FUNGEN2.CVP 910804
Viral operations
Although the "original" definition of computer viral programs
refers to reproduction by attaching to other programs, viri that
act in this manner having been less successful than those that
use other means. In the personal computer world, boot sector
infectors have been much more effective. (Examples in the
MS-DOS community are the BRAIN and Stoned viral programs.
Examples in the Mac realm are not as clear, but the WDEF virus
could be said to be a type of boot sector infector, as the WDEF
resource is one that is run automatically as soon as any Mac
disk is inserted, although this has changed under System 7.)
In larger systems, mini and mainframe computers, network and
mail viral programs have, so far, had the greatest impact. The
Morris/Internet/UNIX worm managed to spread and reproduce using
the facility of networked machines to submit programs to each
other. (A VMS program, WANK, used many of the same techniques.)
The CHRISTMA EXEC used mainframe mail commands, and the ability
to submit programs by mail, in order to reproduce copies which
eventually flooded the network.
Network and mail viral programs carry, in a sense, their own
payload. The reproduction of the programs themselves uses the
resources of the hosts affected, and in the cases of both the
Morris and CHRISTMA worms went so far as to deny service to
users by using all available computing or communications
resources.
Most other viral programs seem to be written "for their own
sake". A kind of electronic graffiti which writes itself on
further walls. However, even these can do damage, as with the
Stoned virus, which overwrites sections of the FAT with the
original boot sector. Some appear to be written as pranks, and
others as a kind of advertising, although the potential for
damage from even "benign" viri cannot be considered funny, and
the "advertising" viri probably don't engender much goodwill.
Relatively few viral programs carry a deliberately damaging
payload. Those which do attempt to erase infected programs or
disks are, fortunately, self limiting.
The last payload, or function, which a viral program may carry,
is some kind of intelligence to enable it to evade detection.
So far the various kinds of evasive action; self-modification,
multiple encryption and "stealth" activity; have not proven to
have any advantageous "survival" characteristics. In one sense,
this is to be regretted, as it demonstrates that the majority of
computer users are not taking the most elementary precautions to
defend against viral programs.
copyright Robert M. Slade, 1991 FUNGEN2.CVP 910804
==============
Vancouver ROBERTS@decus.ca | "Hey, when *you* have the
Institute for Robert_Slade@sfu.ca | box, *then* you can give
Research into rslade@cue.bc.ca | us geography lessons.
User p1@CyberStore.ca | Until then, Tahiti is in
Security Canada V7K 2G6 | Europe." - Sneakers