Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
The Internet

Building The Ubervirus 229

Johnath writes: "The HNN has a rather eye-opening article about a potential disaster dangling overhead. It's not so much that the ideas presented are revolutionary -- most /. readers would probably come up with a similar scheme, if called upon to design a killer net virus, but nevertheless, it pretty lucidly addresses the potential damage."
This discussion has been archived. No new comments can be posted.

Building the Ubervirus

Comments Filter:
  • That is to say, this is the second time this article has been posted to slashdot. /me is too lazy to find a link to the first time it was posted. Search is your friend.
    -russ
  • For the benefit of those trapped behind the berlin firewall (filter), could somebody mirror or paste the article contents here?

    Large corporate filters don't like us to visit seedy places like HNN.

    Mucho Thanks
  • They were slashdotted by the slashdot effect!
  • Are you sure it's your firewall? Looks like it's /.'ed to me, and there's only 3 or so comments as I type this... Mirrors?!


    _________
  • this exists already. It's called the dumb PR/HR employee, more interested in loveletters from strangers than in network security.
    Sadly they are also the type most likely to grow exponentially as the internet becomes even more KEWL.
    we're doomed *sigh*

    Da Warez D00d
  • by Kondoor ( 135852 ) on Monday July 17, 2000 @05:33AM (#927674)
    Basically all these people have done is make a list of the parts of trojans, virii, hacks, that work the best and list some thoughts and figures on what they could do if someone actually spent some time to do a good distribution of a virus using IRC, FTP and user ignorance and then exploit the user ignorance factor to get it to spread like wild fire. It was a good read but not really news, I agree with the post, most any /. reader could come up with the same if they spent a couple minutes thinking about it.
  • I lied. Search is not your friend. The virus article is dated from last year, yet there's no way to get slashdot's search to sort its results by date. Heck, it doesn't even tell you what *year* it's returning the results from.
  • I've read this article at HNN at least half a year ago, maybe more. It's clearly interesting, but is this news?

    Kaa
  • in a networked invironment, diversity = more applicable exploits. simple as that.
  • in one of the recent phrack releases, an ubervirus with AI capabilities has been discussed, but the phrack website seems to be down at the moment. check it out, it was quite frightening stuff...
  • by ajm ( 9538 ) on Monday July 17, 2000 @05:36AM (#927679)
    Ok, people are doing some fine things with Outlook and other tools nowdays in the virus world but I think where they fall down is in the social engineering area :) I don't know whether this is technically feasible and I have no desire to find out (I take no responsibility etc....)

    Let's say the point of the virus is not to physically disrupt the mail system, but to mentally disrupt it. People should be afraid to open mail messages, and disbelieve the ones they do open, rather than have the mail server crash.

    So, step one is to send out the messages gradually so that people don't realise immediately that something is wrong. You don't want to make people wary at the begining. After some interval when you've infected enough machines, then go for the full virus crash.

    Step two is to vary the subject. One way would be by making the subject be Re: of something already in the mailbox from the person you are sending the current message to. Make all others that you can't find messages to reply to start with Fwd:.

    Step three is to look in the mailbox to see if you can find an administrator of some sort. Look for system administrator or something similar in the title, or look for membership of the admin group or similar. If you manage to get on an administrator's machine then send out a virus alert message to everyone in the address book. Include in the alert a copy of the virus with instructions to double click to disinfect the machine. If you are not on an administrator's machine then send to one or two people in the address book a message that says in the subject Fwd: Virus loose (from admin name here) to see if you can fool people that way.

    Anyway don't try any of the above because they probably don't work, and I certainly don't want to be responsible if it does. I'd guess this is the sort of stuff that a professional/governmental virus would try to do. If you were China (for example) and wanted to disrupt email in the US (why I don't know) social engineering to produce a lack of trust in the system is more likely to be successful and effective than the sort of spam attacks we've been seeing lately.
  • by dmccarty ( 152630 ) on Monday July 17, 2000 @05:36AM (#927680)
    Don't worry! As soon as the virus/worm starts to spread we'll all be inundated with "DON'T OPEN [MELISSA/STACY/LISA/BELINDA] IT WILL ERASE YOUR COMPUTER!!!1!!" emails, which will spread faster than the worm itslf.
    --
  • I'm getting no response from the server.
    That was fast.
  • Yep, I got redirected to a page here telling me to stop slacking off and get back to work. "Restricted site" as I remember.
  • i work for teh it at my university, and it seems liek every week there is teh ms outlook virus that uses built in vb scripting and teh gaping security flaws in windows to spread across the world in a matter of days. most of these do silly little things, and are easily detected because of it. what happens when some cracker decides to use these same old tricks to write a virus that spreads by ms outlook, but hides itself from detection and does something really really evil at a future preset date? how many virii like that are out there? care to venture a guess? ok bye.

    loev,

  • Instantaneously slashdotted. Now get back to work already so I can read it.
  • Is any research being done to compare computer virus/security hole propagation patterns? I'm sure the CDC (that's "center for disease control", not "cult of the dead cow") would have a lot of useful input on this "ubervirus" problem.

    I'm not an expert so I'm not going to try to defend the following statement, I'm just going to make it. I recently finished "Chaos" by James Gleick. He mentioned that one of the places you can find chaotic behavior was in the spread of an epidemic. In fact, efforts to step up vaccination (and other disease prevention techniques) actually caused an increase in the rate of infection (sometimes and short- to mid-term). Apparently this has something to do with perturbing an oscillating phenomena.

    I bring this up as a warning to those who think we should all immediately rush out and start locking things down. We might make it worse if we do. I know this statement sounds ridiculous--I'm just saying that maybe we should slow down and think before rushing off to act. Do the research, ask the questions.
    --
  • Can someone mirror this website please
  • by georgeha ( 43752 ) on Monday July 17, 2000 @05:37AM (#927687) Homepage
    Brunner describes a similar scheme in Shockwave Rider, way back in 1975.

    Nick Halflinger (an uberhacker who can cracka system using a touchtone phone) travels the world coding a giant worm designed to be launched as a simultaneous, distributed attack from hundreds of different computers, quaintly visiting each site in person.

    Portions of the head of the worm are used for replication, other parts are used to detect and deter anti-virus attempts, the middle part breaks into secret archives, and the tale is the contents of the secret archives.

    I can't recommend this book highly enough.

    George
  • Indeed, I think the problem is on their end.
  • by exploder ( 196936 ) on Monday July 17, 2000 @05:38AM (#927689) Homepage
    Most (computer) viruses today are created with malicious intent. When you are infected, you know it. I was thinking the other day that if a virus were to arise "organically", i.e. not designed (or alternatively, mutated from a designed virus), that its best chance at survival is the exact opposite of what most viruses do. The best strategy would be to lie low, staying as much out of sight as possible, and continue reproducing when possible. Has a virus like this been seen? If so, then I wonder how many more have not been seen?
  • by blueg3 ( 192743 ) on Monday July 17, 2000 @05:38AM (#927690)

    Oh, sure, it seems all-powerful, but doesn't it still suffer from the same problems that plauge other worms? Namely, you have to a) be running an insecure system or b) be a sucker.

