Slashdot Mirror
Simple Virus For Teaching?
ed1023 writes "Currently I am teaching a 101 class on computers. It is more of a 'demystifying the black box' type of class. The current topic is computer viruses; I am looking for a virus with which I can infect the lab computers (only connected to local network, no outside network connection) that would be easy for the students to remove by hand. Can the Slashdot community point me in any directions? Is there an executable out there that would work, or do I try to write one myself, or is there one that is written that I can compile myself?"
What OS are you running? You could create a simple bat script that pops up an annoying message every 20 or 30 minutes to show your students an "infected' machine.
Here, let me link you to an executable file so you can download it and run it on an entire lab of computers. It's safe, don't worry.
http://en.wikipedia.org/wiki/EICAR_test_file
Windows? Fairly easy to remove.
I don't even know if I'm joking.
Do NOT click on any links posted in the comments on this article.
Stoned is a classic and a pleasure to disassemble. It fits in a boot sector (512 bytes) and it's not particularly malicious, but it has all the elements that a virus needs. I don't know if it would still work on a modern computer, though: Some old viruses used funky instructions that became obsolete (like "POP CS"), and this one seems to have issues working on large-capacity disks.
It sounds instructive, but you will probably get fired for lacking good judgement.
There are plenty of stories where teachers do similar things that end up getting them fired. Teaching students how to write viruses, faking a classroom kidnapping, how to plan a terrorist attack, etc.
Teaching your students how to write a virus is a classic case of bad judgement. Your superiors will tell you "What were you thinking?" and you will get let go.
Teach them verbally how viruses are created, but don't assign anything as homework.
Just pick any of the scores of .exe files masquerading as cracks on LimeWire. You’ll have to turn off the AV and executable file filter to download it, of course...
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
The plural of virus is viruses. Just like the plural of abacus is abacuses, not abacai. Viri (or even worse, virii) annoys the hell out of me.
It wasn't even mentioned that this is a coding class.
It is a class about computers, and he wants to teach virus removal.
Stop being such a lawyer and actually read the summary ffs.
What do you expect a student to learn from being told "there is a virus on this machine, remove it by hand"?
If they are in the "demystifying the black box" phase, they have no idea what you're talking about.
Teach them that viruses are just programs like Word or Excel, except with a specific malicious purpose. Give them an overview of how a machine or user might be tricked into running malicious software. Teach them about how malicious software might propagate. Use historical examples. Talk about privileges.
Virus is a slang term that brings up all kinds of scare reactions in ordinary people. They immediately assume that machines are vulnerable to bacteria floating around on the wind, or something similar. You need to de-emphasize the term "virus". It's just software. Then teach them that 99% of all malicious software runs on Windows, and that it's a reflection of the number of vulnerabilities in Windows code and market share.
Write a simple program that copies itself to the Windows folder and starts itself at boot. The program should show an alert box saying "HACKED BY PROFESSOR HANDSOME!!!!" if it sees it is being run from the Windows folder. Put it on a USB key with an autorun.ini, tell them you have placed a virus you wrote on there, and let them sort it out. Just be sure you're on an XP machine and that autorun is enabled.
Better yet, email the .exe to the entire class. Call it CS101-Example.exe, and use the harmless infection to talk about social engineering. Then take them through the 'infection' process, and show them how to remove the file by hand.
It's Windows, so it's easy... just create a CD or USB drive with two files:
autorun.inf :
[autorun]
open=installpopup.bat
installpopup.bat : /k echo "Hi I am a virus"
cmd.exe
copy installpopup.bat "C:\Documents and Settings\All Users\Start Menu\Programs\Startup"
Bonus is that it has plenty of legitimate uses for system automation for your little script kiddies as well.
Er, did you even read the damn post?
Here, let me help you out with the first four fucking words:
Currently I am teaching...
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
Well, if you want to get all prissy about the Latin, then it's incorrect to use the word to describe a single unit of the substance, in the way it's not correct to call a single water molecule "a water". Id est, since a viral program is itself a cell in the viral infection of many computers, there's no term for it other than "viral program" and no term for several of them other than "viral programs". The "virus" would be some arbitrarily bounded subset of the population of said viral programs infecting machines, which could devolve to a single program infecting a single machine, but would still not be the correct term for that program or, indeed, for the viral infection being suffered by that machine. It could correctly refer to the running program and its data (which in most computers includes its instructions) and the progress of its states, but I'm pretty sure nobody much thinks of it that clearly when using the word "virus". Nor is it correct to use "a virus" to refer to a type of virus (exempli gratia Stuxnet, Sasser, Hopper, et cetera) but only to an instance of that type of virus as it is spreading, or, again, some arbitrary subset thereof, wherein it has its physical expression and aggregate, fluid form.
