VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Future waits for your viruses

*-zine (Asterix) [2]
December 1999

[Back to index] [Comments]

I agreed with Navrhar to write some real hard-core sci-fi about future of viruses that can be. I bring you some ideas that can be really good, if you can write 'em. I have no time left for it, Navrhar has no morale anymore for it. But all of them we solved already some time ago, but you should think about them for your own and you can be really smashing. Thats the reason I decided to write something about it: everyone is coding yet-another-poly-windows-pe-outlook-worm. Aren't you bored of it? All the time replicating some already present ideas? Don't you want to develop something really new. Here we have some ideas that are userfull and realiseable. Do it on your own...

Active internet/networking support

Did you ever thing why the worms are so successful? Because users are now more sending a emails or uses internet instead of copying exe files to floppies for someone else. But current worms are really stupid. They just send themself to someone else (all of todays mail worms) and hopes there is some stupid user that will run it. Isn't it crazy? It something like writing in email: "send me to someone else, i'm a virus and i want to be spread". Stupid, isn't it? Do you really need a stupid users? You can do many things by your own. But you have to know how, of course.

For this reason I recomend you to study a networking a bit, some easier protocols like http, ftp, smtp, telnet. Under windows you can do anything, you can filter 'em just like a real sniffer to get some passwords, you can also install a sniffer and filter all the traffic on your network. If you have some jokers in your hands you can start spreading oneself actively (not a passive as everyone does it now). You can install yourself on remote servers, you can map someone else's disks and infect them, you can infect pages on web-server by your own, you can take your future in your hands? So why you don't?

Self-optimizing performace

Viruses are usualy stupid - they do the same things all the time. They, for example, infects like crazy, or will not notice that user is searching for them. But you can monitor all this, you can learn all this. How? Well, i've seen using neural network for nothing - just to be there - but it you are wise, you can use them for real, not wasting a space like someone else: you can learn how user acts on his computer, and you can notice then if he has some suspection, or what is he doing! Because your virus can self-optimize himself to do that.

But not only neural nets are good for it - did you think about genetic model? Yeah, virus navrhar is ready for it, but do not performs it. Pitty. But you can create modular structure (each of them coresponded to one gene, for example) and ty supply a lot of other genes and let them optimize its own performace by Darwin's evolution in the wild. It can best show you how the virus should be coded to be good - because only good ones will surrive (you your code will be bug-free, of course).

Be inventive - era of old viruses is in the past, to be best, you have to be dynamic, adaptive, protable, and wise.

Reentrable filetargets

It is easy to implement and is very effective - try to write all your infection routines reentrantely, so you can combine them any way: have you ever heard about exe file beeing infected, that was inserted as an attachment into word document (ole2 structure filesystem), that was compressed using zip, send over email, ascii armored with base64 encoding? It is simple, and very effective. Today it is still harder to find some suitable infection target, but it is so easy - if you can combine your access functions, you can call them whatever way you want, and you can easily do the important things. All is needed not to have a local variables fixed, but a dynamic. Go ahead...

Password hijacking

It is very old technique, still used by hackers and still efective. You can usualy access password files. But they are one-way encrypted, and if you want to use some other accounts - for active inet support on some unix servers, for example, you need to know the passwords. So you can hack them. It can be done also for WinNT password file. Because passwords are one-way encrypted, and for verifying only a encrypted forms are compared, all you need is to test all the words you can imagine to encrypt it and to try if it matches. Then - goal, and you can do what you want as you know a password. But it tooks a lot of time. Well, if you are on some users machine, you are there for weeks or even months. You can use the time when user is not using cpu (which is usualy quite often) and test them like a hell.

Also, you can use some password files. It is not possible to take some with you, as they ar usualy some megs long, but you can download them from the internet (easily using http protocol), or you can use some pages downloaded from internet and test all the words there - because users usualy sets a passwords simmilar to what they like. And they also browses pages what they like as well. So the password can be also on them like a regular word...


Last thing I want to mention is a multi-platform support. It is not yet fully supported at all. Navrhar virus and Anarchy does it in some way but not completely. Because there are many operating subsystems (call it this way) that gaves you opportunity to surrive. You can use them all to surf from onw target to another. For example, it is good to be an exe-virus, as you can do many things, but documents are mostly copied, instead of exe files. So you need a ole2 support to transfer itself elsewhere. But not only this. You can switch yourself to vbscript, to spread itself through html. And I can continue listing these features for some time as well, but you can guess some by your own, don't you?

Community born to communicate

Everyone thinks about virus like a single entity. But it isn't, in nowadays world when all is connected to be able to communicate, so why viruses don't? Why not to use active copies of viruses to communicate through internet to exchange userful infromations, genes, for example, or distrubute updates. If you can do this - it is no more single virus but a whole community that can do wonderfull things: for example couple of entities knows each other. If one of them dies, others will know about it - and they can brute-attack target machine to infect it, to flood it and to crash it (easy with win ;)

A new horizonts are waiting, so don't be affraid and go straight ahead!

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka