Embed Size (px)
DESCRIPTION
Computational Contagion. An Investigation into the Principles of Cybervirology. But, WHY ?!?. First, as this is about ethics, dealing with the unethical behavior head-on is important. Second, as software developers or system administrators, we all need some basic cyber-security awareness. - PowerPoint PPT Presentation
Citation preview
Computational ContagionAn Investigation into the
Principles of Cybervirology
But, WHY?!? First, as this is about ethics, dealing with the
unethical behavior head-on is important.
Second, as software developers or system administrators, we all need some basic cyber-security awareness.
Third, viruses, or virii, are very elegant, and therefore interesting contraptions, originally built in the vein of Conway’s “Game of Life”.
First, some background… Darwin,1962: A computer game where programs
fight for system resources.
PERVADE, 1975: Used as a computer game automated distribution system.
Elk Cloner, et al. 1982: Floppy boot-sector virus. When activated, it spread to new disks.
Core War, 1984: Sequel to Darwin with modern viral competitors. Also Cohen’s paper on viral programs gave viruses their name.
So, what is a virus? Viruses are programs that self-replicate by
imbedding themselves into other programs.
They require user interaction to spread; their spread is not entirely autonomous.
Trojan Horses, Worms, etc. aren’t all viruses, but this doesn’t mean they can’t be viral.
A virus insinuates itself into the execution of another program, whether by redirecting users or by altering another program’s flow.
Infection: A Chain Reaction
Ethical Considerations Viral software is not inherently evil, but it
definitely requires careful handling.
Breaking and entering, vandalism, or other hell-raising is obviously unacceptable.
Using them to prank your friends may be permissible in the right context…
Given the law of unintended consequences, exactly when does our playful little pet become too hot to handle?
That fuzzy gray line again…
In certain circles, the development of malware is less about getting stuff, and more about the art of subversion.
Some folks get together and try to break into each other’s systems just for fun.
Sometimes, however, the bull gets out of the ring, and then all hell breaks loose.
In the late eighties, it often wasn’t difficult for a research virus to escape its containment.
Danger: Handle With Care
The Balancing Act It isn’t just about what you intend a piece of
software to do, its also what it might do, especially given a motivated user.
Building a cool little virus with a harmless payload is fun, but what could happen if somebody else were to have the source?
Aside from other people, what might this software do on its own? Viruses, when meeting in the wild, can blend and mutate to produce, stronger, more dangerous viruses.
How does one build a virus?
You promise that you aren’t going to do bad things with this, right? Okay, good.
First, know your objective. What is it you want to accomplish? This can restrict your options for vectors considerably.
Second, know your target. Are you attacking EXE files or planning a scripting attack? Is your target UNIX based? Your selected target vector dictates the rest of the implementation.
Building continued… Third, decide your strategy. If you want to
prepend the virus to an EXE, that’s straightforward enough, but if you append the virus after its execution, that means you’ve got to know about the header and the file structure.
Fourth, plan to survive. Lots of strategies exist, like stealthing, which disguises the virus’s presence, and metamorphing, which modifies the execution flow of the virus to avoid fingerprinting.
It’s a Strange World After All…
Frequently, one hears “turn off java, the hackers are coming to get you!!”
Usually, this refers to applets providing access to the users machine.
Since Java runs as byte code in a sandbox thanks to the java virtual machine, real viruses aren’t usually expected.
However, even Java can get an actual, factual, honest-to-goodness VIRUS.
Deque’s JAR Virus:Find JAR filesFor each JAR found:
IF JAR uninfected:Swap host main with virus
mainWrite virus class files into JARSave old manifest in JAR
End IF;Execute host using preserved manifest
Ethics: Round Two Deque was nice enough to provide us with near-
working virus source-code.
There are two wrong characters in the original source to cripple the code.
Question: Was Deque out of line providing this enabling information at all? How about with crippled source code?
This is not the worst one, I found a nice tutorial for windows c++ viruses too.
Surprise…??? No, this isn’t surprising, but should it be?
This required nothing more than a quick googling, a visit to a provided link, and a change of two characters to produce a working jar-file virus.
True that viruses aren’t nearly as popular as they used to be, but they do inspire evil thinking, and invite one to try other projects…
Wait, so “Viruses, Not Even Once”?
Before We Go… Following this we will :
• Look at the source code• Run the virus.
But First: • Any Questions?
