Blog literacki, portal erotyczny - seks i humor nie z tej ziemi
___________________________________________________________
GUIDE TO (mostly) HARMLESS HACKING
Vol. 3 No. 7, Part 1
Introduction to Computer Viruses
____________________________________________________________
It's Saturday morning. You boot up your Windows 98 computer
and lo and
behold, the graphics on the desktop are a mirror image of what they
should
be. Congratulations, you have a computer virus!
According to "Virus Bulletin," the Oxfordshire, England-based
technical
journal that tracks viruses, this new virus flips any uncompressed
bitmaps
horizontally, but only on Saturdays. This bulletin credits GriYo
of the 29A
virus-writing group as the author of this 32-bit polymorphic Windows
virus
now known as HPS (Hantavirus Pulmonary Syndrome).
Panda Software of Spain has announced that it has the antidote
to HPS.
Meanwhile, other antivirus companies scramble to code a cure for this
Windows 98 desktop graphics virus.
So far HPS appears, like many viruses, to be harmless and humorous.
According to the book "Computer Viruses" by Robert Slade (Springer,
1996),
"The truth is that relatively few viral programs perform any overt
damage to
a system." However, no matter how harmless any virus may appear to
be,
people worry that it might do something else, perhaps on some Friday
the
13th or maybe, who knows Jan. 1, the year 2000. Even if GriYo
had the best
of intentions, people worry that a mistake buried somewhere in his
HPS code
might accidentally cause harm.
Let's face it. Turn a computer virus loose and you can
become mighty
unpopular -- regardless of how harmless, funny, or even beneficial
you
believe your virus might be. People don't like to have programs running
on
their computers unless they make the decision to put them there.
****************************************************************
In this Guide you will learn:
Part One:
* What is a computer virus?
* Types of computer viruses
* Why study and create viruses?
* How to catch them
* How to fight them
****************************************************************
One of the nice things about the recent escalation in computer
crime is
that the media doesn't make such a big fuss over viruses any more.
Sure,
they (viruses and the media both) can be a pain. However, with
all those
antivirus programs we can call upon for help, and with almost everyone
now
understanding the importance of frequent backups, viruses are no big
deal,
right?
"Computer viruses are no big deal." Famous last words? Digital
viruses may
be the first stages of artificial life. Think about it -- are
we ready yet
to share the planet with artificial life? Will we find some means
of
friendly coexistence, just as we have learned to safely enjoy cheetahs,
lions and wolves? Will viruses perhaps even evolve into helpful
life forms
that will end poverty and war, help us understand the meaning of life
itself
and even shed light on the nature of God? Or will some computer
virus
designer create code that evolves into something that destroys the
human
race? Or ... maybe you readers will get fed up with me hyping viruses
and
flame war me into hiding!
What is a Computer Virus?
In 1988 the Internet was shut down by the "Morris Worm," a self-replicating
program coded by Robert Tappan Morris of the Chaos Computer Club.
It used
sendmail and finger exploits to break into and propagate from one Unix
computer to another. By the time it had infected some 10% of
the computers
on the Internet, it was clogging essential Internet communications
lines as
the worm shipped around ever more copies of itself.
Yet many computer scientists say we shouldn't call the Morris
Worm a
computer virus.
Before the first computer virus was ever coded, in 1984, Dr.
Fred Cohen
wrote his doctoral thesis on the topic (published in his book "Computer
Viruses," ASP Press, 1986). As a result, Cohen is credited by
many with
being the first to conceive of their existence. It is important
to remember
-- Cohen is AGAINST computer viruses. He didn't invent them, but was
the
first to prove they could be created, and to foresee the damage they
could
cause. Purists hold by the definition of virus that appeared
in Cohen's
doctoral thesis: a computer virus is code that, when active, attaches
itself
to other programs.
However, long before Dr. Cohen detailed the characteristics of
viruses,
mathematician John von Neumann proved that a Turing machine (a mathematical
construct representing a single-processor computer) is capable of containing
a "universal constructor" which, if provided with a program containing
its
own description, is able to reproduce itself. Von Neumann's "universal
constructor" proof covers not only Cohen's definition of a computer
virus,
but also self-replicating programs such as the Morris Worm.
Are these definitions making you dizzy? Me, too. So I decided
in this
Guide to use the definition proposed by virus researcher Dr. Mark Ludwig.
He defines a computer virus as "a program that reproduces. When
executed,
it simply makes more copies of itself. Those copies may later
be executed
to create still more copies, ad infinitum." This definition is
broad enough
to include the Morris Worm.
********************************************************************
Newbie note: To "execute" a program means to make it run.
As long as a
program is merely a file, it is doing nothing. However, when
something is
done to feed the information of a file into the central processing
unit of a
computer in such a way as to command it to do something, we say the
program
has been "executed."
********************************************************************
Each virus program must consist of at least two parts. It
must contain a
search routine which helps it find new files, disks or host computers
on
which to replicate. It also must have a routine that copies itself
to these
new computers that its search routine discovers.
Many viruses also contain self-defense features that allow them
to hide
from or even fight back against anti-virus programs.
Some also, like HPS, contain a harmless message or prank.
The Stoned virus
carries the message "Your computer is now stoned" along with an occasional
plea to legalize marijuana.
Unfortunately, a few viruses do something harmful. Often
the harm is
accidental, as few virus coders wish to harm anyone. Robert Tappan
Morris
had no intention of crashing the Internet with his Worm. Each
individual
worm was harmless. The trouble came because they multiplied far faster
than
he had expected.
Also, there are a few -- very few -- people who willfully misuse
their
programming talents to unleash destructive viruses on the world.
Types of Viruses
There are several major types of viruses.
* Boot sector infectors, which can live even on a blank DOS/Windows
disk by
taking advantage of the little-known program which tells your computer
how
to read the disk.
* Program file infectors (this includes MS Word document macro viruses)
* Worms (such as the Morris Worm) which use other programs to replicate
but
do not attach themselves to programs.
Currently the most common type of virus is the macro virus.
A recent
example of a macro virus is WM/PolyPoster. This virus will wait
until you
go online and post your infected document(s) to alt.sex.stories and
other
popular Usenet news groups under the title "Important Monica Lewinsky
Info".
For more details, see
http://www.datafellows.com/news/pr/eng/fsav/19980618.htm
and
http://www.datafellows.com/v-descs/agent.htm
Why Study -- and Create -- Viruses?
"The Giant Black Book of Computer Viruses" by Ludwig (American
Eagle Press,
1995) argues "Should we not be a Socrates, who ... sought Truth and
Wisdom
... the question that really matters is not how computers can make
us
wealthy or give us power over others, but how they might make us wise.
What
can we learn about ourselves? about our world? and yes, maybe even
about
God? Might we not understand life a little better if we can create
something similar, and study it, and try to understand it?"
Some researchers seek to figure out new ways to defeat antivirus
programs
because they believe it is the best way to design them to stay one
jump
ahead of the tiny minority of virus writers who release damaging code.
Do
you really want to rely on a commercial antivirus program to be your
only
defense? Yes, these programs can be really helpful. However,
if you are a
serious hacker who downloads and tests lots of Windows programs (almost
all
viruses attack Windows), you had better be prepared to fight viruses
that
the antivirus companies have never even heard of.
Other people research viruses because they could become potent
weapons in
time of war. The story of a computer virus being unleashed against
Iraq
during the Desert Storm War is a April Fool's Day hoax that got out
of hand.
But the day is coming when they will be used in wartime.
If you live in a country where the government is run by a dictatorship
or
is occupied by an invader's troops, viruses may be the guerrilla warrior's
best friend.
Some virus designers want to create artificial life forms that
will, for
good or evil, revolutionize history.
How to Catch Them
Have you ever gotten an email from a friend that reads something
like this?
Internet Virus !!!!Warning!!!!
Hello;
Please Broadcast this message.
