Simple Virus For Teaching?

ed1023 writes "Currently I am teaching a 101 class on computers. It is more of a 'demystifying the black box' type of class. The current topic is computer viruses; I am looking for a virus with which I can infect the lab computers (only connected to local network, no outside network connection) that would be easy for the students to remove by hand. Can the Slashdot community point me in any directions? Is there an executable out there that would work, or do I try to write one myself, or is there one that is written that I can compile myself?"

EICAR

http://en.wikipedia.org/wiki/EICAR_test_file

Re:EICAR

[rpresser]

Thanks, dude. My virus scanner just started complaining about my browser cache.

DON'T DO IT! You'll get fired

[CPE1704TKS]

It sounds instructive, but you will probably get fired for lacking good judgement.

There are plenty of stories where teachers do similar things that end up getting them fired. Teaching students how to write viruses, faking a classroom kidnapping, how to plan a terrorist attack, etc.

Teaching your students how to write a virus is a classic case of bad judgement. Your superiors will tell you "What were you thinking?" and you will get let go.

Teach them verbally how viruses are created, but don't assign anything as homework.

Try this instead.

[neiras]

What do you expect a student to learn from being told "there is a virus on this machine, remove it by hand"?

If they are in the "demystifying the black box" phase, they have no idea what you're talking about.

Teach them that viruses are just programs like Word or Excel, except with a specific malicious purpose. Give them an overview of how a machine or user might be tricked into running malicious software. Teach them about how malicious software might propagate. Use historical examples. Talk about privileges.

Virus is a slang term that brings up all kinds of scare reactions in ordinary people. They immediately assume that machines are vulnerable to bacteria floating around on the wind, or something similar. You need to de-emphasize the term "virus". It's just software. Then teach them that 99% of all malicious software runs on Windows, and that it's a reflection of the number of vulnerabilities in Windows code and market share.

Write a simple program that copies itself to the Windows folder and starts itself at boot. The program should show an alert box saying "HACKED BY PROFESSOR HANDSOME!!!!" if it sees it is being run from the Windows folder. Put it on a USB key with an autorun.ini, tell them you have placed a virus you wrote on there, and let them sort it out. Just be sure you're on an XP machine and that autorun is enabled.

Better yet, email the .exe to the entire class. Call it CS101-Example.exe, and use the harmless infection to talk about social engineering. Then take them through the 'infection' process, and show them how to remove the file by hand.

Write your own?

[rwa2]

It's Windows, so it's easy... just create a CD or USB drive with two files:

autorun.inf :
[autorun]
            open=installpopup.bat

installpopup.bat :
cmd.exe /k echo "Hi I am a virus"
copy installpopup.bat "C:\Documents and Settings\All Users\Start Menu\Programs\Startup"

Bonus is that it has plenty of legitimate uses for system automation for your little script kiddies as well.

Re:What OS? And how annoying?

[crisco]

Back in the late 80s we had a bunch of 10MHz XT clones in a computer lab networked together using Novel and 10BASE2 or maybe even TokenRing. Some of the games we had ran timing loops for the original 4.77 MHz PC so we had some simple TSR that sat on the interrupt timer and ran some NOPs to slow the computers down. I thought it would be a funny prank to add this to the AUTOEXEC.BAT file on most of the boot floppies in the lab, sadly I didn't test it on more than one computer.

The interrupts and NOPs interfered greatly with the network cards, causing the whole thing to come crashing down when more than a couple of the computers were running at a time. It took at least a couple of days for the sysadmin to sort it out.

RIP George, thanks for introducing me to the Internet and I'm sorry that you didn't get to stick around for Linux and /. I should have taken your Minix class when I had the chance.

Re:Note to self...

[h4rr4r]

Note to tool462, stop using windows.

Re:What OS? And how annoying?

[ArsenneLupin]

Another fun prank from the DOS days: A TSR program that hooked in the keyboard interrupt, and if it detected that it was called from Turbo Pascal, and that the sequence for compilation was called, it would locate the editor buffer and randomly change a couple of semicolons to colon.

This was both annoying as hell (plenty of syntax errors), and difficult to positively blame on mischief as:

• Colon and semicolon are on same key, so easy to blame on typo (phat phingered the shift key)
• On those crappy monitors that we used back then, it was really difficult to tell colon and semicolon apart

The TSR was called <shift-space>.com and so a cursory perusal of the autoexec.bat would not reveal its presence, as shift-space just looks like a normal space (... but can be the name of a command)

IT spend an entire day trying to re-install Turbo Pascal, and the problem still persisted... (because it was in an independent TSR, not in the Turbo Pascal app itself)

Then, the next day, re-install of the entire system.

Another fun TSR one was the annoying keyboard beep. The TSR had a timetable of the classes build in, so that the keyboard click would be very short and almost unnoticable at the beginning of the class, and then gradually grew longer and longer during the class (first a faint click, than a more obvious click, and by the end of the hour an annoying beeeeeeeeeep). Fun thing is, as it was gradual, nobody really noticed when/how it started, but eventually that background noise was "just there"...

A, those were the days of highschool pranks...