1 (edited by alcopaul 2017-02-15 04:45:34)

Topic: Perrun Virus: The Misunderstood Malware Of The Early 2000

by alcopaul
2/14/2017

When I first conceptualized Perrun, I thought of it as a joke. Why? The mere fact that it targeted data files was already incomprehensible or a joke, for viruses that time targeted executables. There was I think 1 that targeted Shockwave files, but Shockwaves allowed code to be executed. But for Jpegs case, there were no such feature.

Looking back, I thought that it highlighted a concept that is now common today. Virtual machines.

Today, we have .NET framework, which was debuted almost the same time later as Perrun. Now that .NET framework and Java Virtual Machine use is prevalent, I will relate to you how Perrun behaved similarly.

Perrun was written in Visual Basic and I coded it as a proof of concept. Thus abstraction was the highlight. The Perrun executable arrives in a linked dual component executable which consisted of an "extractor" aka our Virtual Machine called extrk.exe and the virus.

How did it work? Extrk.exe was installed, making sure that all the clicked Jpegs passes through it by modification made in the registry. And when Jpegs were clicked, the Jpegs were read by extrk.exe, looking for the virus appended to the Jpeg and if found, executes the virus attached to the Jpeg. The virus independently infects another Jpeg in the current directory. Then extrk.exe displays the picture as if nothings happened. If the virus is not found, extrk.exe just displays the picture.

During those times, people called it stupid because they said you have to infect the computer "twice". (Even the famed Bruce Schneier called it that too, but lol.) And infected Jpegs can't infect other computer. But obviously, the feature depends on the "Virtual Machine".  Probably the Virtual Machine concept didn't sink to the people back then. But Peter Szor's evaluation of Perrun on his book was spot on - Modifying the environment to suit the virus' needs.

To sum up, this is what Perrun really is - a proof-of-concept virus required a component that behaved like Java virtual machine or the .Net framework for the virus to carry on infecting Jpegs. I think it was ahead of its time. Or not, coz all we have now are ransomwares, which by the way is similar to Perrun coz they target data files. So I take back what I said, yeah, ahead of its time.

Perrun write-up of Mcafee https://home.mcafee.com/virusinfo/virus … ?key=99522
Perrun source code https://github.com/alcopaul/perrun/blob/master/virus.vb

[CQK]
Twitter: @thealcopaul

Thumbs up Thumbs down

Re: Perrun Virus: The Misunderstood Malware Of The Early 2000

Had a similar idea awhile back, but only wrote the extractor

https://github.com/blmvxer/Dormant-Malw … ter/DME.py

Thumbs up Thumbs down