Mails CCMAIL or E-MAIL name's JOINT THE CREW & PENPALS GREETINGS
should destroy all datas on your hard disk when you open them.
These virus call CHEVAL TROYEN make infection on boot sector.
These can be autoduplicator.
You should destroy them, DO NOT OPEN THEM.....
After a week or so you are probably are getting the same message
again and
again, each time slightly mutated:
VIRUS WARNING !!!!!!
If you receive an email titled "JOIN THE CREW" DO NOT open it.
It
will erase everything on your hard drive.
Forward this letter out to as many people as you can. This is a new,
very
malicious virus and not many people know about it. This
information was announced yesterday morning from IBM; please share
it with
everyone that might access the internet...
This "join the crew" virus warning is yet another example of the
kind of
message that first warned of an email virus entitled "Good Times."
In
1994-5 that first emailed virus warning flashed across the Internet
with
amazing speed and persistence. Soon people were getting Good
Times warnings
every day. Even reputable sysadmins broadcast the warning to
all their users.
Good Times was a hoax. It is impossible to catch a virus from
merely
reading email. You must run a program to catch a virus.
True, there are macro viruses such as those that infest Microsoft
Word (MS
Word) documents. They replicate when you merely read a file in
MS Word.
However, macros are programs which are executed when you read a text
file --
but only when you read it in MS Word. Unfortunately, this "feature"
of MS
Word has the consequence that macro viruses are now the most common
of viruses.
However, email is structured so that macros cannot, absolutely
cannot, be
embedded in it. If someone wants to email a macro to you, it
will always be
in a file attached to email. As long as you refuse to load email
attachments into programs that run macros such as MS Word, you are
safe.
Some people have argued that phony email virus warnings are in
themselves
computer viruses. They have a search routine -- the plea to email
them to
everyone you know. Their copy mechanism is you -- if you are
dumb enough to
command your email program to send these warnings on to other people.
So how does a computer get infected by a computer virus?
You must always
run a vulnerable program in association with the virus code in order
to
catch one. In the case of the Morris Worm, all you needed to
do was hook up
your computer as an Internet host. The sendmail and finger daemons,
which
run quietly in the background all the time, were the active programs
that
spread the Worm. In the case of MS Word macros, the act of reading
an MS
Word text file activates a macro which replicates the virus.
In the case of
a boot sector virus, simply putting a floppy disk into a drive and
giving a
command to see what is on the disk propagates the virus.
How to Fight Them
Maybe you are one of those people who greet each new uninvited
program with
the shout "Get that !@#$@#$% virus OUT of my COMPUTER!" If so,
what is the
best way to avoid infection? Once infected, how do you get that
!@#$@#$%
virus OUT?
There are a number of commercial antivirus programs that automatically
scan
for viruses very day at a certain time, as well as every time you start
your
computer. They also scan every floppy disk for boot sector viruses
every
time you load one in a disk drive and try to read it. I use Norton
Antivirus with good results; many others say McAffee works well.
Dr. Ludwig
reports that all commercial antivirus software works about equally
poorly.
Of course, he's always testing them against the most amazing, exotic,
tricky
viruses in the world, half of which he has written himself. So
it's
understandable that he's not impressed.
I learned the hard way that a really bad way to get antivirus
software was
from a floppy given to me by a friend. I tried that once and
caught a new
virus from his floppy instead of getting rid of an old one! That
disk was
infected with a boot sector infector. So before I could
even run it on my
friend's program, the instant my computer tried to read the directory
on the
disk, it got infected. This new virus had the cute side effect
of disabling
the antivirus program.
Because of this problem, commercial antivirus software comes
complete with
instructions on how to bootstrap your computer back to health.
If you don't
follow those instructions exactly, you may end up like me, giving your
computer a virus instead of eradicating one.
Since, according to Ludwig, there are many viruses out there
for which
there are no antivirus programs, this should motivate us to try to
avoid
catching them in the first place. What are some precautions even
those of
us who run commercial antivirus programs should take? Here are
my top
recommendations.
1) Use the Unix operating system. There are few Unix viruses or worms.
