Viruses (was Re: Yippee!)

Viruses (was Re: Yippee!)

Post by Mark Smi » Sun, 31 Dec 1899 09:00:00




Quote:>  Why write a virus? Beacuse it's very challenging... anyone can write an
> app, but try writing a virus, it's a different kettle of fish...

What gives you the idea that it is challenging? Anyone with a reasonable
knowledge of RISC OS and a set of PRMs can write a virus and, as I'm sure
Alan Glover will tell you, a number of them are very poorly written and a
number are written in BASIC.

I can think of plenty of more challenging tasks and they probably include
every Acorn project of any significance that I've ever been involved in.

Quote:>  There's nothing wrong in writing *harmless* viri, as long as you keep them
> to yourself.

The problem is when they do get out, whether by accident or design.

If it doesn't get out and is destroyed then its purely a waste of time for
someone who probably doesn't have anything better to do.

But the Vigay virus apparently got out by accident. Whether or not this is
true makes very little difference, the end result is identical - another
virus on the lose.

And as to viri being "harmless" - anything that messes around, infecting
files all over the place, claiming vectors for unintended purposes and
making their presence felt by causing odd things to happen has the potential
to cause damage.

When, as I have, you've spent a very long time going through an entire
school's collection of floppy and hard discs to get rid of a module virus
infection (a so-called harmless virus), it's not funny for anyone.

Quote:> To anyone daft enough to write a malicious virus, I have only
> one thing to say... I hope it trashes your H/D!!! :->

Hmm.

[Followups to comp.sys.acorn.misc]

--
Mark Smith

 
 
 

Viruses (was Re: Yippee!)

Post by Patrick Herbo » Sun, 31 Dec 1899 09:00:00



Quote:

> When, as I have, you've spent a very long time going through an entire
> school's collection of floppy and hard discs to get rid of a module virus
> infection (a so-called harmless virus), it's not funny for anyone.

 And what gives you the idea that I haven't? Back at school I was the
network manager, responsible for keeping the beast (network, that it) alive.
I too have spent hours cleaning Hard drives and floppies to kill off viri.
Its not much fun, I KNOW... I had to do it BY HAND (no !Killer or the like)

 I was not trying to defend those that do write viri... mearly saying that
it is indeed an interesting challenge. If you can't keep the thing from
escaping then you shouldn't be write one! As for it being a waste of time...
well OK you have nothing to show for your trouble BUT when faced with a more
'useful' challenge, some of the methos used can be quite useful!

 As an example how do you persuade a podule that requires RO 3.1 to run on a
RO 3.0 machine? I faced this problem with a G8 on an A5000... I was told it
would work under 3.0 but when I got it home it would not work! Under 3.5 you
can just add a ROM patch, but under RO 3.0 you couldn't. And you can't just
go and kill UtilityModule and load a new one from disc... I'll post the
answer in another posting!

--
Patrick Herborn
... I idiot-proof my programs, but then along comes a bigger idiot.

 
 
 

Viruses (was Re: Yippee!)

Post by Ian Lyn » Sun, 31 Dec 1899 09:00:00



> When, as I have, you've spent a very long time going through an entire
> school's collection of floppy and hard discs to get rid of a module virus
> infection (a so-called harmless virus), it's not funny for anyone.

Couldn't agree more. Leave the viruses to Bill Gates.

--
Ian

 
 
 

Viruses (was Re: Yippee!)

Post by Alan Glov » Sun, 31 Dec 1899 09:00:00




>>  Why write a virus? Beacuse it's very challenging... anyone can write an
>> app, but try writing a virus, it's a different kettle of fish...

>What gives you the idea that it is challenging? Anyone with a reasonable
>knowledge of RISC OS and a set of PRMs can write a virus and, as I'm sure
>Alan Glover will tell you, a number of them are very poorly written and a
>number are written in BASIC.

And those last two aren't exclusive :-) I could write a book about poor
programming style...

Quote:>>  There's nothing wrong in writing *harmless* viri, as long as you keep them
>> to yourself.

>The problem is when they do get out, whether by accident or design.

I'd also contend there is no truly harmless virus. Every virus has some
side-effect, even if it's just consuming some memory and disk space.
On a tight (eg 1Mb) system this can be the difference between
being able to run an application and not being able to load it at all.

Consider Extend - apparently harmless, but every infection takes a
further 1K of memory, and the computer is eventually unusable until
it is rebooted.

Some applications do self-checks, either for authentication or as virus
detection - when an application detects a change it doesn't know that
the virus is "harmless, guv, 'onest!" it'll still refuse to run. This
causes a support overhead for the application publisher and aggravation
for the user.

Quote:>But the Vigay virus apparently got out by accident. Whether or not this is
>true makes very little difference, the end result is identical - another
>virus on the lose.

And it doesn't end there. I now have two different strains of Vigay from
the wild, and there are another two or three which have used it as the
base for modifications to behave slightly differently. What starts as a
harmless virus soon ceases to be.

(The same applies to Icon - I may never know which Icon was the true
original, but it either did nothing (Icon-2616) or produced nonsensical error
messages in its original form (Icon-5498(?)). Again, this has been used as
the vehicle for nastier behaviour such as formatting discs, deleting files,
sabotaging files, and crashing the system.)

Alan
author: !Killer/VProtect

_______________________________________________________________________________



A posting in c.s.a.a does not constitute endor*t by Acorn Computers Ltd.

 
 
 

Viruses (was Re: Yippee!)

Post by Kane Clov » Sun, 31 Dec 1899 09:00:00




> >  Why write a virus? Beacuse it's very challenging... anyone can write an
> > app, but try writing a virus, it's a different kettle of fish...

> What gives you the idea that it is challenging? Anyone with a reasonable
> knowledge of RISC OS and a set of PRMs can write a virus and, as I'm sure
> Alan Glover will tell you, a number of them are very poorly written and a
> number are written in BASIC.

> I can think of plenty of more challenging tasks and they probably include
> every Acorn project of any significance that I've ever been involved in.

Yeah. I'm not great at programing I could probably write a virus. I couldn't
write a good app though, they take a lot longer and a lot more skill and
patience.

Of course it all depends what sort of virus we are talking about.
Some very simple BASIC virus doesn't come close to any usefull app in terms
of technical skill. More advanced viruses like a Whale that can only be found
on a PC thank god, may arguably take more technical skill to write. Things
can get very complex when it comes to invisibility/undetectability. Of course
not many people outside the hacker comunity appreciate your tallent....

Quote:

> >  There's nothing wrong in writing *harmless* viri, as long as you keep them
> > to yourself.

> The problem is when they do get out, whether by accident or design.

> If it doesn't get out and is destroyed then its purely a waste of time for
> someone who probably doesn't have anything better to do.

People do it for the thrill mostly. Some get a kick out of knowing that their
code has spread to another computer, even another country.
Anyway, the term Harmless can have a number of meanings. They all take space.
Wasn't the module virus meant to be harmless? It disrupted printing quite
frequently. It made us spend money on a virus prtection scheme!
What about probe/worm variants? They divulge information about your system.
would you class this as harmfull?
Still, my definition of harmfull still rests witj the data deleting virus.

Quote:

> But the Vigay virus apparently got out by accident. Whether or not this is
> true makes very little difference, the end result is identical - another
> virus on the lose.

> And as to viri being "harmless" - anything that messes around, infecting
> files all over the place, claiming vectors for unintended purposes and
> making their presence felt by causing odd things to happen has the potential
> to cause damage.

> When, as I have, you've spent a very long time going through an entire
> school's collection of floppy and hard discs to get rid of a module virus
> infection (a so-called harmless virus), it's not funny for anyone.

A teacher I know did that, twice. The trouble is you always get some technophobe
teachers getting really up tight and panicing. These same teachers normally
horde away disks in their desk draws only to boot them up after the virus
killing session, re-introducing the infection.

Quote:

> > To anyone daft enough to write a malicious virus, I have only
> > one thing to say... I hope it trashes your H/D!!! :->

Nar. They'd have a safeguard against that!!!!

A lot of the people I've talked to write a melicious virus to destroy an
individual's data. It's often easier to make the replication code just replicate
to where ever possible, whenever possible without getting noticed. They don't
bother to take the time to check it's only capable of getting the person
intended. The infection of other people's hardware is a bi-product, in some
cases not an undesired one.