    I'd like to think that most people don't use the dummy settings of Outlook (or even use it at all), and that they scan files they download for viruses, and that they don't blindly accept (or auto-accept) DCC sends.

    Of course, I also think the succeptible masses don't really use IRC anyway. Now, if the virus could infiltrate various Instant Messenger networks...

    I guess it would be nice to think that worm viruses shouldn't work, but as we all know, this is not the case. So, I'll just sit here with my Mac, running Eudora, and wait for this new worm to come out, as it inevitably will, and not affect me.

  • A killer net virus that would destroy the Net as we know it has been very easily in reach once the majority of computers on the Internet became homogenized Windows//MSFT Office//Outlook boxes.

    Whenever I read about a Mellissa or an I Love You I smile to myself and think "I would have trashed their hard drives after spamming myself to all their friends.". If Mellissa or I Love You hadn't been content with simply bogging down net servers and had decided to set the file length of all .doc , .xls, .sys, .bat, .dll, .html and .jar to 0, I am sure corporations would probably be fuming about Trillions of dollars in irreparable damages (after all how much stuff is actually backed up or centrally stored in a Windows world).

    In my opinion the article is overkill, a virus doesn't have to be particularly clever or well designed to cause havok anymore thanks to the beauty of MSFT operating systems. Any script kiddie or MSCE with a passable knowledge of Virus Building Script can bring it all toppling down.

    Off course, none of us will ever do it because we know it would do so much damage to the 'Net (government would step in hard) and also hurt many of us financially in some indirect way.


    WHY C SUCKS
    -----------
    int i =0;
    i = i + 1;
  • i think that teh slashdot is not y2k compliant, or sometihgn ok bye.

    loev,

  • by Jetifi ( 188285 ) on Monday July 17, 2000 @05:39AM (#927693) Homepage

    It's a nice scaremongering document, but the hypothetical worm is a *worm*. We've already been bitten by vbs and StagesA, so the potential for a virus that self-replicates is, IMHO, diminished.

    As for having web-servers which relay instructions/recieve data, the 'bot would have to know how to fill out registration forms/upload information, and even then the server would have to have some kind of handshake with the worm, which could be detected by the hosts of the web-site.(i.e. geocities)

    Why not have the server host misc. content, with the instuctions embedded in the HTML?

    In any case, is it a good thing to have people publishing design documents for killer virii? The script kiddies which came up with ILOVEYOU weren't smart enough to design something really nasty, and HNN are just providing inspiration, which means they'd be liable in the event such a worm was released.

  • But so what? If a supervirus strikes, it will only affect single workstations ("Oh my. Something must be wrong with my Win98...") and shouldn't cripple any of the critical components of the net.
  • by deefer ( 82630 ) on Monday July 17, 2000 @05:41AM (#927695) Homepage
    I can remember when virus writing used to be _hard_. You had to be a bit 1337 to be able to write a TSR, or a boot block virus.
    Now look at the state of the virus world - ILOVEYOU.vbs (OK, it's a trojan, but still replicates like a virus) and the damage it caused. I'm not talking about the x billion the media claim it cost, just the panic in my IT department when virused email couldn't be deleted fast enough. Look at the code for ILOVEYOU.vbs - it is a doddle. No real inspiration involved - just patch 4 entries out off bugtraq together, and there you go.
    What we have now is a state of play where the entry level in writing malicious code is dropping rapidly as more and more people get into computers. Don't want to spend a few years learning to code? Hah, our whizbang COMActiveXCORBA plugin gives you the power on your desktop!!!
    Don't worry that your soft underbelly is now exposed because we can't give you the ease of use you want, without you knowing what you're doing!!! And you're too stupid to realise!!!
    So now that the learning curve has been removed, you will have people all over the net trying to write and run viruses, without a clue of the repercussions it may cause. Because they don't really understand what they are doing.

    Strong data typing is for those with weak minds.

  • Site appears to have baulked. I got as far as page 3, and then drew a blank. Give them air!
  • by wishus ( 174405 )
    well, i read the first page before the server evidently got /.ed.. sounds like nothing new to me. ILOVEYOU cost, what, "billions of dollars?"

    people need to quit blindly trusting their computers and the benevolance of other internet users. it's like driving.. you don't have to know how your car works under the hood, but you MUST know how to operate it.

    Computers are the same way. You don't have to know what goes on inside the box, or how the kernel works, but you have to know how to operate your computer, and part of computer operation is security.

    having a computer is a responsibility just like having a car. if you use your computer carelessly, and by doing so your system gets compromised and used to attack other systems, are YOU not responsible for that? Just as if you failed to pay attention at the wheel and killed someone with your car?

    Ignorance is not an excuse for carelessness.

    wish

    ---
  • If I had written ILOVEYOU, it would have sent out copies of itself with the recipients' first name (from Outlook address book) as well, and reply to all e-mails in the inbox with "re:" + subject + something else.
  • What I fail to see is how this could be an eye-opener. Within the /. and HNN communities the facts presented in the article should be obvious. Disaster almost happened at least twice already (remember melissa? loveletter?), and the only reason things didn't turn out worse was because of either some kind of empathy and/or bad coding on the virus-programmers' side. Heck, most of us could modify loveletter's code in 5 minutes to make it 10 times more deadly to those windows boxen.
    I know people are going to yell "What disaster? These viruses affects only Micros~1!" but face it, that's where the majority of the money invested in information are.
    I _do_ think that should a larger newsprovider, like cnn, post these facts, albeit 'dumbed down', we would see a genuine eye-opening of the general public, PHB's included.
    That would be something!
  • To work effieicently, the virus would have to be fast spreading. To do this, it's no good delivering it's payload straight away - sit on the users sytem and send out 1 or 2 messages _per day_, with a timed payload in a month's time. Make the virus metamorpheric to help reduce the anti-virus systems and nobody will know they've been infected until umpteen numbers have been distributed and the payload is delivered.

    Oh - it would be better if the virus could cope with as many different platforms as possible.

    An ideal method for 'mass distribution' would be a crack to put it in a MS Website upgrade patch, then release a mini-virus targetting against MS system to 'encourage' people to download the infected patch file. Obviously, you'll probably need someone inside Microsoft, but...


