PC Virus Turns 25

Batblue writes "Happy anniversary Basit and Amjad! Twenty-five years ago this month (CT: Warning, intrusive interstitial ad), the Alvi brothers of Lahore, Pakistan, gave the world the Brain Virus, the first bit of malware capable of infecting a DOS-based PC. Back in those relatively innocent times, the brothers actually embedded their real names and business address in the code and later told Time magazine they had written the virus to protect their medical software from piracy. Who knows what they were really thinking, but by all accounts the Brain Virus was relatively harmless. Twenty-five years later, most malware is anything but benign and cyber criminals pull off exploits the Alvi brothers never envisioned."

get rid of adds

[santax]

http://www.mvps.org/winhelp2002/hosts.htm And you'll be fine with that link. Btw, what better way to celebrate virii than an add-infected site.

Re:get rid of adds

[Ferzerp]

Hypercorrections don't reflect upon your intelligence the way I suspect you think they do.

Re:get rid of adds

[HarrySquatter]

Btw, what better way to celebrate virii than an add-infected site.

1) The term is 'viruses' not 'virii'.
2) The word you are thinking of is 'ads'. Unless you are somehow blocking a website that is infected with "addition" which makes little to no sense.

Re:get rid of adds

Btw, what better way to celebrate virii than an add-infected site.

1) The term is 'viruses' not 'virii'.
2) The word you are thinking of is 'ads'. Unless you are somehow blocking a website that is infected with "addition" which makes little to no sense.

I was told there would be no math....

Re:get rid of adds

1) The term is 'viruses' not 'virii'.

You have about as much chance of getting people to stop using that as you do of getting them to stop saying 'boxen'.

A case can be made for either. Not everybody agrees with you. Get over it.

Re:get rid of adds

or Attention Deficit Dis.... oooh, look, a squirrel!

Re:get rid of adds

[zrbyte]

In other news: Virii have just turned 25 (minutes)!

Seems we have more to worry about than just viruses.

Re:get rid of adds

[seinman]

I haven't heard someone use the term "boxen" in years. Are there really still idiots spitting that one out?

Re:get rid of adds

Please "make a case" for virii, other than "it vaguely sounds correct to illiterate retards like myself".

Re:get rid of adds

I don't think a site can be "ads-infected". The word I think you think he was thinking of is "ad": "ad-infected site".

Re:get rid of adds

[gstoddart]

I haven't heard someone use the term "boxen" in years. Are there really still idiots spitting that one out?

I see it at least once a week here on Slashdot.

Decide for yourself what that means. :-P

Re:get rid of adds

[JWSmythe]

My boxii take serious offense to that, you insensitive clod. :)

Re:get rid of adds

[Mister+Whirly]

Or maybe it is an AIDS-infected site. Practice safe surfing!

Re:get rid of adds

A case can be made for either. Not everybody agrees with you. Get over it.

Are you a creationist too?

Re:get rid of adds

[MadKeithV]

1) The term is 'viruses' not 'virii'.

You have about as much chance of getting people to stop using that as you do of getting them to stop saying 'boxen'.

A case can be made for either. Not everybody agrees with you. Get over it.

Meh.
I could care less.

Re:get rid of adds

Maybe it was an ADD-infected site, and with all the ads, he kept losing attention?

Re:get rid of adds

Please "make a case" for virii, other than "it vaguely sounds correct to illiterate retards like myself".

Cuz it's more 1337, bitches. Sux0rz got pwn3d!!

Re:get rid of adds

[onkelonkel]

"get rid of adds"

Can we keep the subtracts?

Re:get rid of adds

[ThatMegathronDude]

You are both wrong. The plural would be "virii" if and only if the singular were "virius". The correct pluralization is "viri".

Re:get rid of adds

Or to stop it's instead of its, or definately, rediculous, artical, etc. People are stupid.

Re:get rid of adds

[camperdave]

1) The term is 'viruses' not 'virii'.

You have about as much chance of getting people to stop using that as you do of getting them to stop saying 'boxen'.

A case can be made for either. Not everybody agrees with you. Get over it.

