Some New Ideaz for Future Viruses

Black Cat Virus Group [3]
September 2002

In this article, I'll explain about some possible new ideas, methods and techniques to be used in future viruses, be it worms, trojans or file infecting viruses

Note that all methods and ideas I've discussed here are not pure facts. They're based upon what I think it's possible from my experience being a virus writer/researcher and collector.

Learning Capability

One technique which I've not seen so far in the virus scene is learning capability. Someday somehow a virus with learning capability will emerge. Some would say it's impossible but who knows....everything's possible. We've seen the world's first JPEG infecting virus - Perrun (well not actually a "real" JPEG infecting virus coz it requires the stub Exe file as a middle man). JPEG infection is regarded as impossible all these years until the appearance of Perrun.

Learning capability in viruses can be implemented using AI methods. This is where the virus can learn about its residential environment in a system, virtually taking into account the operating system specs, type, stats and characteristics. The virus will then change its way of behavior, according to its environment. For example, the virus will be able to quickly adapt to its surroundings in the system when new softwares are being installed, modified, updated or deleted or even system settings changed. This represents a successor to the current polymorphism, metamorphism and oligomorphism in current virus trends.

Virus -> Virus Communication: Developing a Common Virus Language

This is another technique which I've not seen in today's virus world. Basically it involves developing a "virus language" for viruses to communicate with each other. Like we humans communicate using our language, be it English, Chinese, Spanish or Japanese; a common language for viruses can be developed. This could be either composed of normal alphabetical words or even jumbled words of numbers, characters and special symbols. By having a common virus language, viruses can communicate with each other whether it's the same virus instance on an infected system or a different virus that supports the common language. Viruses can then exchange information regarding the state or itself using AI methods and then adapt or change itself according to these information. The medium of communication can be either through network, utilizing network protocols, or IPC such as mailslots, mapped memory and named pipes or any other medium which is suitable. This, coupled with the learning capability of a virus makes a virus mimics real world lifeform having its own intelligence and life.

Steganographic Viruses

Viruses could utilize the power of steganography as a mean to propagate. By residing and hiding in data files like image, music or movie files, it's a perfect technique to hide from prying eyes or even detection of AV softwares.

Multi-Protocol Viruses

Modern worms uses email as a mean of primary propagation. They can either use the classic MAPI method or impementing a built in SMTP engine or using the more advanced API hooking (used by Win95.SKA). All these uses TCP/IP as the main network protocol. In the near future, it's possible to see viruses/worms that utilizes other network protocols such as Novell's IPX/SPX, IBM's NetBIOS, or SMB. These viruses/worms can use one or a combination of several of them to spread itself and reach out to more systems.

Mobile Phone Viruses

I'm not sure if this technology has appeared in the virus scene but I'll try to explain it. Nowadays, mobile phones are becoming a must among people all around the world, especially youths. Viruses/worms can infect mobile phones. They can use the classic method of enumerating your address book, in this case your contact no. of all your friends in your mobile and propagate itself to each of them via SMS. This method is similar to that of the Melissa virus and several other worms. Mobile phones are a heaven for viruses/worms due to the widespread of use of mobiles around the globe. If that's the case of widespread of mobile phone viruses, they'll probably have AV softwares on mobile phones :)

Well, that's it. I've explained some possible ideas and techniques that could be implemented in future viruses/worms. Till then, Adios.

