Slashdot Mirror
Building The Ubervirus
Johnath writes: "The HNN has a rather eye-opening article about a potential disaster dangling overhead. It's not so much that the ideas presented are revolutionary -- most /. readers would probably come up with a similar scheme, if called upon to design a killer net virus, but nevertheless, it pretty lucidly addresses the potential damage."
That is to say, this is the second time this article has been posted to slashdot. /me is too lazy to find a link to the first time it was posted. Search is your friend.
-russ
Don't piss off The Angry Economist
this exists already. It's called the dumb PR/HR employee, more interested in loveletters from strangers than in network security.
Sadly they are also the type most likely to grow exponentially as the internet becomes even more KEWL.
we're doomed *sigh*
Da Warez D00d
Basically all these people have done is make a list of the parts of trojans, virii, hacks, that work the best and list some thoughts and figures on what they could do if someone actually spent some time to do a good distribution of a virus using IRC, FTP and user ignorance and then exploit the user ignorance factor to get it to spread like wild fire. It was a good read but not really news, I agree with the post, most any /. reader could come up with the same if they spent a couple minutes thinking about it.
in one of the recent phrack releases, an ubervirus with AI capabilities has been discussed, but the phrack website seems to be down at the moment. check it out, it was quite frightening stuff...
Ok, people are doing some fine things with Outlook and other tools nowdays in the virus world but I think where they fall down is in the social engineering area :) I don't know whether this is technically feasible and I have no desire to find out (I take no responsibility etc....)
Let's say the point of the virus is not to physically disrupt the mail system, but to mentally disrupt it. People should be afraid to open mail messages, and disbelieve the ones they do open, rather than have the mail server crash.
So, step one is to send out the messages gradually so that people don't realise immediately that something is wrong. You don't want to make people wary at the begining. After some interval when you've infected enough machines, then go for the full virus crash.
Step two is to vary the subject. One way would be by making the subject be Re: of something already in the mailbox from the person you are sending the current message to. Make all others that you can't find messages to reply to start with Fwd:.
Step three is to look in the mailbox to see if you can find an administrator of some sort. Look for system administrator or something similar in the title, or look for membership of the admin group or similar. If you manage to get on an administrator's machine then send out a virus alert message to everyone in the address book. Include in the alert a copy of the virus with instructions to double click to disinfect the machine. If you are not on an administrator's machine then send to one or two people in the address book a message that says in the subject Fwd: Virus loose (from admin name here) to see if you can fool people that way.
Anyway don't try any of the above because they probably don't work, and I certainly don't want to be responsible if it does. I'd guess this is the sort of stuff that a professional/governmental virus would try to do. If you were China (for example) and wanted to disrupt email in the US (why I don't know) social engineering to produce a lack of trust in the system is more likely to be successful and effective than the sort of spam attacks we've been seeing lately.
development.lombardi.com
Don't worry! As soon as the virus/worm starts to spread we'll all be inundated with "DON'T OPEN [MELISSA/STACY/LISA/BELINDA] IT WILL ERASE YOUR COMPUTER!!!1!!" emails, which will spread faster than the worm itslf.
--
Have fun: Join D.N.A. (National Dyslexics Association)
loev,
Axel
mhm23x3, alt.fan.karl-malden.nose
Is any research being done to compare computer virus/security hole propagation patterns? I'm sure the CDC (that's "center for disease control", not "cult of the dead cow") would have a lot of useful input on this "ubervirus" problem.
I'm not an expert so I'm not going to try to defend the following statement, I'm just going to make it. I recently finished "Chaos" by James Gleick. He mentioned that one of the places you can find chaotic behavior was in the spread of an epidemic. In fact, efforts to step up vaccination (and other disease prevention techniques) actually caused an increase in the rate of infection (sometimes and short- to mid-term). Apparently this has something to do with perturbing an oscillating phenomena.
I bring this up as a warning to those who think we should all immediately rush out and start locking things down. We might make it worse if we do. I know this statement sounds ridiculous--I'm just saying that maybe we should slow down and think before rushing off to act. Do the research, ask the questions.
--
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
Brunner describes a similar scheme in Shockwave Rider, way back in 1975.
