Computer viruses 
Computer viruses
Computer viruses
A bit of
history
2 November 1988
Robert Morris younger (Robert Morris), graduate student of informatics faculty
of Cornwall University (USA) infected a great amount of computers, connected to
Internet network. This network unites machines of university centres, private companies
and governmental agents, including National Aeronautics Space Administration,
as well as some military scientific centres and labs.
Network worm
has struck 6200 machines that formed 7,3% computers to network, and has shown,
that UNIX not okay too. Amongst damaged were NASA, LosAlamos National Lab,
exploratory center VMS USA, California Technology Institute, and Wisconsin
University (200 from 300 systems). Spread on networks ApraNet, MilNet, Science
Internet, NSF Net it practically has removed these network from building.
According to "Wall Street Journal", virus has infiltrated networks in
Europe and Australia, where there were also registered events of blocking the
computers.
Here are some
recalls of the event participants:
Symptom:
hundreds or thousands of jobs start running on a Unix system bringing response
to zero.
Systems
attacked: Unix systems, 4.3BSD Unix & variants (e.g.: SUNs) any sendmail
compiled with debug has this problem. This virus is spreading very quickly over
the Milnet. Within the past 4 hours, it has hit >10 sites across the
country, both Arpanet and Milnet sites. Well over 50 sites have been hit. Most
of these are "major" sites and gateways.
Method: Someone
has written a program that uses a hole in SMTP Sendmail utility. This utility
can send a message into another program.
Apparently what
the attacker did was this: he or she connected to sendmail (i.e., telnet
victim.machine 25), issued the appropriate debug command, and had a small C
program compiled. (We have it. Big deal.) This program took as an argument a
host number, and copied two programs – one ending in VAX.OS and the other
ending in SunOS – and tried to load and execute them. In those cases where the
load and execution succeeded, the worm did two things (at least): spawn a lot
of shells that did nothing but clog the process table and burn CPU cycles; look
in two places – the password file and the internet services file – for other
sites it could connect to (this is hearsay, but I don't doubt it for a minute).
It used both individual .host files (which it found using the password file),
and any other remote hosts it could locate which it had a chance of connecting
to. It may have done more; one of our machines had a changed superuser
password, but because of other factors we're not sure this worm did it.
All of Vaxen
and some of Suns here were infected with the virus. The virus forks repeated
copies of itself as it tries to spread itself, and the load averages on the
infected machines skyrocketed. In fact, it got to the point that some of the
machines ran out of swap space and kernel table entries, preventing login to
even see what was going on!
The virus also
"cleans" up after itself. If you reboot an infected machine (or it
crashes), the /tmp directory is normally cleaned up on reboot. The other
incriminating files were already deleted by the virus itself.
4 November the
author of the virus – Morris – come to FBI headquarters in Washington on his
own. FBI has imposed a prohibition on all material relating to the Morris
virus.
22 January 1989
a court of jurors has acknowledged Morris guilty. If denunciatory verdict had
been approved without modification, Morris would have been sentenced to 5 years
of prison and 250 000 dollars of fine. However Morris' attorney Thomas
Guidoboni immediately has lodged a protest and has directed all papers to the
Circuit Court with the petition to decline the decision of court... Finally
Morris was sentenced to 3 months of prisons and fine of 270 thousand dollars,
but in addition Cornwall University carried a heavy loss, having excluded
Morris from its members. Author then had to take part in liquidation of its own
creation.
What is a computer virus?
It is an
executable code able to reproduce itself. Viruses are an area of pure
programming, and, unlike other computer programs, carry intellectual functions
on protection from being found and destroyed. They have to fight for survival
in complex conditions of conflicting computer systems. That's why they evolve
as if they were alive.
Yes, viruses
seem to be the only alive organisms in the computer environment, and yet
another their main goal is survival. That is why they may have complex
crypting/decrypting engines, which is indeed a sort of a standard for computer
viruses nowadays, in order to carry out processes of duplicating, adaptation
and disguise
It is necessary
to differentiate between reproducing programs and Trojan horses. Reproducing
programs will not necessarily harm your system because they are aimed at
producing as many copies (or somewhat-copies) of their own as possible by means
of so-called agent programs or without their help. In the later case they are
referred to as "worms".
Meanwhile
Trojan horses are programs aimed at causing harm or damage to PC's. Certainly it's
a usual practice, when they are part of "tech-organism", but they
have completely different functions.
That is an
important point. Destructive actions are not an integral part of the virus by
default. However virus-writers allow presence of destructive mechanisms as an
active protection from finding and destroying their creatures, as well as a
response to the attitude of society to viruses and their authors.
As you see,
there are different types of viruses, and they have already been separated into
classes and categories. For instance: dangerous, harmless, and very dangerous.
No destruction means a harmless one, tricks with system halts means a dangerous
one, and finally with a devastating destruction means a very dangerous virus.