Meh. I could care less.

Yes, obviously you care enough to write that you could care less. I, on the other hand could not possibly care les... Oh flapjacks!

Nevermind.

Re:get rid of adds

There's a difference. People who say 'boxen' (should) know that the correct word is 'boxes' and are (mostly) dabbling in old hacker humor. Whether they are beating a dead horse with their hacker humor is subjective and out of the scope of this post. To contrast, two types of people use 'virii': those who really think that it's the correct way to pluralize virus, and those who think it's another hacker humor attempt like 'boxen.' It's neither, and they need to stop doing it. Even if we were to use the "over-generalizing of grammatical rules" trick, the result still wouldn't be virii.

Re:get rid of adds

[Iskender]

A case can be made for either. Not everybody agrees with you. Get over it.

If we define "case" as "saying things that are not true", then yes.

Defining "case" as "a lot of people say it so it's right" then it's also true.

But for anything like grammatical correctness there's no case at all - it's simply a common misunderstanding caused by people dabbling with latin without any actual knowledge of it.

For how an actual case is made, see: http://www.straightdope.com/columns/read/2139/what-is-the-plural-of-penis

Re:get rid of adds

[g253]

True, although the actual plural is indeed viruses. See http://en.wiktionary.org/wiki/virus#Usage_notes

Re:get rid of adds

[GrahamCox]

Not everybody agrees with you

Anyone with any actual knowledge of Greek and Latin does, however. Ignorance is not a virtue - stop defending it.

Re:get rid of adds

[fredc97]

Man this is going Viriial, its like viriises have taken over /.

Re:get rid of adds

[simoncpu+was+here]

The queen is dead, you insensitive clod! :)

Re:get rid of adds

[Hognoxious]

it's simply a common misunderstanding caused by people dabbling with latin without any actual knowledge of it.

Yes, they do it ad nauseum round here.

But you're post literally beg's the question as too weather you'll annoy the "languages evolve" mob by an exponential amount.

Re:get rid of adds

[Hognoxious]

My car broke down last week. I had to take a tram and two bii to get to work.

Re:get rid of adds

[JWSmythe]

You know, that's a terrible argument. You're saying it's wrong, but you're not giving any supporting evidence. I'm assuming that you know both Green and Latin to make such a statement. The good old "I'm smarter than you, so I'm right" doesn't cut it, especially when your audience may be as smart or smarter than you.

    If virii is wrong, at least give us the translation of what virii means. In Latin, virii seems to translate to "The men of...". In Greek, it doesn't translate to anything.

    So how correct or incorrect is virii? Well, if you consider "the men of..." would seem to convey the same idea of the biblical Legion demon (my name is legion, for we are many.). If a virus is one attacker (attack vector, or soldier), many could be conveyed as a legion. That would imply many men of. We are always very comfortable anthropomorphizing inanimate objects, would it be wrong to consider multiple virus to be the men of, or the army of, or the legion of? It would seem appropriate to follow that with the name of their creator. Virii haxor? Dear god, I hope I don't give an uber-leet script kiddie any ideas. Ok kids, be good, stay in school, m'kay?

    I guess the most important thing we should remember is that language is what we've made of it. There are people who want to be linguistic purists. What are you being pure about? You've picked an arbitrary point in history, and have romanticized so much, you too believe there is to never be progress. I won't argue against the idea that many modern linguistic trends are wrong, but words adopted into common use, regardless of how badly they are spelled, or how awful they may be, they become words. Search on Google for "new words in [year]" (replace year with a number), and you'll find all kinds of interesting words that you probably believed existed "forever".

    New words in 1806 2006.

    I'm very happy that "cougar" and "tramp-stamp" became official words in 2010. Now I don't have to say "A lovely older woman with sexual interests a younger men, who has a tattoo on her lower back". "Cougar with a tramp stamp" not only has a nice ring to it, but it sounds real dirty. :)

    So... It doesn't matter if you think you know Latin, Greek, or English. If everyone else says it's right, and the use is continued, in time they will be right. I'd be willing to bet the majority of what we say now (including this message) would have been impossible to decipher based on linguistic standards even a few hundred years ago. Don't even consider looking back more than about 450 years, "Modern English" didn't even exist.