Nick Halflinger (an uberhacker who can cracka system using a touchtone phone) travels the world coding a giant worm designed to be launched as a simultaneous, distributed attack from hundreds of different computers, quaintly visiting each site in person.
Portions of the head of the worm are used for replication, other parts are used to detect and deter anti-virus attempts, the middle part breaks into secret archives, and the tale is the contents of the secret archives.
I can't recommend this book highly enough.
George
Most (computer) viruses today are created with malicious intent. When you are infected, you know it. I was thinking the other day that if a virus were to arise "organically", i.e. not designed (or alternatively, mutated from a designed virus), that its best chance at survival is the exact opposite of what most viruses do. The best strategy would be to lie low, staying as much out of sight as possible, and continue reproducing when possible. Has a virus like this been seen? If so, then I wonder how many more have not been seen?
Yo dawg, I heard you like the Ackermann function, so OH GOD OH GOD OH GOD
Oh, sure, it seems all-powerful, but doesn't it still suffer from the same problems that plauge other worms? Namely, you have to a) be running an insecure system or b) be a sucker.
I'd like to think that most people don't use the dummy settings of Outlook (or even use it at all), and that they scan files they download for viruses, and that they don't blindly accept (or auto-accept) DCC sends.
Of course, I also think the succeptible masses don't really use IRC anyway. Now, if the virus could infiltrate various Instant Messenger networks...
I guess it would be nice to think that worm viruses shouldn't work, but as we all know, this is not the case. So, I'll just sit here with my Mac, running Eudora, and wait for this new worm to come out, as it inevitably will, and not affect me.
A killer net virus that would destroy the Net as we know it has been very easily in reach once the majority of computers on the Internet became homogenized Windows//MSFT Office//Outlook boxes.
.doc , .xls, .sys, .bat, .dll, .html and .jar to 0, I am sure corporations would probably be fuming about Trillions of dollars in irreparable damages (after all how much stuff is actually backed up or centrally stored in a Windows world).
Whenever I read about a Mellissa or an I Love You I smile to myself and think "I would have trashed their hard drives after spamming myself to all their friends.". If Mellissa or I Love You hadn't been content with simply bogging down net servers and had decided to set the file length of all
In my opinion the article is overkill, a virus doesn't have to be particularly clever or well designed to cause havok anymore thanks to the beauty of MSFT operating systems. Any script kiddie or MSCE with a passable knowledge of Virus Building Script can bring it all toppling down.
Off course, none of us will ever do it because we know it would do so much damage to the 'Net (government would step in hard) and also hurt many of us financially in some indirect way.
WHY C SUCKS
-----------
int i =0;
i = i + 1;
It's a nice scaremongering document, but the hypothetical worm is a *worm*. We've already been bitten by vbs and StagesA, so the potential for a virus that self-replicates is, IMHO, diminished.
As for having web-servers which relay instructions/recieve data, the 'bot would have to know how to fill out registration forms/upload information, and even then the server would have to have some kind of handshake with the worm, which could be detected by the hosts of the web-site.(i.e. geocities)
Why not have the server host misc. content, with the instuctions embedded in the HTML?
In any case, is it a good thing to have people publishing design documents for killer virii? The script kiddies which came up with ILOVEYOU weren't smart enough to design something really nasty, and HNN are just providing inspiration, which means they'd be liable in the event such a worm was released.
Now look at the state of the virus world - ILOVEYOU.vbs (OK, it's a trojan, but still replicates like a virus) and the damage it caused. I'm not talking about the x billion the media claim it cost, just the panic in my IT department when virused email couldn't be deleted fast enough. Look at the code for ILOVEYOU.vbs - it is a doddle. No real inspiration involved - just patch 4 entries out off bugtraq together, and there you go.
What we have now is a state of play where the entry level in writing malicious code is dropping rapidly as more and more people get into computers. Don't want to spend a few years learning to code? Hah, our whizbang COMActiveXCORBA plugin gives you the power on your desktop!!!
Don't worry that your soft underbelly is now exposed because we can't give you the ease of use you want, without you knowing what you're doing!!! And you're too stupid to realise!!!
So now that the learning curve has been removed, you will have people all over the net trying to write and run viruses, without a clue of the repercussions it may cause. Because they don't really understand what they are doing.