    Richy C. [beebware.com]
    --
  • by edibleplastic ( 98111 ) on Monday July 17, 2000 @05:43AM (#927701)
    The uber virus already exists!!! Here's how to do it, in one quick easy step:

    1) Post an article on Slashdot reffering to a particular web site

    Now sit back and watch the fun! The Slashdot Virus is guaranteed to take down ANY website within seconds!!!
  • Tell that the user support people who have to deal with them "Oh my. Something must be wrong with my Win98..." - problems... :)

    Da Warez D00d
  • Wow, amazingly the site ISN'T blocked by my company. Thankfully, though, this is my last day here, and I'll be moving on to a company that doesn't filter information out.
    HNN's still bein slashdotted, so I can't read the article anyway.. bah
  • Is it possible to build software that is 100% resistant to computer viruses? Can software be coded with no possible pathways for a virus to spread?

    Microsoft is the primary cause for the proliferation of viruses in the past few years. Scripting ability is a nice feature in software, but should it be defaulted to be active upon installation of the software? A vast majority of users don't need scripting in spreadsheets and word processors.

    But with all of the holes in older software (sendmail, etc), it seems that the problem is getting worse, not better.

    So, where does the problem lie? Programmers not willing to look back over their own code and eliminate such holes? Corporations that are pushing for release, regardless of the security issues (hmmm, could it be... M$!!!)? Users that blindly open attachments without looking to see what they are opening?

  • Consider using other operating systems, like Line or BSD.

    Is this a case of a unenlighten spell checker, or is Line an operating system I've never heard of?

    ---
  • I know of a virus which would be much worse than any of the current crop of viruses: Make one that randomly changes bits in a database. Just think about it for alittle bit...
  • You know, after working in communications for a large company for 4 years, I have learned a lot about what can take down a network.

    The network is always going to be vulnerable to some sort of attack -- be it DDS, electro-magnetic pulse, SYN Flood, email virus, spam or whatever. Some well placed, unexpected volume will even do the trick.

    Let's think outside the M$ box for a minute and consider what a 'virus' could do to routers and switches. Everything that carries configurable software is vulnerable to some sort of attack!.
    --

  • yesterday at h2k in nyc there was a great presentation on virus writing (it was academic, not destructive). it was presented by V1RU5 (i dont happen to recall his real name. he basically summed all of this up. i was very impressed with his presentation.

    he outlined the the types of viruses (basic stuff) and discussed the progression of virus writing from an actual skill to a 10 minute joke. he also discussed the future of *nix viruses. very informative. very cool guy too.
  • By suing Microsoft, etc. for having such crappy software and security. Of course, that may be a cure worse than the disease.... Question: is the court system really like a computer that runs on people and paper? And are bogus lawsuits its version of a virus?
  • diversity also = smaller chance of finding a particular exploit, thus restricting (and in some cases stopping) the transmission of a particular virus that can only use a limited set of exploits.

    As a corrorlary to this, given sufficient diversity, it becomes impractical for a particular virus to carry the code necessary to infect all of the availible machines.

    Putting all your eggs in one basket is never a good idea. You might be a smaller target, but if you do get hit (and it's foolish to think you're invulnerable), you're automatically 100% dead.

    Among other things, this is borne out by quite a few thousand years of agricultural experience.

    You'd be hard-pressed to find any farmers or biologists who would argue that monoculture is the best way to limit your vulnerablity to crop diseases, just because there are fewer possible diseases that could infect your crops.
  • So, I'll just sit here with my Mac, running Eudora, and wait for this new worm to come out, as it inevitably will, and not affect me.
    Whilst it may not _directly_ affect you, don't you think your internet connection & mail delivery will be a tad slower, as a virus emails itself 2000 times from each infected machine, simultaneously? Routers, switches, firewalls... A certain sort of virus could, in effect, be aimed at one whole massive DoS, and not targeted at any particular site/piece of hardware. The fact is, if a massive net intensive virus decided at one point to start generating internet traffic internationally, with enough infected machines, you'd be lucky to see the internet again for at least a week...

    Strong data typing is for those with weak minds.

  • I bring this up as a warning to those who think we should all immediately rush out and start locking things down. We might make it worse if we do. I know this statement sounds ridiculous--I'm just saying that maybe we should slow down and think before rushing off to act. Do the research, ask the questions.

    I strongly concur with this statement and it doesn't sound ridiculous to me at all. I cannot speak to the 'perturbing an oscillating phenomena' or even any underlying chaos theory. What I can speak to is how my parents, brothers, and sisters would react to the situation.

    Once they start hearing about new improved virii filters, improved protection from viral infections, they will stop taking the extra precautions they take now. Their confidence in the system will be increased without just cause. That is when they start downloading any ol' thing, not paying attention to what is being sent to them, and the like. Virii that aren't caught by traps and other protections suddenly run rampant.

    There is no panacea. We need to progress slowly, fully aware that we might miss something. I'm a paranoid user and I still got nailed by a Trojan Horse once. It was all my fault because it could have been easily avoided, but I felt confident in my 'virus protocol' to protect me. Too bad I failed to update the software for that month.

  • 1st [google.com], 2nd [google.com], 3rd [google.com] and 4th [google.com] page, cached by Google [google.com].
  • by Russ Nelson ( 33911 ) <slashdot@russnelson.com> on Monday July 17, 2000 @05:57AM (#927714) Homepage
    Cool idea. Why doesn't Rob just re-post everything more than a year old, so we can have the same discussion over and over again?
  • The problem with this: People are stupid.

    I can't recall how many times people at my workplace (and at least one other; I could relate stories of one friend who suffers the same problems) CONTINUE to open up those damn Melissa-deriviative virus emails. They'll even open different copies of the SAME virus.. multiple times!

    I tell them "if you see an email with a .vbs attachment in it, don't open it." What do they do? They open it. I tell them how to turn off the scripting foo that runs these scripts. What do they do? They ignore it.

    Basically, the ignorance of users would undermine any of the deviousness of your stated plan; it's too complicated for them.

    The only way to get the attention of a luser is to beat them over the head with something. Erase their hard drive, and THEN they start to wake up. It's not their problem until they suffer data loss.
  • Let's see, the /.'ed article talks about a worm/virus that coordinates it's attacks through several web sites, and becomes unstoppable.

    I describe a book, in 1975, that had a very similar subject.

    This is offtopic?

    I could care less about the kharma loss, I have tons, but really, is watching Barney and having the intellect of a 2 year old a pre-requesite to be a moderator now?

    Let me try to shamelessly get my kharma back now.

    Killer virus possible becuase of too many Windows.

    Use Linux to stop this.

    Linux good, Windows bad.

    George

  • But really, who is going to code something like this? I mean, if somebody has the time and know how to do something like create an awesome ubervirus, are they really going to it?
    ...Wait a minute... I'm forgetting about the Unabomber.

    Anyway, what I was going to day is that it seems that most of these new, terrible viruses are created by people who have some know how, but for the most part, are pretty much idiots

    It would have to take either a brilliant madman, or a corporate/government sponsored team of bright people to create something like that - not script kiddies and hacker wannabes (not even your typical /.'er). :P Besides, what incentive (I mean really) would these entities have to do so?