As for whether it annoys you for people to use a latinate word that is both convenient and apt despite its not being precisely Latin, well, tough titty, because apparently the Latin version of it is a mispronunciation of the Proto-Indo-European word for the same gooey mess, so insisting on going only as far back as Latin for the value of correctness of form is false cognitive closure, and that gives everyone else cause to be annoyed at you.
if UAC is enabled, Explorer is not running with privileges that can write to the All Users profile.
For that matter, this will fail on any system where the profile directory isn't in "C:\Documents and Settings", which includes any non-English OS.
Use
copy installpopup.bat "%userprofile%\Start Menu\Programs\Startup" instead
This sort of thing is exactly what the "whatcouldpossiblygowrong" tag is for. I'm surprised it hasn't shown up yet...
Paleotechnologist and connoisseur of pretty shiny things.
...if they know of a good virus candidate?
http://www.clamav.net/
Uh, Linux geek since 1999.
No, the guy wants a live virus that the students need to be able to remove, not an inert file that will simply trip an AV scanner to remove it.
...
He's planning to intentionally infect the school network with a virus as part of a lesson. Sounds like something you get fired for.
Write it yourself. The fact that you would even consider this without thinking about the potential for it to be a serious Career Limiting Move means that it should be a fun ride :)
Seriously though, install XP at some base service pack level - sp1 or sp2 might do, then connect it to the internet without any firewall. The viruses will find you.
But you could have a bit more fun than that. Write an exe file that simply pops up a "if this was a virus you'd be pwn3d by now" message. Then pick one of the popular kids in the class (lets call her Jane Smith), and send an email around to your whole class from an anonymous hotmail account (or some service that allows sending exe files) with a subject of "Ha Ha. Look at what Jane Smith got up to last night." and include the exe file with a message "pics attached". Fail everyone who opens it. You'll probably still lose your job due to the idiots they put in power, but at least you'll have taught your class a lesson (the lesson being "if you're a teacher, it pays not to think for yourself".)
You don't say what the age of your students is. If it's a university or TAFE level class you might get away with it, but you only have to offend one daddy's girl and it's all over.
No where was it mentioned about creating one. Ever.... actually read the summary ffs.
I think you may have missed this part of the summary:
do I try to write one my self
Ask me about repetitive DNA
He wants to infect some computers in a lab, that's why the virus cant be one that spreads to other computers so he doesn't infect the whole damn network. Now sure the best thing to do would be setup some computers on just a local LAN that doesn't have any access to the school network but that might not be an option.
I wrote a virus in middleschool (Windows 3.1 and DOS) which I showed to a friend, who infected some girl's computer. Turns out her computer belonged to her dad's small business. The ensuing shit-show of confused administrations, criminal charges, civil threats and pissed parents ended with a restraining order on ME and apparently some trouble for the "exploratory program" administrator, who at some point allowed me to use a computer, though it was most certainly not in any way involved with my extracurricular activities. Never underestimate the ability of an organization such as a school to dish out punishment on the wrong people. I agree with the parent poster, steer clear.
Yeah but the odds of running into BO in real life is slim to none, so if you are gonna teach them about bugs, why not something useful? I'd suggest one of the Rogue AV or security tool variants. Those infections are as common as dirt, being in the PC fixit biz I should know, and removal involves all the classics...F8 boot into safe mode, deleting the reg keys, then running a nice CD or USB key scanner (I'd of course recommend CD, as it is cheap and easy). Hell you can have them make their own AV Rescue Disc which then they can take home with them, and is a nice tool to have.