Strong data typing is for those with weak minds.
Strong data typing is for those with weak minds.
well, i read the first page before the server evidently got /.ed.. sounds like nothing new to me. ILOVEYOU cost, what, "billions of dollars?"
people need to quit blindly trusting their computers and the benevolance of other internet users. it's like driving.. you don't have to know how your car works under the hood, but you MUST know how to operate it.
Computers are the same way. You don't have to know what goes on inside the box, or how the kernel works, but you have to know how to operate your computer, and part of computer operation is security.
having a computer is a responsibility just like having a car. if you use your computer carelessly, and by doing so your system gets compromised and used to attack other systems, are YOU not responsible for that? Just as if you failed to pay attention at the wheel and killed someone with your car?
Ignorance is not an excuse for carelessness.
wish
---
The uber virus already exists!!! Here's how to do it, in one quick easy step:
1) Post an article on Slashdot reffering to a particular web site
Now sit back and watch the fun! The Slashdot Virus is guaranteed to take down ANY website within seconds!!!
Microsoft is the primary cause for the proliferation of viruses in the past few years. Scripting ability is a nice feature in software, but should it be defaulted to be active upon installation of the software? A vast majority of users don't need scripting in spreadsheets and word processors.
But with all of the holes in older software (sendmail, etc), it seems that the problem is getting worse, not better.
So, where does the problem lie? Programmers not willing to look back over their own code and eliminate such holes? Corporations that are pushing for release, regardless of the security issues (hmmm, could it be... M$!!!)? Users that blindly open attachments without looking to see what they are opening?
No boom today. Boom tomorrow. There's always a boom tomorrow. - Cmdr. Susan Ivanova
I know of a virus which would be much worse than any of the current crop of viruses: Make one that randomly changes bits in a database. Just think about it for alittle bit...
diversity also = smaller chance of finding a particular exploit, thus restricting (and in some cases stopping) the transmission of a particular virus that can only use a limited set of exploits.
As a corrorlary to this, given sufficient diversity, it becomes impractical for a particular virus to carry the code necessary to infect all of the availible machines.
Putting all your eggs in one basket is never a good idea. You might be a smaller target, but if you do get hit (and it's foolish to think you're invulnerable), you're automatically 100% dead.
Among other things, this is borne out by quite a few thousand years of agricultural experience.
You'd be hard-pressed to find any farmers or biologists who would argue that monoculture is the best way to limit your vulnerablity to crop diseases, just because there are fewer possible diseases that could infect your crops.
DNA just wants to be free...
Why does a virus get more attention here in the USA than the AIDS epidemic in Africa? Proximity. We here in the /. community are so close to the issue of viruses and virus-fighting that it is taking over our lives. If you take a step back from the monitor (remember in "Fight Club": you are not your job)you will see that non-MIS people saw Melissa, and other viral attacks on businesses, as a half-day off work and nothing more. Like most other problems in the USA it is going to take an epidemic to get the common man's attention. We are still living under the mid-20th Century pretense that the US is indestructable. Until a virus comes along that will wipe everything in its path and reach home computers (like an AOL instant message script) we are the only ones who are going to sit up and take notice. dbthomas
"These are the days that must happen to you." -Walt Whitman
This just goes to prove the insanity of low-cost easily-accesible computers and software in the hands of everyone. Every day, hundreds, perhaps thousands of machines are infected with virus and trojan software. The cost in lost data and productivity is easily in the millions.
We have to stop this madness now.
Right now, computers are less regulated than lawnmowers or automobiles. We require drivers to pass a proficiency test, why not computer buyers? It's time we registered computers and performed background checks on people who buy them. This is the only way to keep computers out of the hands of children and criminals.
I am proposing a Million Geek March. We will have speakers telling stories of how their lives were destroyed by computers. Let's send a message to Washington now: "We need to be safe from computers!" It is absurd that in the year 2000, I have to scan every attachment I receive and every program I download. We need to make our information infrastructure safe again.
All of you who oppose my plan, I ask, "What do you have to fear?" We're not planning to take away your computers. We just want some common-sense legislation for the safety of all. It will be a tough fight -- the rich lobbyists from Dell and Microsoft will try to stop us. They'll claim that the right to access information cannot be restricted. They'll claim that computers aren't the problem. We know they're wrong. Modern computers make it easier than ever to create destructive programs. A computer in the home is a tragedy waiting to happen.
