manufactures chess grandmasters. This should provide a fruitful infection vector. And remember: 640k is enough for anyone, so don't worry if your virus does things that prevent access to the rest of memory, nobody will notice.
3- When other, nicer looking viruses come along, copy the user interface, but make it quirky and inconsistant (this is a virus we're talking about here, so it has to be nasty in one way or another).
4- When "dr-virus" threaten to replace our virus, spit out weird error messages to confuse and disorient the user, allowing our virus opportunity to re-establish control over the system. Viruses that are dependant on our virus, however, can be left free to roam.
5- A web browser should be integrated into the virus. Everything integrates a web browser sooner or later so make sure its ours and not somebody else's. This will expose you to the feds, who love to go after virus writers, so be careful not to get caught.
6- By this time the virus should have infected most of the world. For new challenges, create another virus (or several!) and start the process again. If the feds put a stop to our old virus we'll still have this new virus already spreading.
7- And whatever you do, don't call it a virus!
Net Virus (Score:2)
Re:Research being done? (Score:2)
Not to knock the Center for Disease Control, but I think the other CDC would have a lot more useful input. In real life, "ubervirii" can't download DLLs with new 'sploits off the net, can't insert trojan kernel modules or wrapper DLLs to hide their own existance (Ok, I guess there are analogies for that), and can't insert a remote "backdoor" into your brainstem for the biowarfare script kiddies to play with.
At least, I hope they can't...
Re:Das Uebervirus (Score:2)
It's true that Mac users would probably have to decompress the attached virus and then double-click it, but that could easily be accomplished through basic social engineering. Also, there wouldn't be a file extension to give away the fact it was a script... (Just call it Pamela.jpg and give it a custom icon).
About the only things the Mac really has going for it to prevent such a catastrophy is a smaller userbase.
If I was going to create a virus (which I'm not--I'm not evil, but it's fun thinking about it), it would parse IE's preferences to get your home address (from AutoFill), and use it to order pizza for you from Pizza Hut's online ordering site. With anchovies.
HNN is old news too, these worms already exist. (Score:2)
"I don't think I really love you", or writting internet worms for fun and profit [securityfocus.com]
Anyone doing serious work in these fields could write this. It's just a matter of time before one is released into the wild. Genies, bottles, and all that.
On a related note, the potential impact of this class of worm is probably responsible for funding approval to the new "Infrastructure Protection" the USGOV is deploying to protect us from ourselves. Amusing, considering that this is one class of worm that will likely evolve to a point where it can't be eradicated from the net, at least as long as a few insecure systems are still online.
Re:Can we be 100% virus free? (Score:2)
Sexploitations and Windows for Whiners (Score:2)
Just imagine a virus that spread as fast as Melissa (in the course of a weekend) that didn't do anything too terribly maliscious but did replace your screensaver and bookmarks with some new internet start-up's advertisements. Or how about a worm that replaced your GUI libaries with logos and ads for some start-up. Maybe companies will get so bold as to unleash virii into competitor's computer systems. We're already at a point where taking out a businesses infrastructure could cripple and/or destroy a company. Right now we're seeing lots of worms just floating about because someone was pissed off at the world because they were a loser who had no other form of expression. What will happen when malicious exploits hit the mainstream of business and are actually aimed at individual companies. Script kiddies can cause a company's servers to stumble for a day but that is all pretty meaningless when compared to a virus bootstrapping all of a company's office systems. It isn't the OS that you need to worry about or boast over, it is how much you'll be fucked if that system fails.
Re:Can we be 100% virus free? (Score:2)
True, a virus is a program. What makes it a virus is the way it gets introduced into the system. Since the AS/400 has incredibly well thought out security that prevents any object introduced into the system from executing without a tightly controlled process, the normal methods of virus propogation will fail. Period.
You have not described a virus, you've described a trojan horse.
...phil
Author of original article - few notes. (Score:2)
The article on HNN appeared last year, round about August...i think. I wrote it. That was a while ago.
The article was nothing *new* - no revolutionary concepts - it was, as the article suggests, a culmination of all the bad things out there, neatly packaged. The article was written before the outbreak of Outlook and MS based viri and as such this avenue was not even fully explored.
The idea was basically just to give the readers an idea of what could be done - how the viri and worms that we were seeing back then were actually quite "harmless" in comparison with how they could have been. I still think that this statement is very relevant today.
I have received many suggestion on how to further enhance the worm/virus, and many suggestions on how "easy" it could be stopped. Like I said in the conclusion - I am not the brighest person on the planet - I am sure that there are many ways to further "enhance" the thing, and just as many ways to try to stop it. The idea was just to see how bad such a thing could be - to toy and share the idea with others in the field.
We would be blind to think that such a monster (or something more dreadfull) cannot and will not be developed in the near future (or maybe even as we speak).
My 2c,
Roelof.
PS: I have no idea how it got to /. after all this time... ...and yeah... the "Line" O/S...a case of an over eager spell checker, and some finger trouble :)
PPS:
-------------------------------------------
Roelof W Temmingh
SensePost IT security
roelof@sensepost.com
http://www.sensepost.com
-------------------------------------------
How about both! (Score:2)
Let the virus sit idle for 1.5 weeks (assuming companies backup once a week?). Once the infected files have been "safely" backed up, then the virus awakens, zeros all files, then backs up the zeroed files.
Re:How are you looking at the problem? (Score:2)
Steven E. Ehrbar
Re:We need computer control now (Score:2)
Well I for one consider car drivers licenses a good thing. As long as I know everyone's up to a set standard of driving, I can be reasonably confident that the driver coming head on towards me at 100kph won't swerve accross the centreline.
I don't agree with computer buyers needing licenses. For the most part, it would only add inconvenience to the millions who just want computers. Owning a computer and not knowing how to use it is mostly a danger to yourself more than anyone else. If buyers decide not to learn about what they're doing with them, it's their own decision. As long as I know what I'm doing, it won't effect me one way or the other.
If and when businesses need someone reliable, they can look for someone with a proper qualification. I think the biggest problem is that either businesses and organisations don't do this properly, or the qualifications aren't reliable qualifications. In the latter case, it's the education system that would need to be controlled - not the users and buyers.
===
Viruses could easily do much more damage (Score:2)
Anyway, what strikes me is that these email and msword viruses have on the whole been quite tame in their side-effects. The ILOVEYOU virus, aside from emailing itself to your whole addressbook, replaced all the .mp3 and .jpg files on your hard drive. Some graphics people may have lost actual work stored in .jpg files, but on the whole, I don't think much got destroyed aside from porn and mp3 collections. Yet, it woudl have been just as easy for the virus to erase all your data; just replace "mp3" with "doc" and see the *real* damage!
And then there's another, more insidious way, in which an email virus could do very serious harm: by randomly forwarding your emails to people. Imagine a virus that forwards each email in your inbox to one random person in your addressbook. Whoops, there go most companies' secrets!