160 likes | 307 Views
Computational Contagion. An Investigation into the Principles of Cybervirology. But, WHY ?!?. First, as this is about ethics, dealing with the unethical behavior head-on is important. Second, as software developers or system administrators, we all need some basic cyber-security awareness.
E N D
Computational Contagion An Investigation into the Principles of Cybervirology
But, WHY?!? First, as this is about ethics, dealing with the unethical behavior head-on is important. Second, as software developers or system administrators, we all need some basic cyber-security awareness. Third, viruses, or virii, are very elegant, and therefore interesting contraptions, originally built in the vein of Conway’s “Game of Life”.
First, some background… Darwin,1962: A computer game where programs fight for system resources. PERVADE, 1975: Used as a computer game automated distribution system. Elk Cloner, et al. 1982: Floppy boot-sector virus. When activated, it spread to new disks. Core War, 1984: Sequel to Darwin with modern viral competitors. Also Cohen’s paper on viral programs gave viruses their name.
So, what is a virus? Viruses are programs that self-replicate by imbedding themselves into other programs. They require user interaction to spread; their spread is not entirely autonomous. Trojan Horses, Worms, etc. aren’t all viruses, but this doesn’t mean they can’t be viral. A virus insinuates itself into the execution of another program, whether by redirecting users or by altering another program’s flow.
Ethical Considerations Viral software is not inherently evil, but it definitely requires careful handling. Breaking and entering, vandalism, or other hell-raising is obviously unacceptable. Using them to prank your friends may be permissible in the right context… Given the law of unintended consequences, exactly when does our playful little pet become too hot to handle?
That fuzzy gray line again… In certain circles, the development of malware is less about getting stuff, and more about the art of subversion. Some folks get together and try to break into each other’s systems just for fun. Sometimes, however, the bull gets out of the ring, and then all hell breaks loose. In the late eighties, it often wasn’t difficult for a research virus to escape its containment.
The Balancing Act It isn’t just about what you intend a piece of software to do, its also what it mightdo, especially given a motivated user. Building a cool little virus with a harmless payload is fun, but what could happen if somebody else were to have the source? Aside from other people, what might this software do on its own? Viruses, when meeting in the wild, can blend and mutate to produce, stronger, more dangerous viruses.
How does one build a virus? You promise that you aren’t going to do bad things with this, right? Okay, good. First, know your objective. What is it you want to accomplish? This can restrict your options for vectors considerably. Second, know your target. Are you attacking EXE files or planning a scripting attack? Is your target UNIX based? Your selected target vector dictates the rest of the implementation.
Building continued… Third, decide your strategy. If you want to prepend the virus to an EXE, that’s straightforward enough, but if you append the virus after its execution, that means you’ve got to know about the header and the file structure. Fourth, plan to survive. Lots of strategies exist, like stealthing, which disguises the virus’s presence, and metamorphing, which modifies the execution flow of the virus to avoid fingerprinting.
It’s a Strange World After All… Frequently, one hears “turn off java, the hackers are coming to get you!!” Usually, this refers to applets providing access to the users machine. Since Java runs as byte code in a sandbox thanks to the java virtual machine, real viruses aren’t usually expected. However, even Java can get an actual, factual, honest-to-goodness VIRUS.
Deque’s JAR Virus: Find JAR files For each JAR found: IF JAR uninfected: Swap host main with virus main Write virus class files into JAR Save old manifest in JAR End IF; Execute host using preserved manifest
Ethics: Round Two Dequewas nice enough to provide us with near-working virus source-code. There are two wrong characters in the original source to cripple the code. Question: Was Deque out of line providing this enabling information at all? How about with crippled source code? This is not the worst one, I found a nice tutorial for windows c++ viruses too.
Surprise…??? No, this isn’t surprising, but should it be? This required nothing more than a quick googling, a visit to a provided link, and a change of two characters to produce a working jar-file virus. True that viruses aren’t nearly as popular as they used to be, but they do inspire evil thinking, and invite one to try other projects… Wait, so “Viruses, Not Even Once”?
Before We Go… • Following this we will : • Look at the source code • Run the virus. • But First: • Any Questions?