Let's get some common-sense computer regulation now. Thank you.
Save the whales. Feed the hungry. Free the mallocs.
Here is a clue.
The Samba folks don't publicize it, but they have found a number of buffer overflows in the stacks of every single OS out there. (They patched the ones they found in Linux.:-) A truly nasty critter would be set up to transmit itself using those overflows.
If done right you would get a worm or virus that can transmit from computer to computer without any manual intervention. There has to date been exactly one such on the internet. The Morris worm. It went out of its way to be nice, and it still shut down the Internet through sheer speed of reproduction.
You see getting a human in the loop slows things down. If you want to be truly nasty, automate it from start to finish. Then the first people will hear about it is when their networks go down.
Cheers,
Ben
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
Thanks for the support.
/. a better place, and only got slapped down for it.
I don't worry about the loss of kharma for myself, I have lots to spare, but I worry about,
the children.
What if a young child had posted here, a young child of little kharma, eager to impress the moderators with a literary reference that they thought was directly relevant to the discussion.
Instead, they get a -1 offtopic. Their spirits would be crushed, they would disillusioned, they had played by the rules, tried to make
A few, well adjusted children could shake that off, but some, well, some might feel angry and bitter, and give into the dark side, and start posting about grits, or Natalie Portman.
Please, moderators, consider, when you mark down a poster as off-topic, they may rise up again as a troll.
George
Many interesting ideas here about how to write viruses which are difficult to detect. But what if they are out there already? Would we know it? Seriously how difficult would it be to create an "evolver" virus which:
1. reproduces without human intervention
2. is harmless (doesn't try to crash anything)
3. occasionally mutates itself at a random time
We could have a whole virus ecosystem evolving out there right under our noses without us even having a clue. Part of their strategies for surviving would necessarily include not crashing the systems they were "living" on.
In fact this sounds like one of those things that because it CAN happen, it MUST eventually happen. Eventually somebody will do it and there will be no way to undo it once done. Maybe the first Artificial Intelligence created on Earth will be an internet-dweller who has never even met a human being before.
-- laws are the opinions of politicians --
One of worst things that can happen is the information about virii and other security threats to be shared only among some selected few. You may have seen the story about a 3 year old AOL security hole this weekend. The only way to prevent this kind of problem to become a major problem is to publicize the risk to the maximun possible extend. It guarantees that every system administrator in the world will hear about it and take the necessary steps to protect his/her piece of the network.
Has anyone ever thought of / heard of viruses that do physical damage? I'm talking about anything from the wasteful (printing 1 character per page on a printer, and then formfeeding it), to a virus that might cause actual permament harm to a computer. They say (and I assume it's true) that if you tamper with the refresh rates of your monitor, and set them too high, it can hurt the machine. What if (and PLEASE don't try this) a virus tampered with these settings? Maybe billions in damages is possible after all...
-- Is "Sig" copyrighted by www.sig.com?
Back in 1995 I used to monkey around with virus writing.
;p
My favorite was a little randomly mutating virus. I wrote the little bugger to duplicate twice and erase itself. On each duplication the virus could chose to mutate or not (50% chance), if it did mutate it could either randomly alter or add data to it's data section, or randomly alter or add an opcode at any point in the instruction section. Also if there was a floppy in the floppy drive it would append itself to the largest executable file.
I ran this on my 90Mhz Pentium running DOS and after about an hour my computer froze. I rebooted and nothing happened. I whipped out Norton Disk Utilities and looked at the contents of the drive. One of the little buggers copied itself into the MBR but didn't know how to boot.
The lesson here is that the Uber virus could very well take very little planning and simply be a genetic mutation of a simple assembly program.
If I were to write this program today, I would give it networking libraries, code to try the 10 most commen sploits on target machines, binary formats to run on all the major platforms and mabey even a DB of opcodes for different arcitectures so it can translate itself from an x86 bug to an Alpha bug and so on.
A virus like that would suck and I haven't touched Assembly for two years so I'm not going to code it up but somebody might...
