PDA

View Full Version : Motivation Behind Virus Wiriting



RobS
09-07-2001, 04:19 AM
I was just wondering what you good people thought the main motivations are behind virus writing and what you think of the people who write/distribute them.

Fordy
09-07-2001, 04:35 AM
I think itís mostly just malicious people without the notion to do anything worthwhile with their skills. I think it was NV that said in an earlier thread that in the old days viruses attached themselves to .exe files and were spread that way. I imagine this process requires a good level of understanding and skill. These days script kiddies write these viruses in MS-Word using VBA, often with no real skill involved.

The people themselves must gain some sort of satisfaction from causing misery or inconvenience to others - what that says for the personality of these people is anyoneís guess.

Witch_King
09-07-2001, 04:59 AM
The virus is the executable, not attached to it. It could take on a new name however. It's not too too difficult to write a virus that targets an operating system like Win9x. I don't know what script viruses are, but I know about writing viruses in C and C++.

RobS
09-07-2001, 05:21 AM
The "I'm a malicious bar-steward" stance as far as I can reason to myself is one of the more justifiable ones.

"The I was pointing out security gaps" is a so weak. If you noticed your local bank or shop had a security gap you should burgle them, honest, it's the only way they'll learn, yeah right, you couldn't have just told them? I'd love to find someone who wrote a virus and used this "justification" and show them the deficiencies in their immune system and/or medical science/health care system by injecting them with ebola.

Witch_King
09-07-2001, 05:26 AM
I could write a friendly virus and send it to you guys. It would just write itself into autoexec.bat and pop up a "I Love Microsoft" message every time you turned on your computer. Nothing malicious I mean. Do you doubt me?

Fordy
09-07-2001, 05:38 AM
>>The virus is the executable, not attached to it.

I was thinking more of viruses patching .exe files and adding a few lines of malicious code

Witch_King
09-07-2001, 05:50 AM
Okay, than I don't know how to write a virus like that, but the thing is, it's easy enough to write an executable that creates temporary files, even batch files or just about anything, even propogate itself and send itself out to other machines with a program like outlook express. Well, the email part, I would need some time to figure out, but I'm not exactly learning programming for the purpose of writing viruses. A person does pick up all of these skills right here at Cprogramming though.

Fordy
09-07-2001, 06:06 AM
>>it's easy enough to write an executable that creates temporary files, even batch files or just about anything,

Oh yeah thats easy enough. Also add to that registry editing.

>>even propogate itself and send itself out to other machines with a program like outlook express.

You dont even need outlook. Just winsock, smtp and mime knowledge. (Well I suppose you would need to access the address book to get the addresses of those who the virus will spread to).

>>but I'm not exactly learning programming for the purpose of writing viruses.

Glad to hear it. There are plenty of more rewarding outlets relating to programming that we can take advantage of.

nvoigt
09-07-2001, 06:25 AM
"The virus is the executable, not attached to it."

Yes and no...

VIRUS: a virus used to be some kind of infection. Virii consisted
of code attached to .exe or .com files that had a valid use, and
every time it was executed, the virus code was executed, it
infected another randomly chosen .exe or .com and after that,
it would run the original code. They came on disks from friends,
colleagues or classmates, in times where everyday email or
internet access at home was something you didn't even consider.

Some trigger event caused all infected files to act destructivly.

You could copy a game from a friend, put it on a disk, and play
it at home... bang, hit by a virus.

The worms and virii that happen to hit home nowadays are
written in scripting languages like VBA. Look at ILOVEYOU.
It was a bunch of VBScript. And you had to run it yourself to
get it working. I have the source of ILOVEYOU, not hard to get
when it's a script, and it's far from spectacular. It's a straight-
forward script doing what we all know it did. Nothing sneaky,
nothing hidden.

Ten years ago, you got viruses that would invade your privacy
and sneak into your system.

Today, you get a bomb and a note saying "please blow me up
in your face. Love -Someone".

I would like to know how to write a real virus. Just for making one
that does nothing but pop up a message saying "gotcha".
We get hit by wave after wave of maliccious programs that
arrive by mail. We tell children not to take gifts from strangers.
Computers might be another world, but how do people came
to the conclusion it has to follow other rules ?

Learn to use a computer.
Turn on the advanced options.
Don't run executables of people you haven't spoken to personally.
Use a personal firewall.

That's not too hard, that's not too expensive.
I followed these guidelines and I never ever got a single
virus or worm...

Govtcheez
09-07-2001, 06:29 AM
Learn to use a computer.
Turn on the advanced options.
Don't run executables of people you haven't spoken to personally.
Use a personal firewall.

That's not too hard, that's not too expensive.
I followed these guidelines and I never ever got a single
virus or worm...I agree - do people that continue to get viruses just run every executable file that gets sent to them?

What if we wrote a collective virus here that spread like a normal worm, but instead of doing smth mailicious, installed NAV or smth like that?

RobS
09-07-2001, 06:38 AM
I got hit by SirCam. It modus operandum is via email attatchments.

Out of the 3 people I've received emails from since its "discovery" a couple of months ago. I've spoken to 2 of them, they didn't have it or any record of it, waiting to hear from the third.