Attack Toolkits

[Spad]

Really? Attack Toolkits are a new worry? I mean, I know they consulted a guy from Symantec for the article, but even so...

Attack Toolkits have been in existence for a long time, even if you only count the newer "hosted" solutions.

Re:Attack Toolkits

[sakdoctor]

Attack toolkits are about as scary as game toolkits are to EA/Ubisoft/Activision.

Re:Attack Toolkits

[fredc97]

Attack toolkits are about as old as viruses, the MtE (Mutation Engine) was released in 1991. Before that all you needed was debug, edlin and a copy of Ralph Brown's book, oh and Elk Cloner was on Apple II in 1981. Make that 30 years for other 'personal computers'.

Let me get this right.

[RyuuzakiTetsuya]

To celebrate the 25th anniversary of some of the first PC viruses, Slashdot linked to a site where you can get some of the most up to date malware, adware and other infections!?

How festive!

Re:Let me get this right.

[mcgrew]

Happy birthday, influenza! Happy birthday, HIV! Happy birthday, Stoned! Happy birthday, Michaelangelo!

Happy birthday, sleazy advertisers and the sleazy sites they advertise on!

Re:Let me get this right.

[chargersfan420]

Finally, a good reason not to RTFA!

Re:Let me get this right.

[masterwit]

Okay, that was funny for once :)

mcAffee is that old?

I'd always been told the first viruses appeared on campuses where Mr McAffee promptly turned up offering solutions.

Re:mcAffee is that old?

[sakdoctor]

In 1986, windows was suffering from a virus infestation, a man dressed in business/casual with glasses and a stethoscope appeared, claiming to be a virus scanner. He promised the users a solution for their problem with the malware.
The users in turn promised to pay him $29.99 a month for the removal. The man accepted, and played a musical pipe to lure the viruses onto a 5.25" floppy, where all of them quarantined.

Despite his success, the users reneged on their promise, and did a charge-back on their credit cards. The man left the town angrily, but vowed to return some time later, seeking revenge.

On talk like a pirate day, while the users were in McDonalds, he played his pipe yet again, dressed in lycra, this time attracting the data and core DLLs. One hundred and thirty files followed him out of c:/windows, where they were lured into a recycle bin and never seen again.

Re:mcAffee is that old?

[Mister+Whirly]

And for years we had been told the sun revolves around the earth. What exactly is your point? Or was it a friend of a friend who told you this - in that case you know it HAS to be true!

But honestly seeing computer viruses started showing up in 1986 and McAfee Associates wasn't even incorporated until 1992, I think your source may have been pulling your leg a little.

Amiga had it first.

[Maxo-Texas]

I remember my screen said,

"Something wonderful is happening"
.
.
.
"Your Amiga has come alive"

Unfortunately the DOS was flaky enough as it was. The virus unintentionally ruined disks.
No one believed me at first- the message didn't come up again for a couple more weeks so they thought i was crazy.

Re:Amiga had it first.

[idontgno]

"Your Amiga has come alive"
Unfortunately the DOS was flaky enough as it was. The DOS unintentionally ruined disks.

FTFY.

How many times did I read, through panic-stricken teary eyes, "Your disk structure is corrupt. Use DISKDOCTOR to fix it."?

The Amiga was my first PC love, but by God did I hate how crufty and fragile AmigaDOS was. It was like being in love with a beautiful, adoring, and creative woman with an unfortunate habit of accidentally setting fires and leaving them to burn.

Sigh. At least I was lucky enough to never have to deal with an Amiga virus.

Re:Amiga had it first.

[Xian97]

Even before that the Atari ST had a floppy boot sector virus that would invert your mouse - left and right worked fine, but up and down were reversed.

I remember seeing that message on the Amiga too. I had just bought one and some of the discs a friend had loaned me had that virus on it. It wrote itself to the floppy boot sector so it couldn't be removed from many discs without making them unbootable. It only spread if you warm booted, so you could still use the floppy if you turned the power off after running one with that virus on it.