I
like to think that is because it is a superior operating systems.
However,
it may also be largely because Windows computers are common and cheap
and
the kind of people who code malicious viruses are so lame that they
can't
figure out how to code for Unix systems. However, be warned --
the second
part of this Guide includes the source code for a Unix virus!
2) See that kewl warez d00dz site? Wouldn't it be nice to get thousands
of
dollars worth of commercial software from them for free? Watch
out! The
kind of guys who pirate software might also be the kind of guys who
get a
chuckle out of reformatting your hard drive by giving you viruses hidden
in
their archives. Also, some people fight warez sites by secretly
booby-trapping them with viruses.
3) See that lovely haxor dOOdz site full animated flames, spinning skulls
and creepy organ music? See all those programs on that site that
promise to
empower you to mail bomb people, crash their computers and break into
the
Pentagon? Now, is it just possible that the kind of people who
want to help
other people raise heck -- gosh -- could they also be the kind of people
who
would slip a virus or two into those programs you download?
4) See that email with an attached file? The sender says it is
a really
kewl program. A new game, better than Quake or Barbie Fashion
Designer.
Wait, why is a stranger sending you a free game program? Maybe
he's up to
no good. Or -- maybe it is an attached file sent to you by a
friend. Wait!
How do you know that email is really from your friend? Does it
have his or
her PGP signature? Have you phoned your friend to ask whether
he or she
really sent you that program? Don't run a new program unless
you are
certain it comes from a trustworthy source.
5) Upgrade Microsoft Office (or Microsoft Word) to Office 97 (Word 97).
This disables all the old macro viruses. It also checks for macros
in any
new file you open. If it finds them, it prompts you to decide
whether you
want to disable these macros. Unfortunately, it is even easier
to write
macro viruses for Office 97, which uses Visual basic for its macro
language.
So if you want to be really safe, simply refuse to let any macros whatsoever
run on this office suite. Better yet, use some other office suite
such as
Corel. Only Microsoft programs are vulnerable to macro viruses.
6) Disable Java on your Web browser. Haven't heard about Java
viruses yet?
In part two of this Guide you will get source code for a Java virus
that
infects Unix computers that run the Bourne shell. Java can also
transmit
viruses that will infect Windows computers.
7) Do or don't do all the other stuff I forgot to put in this list.
What
this really means is, don't trust me or anyone to be the last word
on
viruses. Good books to study which include source code to viruses
are "It's
Alive" by Dr. Fred Cohen, (Wiley, New York, 1994) and "The Giant Black
Book
of Computer Viruses" by Dr. Mark Ludwig (American Eagle, Show Low AZ,
1998).
You can also get lots of information from the virus-l email list, a
moderated, digested mail forum. To subscribe to the email list, email
listproc@lehigh.edu with message
subscribe virus-l. Archives are at
ftp://ftp.cs.ucr.edu/pub/virus-l.
An archive of virus FAQs is at
http://webworlds.co.uk/dharley/anti-virus/virFAQs.
For Mac viruses, email
listproc@listproc.bgsu.edu
a message containing the line "subscribe
mac-virus-announce YOUR FULL NAME".
_______________________________________________________________________
Where are those back issues of GTMHHs and Happy Hacker Digests? Check
out
the official Happy Hacker Web page at http://www.happyhacker.org.
We are against computer crime. We support good, old-fashioned hacking
of the
kind that led to the creation of the Internet and a new era of freedom
of
information. So don't email us about any crimes you have committed!
To subscribe to Happy Hacker and receive the Guides to (mostly) Harmless
Hacking, please email hacker@techbroker.com
with message "subscribe
happy-hacker" in the body of your message.
Copyright 1998 Carolyn P. Meinel <cmeinel@techbroker.com>.
You may forward,
print out or post this GUIDE TO (mostly) HARMLESS HACKING on your Web
site
as long as you leave this notice at the end.
_______________________________________________________________________
Carolyn Meinel
M/B Research -- The Technology Brokers
http://techbroker.com