  • by 11223 ( 201561 ) on Monday July 17, 2000 @06:09AM (#927718)
    Exactly - most current virii are doing a piss-poor job of social engineering. You could even make a .exe virus, with the proper engineering - simply have it pass itself along as a "Virus alert", describing some (made-up) worm, and then instruct the user to run the disinfector - voila! Instant dumb-user virus.

    Ever notice how most current worms aren't even in the best english? It seems that nobody in the US is writing worms, and so we get people with a bad knowledge of the language trying to fool people into clicking on the stuff.

    Hey, where's the "This is more informative" link-trap?

  • Do businesses do any kind of "vulnerability analysis" of their IT systems?

    I mean, if you're doing business you should have at least some kind of a contigency plan for a partial or even total failure (whatever the reason) of your network connection. Fax, phones and the good old fashioned mail haven't gone anywhere. Use FedEx/UPS/DHL to ship critical documents and data on CD-ROM, DLT-tape or DVD-RAM if necessary. Isolate critical systems from the net physically, maintain a room of backup workstations to keep the priority work going on even in the case of a complete infection of the bulk of the workstations, etc.

    It would be plain silly should a company come to a grinding halt due to a virus, denial of service attack or any net related event.

  • It's called Windows, you may have heard of it? It spreads in a most insideous fashion, by using truely awe inspiring social engineering techniques to quitely invest all PCs that must share documents between themselves...

    The ultimate stealth virus. and people are even making money off it! One could argue that windows is not a virus because it is not self replicating, but I would say that it _is_ self replicating, just not via an electronic means.
  • Why does a virus get more attention here in the USA than the AIDS epidemic in Africa? Proximity. We here in the /. community are so close to the issue of viruses and virus-fighting that it is taking over our lives. If you take a step back from the monitor (remember in "Fight Club": you are not your job)you will see that non-MIS people saw Melissa, and other viral attacks on businesses, as a half-day off work and nothing more. Like most other problems in the USA it is going to take an epidemic to get the common man's attention. We are still living under the mid-20th Century pretense that the US is indestructable. Until a virus comes along that will wipe everything in its path and reach home computers (like an AOL instant message script) we are the only ones who are going to sit up and take notice. dbthomas
  • by Anonymous Coward
    yes and no.. yes- write software that has ridiculous restrictions (read uninteresting) I know of no LOGO virus. no- interesting software is a complex system--and with Hilbert's tenth problem answered fully, there is no way, in general, to see if software is malicious or not without running the software to completion. Human's are the weak link, then, since they are the ones tasked with choosing to run (directly or indirectly) the software. The only true secure system is one that has no IO, is turned off, put in the middle of a 6'x6'x6' block of concrete, buried 100 ft underground, on another planet, in some other universe, and, just so that no human can interface with it in any way, shape or form, made of anti-matter (I know the concrete is matter;). Otherwise, human mistakes (whether they be poor code in the OS or poor administration), will always allow a wonderful breeding ground for virii, trojans, worms, etc. There is no way to program a complex (algorithmic) system to detect all malicious programs, so they must be detected by humans. If humans fail, then the system is at risk. All viruses I know of rely on human stupidity to transmit. (This goes back to virii like Stoned through ones like Monkey, NYB, right through to Melissa and onwards). I have no knowledge of virii before Stoned so, I am making a broad generalization that seems to fit for the past 11 years of virii spread.
  • A bit OT, but you mention that any MSCE could create such a virus, An ad has been running in my area (DC) about computer training courses to become MSCE. The best line in the ad is "No computer knowledge required" Which pretty much says it all ;-)

  • The IBM mainframe and AS/400 environments are incredibly hard to get a virus into. AS/400s have an object-oriented security model in which it's absolutely not possible for a text or data object to be executed.


    ...phil
  • by DonkPunch ( 30957 ) on Monday July 17, 2000 @06:39AM (#927736) Homepage Journal
    This just goes to prove the insanity of low-cost easily-accesible computers and software in the hands of everyone. Every day, hundreds, perhaps thousands of machines are infected with virus and trojan software. The cost in lost data and productivity is easily in the millions.

    We have to stop this madness now.

    Right now, computers are less regulated than lawnmowers or automobiles. We require drivers to pass a proficiency test, why not computer buyers? It's time we registered computers and performed background checks on people who buy them. This is the only way to keep computers out of the hands of children and criminals.

    I am proposing a Million Geek March. We will have speakers telling stories of how their lives were destroyed by computers. Let's send a message to Washington now: "We need to be safe from computers!" It is absurd that in the year 2000, I have to scan every attachment I receive and every program I download. We need to make our information infrastructure safe again.

    All of you who oppose my plan, I ask, "What do you have to fear?" We're not planning to take away your computers. We just want some common-sense legislation for the safety of all. It will be a tough fight -- the rich lobbyists from Dell and Microsoft will try to stop us. They'll claim that the right to access information cannot be restricted. They'll claim that computers aren't the problem. We know they're wrong. Modern computers make it easier than ever to create destructive programs. A computer in the home is a tragedy waiting to happen.

    Let's get some common-sense computer regulation now. Thank you.
  • by tilly ( 7530 ) on Monday July 17, 2000 @06:41AM (#927738)
    Here is a clue.

    The Samba folks don't publicize it, but they have found a number of buffer overflows in the stacks of every single OS out there. (They patched the ones they found in Linux.:-) A truly nasty critter would be set up to transmit itself using those overflows.

    If done right you would get a worm or virus that can transmit from computer to computer without any manual intervention. There has to date been exactly one such on the internet. The Morris worm. It went out of its way to be nice, and it still shut down the Internet through sheer speed of reproduction.

    You see getting a human in the loop slows things down. If you want to be truly nasty, automate it from start to finish. Then the first people will hear about it is when their networks go down.

    Cheers,
    Ben
  • Thanks for the support.

    I don't worry about the loss of kharma for myself, I have lots to spare, but I worry about,

    the children.

    What if a young child had posted here, a young child of little kharma, eager to impress the moderators with a literary reference that they thought was directly relevant to the discussion.

    Instead, they get a -1 offtopic. Their spirits would be crushed, they would disillusioned, they had played by the rules, tried to make /. a better place, and only got slapped down for it.

    A few, well adjusted children could shake that off, but some, well, some might feel angry and bitter, and give into the dark side, and start posting about grits, or Natalie Portman.

    Please, moderators, consider, when you mark down a poster as off-topic, they may rise up again as a troll.

    George
  • Many interesting ideas here about how to write viruses which are difficult to detect. But what if they are out there already? Would we know it? Seriously how difficult would it be to create an "evolver" virus which:

    1. reproduces without human intervention
    2. is harmless (doesn't try to crash anything)
    3. occasionally mutates itself at a random time

    We could have a whole virus ecosystem evolving out there right under our noses without us even having a clue. Part of their strategies for surviving would necessarily include not crashing the systems they were "living" on.