Re:Amiga had it first.

[EvilIdler]

Amiga viruses were awesome. I learned a lot from disassembling, reassembling and improving them.

The coolest part was how easy it was to have programs survive reboot. I made some rudimentary programs which used these techniques to slip in before the harmful programs, and more professional anti-virus existed which did this too. My simple tools never had a fancy menu system, though!

At least a reboot actually stops the malware running nowadaysright? Or do the old warm reboot techniques still work on a modern PC? I remember QEMM used that, back when shaving a few kilobytes off your RAM usage was serious business :)

Re:Amiga had it first.

[F.Ultra]

You must have been using some really crappy cheap floppy disks. I almost never experienced disk errors and I distributed Fresh Fisk disks to houndreds of members who also never complained about trashed floppies.

Re:Amiga had it first.

That's because Amiga OS put a higher data density on disk than MS-DOS did at the time. Some disks just weren't good enough to work reliably with 11 sectors per track, while all of them (at least the ones people actually sold) would work with 9 sectors per track. That's not a problem of the OS, but one of the media.

Re:Amiga had it first.

[KingKaneOfNod]

It was like being in love with a beautiful, adoring, and creative woman with an unfortunate habit of accidentally setting fires and leaving them to burn.

How do you know my wife??

Re:Amiga had it first.

[meosborne]

This was the SCA virus.

Bad security model still unchallenged... ugh!

[ka9dgx]

The solution to this problem has been known for a very long time... it's the principle of least privilege.

We've had 25 years to wise up and stop using a "default permit" based system and still haven't done so.

Here's a summary of the situation, for those who want to help push things in the right direction.

Re:Bad security model still unchallenged... ugh!

[Sockatume]

FWIW the idea seems to have taken off in the mobile space, where programs are expected to go cap-in-hand to the OS and ask for permissions already, for resource management purposes. Perhaps with the influx of tablets running mobile OSes, the idea will gain more traction in the home computing space.

Re:Bad security model still unchallenged... ugh!

[AC-x]

That may be a solution in a carefully controlled corporate setting, but unless you have a complete lockdown on installing software like iOS has you will always have the risk of users overriding any security layers you put in front of them.

I forget the exact quote, but it goes something like this - You could create an operating system with no vulnerabilities of flaws whatsoever, but as long as the user wants to view dancing_puppy_avi.exe in an email they received they will happily bypass any barriers you place in front of them. It doesn't matter how many warnings you give them, how many times you ask for an administrator password, if the user wants to see that dancing puppy they will disable every security measure they need to.

Re:Bad security model still unchallenged... ugh!

[ka9dgx]

If it's a choice of running a program, or not, security will never happen. It's the wrong choice.

If user has seen other dancing cats and never had to give permission to modify their system folder in the past... they probably will do the right thing and refuse.

You have to assume some good will and common sense on the part of users. Give them better choices and they will do a better job of choosing.

Re:Bad security model still unchallenged... ugh!

[AC-x]

If user has seen other dancing cats and never had to give permission to modify their system folder in the past... they probably will do the right thing and refuse.

It's still no guarantee tho, sure they're more likely to make the right choice but I bet there would still be loads of people who would be fooled by fake antivirus or system update popups etc.

Re:Bad security model still unchallenged... ugh!

[JonySuede]

I forget the exact quote, but it goes something like this

it was a dancing bunny and I think it was mentioned first at http://blogs.msdn.com/b/larryosterman/archive/2005/07/12/438284.aspx

Re:Bad security model still unchallenged... ugh!

[lennier]

You could create an operating system with no vulnerabilities of flaws whatsoever, but as long as the user wants to view dancing_puppy_avi.exe in an email they received they will happily bypass any barriers you place in front of them.

There's a big false assumption in that cute insult to users' intelligence: that any executable file can and should be able to do anything on the user's system, and that there is always and forever no way for user to verify what capabilities an executable is requesting or to reliably sandbox anything from semi-trusted sources.