...but I hope anybody with that much talent would rather do somthing constructive like make video games
If someone wanted to write a virus to do really lasting damage, it wouldn't do boring stuff like delete files or steal credit card information. Come on, who cares.
The road to immortality is to hack people, to change relationships permanently. So here's what you do: propagate like iloveyou, but with vastly more discretion. When launched on a new machine, take the following steps:
- Dig through all the places typical mail clients store mail. Build up a list of all the subject's correspondents.
- Send the virus along to various correspondents, but do so with a very plausible looking reply to their last email. If you really want to go to town, emulate the subject's writing style, but some brief nondescript text should be sufficient. Lots of optimizations here, all with the goal of getting the subject to execute the attached program.
- Now, after enough delay to get that thing propagating a bit, search all the mail looking for mentions of people in the third person. Then package it all up and send it anonymously over. Thus, every mail our subject "Foo" has ever received mentioning "Bar", or ever sent mentioning "Bar", is now in Bar's hands. Repeat for everyone else in their mail.
It should be obvious how devastating this would be, especially at cutthroat companies. The effects of such a virus getting much propagation would be felt for a long, long, long time.Nobody should do this, of course!
-- Stop the violins!
submit a story that was interesting, but is slightly stale.
Watch it make the front page
watch the site get slash dotted.
Presto chango! instant DDOS!
the poor guys trying to run the site probably haven't even figured out what is going on yet - They just know it looks like legit traffic, and they likely have an account that that charges big bucks for heavy traffic.
so for them they are likely just standing back in awe at an attack that looks like it is coming in from maybe 100,000 sites.
Imagine if the site is hosted on some kids home machine?
"It is a greater offense to steal men's labor, than their clothes"
Here's an idea for a virus that would really be killer. I'm not sure how it would be distributed, but this is what it would do: all RAM (SDRAM, and I believe RDRAM as well) has something called SPD data. There's a tiny EEPROM on the RAM module that holds information about the RAM: it's CAS latency, the size, technology (64 Mbit, 128 Mbit, etc.), and other things. The BIOS reads this data to figure out what kind of ram is in the system (NOTE: some RAM does not have an SPD chip on it, and many BIOSes just run some algorithm to determine how much RAM you have... but this can't detect things like CAS latency so performance can be lost if you have good RAM and this is done). Anyway, the SPD data is read using SMBus... thing is, THIS DATA CAN ALSO BE WRITTEN OVER SMBUS. So the virus would just write fake data over the RAM's SPD data, telling the BIOS that the user either has far more or far less RAM, or that it runs at a greater speed/CL than it should, which will generate all kinds of errors when programs are run, or not let the system boot up at all. It would be deadly because not only would it not let the computer work, it would be very hard for the average person to get rid of. And info on programming SMBus and SPD data are readily available on the web...
Bzzt bzzt!
I still can't get to the HNN article, but I can tell you that such a virus is indeed possible, because I've written one.
As well as trapping filing system calls to stealth the virus, it is possible to take the opportunity (while a file is being accessed, so the user wouldn't notice a slowdown) to scan through the file for magic words that cause embedded code to execute locally. You need a CRC to avoid executing random code of course, and a text encoding scheme (I used a 64-bit code starting at '?').
Thus you can turn any non-executable piece of content (mail, web page, news posting) into a harbour for native executable code, something that up to now Microsoft have at least only been doing by accident. ;-) The advantage is that the client itself accesses the code; unless BO and co., the virus supplier doesn't need to make a connection to the victim machine to execute things on it.
Obviously I no intention of letting this see the light of day, but it's also unlikely to take over the 'net since it doesn't run on Windows. I guess it'd be possible, but I don't have enough knowledge of Windows internals (shurely m4d sk1llz? -Ed.) to write it.
Anyway, it'd have to be rewritten into a mail worm, since actual viruses are terribly out-of-fashion these days. <g>
--
This comment was brought to you by And Clover.
"But PLEASE don't do this."
"Don't get me wrong; nobody should do this"
"It would be really cool but please don't take me seriously"
Uh...if you wanna talk about building viruses, fine. Free country, etc. But don't try to cover your shiny little butt with a little disclaimer at the end.
"So here's the step-by-step procedure on how to steal 14 million dollars without getting caught...but, uh...please don't do it."
Please.