    In fact this sounds like one of those things that because it CAN happen, it MUST eventually happen. Eventually somebody will do it and there will be no way to undo it once done. Maybe the first Artificial Intelligence created on Earth will be an internet-dweller who has never even met a human being before.
  • In any case, is it a good thing to have people publishing design documents for killer virii?

    One of worst things that can happen is the information about virii and other security threats to be shared only among some selected few. You may have seen the story about a 3 year old AOL security hole this weekend. The only way to prevent this kind of problem to become a major problem is to publicize the risk to the maximun possible extend. It guarantees that every system administrator in the world will hear about it and take the necessary steps to protect his/her piece of the network.

  • I am proposing a Million Geek March. We will have speakers telling stories of how their lives were destroyed by computers.

    And just how do you expect to get a million geeks out of their homes? Do you have any idea how much free beer, pizza, and pr0n you'll need?

  • Putting all your eggs in one basket is never a good idea.

    You got that right. Yet another reason why a monolithic Linux-dominated IT world will be an unmitigated disaster, if we're ever unlucky enough to end up with it.

    But really, shouldn't we all just be slagging Microsoft here??

    I'd much rather not see monolithic anything (although Jeppe does make some good points in his reply, which I'll have to think about).

    Since you brought it up, though, if I was forced to choose a monolithic environment, I'm not sure that a Linux-dominated IT world would be worse than the current Windows-dominated one.

    Although I've seen some stupid things done on both sides, at least on the Linux/Unix side, you see coders actually bothering to do simple things like putting their VB implementations in security sandboxes (i.e. Gnome Basic [gnome.org]).


  • Has anyone ever thought of / heard of viruses that do physical damage? I'm talking about anything from the wasteful (printing 1 character per page on a printer, and then formfeeding it), to a virus that might cause actual permament harm to a computer. They say (and I assume it's true) that if you tamper with the refresh rates of your monitor, and set them too high, it can hurt the machine. What if (and PLEASE don't try this) a virus tampered with these settings? Maybe billions in damages is possible after all...
  • by Anonymous Coward
    Back in 1995 I used to monkey around with virus writing.

    My favorite was a little randomly mutating virus. I wrote the little bugger to duplicate twice and erase itself. On each duplication the virus could chose to mutate or not (50% chance), if it did mutate it could either randomly alter or add data to it's data section, or randomly alter or add an opcode at any point in the instruction section. Also if there was a floppy in the floppy drive it would append itself to the largest executable file.

    I ran this on my 90Mhz Pentium running DOS and after about an hour my computer froze. I rebooted and nothing happened. I whipped out Norton Disk Utilities and looked at the contents of the drive. One of the little buggers copied itself into the MBR but didn't know how to boot.

    The lesson here is that the Uber virus could very well take very little planning and simply be a genetic mutation of a simple assembly program.

    If I were to write this program today, I would give it networking libraries, code to try the 10 most commen sploits on target machines, binary formats to run on all the major platforms and mabey even a DB of opcodes for different arcitectures so it can translate itself from an x86 bug to an Alpha bug and so on.

    A virus like that would suck and I haven't touched Assembly for two years so I'm not going to code it up but somebody might...

    ...but I hope anybody with that much talent would rather do somthing constructive like make video games ;p
  • I wasn't able to read the original article, either because the site is being slashslammed or because half the net seems unreachable, but...

    If someone wanted to write a virus to do really lasting damage, it wouldn't do boring stuff like delete files or steal credit card information. Come on, who cares.

    The road to immortality is to hack people, to change relationships permanently. So here's what you do: propagate like iloveyou, but with vastly more discretion. When launched on a new machine, take the following steps:

    1. Dig through all the places typical mail clients store mail. Build up a list of all the subject's correspondents.
    2. Send the virus along to various correspondents, but do so with a very plausible looking reply to their last email. If you really want to go to town, emulate the subject's writing style, but some brief nondescript text should be sufficient. Lots of optimizations here, all with the goal of getting the subject to execute the attached program.
    3. Now, after enough delay to get that thing propagating a bit, search all the mail looking for mentions of people in the third person. Then package it all up and send it anonymously over. Thus, every mail our subject "Foo" has ever received mentioning "Bar", or ever sent mentioning "Bar", is now in Bar's hands. Repeat for everyone else in their mail.
    It should be obvious how devastating this would be, especially at cutthroat companies. The effects of such a virus getting much propagation would be felt for a long, long, long time.

    Nobody should do this, of course!

  • Considering everything, SlashDot becomes another way to take out a slow server on a site:

    submit a story that was interesting, but is slightly stale.
    Watch it make the front page
    watch the site get slash dotted.
    Presto chango! instant DDOS!

    the poor guys trying to run the site probably haven't even figured out what is going on yet - They just know it looks like legit traffic, and they likely have an account that that charges big bucks for heavy traffic.

    so for them they are likely just standing back in awe at an attack that looks like it is coming in from maybe 100,000 sites.

    Imagine if the site is hosted on some kids home machine?

  • by Anonymous Coward
    Here's an idea for a virus that would really be killer. I'm not sure how it would be distributed, but this is what it would do: all RAM (SDRAM, and I believe RDRAM as well) has something called SPD data. There's a tiny EEPROM on the RAM module that holds information about the RAM: it's CAS latency, the size, technology (64 Mbit, 128 Mbit, etc.), and other things. The BIOS reads this data to figure out what kind of ram is in the system (NOTE: some RAM does not have an SPD chip on it, and many BIOSes just run some algorithm to determine how much RAM you have... but this can't detect things like CAS latency so performance can be lost if you have good RAM and this is done). Anyway, the SPD data is read using SMBus... thing is, THIS DATA CAN ALSO BE WRITTEN OVER SMBUS. So the virus would just write fake data over the RAM's SPD data, telling the BIOS that the user either has far more or far less RAM, or that it runs at a greater speed/CL than it should, which will generate all kinds of errors when programs are run, or not let the system boot up at all. It would be deadly because not only would it not let the computer work, it would be very hard for the average person to get rid of. And info on programming SMBus and SPD data are readily available on the web...
  • You forgot to mention more common sense legislation... Why would anyone ever need to buy more then one computing device in a month?

    Not to mention requiring a keyboard lock, it only costs a few pennies after all.

    And no one should be in such a hurry that they can't handle a 5 day cooling off period before picking up a new computer.

    And we REALLY need to do something about those high capacity hard drives, did you know one 20 gig drive can store tens of thousands of ILLEGALLY obtained MP3 files?

    And don't get started about "easily concealed computing devices" like the palm pilot, especially the inexpensive "saturday night special" variation, the Palm IIIe.

    Stop the insanity!