But surely we don't have to solve the Halting Problem in order to be able to restrict applications from doing evil things to the root of C: Heck, Flash is nothing but a literal dancing bunny delivery mechanism, and it only has security problems when the actual Flash implementors stuff up. It's pretty rare for a .swf to be able to root you.

tl;dr: EXE, you're doing security wrong.

Re:Bad security model still unchallenged... ugh!

[AC-x]

But surely we don't have to solve the Halting Problem in order to be able to restrict applications from doing evil things to the root of C:

This is the dilemma, as I mentioned you could have a complete lockdown on installing software like iOS has where only software from an approved channel can be installed, which might be fine for most people but you're giving up all your freedom for security.

As soon as you make it possible to install an unapproved / unsigned system utility, driver or patch on a computer it becomes possible to socially engineer a user to install malware.

Re:Bad security model still unchallenged... ugh!

[lennier]

It's still no guarantee tho, sure they're more likely to make the right choice but I bet there would still be loads of people who would be fooled by fake antivirus or system update popups etc.

The fake system message popups are interesting in their own right, because the average user simply has no way to determine whether a given dialog box is speaking for the application or organisation it claims to be. This seems to be a similar fundamental problem to the failure of the SMTP Sender field to be authoritative.

I think this exposes a deep problem in GUI design which has not really been addressed since the dawn of the field: we have created a set of graphic 'design languages' which are not, in fact, formal languages. In other words, we've created a set of loose visual conventions about what a system alert should look like,what a button should do, etc - but none of these conventions are binding on any applications. They're just guidelines to be used by well-mannered programmers, but like the SMPT Sender field, encode no actual information. But we're now in an Internet full of overtly hostile code which is attempting to subvert the user's machine at every point. We must make it hard for remote attackers to fake their visual credentials.

What I think we should have done instead - and is perhaps a very hard problem, but perhaps not - is to create a GUI language with formal properties. For example, define visual 'containment' - a box being displayed within another box - to literally mean some kind of subprocess or trust relationship such that it would be impossible for a rogue process to display anything inside a place it didn't own. If the user saw an 'error, install antivirus' box appear inside a clearly marked 'user space box' then they would know it was not actually the system talking to them. Even better, no visual entities inside the userspace box should be able to make any modifications to the system at all.

This would require a tight, 100%, one-to-one relationship between GUI 'design language' elements and the formal security properties of the underlying information system, instead of the very loose, laissez-faire approach we have now where there is no relation at all between what you see in a GUI and what's really going on under the hood. Something like the naked objects pattern would be required to really make this work, but we could start right now to reevaluate the trustworthiness of our GUIs based on this principle.

Some immediate offenders come to mind. Firefox 4 removing the Status Bar seems like a huge step in the wrong direction - visually, it makes a browser window look more like a system window, when the opposite should be the case - it should really be impossible for Javascript to remove the URL and status bars from any Web-launched windows, so that popups never look like legitimate system dialogs.

Second, it becomes clearly obvious why popups are such a huge annoyance to users, and why they must be removed: a pop-up window is spoofing its ownership information, breaking out of its visual location inheritance, and therefore is acting as a rogue process. This should never happen in a well-designed GUI with security in mind.

Third, keyboard focus stealing should be impossible. This also allows one window to manipulate the whole visual inheritance chain by putting itself 'on top' and receive messages intended for another.

Fourth, GNOME's 'notification' popup is a major problem for visual trustworthiness, because it puts messages onscreen which don't associate with any window but just hover, detached from everything, on the screen. Who is the user to think these messages come from? All system notifications should be framed within a clearly visible container, so the user gets in the habit of recognising that anything inside that box is from the system, and everything outside is not.

Finally, the whole Windows and X-Window approach to GUIs needs to be overhauled (though X-Window's strict window m

Re:Bad security model still unchallenged... ugh!

[orange47]

yeah, right. you stick to whitelisting and use only licensed software approved by Microsoft..

Re:Bad security model still unchallenged... ugh!