Yes, but i've seen setups where some of the server directories are writable to most users for changing websites etc. So you wouldn't be all that safe as you seem to think.
Background checks and proficiency requirements are a good thing. But what about the loose cannon out there who has nothing bad in his background but one day gets up in the morning and thinks "I'm gonna go out ta buy me one of them compewters and turn loose one helluva vearus!"
Obviously, the only way to protect ourselves from these nuts is to also implement a mandatory five day waiting period to buy a computer.
Also, what possible need does anyone have for more than a Pentium 166? It does word processing, email, web browsing and runs solitaire. Any more power can only be used by someone with dangerous intent. We need to start worrying about these assault-computers, namely those with 64-bit processors. The evil PC makers (such as Dell and Micron) are already planning to unleash these weapons on the consumer market. They need to be stopped now with sensible legistlation that outlaws assault computers.
>support in their OS, that means they're to blame
>for script viruses! How dare they have scripts
>that run under Windows! Wait a minute...doesn't
>Linux also support scripts? Never mind that --
>more MS bashing!
>But seriously (read before moderating this as
>Troll of Flamebait), the reason that the e-mail
>script viruses we've seen all attack MS Outlook
>isn't because of how terrible Windows is.
Yes, windows *IS* terrible (ESPECIALLY from a security context). Or have you simply not been paying attention for the last year and a half?
The DEFAULT configuration of the DEFAULT mail client will run a script with the windoze equivelent of root permissions when you open it. It is ridiculously STUPID to allow a user-space email client to run amok in system space. Absolutely poor design, and worse implimentation.
And worse, they have known about this for a good YEAR AND A HALF! Ever since Melissia, this has been a known flaw... but gates REFUSES to fix it!!!
Now, since you complain that Linux includes scripting as well as windoze, let's look at the equivelent sequence of events that would have to happen for a malicious script to be a problem:
Say that someone sends me a malicious perl script as an attachment to an email. Well, when I open up that attachment, pine DISPLAYS it as a TEXT file. It is NOT run by default when I open it. I have a chance to examine it BEFORE I let it run, if I run it at all (not bloody likely unless I'm about to switch distros and am already backed up). Now, in order for it to be run in such a way that it could trash my system, I would have to:
1) Save it as virus.pl, or whatever
2) su to root
3) Run it by typeing "perl virus.pl"
Or, if I am doubtful as to wether it is harmful or not, I could run it in user space with NO CHANCE of it trashing anything important.
Now... which security paradigm is better?
Not that Linux (or any given xBSD or Unix) is PERFECT... but it is by all means hella-better than anything that hath spewed forth from redmond.
john
Resistance is NOT futile!!!
Haiku:
I am not a drone.
Remove the collective if
Imagine all the people...
Ever hear of network.vbs? that ones sneaky but doesnt use buffer overflows or other sploits at all.. It just randomly scanns IP addys for windows machines with drive C shared and no password on it. When it finds one it installs itself.
If your firewall is getting hammered by UDP-netbios crap its a fair bet thats where its coming from. If you're a windows user just look for a file called NETWORK.VBS in your startup folder, in c:\windows\system and the root of drive C... if you got them, you got it and are portscanning other folks networks whenever you are online.
# human firmware exploit
# Word will insert into your optic buffer
# without bounds checking
I had a
Building a killer virus for fun and profit
By Bill Gates
1- Buy "Quick and Dirty Virus" from some other guy.
2- License virus to a large company that manufactures chess grandmasters. This should provide a fruitful infection vector. And remember: 640k is enough for anyone, so don't worry if your virus does things that prevent access to the rest of memory, nobody will notice.
3- When other, nicer looking viruses come along, copy the user interface, but make it quirky and inconsistant (this is a virus we're talking about here, so it has to be nasty in one way or another).
4- When "dr-virus" threaten to replace our virus, spit out weird error messages to confuse and disorient the user, allowing our virus opportunity to re-establish control over the system. Viruses that are dependant on our virus, however, can be left free to roam.
5- A web browser should be integrated into the virus. Everything integrates a web browser sooner or later so make sure its ours and not somebody else's. This will expose you to the feds, who love to go after virus writers, so be careful not to get caught.