    Bill
  • But seriously (read before moderating this as Troll of Flamebait), the reason that the e-mail script viruses we've seen all attack MS Outlook isn't because of how terrible Windows is. It's because most computers run Windows! They're targetted just because they're more common! If you wanted to write a malicious virus, would you target at a rarely-used platform or the most common?

    Obviously you do not have *nix background. In Unixland there is this concept called security which implies that a user's email program would never be able to run as root. It is ludicrous to think that a script in an email can modify your registry... were the Outlook team drunk when they designed Outlook without any sort of sandbox?


    WHY C SUCKS
    -----------
    int i =0;
    i = i + 1;
  • The problem isn't the users - it's the OS vendors.

    We have regulations on our lawnmowers and automobiles (yes, seatbelts are a good thing!). Imagine if your car didn't come with brakes - or if they did, you had to install them yourself after spending hours upgrading your car to the latest version.

    This is like Microsoft asking you to upgrade your Exchange version to turn off a "feature" which should never have been the default in the first place. This is the class action lawsuit that should really be taking place - thousands of businesses suing Microsoft for the time lost due to monkey scripts for features they never wanted in the first place and couldn't turn off without a CS degree...

    Any OS vendor which provides an OS which connects to the Internet should have to have a default level of security that requires the level of knowledge for hacking to rise above kiddie scripting...
    --
    Windows 2000. Security and Stability from the company that brought you the "ILOVEYOU" virus and the Blue Screen of Death...

    :-)

  • I just tried it. Under Windows 2000, the order seems to be .exe then .bat.
  • One could argue that windows is not a virus

    Reminds me of an old tagline from the days of QWKmail:

    Windows is not a virus. Viruses do something.

    -- Dr. Eldarion --
  • And no one should be in such a hurry that they can't handle a 5 day cooling off period before picking up a new computer.

    Uh - won't that new computer just about be obsolete in 5 days ?

  • And you're too stupid to realise!!!

    I think the term you were looking for was "uninformed".

    Apart from that though, I have to agree with you. I don't think people should be put in jail for picking up stray banknotes off the bank entrace hall floor. It's the bank managers that need grabbing. Being open to attack from VBS is like the bank leaving it's money in the street.

    If this sort of think keeps happening, we may have to see legislation of 'professional negligence' like you see with doctors, engineers etc.

  • Why not have the server host misc. content, with the instuctions embedded in the HTML?

    Bzzt bzzt!

    I still can't get to the HNN article, but I can tell you that such a virus is indeed possible, because I've written one.

    As well as trapping filing system calls to stealth the virus, it is possible to take the opportunity (while a file is being accessed, so the user wouldn't notice a slowdown) to scan through the file for magic words that cause embedded code to execute locally. You need a CRC to avoid executing random code of course, and a text encoding scheme (I used a 64-bit code starting at '?').

    Thus you can turn any non-executable piece of content (mail, web page, news posting) into a harbour for native executable code, something that up to now Microsoft have at least only been doing by accident. ;-) The advantage is that the client itself accesses the code; unless BO and co., the virus supplier doesn't need to make a connection to the victim machine to execute things on it.

    Obviously I no intention of letting this see the light of day, but it's also unlikely to take over the 'net since it doesn't run on Windows. I guess it'd be possible, but I don't have enough knowledge of Windows internals (shurely m4d sk1llz? -Ed.) to write it.

    Anyway, it'd have to be rewritten into a mail worm, since actual viruses are terribly out-of-fashion these days. <g>


    --
    This comment was brought to you by And Clover.
  • You missed the point of the Captain Derivative's post.

    Unix is not immune to viruses. Check out Communications of the ACM 32, 6 (June 1989) pages 678-687

    The article dissects an Internet Worm from 1988 that spread across the Internet infecting Sun 3 and VAX machines running BSD 4.

    The point that Captain Derivation is making is that Windows is the most popular platform at this point and therefore the ideal target for exploiting security flaws.

    Yes, the flaws that exist there are braindead, but there are plenty of even less secure operating systems in existence; why not target them? Because it would be pointless, they aren't POPULAR.

    Unix programs still have plenty of security flaws. They aren't targetted as much because there's less bang for the buck in doing that.

  • Nor should they worry. If a user deletes their own home directory, it's their choice. If they configure their email client to auto-execute scripts, they deserve it.

    All the admin needs to do is restore from the most recent set of backups. If the user refuses to listen to reason and does the same thing again, the admin still doesn't need to worry, untarring stuff is trivial, much easier than spending ten minuted talking to a clueless user.

    It'd be like if you properly maintained a Windows LAN, a local drive C with just the OS, apps remotely read from the server, and all data stored on a mapped drive D which the server backs up every night. The worst a virus could do would be force you to toss in a network recovery CD, ghost C and restore D from backup. But, few admins do this, I guess MSCEs don't teach practical methods.
  • "But PLEASE don't do this."

    "Don't get me wrong; nobody should do this"

    "It would be really cool but please don't take me seriously"

    Uh...if you wanna talk about building viruses, fine. Free country, etc. But don't try to cover your shiny little butt with a little disclaimer at the end.

    "So here's the step-by-step procedure on how to steal 14 million dollars without getting caught...but, uh...please don't do it."

    Please.
  • Yes, but i've seen setups where some of the server directories are writable to most users for changing websites etc. So you wouldn't be all that safe as you seem to think.
  • OK, I'll bite.

    Granted, it is pretty bad how Microsoft's scripting system will let an e-mailed script screw up anything and everything. I'm not disputing that.

    However, you can't blame the OS for everything. In the end, it's the user's fault for running those scripts. It doesn't matter how secure the OS is, if the user is going to do something incredibly stupid to compromise everything. Quick anecdote: where I work, one of the salesman associated with the company ran the ILOVEYOU virus more than three weeks after all the news reports, warnings, and magazine articles about it! You have to use the security built into the OS for it to do anything.

    And yes, although I am only learning about *nix-type systems, it seems to me you don't have to be logged in as root to do damage. For example, ILOVEYOU didn't screw with any system files. It targetted data files like mp3s and jpegs. Maybe I'm just a newbie, but wouldn't it be possible to delete a user's mp3s and graphics files without logging in as root? It's still destructive, and sure, it doesn't bring the entire system down. But then, ILOVEYOU didn't cripple the computer itself either.

    Here we get back to a clueless user. Of course a networked *nix box will have some decent security on it. But if Joe user buys the latest version of Red Hat Linux and installs it on his machine, what's stopping him from always logging in as root? Sure it's a terrible idea, but he doesn't know that. For him, it lets him get into Linuxconf more easily, and it's the only way he knows how to mount his Windows volume. (OK, he's not a complete idiot, but being fresh from Windows, he isn't familiar with system security procedures.)

    Obviously, a script kiddie will choose the path of least resistance if he wants to damage a nameless person's computer. If Windows is the most open to attack, he'll use VBScript. But like I believe I mentioned before, script kiddies use r00tkits to hack into *nix machines, and they have about the same level of expertise as it takes to find a VBScript virus and send that.