Unfortunately, it's your fault when your customers aren't able to punch all the monkeys or download all the free credit reports they want.

solution to malware problem

[doperative]

"Twenty-five years later, most malware is anything but benign and cyber criminals pull off exploits the Alvi brothers never envisioned."

Run your OS from a read-only device, implement strict separation between code and data. Never download-and-run code from arbitrary sites over the Internet ..

Re:solution to malware problem

And the average user will voluntarily run the virus and then not reboot their PC for a month or more. Still not much of an improvement.

Re:solution to malware problem

Those are called trojans. Nothing can protect you from trojans.

But only a Microsoft OS will happily run all the fucking viruses you throw in its direction.

Re:solution to malware problem

Those are called trojans. Nothing can protect you from trojans.

But only a Microsoft OS will happily run all the fucking viruses you throw in its direction.

Suuuuure, you keep on saying that, it may become true someday. My god you are naive.

Die Hard 2

[tacktick]

Remember that?
Seems like a millennium now.

I sat and and disinfected stacks of floppies.. one by one.
Back then Antivirus was new and Mcafee was the top dog.

What the heck happened to Mcafee? Ugh.
I convinced the management of my organization to dump Mcafee and switch to VIPRE enterprise. 600+ computers
Mcafee did jack squat when real malware came through. Conficker did a thorough pounding of our network while Maccoffee rolled over and played dead.

"PC" = "IBM PC" here...

[osu-neko]

This was certainly not the first personal computer virus, as I recall there was a virus running rampant on the Apple II computers in my high school running Apple's DOS 3.3 before this. The virus was one of the things that got them to switch everyone over to using the spiffy new ProDOS instead.

Re:"PC" = "IBM PC" here...

Was that "Fred"? My brother and I wrote that one back in 1981. Self-perpetuating, infected any new disk you put in, and was generally obnoxious.

We wrote it to annoy the crap out of a "Computer Programming" teacher who always swiped the student's disks if they left them in the Apple computers in the school computer lab. So we left an infected one in the drive.

A week later, half the kids in school had it on their disks. Brought most of the programming classes to a standstill for several weeks.

1988 Mac Viruses

[catchblue22]

The first time I remember seeing anti-virus software was on a 1988 Mac Plus (system 6). The software was called "Vaccine"...I remember the icon of it loading at boot up time looked like an hypodermic needle. Of course that was before Apple adopted BSD as the basis for OS X. Security has improved significantly since then.

What ad? I didn't see an ad.

Warning, intrusive interstitial ad

What ad?

Opera & Javascript blocking FTW

listen

[Spy+Handler]

if the webpage has such an "intrusive interstitial ad" that you felt you had to protect the public with your warning, perhaps it would've been better to NOT LINK TO THE SHITTY FUCKING WEBSITE IN THE FIRST PLACE.

Re:listen

[Rick17JJ]

What advertisement? I did not see any advertisement when I went to their website. What was I supposed to see?

I use both the "Ad-Block and "No Script" extensions under Firefox. I also use the MVPS ad blocking hosts file. Perhaps, that is why I did not see the intrusive ad. I use Linux as the operating system for my computer, by the way.

As for the article itself, I was interested in the part where they said that users of Macs or computers running Linux are at risk as well. Are they talking about actual viruses for Linux and Macs, or some other type of malware? The last time I had checked a few years ago, everything I read said that there have not yet been any Linux viruses actually circulating in the wild.

If malware (or viruses or whatever) are actually becoming somewhat of a danger for Linux, I wonder if there is some additional security measures that I could take to reduce that danger. There are actually several anti-viruses programs available for Linux, but I don't know of anyone with a Linux home computer, who actually bothers to use anti-virus software. My understanding, is that running an anti-virus program on a Linux computer, is only done if the computer is a mail server or something like that. Even then, my understanding, is that it is only done to protect the Windows computers who download their mail from that mail server. Is that correct?

I have a user configured firewall on both my computer and my DSL modem with all incoming ports closed and only a few outgoing ports open. Would something like SE Linux or AppArmor reduce the danger that the article claims supposedly exists for Linux? Is the article overstating the danger that malware presents to Linux (or to a Mac)? Does using the "No Script" add-on for Firefox on most websites, greatly reduce the danger?