Quote:

> Hmm.

> [Followups to comp.sys.acorn.misc]

By the way, I'm not a virus creator or anything like that. It's just some
people I hang around with on the net do.

--

_.-*`~`*-._.-*`~`*-._.-*`~`*-._.-*`~`*-._.-*`~`*-._.-*`~`*-.




| \             |                            ;:;:;:;:;:;:
|  \            |                            :,:,:,:,:,:,
         ...............                     ,.,.,.,.,.,.
                                             ............
 - This message has taken the author a        . . . . . .
   considerable amount of energy to create,  .  .  .  .
   and put him through a lot of stress. If      .   .   .
   you have gained pleasure in reading it,  
   you should show your appreciation by      .   .   .
   sending him your credit card details.      .  .  .  .
                                             .  .  .  .  
 - Registration will give you the right to    . . . . . .
   replicate it by whatever means you see    . .. .. .. .
   fit, as long as no alterations are made   ............
   to it's content. Replicating it without   ,.,.,.,.,.,.
   the above stated registration is a        :,:,:,:,:,:,
   serious act of piracy, a jailable offence ;:;:;:;:;:;:
   in most developed countries.              *;*;*;*;*;*;


_.-*`~`*-._.-*`~`*-._.-*`~`*-._.-*`~`*-._.-*`~`*-._.-*`~`*-.

 
 
 

Viruses (was Re: Yippee!)

Post by Ashley Woodham » Sun, 31 Dec 1899 09:00:00


Quote:> By the way, I'm not a virus creator or anything like that. It's just
> some
> people I hang around with on the net do.

Perhaps you should choose your friends more wisely?

A s h .                

 
 
 

Viruses (was Re: Yippee!)

Post by Da Pengui » Sun, 31 Dec 1899 09:00:00



Quote:

>> The problem is when they do get out, whether by accident or design.

>People do it for the thrill mostly. Some get a kick out of knowing that their
>code has spread to another computer, even another country.

You can get that thrill by writing freeware...

Alun.

--

tr&J-ZA-Ij-za-i&A-Za-z&&s&\(&logic&&&s&\*&un&g&s&=&al&g&s&\^&it&g&&
s&%&st&g&&s&\$&ber&g&s&\#&\n&&s&"& of&g,s&([A-Z])& $1&g&&s&\\u&U&&&
s&!&es, &g&s&\\a&A&&s&1&i&g&&print" $_\n";sub liminal{"use perl!";}

 
 
 

1. Is this a virus? (Virus not included.)

I had never received any of the email viruses that had been mentioned on TV.
However today I have received an email with the subject

Re Miss You

I guess that if I had read the file with a PC it would have automatically
run the script in the body of the html.

It starts with a

function Merlin( s )

and what looks like javascrip commands and half a page
of code. It then finishes with

var s= Merlin ( sJsCmds);
document.write (s);

then finishes the script.

Now is this a virus?

If so what should I do. Who should I tell. Or should I just say MISSED 8-).

Displaying the full header with Marcel gives me some information like who it
was From: and Reply-To: as well as the servers that received it.

The email was in my DUMP user because it was filtered out. This was because
it was not To: any known user but was  

Now perhaps because it has to much info it is not a virus but something else.
I just would like to know. I guess I could back up my PC card partitions
unplug the modem and run it to see what happens? Easy to delete thenm and
copy the backups back in after.

Comments please.

--
Paul C.Robinson. Born to be a rebel.
Loves Ice Hockey, my Honda Hornet (CB600FY) and RISC OS computer systems.
Speaking for me myself and I when you see this sig. #8-)
Alternative communication Tel:- (+44) 1708 852225 Fax:- (+44) 8700568378

2. Compaq announces some TPC benchmarks

3. New Virus Killer - BETA testers and virus samples needed

4. Converting RealG2 audio

5. Acorn Virus Killer - Viruses and BETA Testers wanted

6. Video Wall Matrix

7. *** VIRUS *** ALERT *** VIRUS *** ALERT

8. Acorn User at South East Show (yippee)

9. I *SQUASHED* a few bugs... YIPPEE!!!!

10. I Am Very Sorry!!!

11. Am I the odd one out??

12. I am the only one with James Pond?