    Finally, I know Linux mail programs don't allow scripts to run as root. But last time I checked, viruses existed before MS Outlook became the norm under Windows. VBScript might make them easier to write, but when that disappears, they'll target a less insecure platform.

    In conclusion, although Microsoft might^H^H^H^H OK, does make it easier for viruses to entire a system, you can't blame them for the entire problem. Someone still has to create the thing (no matter how easy or unsophisticated it is), and the user still has to run the script. My original post was in response to the dozen or so posts that did little more than say "It's all Microsoft's fault!" That's a sure-fire way to getting lax about safeguarding other platforms.


    --
    "Better dead than smeg."

  • I know early versions of DOS played around with file extensions but if you are talking about batch files then I don't think that's on the same level. Installing interrupt vectors, relocating memory, altering pointers...all very complicated and confusing, at least to me. Perhaps it was because the original design of the x86 was so brain damaged to begin with.
  • Background checks and proficiency requirements are a good thing. But what about the loose cannon out there who has nothing bad in his background but one day gets up in the morning and thinks "I'm gonna go out ta buy me one of them compewters and turn loose one helluva vearus!"

    Obviously, the only way to protect ourselves from these nuts is to also implement a mandatory five day waiting period to buy a computer.

    Also, what possible need does anyone have for more than a Pentium 166? It does word processing, email, web browsing and runs solitaire. Any more power can only be used by someone with dangerous intent. We need to start worrying about these assault-computers, namely those with 64-bit processors. The evil PC makers (such as Dell and Micron) are already planning to unleash these weapons on the consumer market. They need to be stopped now with sensible legistlation that outlaws assault computers.
  • >Yes! Since Microsoft has scripting
    >support in their OS, that means they're to blame
    >for script viruses! How dare they have scripts
    >that run under Windows! Wait a minute...doesn't
    >Linux also support scripts? Never mind that --
    >more MS bashing!

    >But seriously (read before moderating this as
    >Troll of Flamebait), the reason that the e-mail
    >script viruses we've seen all attack MS Outlook
    >isn't because of how terrible Windows is.

    Yes, windows *IS* terrible (ESPECIALLY from a security context). Or have you simply not been paying attention for the last year and a half?

    The DEFAULT configuration of the DEFAULT mail client will run a script with the windoze equivelent of root permissions when you open it. It is ridiculously STUPID to allow a user-space email client to run amok in system space. Absolutely poor design, and worse implimentation.

    And worse, they have known about this for a good YEAR AND A HALF! Ever since Melissia, this has been a known flaw... but gates REFUSES to fix it!!!

    Now, since you complain that Linux includes scripting as well as windoze, let's look at the equivelent sequence of events that would have to happen for a malicious script to be a problem:

    Say that someone sends me a malicious perl script as an attachment to an email. Well, when I open up that attachment, pine DISPLAYS it as a TEXT file. It is NOT run by default when I open it. I have a chance to examine it BEFORE I let it run, if I run it at all (not bloody likely unless I'm about to switch distros and am already backed up). Now, in order for it to be run in such a way that it could trash my system, I would have to:

    1) Save it as virus.pl, or whatever
    2) su to root
    3) Run it by typeing "perl virus.pl"

    Or, if I am doubtful as to wether it is harmful or not, I could run it in user space with NO CHANCE of it trashing anything important.

    Now... which security paradigm is better?

    Not that Linux (or any given xBSD or Unix) is PERFECT... but it is by all means hella-better than anything that hath spewed forth from redmond.

    john
    Resistance is NOT futile!!!

    Haiku:
    I am not a drone.
    Remove the collective if

  • IIRC, the Chernobyl virus that went around a while back did something like flash your BIOS, so it wasn't even possible to reboot the machine.
    A nice idea, but it had the unfortunate timing of coming immediately after the Melissa virus, when people were still paranoid. It didn't make it very far.
  • I forget the virus name.. but I remembering hearing of one that would slam your harddisk arm into the extended area over and over and over till it would break. No idea if it's true or not.
  • by davebooth ( 101350 ) on Monday July 17, 2000 @09:02AM (#927817)

    Ever hear of network.vbs? that ones sneaky but doesnt use buffer overflows or other sploits at all.. It just randomly scanns IP addys for windows machines with drive C shared and no password on it. When it finds one it installs itself.

    If your firewall is getting hammered by UDP-netbios crap its a fair bet thats where its coming from. If you're a windows user just look for a file called NETWORK.VBS in your startup folder, in c:\windows\system and the root of drive C... if you got them, you got it and are portscanning other folks networks whenever you are online.
    # human firmware exploit
    # Word will insert into your optic buffer
    # without bounds checking

  • by Admiral Burrito ( 11807 ) on Monday July 17, 2000 @09:05AM (#927819)

    Building a killer virus for fun and profit
    By Bill Gates

    1- Buy "Quick and Dirty Virus" from some other guy.

    2- License virus to a large company that manufactures chess grandmasters. This should provide a fruitful infection vector. And remember: 640k is enough for anyone, so don't worry if your virus does things that prevent access to the rest of memory, nobody will notice.

    3- When other, nicer looking viruses come along, copy the user interface, but make it quirky and inconsistant (this is a virus we're talking about here, so it has to be nasty in one way or another).

    4- When "dr-virus" threaten to replace our virus, spit out weird error messages to confuse and disorient the user, allowing our virus opportunity to re-establish control over the system. Viruses that are dependant on our virus, however, can be left free to roam.

    5- A web browser should be integrated into the virus. Everything integrates a web browser sooner or later so make sure its ours and not somebody else's. This will expose you to the feds, who love to go after virus writers, so be careful not to get caught.

    6- By this time the virus should have infected most of the world. For new challenges, create another virus (or several!) and start the process again. If the feds put a stop to our old virus we'll still have this new virus already spreading.

    7- And whatever you do, don't call it a virus!

  • Don't worry...just practice safe cybersex.
  • I'm sure the CDC (that's "center for disease control", not "cult of the dead cow") would have a lot of useful input on this "ubervirus" problem.

    Not to knock the Center for Disease Control, but I think the other CDC would have a lot more useful input. In real life, "ubervirii" can't download DLLs with new 'sploits off the net, can't insert trojan kernel modules or wrapper DLLs to hide their own existance (Ok, I guess there are analogies for that), and can't insert a remote "backdoor" into your brainstem for the biowarfare script kiddies to play with.

    At least, I hope they can't...
  • I've always wondered why Mac users get so goddamned high-and-mighty about email viruses. Macs are NOT immune to email viruses, just the current batch of Windows-centric ones. I, or anyone else experienced with AppleScript, could write an email virus that would duplicate most of the features of Melissa, I-Love-You, or other email viruses. Outlook Express, Eudora, and Claris Emailer are all scriptable.