I am not a professional computer person (or that much of an expert), but I have my doubts about what the article briefly said about Linux or Macs.

Re:listen

[jdc18]

that is what you get for RTFA

Re:listen

[atomic-penguin]

As for the article itself, I was interested in the part where they said that users of Macs or computers running Linux are at risk as well. Are they talking about actual viruses for Linux and Macs, or some other type of malware? The last time I had checked a few years ago, everything I read said that there have not yet been any Linux viruses actually circulating in the wild.

The article linked was on CIO.com, its intended audience are IT executives who have a better grasp on managing geeks rather than understanding technology itself. Absolutely nothing wrong with executive types. However, before taking any technical advice from such a site, just know that such trade news sites exist to help sell expensive solutions like Enterprisey multi-platform anti-virus software to executive IT types.

It is certainly not the first, or only, cio.com article I have read, from which I draw that conclusion.

25? more 30

Boot Sector viruses go back a lot further then 25 years. Anyone remember SCORES? I have a old Bernoulli drive at home formated in HFS that contains examples of some 20 Classic Mac OS 6.07 viruses. Before that there were a very few active mainframe based virus programs. We ran into one in the late 70s on a still functional IBM OS/360. This one was cute rather then harmful. It spelled out "HI" in the binary display lights on the front faceplate of the mainframe. As I recall Managment was none to happy, but the operators thought it a hoot.

Sorry but...

...Windows, the oldest and most successful PC virus, became 25 in November!

Faking the "Your PC is now stoned" virus with DOS

I will always have fond memories of screwing with our computer class teacher with fake "Your PC is now Stoned!" viruses using DOS autoexec.bat files.. Those were the days :]

the news isn't that we had them 25 year ago...

... It's that people are still idiots enough to get them *today*, after (over) 25 years of virus history.

After seeing a virus once (on someone else's machine even!) I thought, "hey, that's just not acceptable", and made sure to only run trustworthy code on my own machines in the future.

Everybody else? As far as I can tell, they're all fine with getting viruses. They refuse to change their behavior in the face of overwhelming evidence that its dangerous.

Viruses exist now in 2011 because people have refused to learn a damn thing.

Missed opportunity

"Twenty-five years later, most malware is anything but benign and cyber criminals pull off exploits the Alvi brothers never envisioned."

Well, I guess they should have patented it. :-)

Oh, let's all write a virus!

[flogger]

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* (stupid slashdot filter this I hve too many capitals...Little does it know that I've uploaded a virus! HAHA..opps hahahha)

Not really a virus, or at least not effective.

[atomic-penguin]

It loosely meets the definition of a virus. It wasn't the first computer virus. It isn't very noteworthy, other than it was the first known computer virus which the author(s) took full credit, and provided their real names and accurate contact information. We have other words for this type of software now. You might even call it copy-protection, or DRM, today.

Computer viruses started off as an academic exercise. In other words, the goal was to create a self-reproducing program with survival instinct, similar to that of a real-world virus. According to Mark Ludwig's Little Black Book of Computer Viruses, the functional elements of a Computer Virus follow in the list below. I highly recommend the book, for anyone interested

1. MUST contain a search routine. Important for both self-replication, and survival. Where and how will the virus replicate?
2. MUST contain a copy routine. This is the self-replication part, and its obviously important for the survival to the virus.
3. SHOULD contain anti-detection routine(s), or somehow evade detection. Obviously important to the survival of the virus.

Number 3 is really what separates a true "virus" from programs which are mislabeled as such. If the virus displays a message "I'm in your computer eating your data, nom nom nom!", it limits its own effectiveness. The virus will get eradicated, it will not survive in the wild. Which comes back to my point about this story. While this program loosely meets the definition of a virus, it was not written to be a self-reproducing entity with simulated survival instinct. It was primarily intended to prevent unauthorized copying. Its impact was limited to floppy disks with unauthorized copies of the program it was intended to protect from copying.

Re:Not really a virus, or at least not effective.