But viruses are
famous not only for their destructive actions, but also for their special
effects, which are almost impossible to classify. Some virus-writers suggest
the following:
funny, very funny and sad or melancholy (keeps silence and infects). But one
should remember that special effects must occur only after a certain number of
contaminations. Users should also be given a chance to restrict execution of
destructive actions, such as deleting files, formatting hard disks. Thereby
virus can be considered to be a useful program, keeping a check on system
changes and preventing any surprises such as of deletion of files or wiping out
hard disks.
It sounds quite
heretical to say such words about viruses, which are usually considered to be a
disaster. The less person understands in programming and virology, the greater
influence will have on him possibility of being infected with a virus. Thus,
let's consider creators of viruses as the best source.
Who writes computer viruses?
They are lone
wolves or programmers groups.
In spite of the
fact that a lot of people think, that to write a computer virus is a hardship,
it is no exactly so. Using special programs called "Virus creators"
even beginners in computer world can build their own viruses, which will be a
strain of a certain major virus. This is precisely the case with notorious
virus "Anna Curnikova", which is actually a worm. The aim of creation
of viruses in such way is pretty obvious: the author wants to become well known
all over the world and to show his powers.
Somehow, the
results of the attempt can be very sad (see a bit of history), only real
professionals can go famous and stay uncaught. A good example is Dark Avenger.
Yes, and it's yet another custom of participants of "the scene" – to
take terrifying monikers (nicknames).
To write
something really new and remarkable programmer should have some extra knowledge
and skills, for example:
good strategic
thinking and intuition – releasing a virus and its descendants live their own
independent life in nearly unpredictable conditions. Therefore the author must
anticipate a lot of things;
splendid
knowledge of language of the Assembler[1]
and the operating system he writes for – the more there are mistakes in the
virus the quicker its will be caught;
attention to
details and a skill to solve the most varied tactical questions – one won't
write a compact, satisfactory working program without this abilities;
a high
professional discipline in order to join preceding points together.
A computer
virus group is an informal non-profit organisation, uniting
programmers–authors of viruses regardless of their qualifications. Everyone can
become a member of the club, if he creates viruses, studies them for the reason
of creation and spreading.
The aims they
pursue together may differ from that of a single virus writer, although they
usually also try to become as famous as possible. But in the same time they may
render help to beginning programmers in the field of viruses and spread
commented sources of viruses and virus algorithm descriptions.
One can't say
that all of the group members write viruses in Assembler. Actually, you don't
have to know any computer language or write any program code to become a member
or a friend of the group. But programming in Assembler is preferred, Pascal,
C++ and other high level languages are considered to be humiliating. It does
make sense since programs compiled in Assembler are much smaller (0.5-5 kb) and
therefore more robust. On the other hand Assembler is quite difficult to
understand especially for beginners. One should think in the way computer does:
all commands are send directly to the central processing unit of PC.
There are
computer virus groups all over the world, few being more successful than
others. It may be pretty hard to get in contact with them since they are quite
typical representatives of computer underground world as well as (free)wares
groups. Sometimes, however, creating viruses can become a respectable
occupation, bringing constant income. After all, no one but the author of the
virus can bring valuable information on the way it should be treated and cured.
To whose advantage computer viruses are written?
Copyleft (cl)
is distribution of programs without registering the software, i.e. using a
cracked copy. The practice is widely used in the territory of former USSR even
by medium and big companies, to say nothing of ordinary users. This software is
stolen, which involves criminal responsibility (see legal notice). One of the
general valuables of our culture is a generosity, and you can't do anything
about it. But at least freeware lovers should know that proceeding with the
practice could be risky. That's the first use of computer viruses – as a sort
of compensation to software developers.
In the very
same way writing viruses usually does not bring profits to the author. At least
when the authors of a virus and a cure to it are different persons. The
situation is quite different when they are not, especially if the person
manages to hide the fact of the double-dealing. And that is the second
advantage of computer viruses.
Yes, developers
of antiviral software gain money from selling their remedy to a new widely
hyped by the mass media virus. Agitation can grow so strong that all and
everyone dash to buy an antiviral protection against even a most harmless
virus. The ordinal behaviour of share indexes in stock exchanges while a
computer virus epidemic is to fall. Somehow, the shares of such companies as
Symantec (which is famous for its Norton Antivirus) will soar up to the sky.
The tendency is
especially significant in the world of emerging New Economy. This fancy word
means an economy, based on computer services as the engine of the development.
The system takes place in the United States. That is why we hardly ever hear
the names of Dow Jones and Standard & Poor's in the mass media nowadays.
Their place is occupied by NASDAQ Composite index, based on the National
Association of Securities Dealers Automated Quotations system. The index is
responsible for the performance of high-tech companies, the base of the New
Economy.
We can't say
for sure, but maybe in the nearest future the index will be influenced more by
computers themselves, than brokers and dealers in the world stock exchanges.
IBM Corporation has recently presented its new invention – an automated broker,
which is indeed a mainframe (a very big computer) with specialised software. It
is a descendant of mainframe DeepBlue, well known for its skills in chess
field. Unfortunately, it seems that bad times have come for the whole economy
of the USA, which also means problems for NASDAQ.