It might have been my girlfriend when she checked her web based email on my PC, I'll never know.
Or when she decided that she didn't like the cd ripping software
that came with my DAP (gift, well bought with cash that I was given but I was told to get something fun not useful) and downloaded some.

I was putting off getting some decent firewall and antivirus software because I'd buy it rather than get freeware or shareware. and I had slightly more pressing things to spend on like food, bills and rent at the time and I've paid the price in a little bit of my remaining sanity and about 3 hours of my time.

I also find it a bit objectionable. Why should I stop at a personal firewall, why I don't buy body armour incase someone decides to start shooting randomly at people on the street. The people who write viruses seem to assume the "rules" in the computer world work differently, not entirely sure where I'm going with this now so I'll stop.

Fordy
09-07-2001, 06:46 AM
>>was putting off getting some decent firewall and antivirus >>software because I'd buy it rather than get freeware or >>shareware. and I had slightly more pressing things to spend >> like food, bills and rent at the time and I've paid the price in a >>little bit of my remaining sanity and about 3 hours of my time.


I bought Norton internet security. It was a beast to configure especially as I have 2 computers on a lan, and it always tried to stop them from communicating.

I got rid of the firewall and kept the NAV part of it. I then downloaded ZoneAlarm and I must say I'm very impressed, especially as its free. Its not worth holding off on buying a firewall when you can download a good one for free now.

RobS
09-07-2001, 06:57 AM
Fair enough, thanks for the advice, might just get a copt of NAV after work.

How bigs the ZoneAlarm download, ie am I best off using fast work connection, burning it onto cd and carrying it home (Also with the added bonus of going through works firewall and antivirus) or allowing it to trudge through directly to my currently inadequately protected pc at 56.6kbps at home.
Or shall I just do my own research. God I'm feeling lazy.

Govtcheez
09-07-2001, 07:00 AM
I think ZA was ~5 MB

Fordy
09-07-2001, 07:00 AM
Go to Zonelabs (http://www.zonelabs.com/)

I downloaded it on a 56k - didnt take long

Witch_King
09-07-2001, 07:03 AM
I use AVX Professional.

All I was saying was that it isn't too difficult to write a virus using C/C++ just based on the skills that we learn here at Cprogramming. In order to write a virus that communicated information back to you, you would have to know a little bit about XML/SOAP, etc, which we don't cover here at Cprogramming. It would be simple enough to write a program that searched all the files and directories on someones computer and returned a list back to you of all that information, so you would know everything they had. You could even get it to send copies back to you of any file you wanted that was on their computer, but in order to impliment this C/C++ program, like I said you would have to know a little more than we learn here, stuff involving internet and email.

rick barclay
09-07-2001, 10:00 AM
Originally posted by Witch_King
I could write a friendly virus and send it to you guys. It would just write itself into autoexec.bat and pop up a "I Love Microsoft" message every time you turned on your computer. Nothing malicious I mean. Do you doubt me?

I've read that most viruses do just that, or something similar.
It looks to me like the Code Red virus was written by a group
of people with an ax to grind. A group calling itself Code Red
or something like that recently attacked the website of the
local Township of Marlboro, not once but twice. Both times
anti-smoking messages were left behind. They'd better be
glad they don't call themself the Township of Microsoft :) .

rick barclay

Sebastiani
09-07-2001, 10:20 AM
And what about virus protection? How do you write a program that analyzes other programs for virility?

Witch_King
09-07-2001, 10:22 AM
I'm not sure, I've never developed an application like that but I imagine that they have a database of fixes somewhere.

Fordy
09-07-2001, 11:21 AM
I think most anti-virus progs work look for viruses already know. That would account for the reason why I download a new dat file from NAV every couple of days. As well as this some programs have a heuristic setting. I guess this allows the anti-virus program to take an educated guess in some instances. I donít know effective this is though. I never put it to the test.

no-one
09-07-2001, 12:07 PM
>I could write a friendly virus and send it to you guys. It would just write itself into autoexec.bat and pop up a "I Love Microsoft" message every time you turned on your computer. Nothing malicious I mean. Do you doubt me? <

amature... AUTOEXEC.BAT!!!!!! come on...there are so many better ways that are harder to detect.

Witch_King
09-07-2001, 01:03 PM
Thats not the point. I'm not trying to make a deadly virus or anything, I'm just saying that I could write an ordinary C program that is a virus, so could anyone here.

no-one
09-07-2001, 01:04 PM
ahh then excuse my post.

nvoigt
09-07-2001, 03:38 PM
Why should I stop at a personal firewall, why I don't buy body armour incase someone decides to start shooting randomly at people on the street.


No, no one wears body armour. But you do have a lock at your
home and at your car, don't you ?



How do you write a program that analyzes other programs for virility?


The existing programs search for patterns in files. Therefore, only
mutations of existing and detected viruses can be found. New
virii will not be found until the first wave struck home.

Another question would be what is a virus ? A program that
formats your harddrive, is it a virus ? Is it still a virus if you
want it to format your harddrive ?

Nick
09-07-2001, 04:26 PM
A virus is just a self replicating program :)
So no, sending by email exes which say "Format Harddrive" are
not viruses.