lan@bucsf.bu.edu (Larry Nathanson) (03/05/91)
This is an edited version of something I wrote for
comp.risks 6.29 on 19 Feb 88.
- -----------------------------------------------------------------------
A few years ago, while I was in high school, I read a short
desciption (in Sci. Am.) of 'a neat thingy' called a computer virus.
For the hell of it, I decided to write my own. (This was before
"computer virus" was a buzzword in every household). It was short,
(<500 lines source code) and contagious to Apple // DOS 3.3 disks.
Since it was a challenge and not a malicous attempt to destroy data,
when it triggered, all it said was "BOO". It was never 'released' and
I have the only copies of it.
After a while I started wondering what use viruses could have, besides
the destruction of data. One of the things I came upon, was that it
could be used to get information out of a secure system. For example,
let's take 3 sample computer systems: A, B, and C. Someone at A has a
file that someone at C wants. B is a computer system that exchanges
software, with both A and C. (B could also be multiple computer
systems, that exchange software among themselves, and form a link from
A to C.) C introduces a virus to B's system, with the hope that it
will get to A's system. (Divergent phase) Of course a lot of other
people get this, but to them, it is innocuous.
All this virus does is check the date, and scan for a character string.
When a given character string is located, (ie "Apple Computer Secret
Plans for 1992") it either 1) opens up a communication channel
{modem|ftp|mail} to A, and dumps all relevant information, or 2)
appends a certain amount of the information to itself, and subtly
changes itself: it is now an outbound virus, and will only transfer the
information to an already infected system. (convergent phase)
Thus eventually, the information will slowly come back to A. If a copy
of the divergent virus finds that the date is greater than a certain
limit, it decides that it has diverged too far, and is on a dead end,
and just nukes itself.
If a group of programmers, sat down, and came up with such a "smart"
virus, the implications could be staggering.
- ------------- If you cut here you'll ruin your monitor -----------
3/5/91
In these modern times, when everyone and their brother is doing
constant scans of every disk they have (hopefully), this wouldn't be
as easy to pull off, as when I wrote it. But the idea of 'hidden
interdisk networks' is quite intriguing.
- --Larry Nathanson lan@bucsf.bu.edu 617 266 7419