Categories
Jul 2008
Jun 2008
May 2008
Apr 2008
Mar 2008
Feb 2008
Jan 2008
Dec 2007
Nov 2007
Oct 2007
Sep 2007
Aug 2007
Jul 2007
Jun 2007
May 2007
Apr 2007
Mar 2007
Feb 2007
Jan 2007
Dec 2006
Nov 2006
Oct 2006
Sep 2006
Aug 2006
Jul 2006
Jun 2006
May 2006
Apr 2006
Mar 2006
Feb 2006
Jan 2006
Dec 2005
Nov 2005
Oct 2005
Sep 2005
Aug 2005
Jul 2005
Jun 2005
May 2005
RSS
Categories
Jul 2008
Jun 2008
May 2008
Apr 2008
Mar 2008
Feb 2008
Jan 2008
Dec 2007
Nov 2007
Oct 2007
Sep 2007
Aug 2007
Jul 2007
Jun 2007
May 2007
Apr 2007
Mar 2007
Feb 2007
Jan 2007
Dec 2006
Nov 2006
Oct 2006
Sep 2006
Aug 2006
Jul 2006
Jun 2006
May 2006
Apr 2006
Mar 2006
Feb 2006
Jan 2006
Dec 2005
Nov 2005
Oct 2005
Sep 2005
Aug 2005
Jul 2005
Jun 2005
May 2005
RSS
Viral consequences
19/07/06 21:02 | Humour
This is an account of something that I (and a couple of friends) did at college - I was posting on slashdot.org and it seemed good enough to go into the blog as well. I think it’s an interesting case-study of the maxim “actions have consequences”...

Waaay back in the mists of time (1988) I was a 1st-year undergrad in Physics. Together with a couple of friends, I wrote a virus, just to see if we could, and let it loose on just one of the networked machines in the year-1 lab.

I guess I should say that the virus was completely harmless, it just prepended 'Copyright (c) 1988 The Virus' to the start of directory listings. It was written for BBC micro's (the lab hadn't got onto PC's by this time, and the Acorn range had loads of ports, which physics labs like :-)

It spread like wildfire. People would come in, log into the network, and become infected because the last person to use their current computer was infected. It would then infect their account, so wherever they logged on in future would also infect the computer they were using then. A couple of hours later, and most of the lab was infected.

You have to remember that viruses in those days weren't really networked. They came on floppy disks for Atari ST's and Amiga's. I witnessed people logging onto the same computer "to see if they were infected too". Of course, the act of logging in would infect their account as well...

Unsurprisingly, "Authority" was not amused. Actually they were seriously unamused, not that they caught us. They shut down the year-1,2,3 network and disinfected all the accounts on the network server by hand. Ouch.

There were basically 3 ways the virus could be activated:

  • Typing any '*' command (eg: '*.' (star-dot), which gave you a directory listing. Sneaky, I thought, since the virus announced itself when you did a '*.' When you thought you'd beaten it, you'd do a '*.' to see if it was still there :-)
  • The events (keypress, network, disk etc.) all activated the virus if inactive, and also re-enabled the interrupts, if they had been disabled
  • The interrupts (NMI,VBI,..) all activated the virus if inactive, and also re-enabled the events, if they had been deactivated.


On activation, the virus would replicate itself to the current mass-storage media. This was to cause problems because we hadn't really counted on just how effective this would be. Within a few days of the virus being cleansed (and everyone settling back to normal), it suddenly made a re-appearance again, racing through the network once more within an hour or two. Someone had put the virus onto their floppy disk (by typing *. on the floppy rather than the network) and had then brought the disk back into college and re-infected the network. Oops.

If we thought authority was unamused last time, this time they held a meeting for the entire department, and calmly said the culprit when found would be expelled. Excrement and fans came to mind. Of course, they thought we'd just re-released it, but in fact it was just too successful for comfort...

Since we had "shot our bolt", owning up didn't seem like a good idea. The only solution we came up with was to write another (silent, this time :-) virus which would disable any copy of the old one, whilst hiding itself from the users. We built in a time-to-die of a couple of months, let it go, and prayed...

We had actually built in a kill-switch to the original virus, which would disable and remove it - we didn't want to be infected ourselves (at the start). Of course, it became a matter of self-preservation to be infected later on in the saga - 3 accounts unaccountably (pun intended :-) uninfected = red flag ... It wasn't too hard to destroy the original by having the new virus "press" the key combination that deleted the old one.

So, everyone was happy. Infected with the counter-virus, but happy. "Authority" thought they'd laid down the law, and been taken seriously (oh if they knew...) and we'd not been expelled. Everyone else lost their infections within a few months ...

Anyway. I've never written anything remotely like a virus since [grin]
Jul 2008
Jun 2008
May 2008
Apr 2008
Mar 2008
Feb 2008
Jan 2008
Dec 2007
Nov 2007
Oct 2007
Sep 2007
Aug 2007
Jul 2007
Jun 2007
May 2007
Apr 2007
Mar 2007
Feb 2007
Jan 2007
Dec 2006
Nov 2006
Oct 2006
Sep 2006
Aug 2006
Jul 2006
Jun 2006
May 2006
Apr 2006
Mar 2006
Feb 2006
Jan 2006
Dec 2005
Nov 2005
Oct 2005
Sep 2005
Aug 2005
Jul 2005
Jun 2005
May 2005
RSS
Categories