So I guess the real question is if this is gonna be a BS class, where you teach them something that the odds are virtually zipola of running into IRL, or give them a nice overview of how to DIY fixit work? Because while the Security Tool variants freak out the users they are actually pretty damned easy to kill once you know what you are looking for, and pretty much any bug short of a rootkit follows the SOP bugs like Security Tool use. IMHO it would be a good all around lesson, and as long as the machines aren't on the net not a threat. As a bonus you would give them an up close and personal glimpse at how scareware works, which sadly is becoming QUITE popular for malware writers. by knowing the signs and being able to spot the phonies they can actually help their less clueless relatives and be safer themselves.
ACs don't waste your time replying, your posts are never seen by me.
+5, Informative?...REALLY?!?...
OK, let's start with a handily recent post on the Language Log about Latin plurals (the post is about "syllabus", but "virus/viruses/*viri/**virii" show up in the comments).
Now, onward...
Well, if you want to get all prissy about the Latin, then it's incorrect to use the word to describe a single unit of the substance, in the way it's not correct to call a single water molecule "a water".
Actually (and ignoring the somewhat startling categorisation of computer virus as "substance"), not in the same way at all. You can't call a single molecule of water "a water" because "water" is a mass noun in English, and those don't (i) take indefinite articles, and (ii) don't pluralize nicely (inter alia). It's possible that this portion of your argument comes from here, which points out that in Latin, "virus" ("poison") was a mass noun. Of course, in English, "virus" is very clearly a count noun in English, since it can be (and overwhelmingly is) used with an indefinite article.
Id est, since a viral program is itself a cell in the viral infection of many computers, there's no term for it other than "viral program" and no term for several of them other than "viral programs".
You appear in the preceding to be claiming that the word "virus" doesn't exist in English (or perhaps simply that is has no referent) a claim some information security researchers (and doctors!) might take issue with (cue lambasting for the stranded preposition in 3...2..1).
That being said, this raises an interesting point about...something. Maybe the type/token distinction? When someone says "I wrote a virus", we take him (or her, I suppose) to be making a claim about an implementation of some specific algorithm in some specific language, but not to any particular token of it.
The "virus" would be some arbitrarily bounded subset of the population of said viral programs infecting machines, [...]
I don't understand the grounds on which you're making this claim.
[...] which could devolve to a single program infecting a single machine, but would still not be the correct term for that program or, indeed, for the viral infection being suffered by that machine. It could correctly refer to the running program and its data (which in most computers includes its instructions) and the progress of its states,
OK, so the "running program, and its data" counts pretty much as a "single token of the substance" at hand, in my book. So now it sounds like you're contradicting your opening claim.
but I'm pretty sure nobody much thinks of it that clearly when using the word "virus".
As I just mentioned, you seem to be contradicting yourself (although I may just be misreading you), so you'll forgive if I take claims of clear thinking only quasi-seriously.
Nor is it correct to use "a virus" to refer to a type of virus (exempli gratia Stuxnet, Sasser, Hopper, et cetera) [...]
Why is this 'incorrect'? "I wrote a virus. I'm calling it Johnny5." Seems like a perfectly good use of "a virus" to me.
[...] but only to an instance of that type of virus as it is spreading, [...]
Again, isn't this in contradiction to how you started this comment?
or, again, some arbitrary subset thereof, wherein it has its physical expression and aggregate, fluid form.
Aside from the impossibility of "some arbitrary subset" of an instance (I'll assume that was just a typo/thinko), now you're just engaged in verbal wankery. I mean, I suppose you might choose to model the spread of contagion in a network of computers as the flow of a kind of flu
Research is what I'm doing when I don't know what I'm doing. -- Wernher von Braun
Yes, because he wants to make sure the "fake" virus he uses for the removal exercise doesn't contain some hidden, actually damaging, payload.
Someone has already suggested the EICAR test file, which is ideal. It pops up a message box, and is easy to remove. He can add links the various windows startup files, the registry, he can go old school and call it from a batch file, and he's safe in the knowledge that he's in no danger of hosing his systems.
Nowhere in the stub did he say he was going to teach the kids about actually writing the virus they were to remove. Reading comprehension fail.
Finally had enough. Come see us over at https://soylentnews.org/
On any tech forum, including slashdot, you have wannabe haxx0rz who ask "how to write teh virus???" They never get a serious answer, obviously.
The OP (ed1023) thinks he can trick slashdot readers with some social engineering into thinking they're really helping someone this time by telling him "how to write teh virus???". Who knows, maybe he will succeed. Maybe he will write teh virus.