[GameboyRMH]

That was my first thought, that this may also be the first DRM software. I searched the thread for DRM and found your post right at the bottom.

Too bad they didn't know to call it DRM at the time and create a huge scare, maybe people would be more averse to DRM today.

Re:Not really a virus, or at least not effective.

[Mars+Saxman]

This is a somewhat different definition of "virus" than I remember from the '80s. I haven't actually encountered a virus since then, so perhaps usage has changed, but back in the day a "virus" was a self-replicating program that worked by attaching itself to or embedding itself within an existing program, while a "worm" was a stand-alone program that worked by exploiting security holes in remote computers and copying itself over independently.

Evading detection is a secondary effect of the fact that the virus works by embedding itself within an existing program; it takes advantage of some existing process to replicate itself. Of course evading detection is a good thing if you want your virus to succeed, but a self-replicating program does not fail to earn the label "virus" simply because its author took no special care to disguise it.

Re:Not really a virus, or at least not effective.

[atomic-penguin]

Which is why I attempted to emphasize "should" meet the requirement of evasion to be an effective virus. The first two items (searching, copying) are critical points in the definition of the term virus. It doesn't have to be a large and sophisticated search function, to effectively replicate however. You're spot on as far as I can tell in your definition of a worm. Once a virus cross the threshold of a network, its defined as a worm, with basically the same function as a virus.

The point I was trying to get across, and I may have not communicated that effectively, was this so-called virus is more like a copy protection scheme than a virus in any sense of the term. This particular Brain program degrades system performance, and attempts to scare the end user triggered by the act of copying the program it is trying to protect. It loosely meets the definition of a virus because it meets the requirement of self-replication. Its an ineffective virus because it does not meet the tertiary requirement of evasion. I'm comparing it to a copy protection scheme, because although it can self-replicate, the intent of the program was never self-replication. Rather this Brain virus actively discourages its own replication in order to protect another program from copying.

Also: news for nerds?

[sean.peters]

Was there any reason at all to even write this article (except to get people to watch the intrusive ad, I mean)? The whole thing consisted of name-checking the Brain virus and then pointing out that malware tookits exist. This is news? No background on Brain, no evolution of malware, no information on how Brain (or any later piece of malware) works, just "malware toolkits! Be very afraid!".

The whole article was completely devoid of anything but the shallowest once-over of the malware toolkit scene. Sometimes I really wonder what the Slashdot editorial staff is thinking when they select articles to publish. Yeah, I must be new here.

Good man (nearly SAME here too)... apk

"I also use the MVPS ad blocking hosts file." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

Good job & good choice... I'm a BIG "fan" of HOSTS files here, & why not: HOSTS files get you extra speed online (by blocking out adbanners OR even "hardcoding in" your fav. sites IPAddress - to - host/domain names 'equations' in them) AND extra layered security also!

---

"I use both the "Ad-Block and "No Script" extensions under Firefox... I have a user configured firewall on both my computer and my DSL modem with all incoming ports closed and only a few outgoing ports open." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

As do I, alongside the WOT (web-of-trust) addon also, in FireFox (but Opera 11.01 is my REAL "preferred weapon of choice" though usually, & on either Windows 7 or KUbuntu 10.10 Linux (which are the current OS' I use here @ home)).

---

"Perhaps, that is why I did not see the intrusive ad." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

You can BANK on that... & I was thinking the same thing myself yesterday, as I went over to the referred to source article's URL as noted in said article (warnings about "interstital ad" & all): I thought "Gee, where IS this allegedly interstital ad?" (because like you? I never once even saw it... & for the SAME reasons you did not, which is due to our setups & tools we both utilize in common!).

---

"I use Linux as the operating system for my computer, by the way." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

As do I, KUbuntu 10.10x (fully updated/patched) 64-bit, as well as Windows 7 Professional (fully updated/patched) 64-bit.

APK

P.S.=> The techniques & tools you mentioned/noted work the SAME on either OS - getting me the same results you see (no ads), & no infestations via malwares for nearly 16 yrs. or so now as well... apk