A bit of history
2 November 1988 Robert Morris younger (Robert Morris), graduate student of informatics faculty of Cornwall University (USA) infected a great amount of computers, connected to Internet network. This network unites machines of university centres, private companies and governmental agents, including National Aeronautics Space Administration, as well as some military scientific centres and labs.
Network worm has struck 6200 machines that formed 7,3% computers to network, and has shown, that UNIX not okay too. Amongst damaged were NASA, LosAlamos National Lab, exploratory center VMS USA, California Technology Institute, and Wisconsin University (200 from 300 systems). Spread on networks ApraNet, MilNet, Science Internet, NSF Net it practically has removed these network from building. According to "Wall Street Journal", virus has infiltrated networks in Europe and Australia, where there were also registered events of blocking the computers.
Here are some recalls of the event participants:
Symptom: hundreds or thousands of jobs start running on a Unix system bringing response to zero.
Systems attacked: Unix systems, 4.3BSD Unix & variants (e.g.: SUNs) any sendmail compiled with debug has this problem. This virus is spreading very quickly over the Milnet. Within the past 4 hours, it has hit >10 sites across the country, both Arpanet and Milnet sites. Well over 50 sites have been hit. Most of these are "major" sites and gateways.
Method: Someone has written a program that uses a hole in SMTP Sendmail utility. This utility can send a message into another program.
Apparently what the attacker did was this: he or she connected to sendmail (i.e., telnet victim.machine 25), issued the appropriate debug command, and had a small C program compiled. (We have it. Big deal.) This program took as an argument a host number, and copied two programs one ending in VAX.OS and the other ending in SunOS and tried to load and execute them. In those cases where the load and execution succeeded, the worm did two things (at least): spawn a lot of shells that did nothing but clog the process table and burn CPU cycles; look in two places the password file and the internet services file for other sites it could connect to (this is hearsay, but I don't doubt it for a minute). It used both individual .host files (which it found using the password file), and any other remote hosts it could locate which it had a chance of connecting to. It may have done more; one of our machines had a changed superuser password, but because of other factors we're not sure this worm did it.
All of Vaxen and some of Suns here were infected with the virus. The virus forks repeated copies of itself as it tries to spread itself, and the load averages on the infected machines skyrocketed. In fact, it got to the point that some of the machines ran out of swap space and kernel table entries, preventing login to even see what was going on!
The virus also "cleans" up after itself. If you reboot an infected machine (or it crashes), the /tmp directory is normally cleaned up on reboot. The other incriminating files were already deleted by the virus itself.
4 November the author of the virus Morris come to FBI headquarters in Washington on his own. FBI has imposed a prohibition on all material relating to the Morris virus.
22 January 1989 a court of jurors has acknowledged Morris guilty. If denunciatory verdict had been approved without modification, Morris would have been sentenced to 5 years of prison and 250 000 dollars of fine. However Morris' attorney Thomas Guidoboni immediately has lodged a protest and has directed all papers to the Circuit Court with the petition to decline the decision of court... Finally Morris was sentenced to 3 months of prisons and fine of 270 thousand dollars, but in addition Cornwall University carried a heavy loss, having excluded Morris from its members. Author then had to take part in liquidation of its own creation.
What is a computer virus?
It is an executable code able to reproduce itself. Viruses are an area of pure programming, and, unlike other computer programs, carry intellectual functions on protection from being found and destroyed. They have to fight for survival in complex conditions of conflicting computer systems. That's why they evolve as if they were alive.
Yes, viruses seem to be the only alive organisms in the computer environment, and yet another their main goal is survival. That is why they may have complex crypting/decrypting engines, which is indeed a sort of a standard for computer viruses nowadays, in order to carry out processes of duplicating, adaptation and disguise
It is necessary to differentiate between reproducing programs and Trojan horses. Reproducing programs will not necessarily harm your system because they are aimed at producing as many copies (or somewhat-copies) of their own as possible by means of so-called agent programs or without their help. In the later case they are referred to as "worms".
Meanwhile Trojan horses are programs aimed at causing harm or damage to PC's. Certainly it's a usual practice, when they are part of "tech-organism", but they have completely different functions.
That is an important point. Destructive actions are not an integral part of the virus by default. However virus-writers allow presence of destructive mechanisms as an active protection from finding and destroying their creatures, as well as a response to the attitude of society to viruses and their authors.
As you see, there are different types of viruses, and they have already been separated into classes and categories. For instance: dangerous, harmless, and very dangerous. No destruction means a harmless one, tricks with system halts means a dangerous one, and finally with a devastating destruction means a very dangerous virus.
But viruses are famous not only for their destructive actions, but also for their special effects, which are almost impossible to classify. Some virus-writers suggest the following:
funny, very funny and sad or melancholy (keeps silence and infects). But one should remember that special effects must occur only after a certain number of contaminations. Users should also be given a chance to restrict execution of destructive actions, such as deleting files, formatting hard disks. Thereby virus can be considered to be a useful program, keeping a check on system changes and preventing any surprises such as of deletion of files or wiping out hard disks.
It sounds quite heretical to say such words about viruses, which are usually considered to be a disaster. The less person understands in programming and virology, the greater influence will have on him possibility of being infected with a virus. Thus, let's consider creators of viruses as the best source.
Who writes computer viruses?
They are lone wolves or programmers groups.
In spite of the fact that a lot of people think, that to write a computer virus is a hardship, it is no exactly so. Using special programs called "Virus creators" even beginners in computer world can build their own viruses, which will be a strain of a certain major virus. This is precisely the case with notorious virus "Anna Curnikova", which is actually a worm. The aim of creation of viruses in such way is pretty obvious: the author wants to become well known all over the world and to show his powers.
Somehow, the results of the attempt can be very sad (see a bit of history), only real professionals can go famous and stay uncaught. A good example is Dark Avenger. Yes, and it's yet another custom of participants of "the scene" to take terrifying monikers (nicknames).
To write something really new and remarkable programmer should have some extra knowledge and skills, for example:
good strategic thinking and intuition releasing a virus and its descendants live their own independent life in nearly unpredictable conditions. Therefore the author must anticipate a lot of things;
splendid knowledge of language of the Assembler and the operating system he writes for the more there are mistakes in the virus the quicker its will be caught;
attention to details and a skill to solve the most varied tactical questions one won't write a compact, satisfactory working program without this abilities;
a high professional discipline in order to join preceding points together.
A computer virus group is an informal non-profit organisation, uniting programmersauthors of viruses regardless of their qualifications. Everyone can become a member of the club, if he creates viruses, studies them for the reason of creation and spreading.
The aims they pursue together may differ from that of a single virus writer, although they usually also try to become as famous as possible. But in the same time they may render help to beginning programmers in the field of viruses and spread commented sources of viruses and virus algorithm descriptions.
One can't say that all of the group members write viruses in Assembler. Actually, you don't have to know any computer language or write any program code to become a member or a friend of the group. But programming in Assembler is preferred, Pascal, C++ and other high level languages are considered to be humiliating. It does make sense since programs compiled in Assembler are much smaller (0.5-5 kb) and therefore more robust. On the other hand Assembler is quite difficult to understand especially for beginners. One should think in the way computer does: all commands are send directly to the cent