6- By this time the virus should have infected most of the world. For new challenges, create another virus (or several!) and start the process again. If the feds put a stop to our old virus we'll still have this new virus already spreading.
7- And whatever you do, don't call it a virus!
Don't worry...just practice safe cybersex.
It's 10 PM. Do you know if you're un-American?
"I don't think I really love you", or writting internet worms for fun and profit
Anyone doing serious work in these fields could write this. It's just a matter of time before one is released into the wild. Genies, bottles, and all that.
On a related note, the potential impact of this class of worm is probably responsible for funding approval to the new "Infrastructure Protection" the USGOV is deploying to protect us from ourselves. Amusing, considering that this is one class of worm that will likely evolve to a point where it can't be eradicated from the net, at least as long as a few insecure systems are still online.
There is no perfect operating system which is immune to the maliciousness of certain individuals. If you have a computer you have something that can pontentially run code that will fuck things up. This is a given and is true for any operating system. When I see people boast that they run Linux or Mac and are therefore immune to virii and exploits I just shake my head and usually sigh. I'm still waiting for one final thing from the virii and worm dudes. Virii as part of a business model.
Just imagine a virus that spread as fast as Melissa (in the course of a weekend) that didn't do anything too terribly maliscious but did replace your screensaver and bookmarks with some new internet start-up's advertisements. Or how about a worm that replaced your GUI libaries with logos and ads for some start-up. Maybe companies will get so bold as to unleash virii into competitor's computer systems. We're already at a point where taking out a businesses infrastructure could cripple and/or destroy a company. Right now we're seeing lots of worms just floating about because someone was pissed off at the world because they were a loser who had no other form of expression. What will happen when malicious exploits hit the mainstream of business and are actually aimed at individual companies. Script kiddies can cause a company's servers to stumble for a day but that is all pretty meaningless when compared to a virus bootstrapping all of a company's office systems. It isn't the OS that you need to worry about or boast over, it is how much you'll be fucked if that system fails.
I'm a loner Dottie, a Rebel.
The article on HNN appeared last year, round about August...i think. I wrote it. That was a while ago.
The article was nothing *new* - no revolutionary concepts - it was, as the article suggests, a culmination of all the bad things out there, neatly packaged. The article was written before the outbreak of Outlook and MS based viri and as such this avenue was not even fully explored.
The idea was basically just to give the readers an idea of what could be done - how the viri and worms that we were seeing back then were actually quite "harmless" in comparison with how they could have been. I still think that this statement is very relevant today.
I have received many suggestion on how to further enhance the worm/virus, and many suggestions on how "easy" it could be stopped. Like I said in the conclusion - I am not the brighest person on the planet - I am sure that there are many ways to further "enhance" the thing, and just as many ways to try to stop it. The idea was just to see how bad such a thing could be - to toy and share the idea with others in the field.
We would be blind to think that such a monster (or something more dreadfull) cannot and will not be developed in the near future (or maybe even as we speak).
My 2c,
Roelof.
PS: I have no idea how it got to /. after all this time... ...and yeah... the "Line" O/S...a case of an over eager spell checker, and some finger trouble :)
PPS:
-------------------------------------------
Roelof W Temmingh
SensePost IT security
roelof@sensepost.com
http://www.sensepost.com
-------------------------------------------
I don't know which would be worse: A virus that merely does a backup of empty files, or one that is good at getting itself safely backed up.
:-o
Let the virus sit idle for 1.5 weeks (assuming companies backup once a week?). Once the infected files have been "safely" backed up, then the virus awakens, zeros all files, then backs up the zeroed files.
cpeterso
Anyway, what strikes me is that these email and msword viruses have on the whole been quite tame in their side-effects. The ILOVEYOU virus, aside from emailing itself to your whole addressbook, replaced all the .mp3 and .jpg files on your hard drive. Some graphics people may have lost actual work stored in .jpg files, but on the whole, I don't think much got destroyed aside from porn and mp3 collections. Yet, it woudl have been just as easy for the virus to erase all your data; just replace "mp3" with "doc" and see the *real* damage!
And then there's another, more insidious way, in which an email virus could do very serious harm: by randomly forwarding your emails to people. Imagine a virus that forwards each email in your inbox to one random person in your addressbook. Whoops, there go most companies' secrets!