    It's true that Mac users would probably have to decompress the attached virus and then double-click it, but that could easily be accomplished through basic social engineering. Also, there wouldn't be a file extension to give away the fact it was a script... (Just call it Pamela.jpg and give it a custom icon).

    About the only things the Mac really has going for it to prevent such a catastrophy is a smaller userbase.

    If I was going to create a virus (which I'm not--I'm not evil, but it's fun thinking about it), it would parse IE's preferences to get your home address (from AutoFill), and use it to order pizza for you from Pizza Hut's online ordering site. With anchovies.
  • Take this specific (5/7/2000) article from BugTraq with as few or as many grains of salt as you want:

    "I don't think I really love you", or writting internet worms for fun and profit [securityfocus.com]

    Anyone doing serious work in these fields could write this. It's just a matter of time before one is released into the wild. Genies, bottles, and all that.

    On a related note, the potential impact of this class of worm is probably responsible for funding approval to the new "Infrastructure Protection" the USGOV is deploying to protect us from ourselves. Amusing, considering that this is one class of worm that will likely evolve to a point where it can't be eradicated from the net, at least as long as a few insecure systems are still online.

  • This may actually be true, but somehow I doubt it. After all, what is to stop someone writing a programme which does certain things based on certain inputs? Is that not, after all, what _all_ programs do? So it is possible, by constructing certain inputs, to cause certain things to occur. From this, it is (in time and given the existence of bugs) possible to write a bootstrapper to then run a virus. Voila!
  • There is no perfect operating system which is immune to the maliciousness of certain individuals. If you have a computer you have something that can pontentially run code that will fuck things up. This is a given and is true for any operating system. When I see people boast that they run Linux or Mac and are therefore immune to virii and exploits I just shake my head and usually sigh. I'm still waiting for one final thing from the virii and worm dudes. Virii as part of a business model.
    Just imagine a virus that spread as fast as Melissa (in the course of a weekend) that didn't do anything too terribly maliscious but did replace your screensaver and bookmarks with some new internet start-up's advertisements. Or how about a worm that replaced your GUI libaries with logos and ads for some start-up. Maybe companies will get so bold as to unleash virii into competitor's computer systems. We're already at a point where taking out a businesses infrastructure could cripple and/or destroy a company. Right now we're seeing lots of worms just floating about because someone was pissed off at the world because they were a loser who had no other form of expression. What will happen when malicious exploits hit the mainstream of business and are actually aimed at individual companies. Script kiddies can cause a company's servers to stumble for a day but that is all pretty meaningless when compared to a virus bootstrapping all of a company's office systems. It isn't the OS that you need to worry about or boast over, it is how much you'll be fucked if that system fails.
  • After all, what is to stop someone writing a programme which does certain things based on certain inputs?

    True, a virus is a program. What makes it a virus is the way it gets introduced into the system. Since the AS/400 has incredibly well thought out security that prevents any object introduced into the system from executing without a tightly controlled process, the normal methods of virus propogation will fail. Period.

    You have not described a virus, you've described a trojan horse.


    ...phil

  • Hi,

    The article on HNN appeared last year, round about August...i think. I wrote it. That was a while ago.

    The article was nothing *new* - no revolutionary concepts - it was, as the article suggests, a culmination of all the bad things out there, neatly packaged. The article was written before the outbreak of Outlook and MS based viri and as such this avenue was not even fully explored.

    The idea was basically just to give the readers an idea of what could be done - how the viri and worms that we were seeing back then were actually quite "harmless" in comparison with how they could have been. I still think that this statement is very relevant today.

    I have received many suggestion on how to further enhance the worm/virus, and many suggestions on how "easy" it could be stopped. Like I said in the conclusion - I am not the brighest person on the planet - I am sure that there are many ways to further "enhance" the thing, and just as many ways to try to stop it. The idea was just to see how bad such a thing could be - to toy and share the idea with others in the field.

    We would be blind to think that such a monster (or something more dreadfull) cannot and will not be developed in the near future (or maybe even as we speak).

    My 2c,
    Roelof.

    PS: I have no idea how it got to /. after all this time...
    PPS: ...and yeah... the "Line" O/S...a case of an over eager spell checker, and some finger trouble :)

    -------------------------------------------
    Roelof W Temmingh
    SensePost IT security
    roelof@sensepost.com
    http://www.sensepost.com
    -------------------------------------------

  • I don't know which would be worse: A virus that merely does a backup of empty files, or one that is good at getting itself safely backed up.

    Let the virus sit idle for 1.5 weeks (assuming companies backup once a week?). Once the infected files have been "safely" backed up, then the virus awakens, zeros all files, then backs up the zeroed files. :-o


  • We here in the DirtBike community are so close to the issue of dirt bikes and bike modification that it is taking over our lives. If you take a step back from the monitor (remember in "Fight Club": you are not your job)you will see that non-biker people saw the K-Rad 7, and other 2000-model bikes, as a nice thing to ride on you half-day off work and nothing more.

    Steven E. Ehrbar
  • We require drivers to pass a proficiency test, why not computer buyers?

    Well I for one consider car drivers licenses a good thing. As long as I know everyone's up to a set standard of driving, I can be reasonably confident that the driver coming head on towards me at 100kph won't swerve accross the centreline.

    I don't agree with computer buyers needing licenses. For the most part, it would only add inconvenience to the millions who just want computers. Owning a computer and not knowing how to use it is mostly a danger to yourself more than anyone else. If buyers decide not to learn about what they're doing with them, it's their own decision. As long as I know what I'm doing, it won't effect me one way or the other.

    If and when businesses need someone reliable, they can look for someone with a proper qualification. I think the biggest problem is that either businesses and organisations don't do this properly, or the qualifications aren't reliable qualifications. In the latter case, it's the education system that would need to be controlled - not the users and buyers.


    ===
  • As many posts have said before me, most computer users are too dumb (or uninformed, or uninterested) to worry in about security *and do something about it* (i.e not opening dubious attachments). So I don't think much social engineering is needed on the part of viruses; we *will* have more ILOVEYOUs.

    Anyway, what strikes me is that these email and msword viruses have on the whole been quite tame in their side-effects. The ILOVEYOU virus, aside from emailing itself to your whole addressbook, replaced all the .mp3 and .jpg files on your hard drive. Some graphics people may have lost actual work stored in .jpg files, but on the whole, I don't think much got destroyed aside from porn and mp3 collections. Yet, it woudl have been just as easy for the virus to erase all your data; just replace "mp3" with "doc" and see the *real* damage!

    And then there's another, more insidious way, in which an email virus could do very serious harm: by randomly forwarding your emails to people. Imagine a virus that forwards each email in your inbox to one random person in your addressbook. Whoops, there go most companies' secrets!

Hard work never killed anybody, but why take a chance? -- Charlie McCarthy

Working...