Nevertheless
the initiative of IBM should certainly be greeted. Automated brokers seem to understand
the volatility of indexes in a much quicker and rational way than human beings.
There is an only drawback to eliminate – the problem of artificial intellect.
Machine can't think as a human.
Maybe computer
viruses could be of any use here too. After all, the flights to the Moon become
a simple effect of inventing the new ways of civil population extermination
during the Second World War (ballistic rockets). A wish to kill people did a
fantastic daydream become reality within fifty years. The first computing
machine was actively used while the first atomic bomb development. So sometimes
even very bad, much more dangerous than viruses (name at least one person being
victim of a cruel computer virus), can highly assist to the progress and bring
a greater profit.
A legal notice. Penal Code of Russian Federation
Chapter 28.
Crimes in sphere of computer information
Article 272.
Illegitimate access to computer information
1. Illegitimate
access to a law-protected computer information, i.e. information on the machine
carrier, in electronic-computing machine (PC), PC system or its network, if it
causes a destruction, blocking, modification or copying of information, breach
of work PC, PC systems or its network, –
is punished by
fine in the size from two to five hundred minimum sizes of labour payment, or
in the size of salary/other profit of the convicted for a period from two to
five months, or by corrective works for a period from six months to one year,
or by deprivation of liberty for a term up to two years.
2. Same deed,
performed by a group of persons on the preliminary collusion or by an organised
group or a person using their official position, as well as having access to
PC, PC system or to its network, –
is punished by
fine in the size from five to eight hundred minimum sizes of labour payment, or
in the size of salary/other profit of the convicted for a period from five to
eight months, or by corrective works for a period from one to two years, or by
arrest for a period from three to six months, or by deprivation of liberty for
a term up to two years.
Article 273.
Creation, use and spreading harmful programs for PC.
1. Making the
programs for PC or a contributing the changes to exist programs, undoubtedly
bringing about unauthorised deleting, blocking, modification, or copying
information, breaking of PC functionality, PC systems or its network, as well
as use or spreading of such programs or machine carriers with such programs –
is punished by
deprivation of liberty for a term up to three years with the fine in the amount
between two and five hundred minimum amounts of labour payment, or in the
amount of salary/other profit of the convicted for a period from two five
months.
2. The same
deeds having caused on indiscretion heavy consequences, –
are punished by
the deprivation of liberty for a term from three to seven years.
Synopsis
The history of
computer viruses has begun recently, but it has already become legendary.
Almost everyone knows a few awesome fables about these creatures, but hardy
anyone understands what computer virus is.
Computer virus
is an executable code able to reproduce itself. Viruses are an area of pure
programming, and, unlike other computer programs, carry intellectual functions
on protection from being found and destroyed. They have to fight for survival
in complex conditions of conflicting computer systems.
Viruses seem to
be the only alive organisms in the computer environment, and yet another their
main goal is survival. That is why they may have complex crypting/decrypting
engines, which is indeed a sort of a standard for computer viruses nowadays, in
order to carry out processes of duplicating, adaptation and disguise
Viruses are
written by lone wolves or programmers groups.
Using special
programs called "Virus creators" even beginners in computer world can
build their own viruses. The aim of creation of viruses in such way is pretty
obvious: the author wants to become well known all over the world and to show
his powers.
The results of
the attempt can be very sad, only real professionals can go famous and stay
uncaught. To write something really new and remarkable programmer should have
some extra knowledge and skills.
A computer
virus group is an informal non-profit organisation, uniting
programmers–authors of viruses regardless of their qualifications. Everyone can
become a member of the club, if he creates viruses, studies them for the reason
of creation and spreading. You don't have to know any computer language or
write any program code to become a member or a friend of the group. Programming
in Assembler is preferred, Pascal, C++ and other high level languages are
considered to be humiliating
There are
computer virus groups all over the world, few being more successful than
others. It may be pretty hard to get in contact with them since they are quite
typical representatives of computer underground world as well as (free)wares
groups. Sometimes, however, creating viruses can become a respectable
occupation, bringing constant income. After all, no one but the author of the
virus can bring valuable information on the way it should be treated and cured.
Developers of
antiviral software gain money from selling their remedy to a new widely hyped
by the mass media virus. Agitation can grow so strong that all and everyone
dash to buy an antiviral protection against even a most harmless virus. The
ordinal behaviour of share indexes in stock exchanges while a computer virus
epidemic is to fall. Somehow, the shares of high-tech companies producing
antiviral software will soar up to the sky.
An epidemic of
foot-and-mouth disease has overwhelmed Europe in these days (March 15, 2001).
It seems that a vast economic crisis is breaking out in America. World finances
make their best to escape the worst.
A break-through
in the sphere of artificial intellect development could prevent NASDAQ from
complete falling down. The help may come from an unexpected side...
But don't
forget that creation, use and spreading harmful programs for PC is a criminal
offence, as well as using cracked versions of programs. Our penal code
establishes a punishment up to seven years of jail.
And be aware
that computer viruses came for a long time, unless forever.
[1] Assembler - a low level, hardware- oriented computer language
|
