«

On Mon, 02 Feb 2004 13:59:51 -0800, aniram wrote:

> Just curious, or I may be watching too many Sci-fi movies. Is it
> possible that computer virus mutates by itself and exposing to the
> public? Computer viruses may originally be instructed by human, but is
> it possible that they became out of control and starts attcking computer
> without human instruction? .... just like flu and other viruses that
> attack human's health.

I had an idea for something along the lines of a 'learning virus'
(speaking strictly academically, mind you... I do *NOT* write, nor do I
endorse the writing of, viral code of any sort.)

The basic idea, originally, was to create a database of potential/known
exploits, and use a simple macro language of some sort to define them.
It occurs to me now that something like Nessus would be an ideal engine,
as it is thoroughly researched and frequently updated.

The virus could be a separate entity from this database - checking in
with 'known' database access points for information about how to
fingerprint a given target system and then again to determine the best
attack vectors (or a general spread assuming the system could not be
fingerprinted reliably).

Ultimately, I suppose, to survive and thrive without a dependency on a
static host somewhere the database itself would have to be distributed.
I imagine something like a peer-to-peer network, with each infected host
maintaining a small portion of the database, and multiple redundant
hosts communicating with one another - would probably do the trick. I
mean, once a virus takes off, owned hosts are cheap, right?

The original concept called for the system to attempt (and learn) new
attacks and exploits 'in the wild,' but in retrospect that seems a lot
of work - given that the crucial information (attack vector definitions)
is readily available and in a fairly predictable and machine-readable
format already, from multiple public sources...

Ah, the perils of the idle mind...

koorb <> writes:

]On 2 Feb 2004 13:59:51 -0800, (aniram) wrote:

]>Just curious, or I may be watching too many Sci-fi movies.
]>Is it possible that computer virus mutates by itself and exposing to
]>the public? Computer viruses may originally be instructed by human,
]>but is it possible that they became out of control and starts attcking
]>computer without human instruction? .... just like flu and other
]>viruses that attack human's health.

]The basic concept of a virus is that it is a program that duplicates
]itself and spreads. Most don't actually do any damage, but you really
]don't want any because they use up system resources.

]As another poster has stated polymorphic viruses have been around for
]awhile. These mutate their own code so that it looks different and
]generally makes itself harder to detect by AntiVirus (kind of like the
]common cold).

]As far as SciFi visions of intelligent viruses taking over the net and
]becoming conscious are concerned. Not with today's technology, because
]everything about a virus has to be hard coded. It might be able to
]make intelligent decisions about how best to attack a system or what
]actions to take, but it all has to be predetermined by the programmer.
]And this goes for most forms of modern day AI.

The problem is that the attack vectors are few. Ie, a random mutation is
liable to kill the virus because the vector being attacked is not
vulnerable with a random mutation. There is a lot lot less redundancy,
and resistance to change in a computer program than in life (which is
what makes computer programs so fragile.) In life almost any subsystem
can be altered and the organism still survives. In computer programs, if
you randomly alter even one instruction you are liable to get a crash
and the equivalent of death. And a dead host is useless for propagation.

On that special day, aniram, () said...

> Is it possible that computer virus mutates by itself and exposing to
> the public? Computer viruses may originally be instructed by human,
> but is it possible that they became out of control and starts attcking
> computer without human instruction?

Not "itself", but there have been variations which were generated by no
human being but the existence of a former, different infection.

Years ago I read about a cross-breed of two Word macro viruses, which
did have a header from one "parent" and the executive part was taken
over from the other "parent". But this virus wasn't very wide spread, as
the components were already known to virus scanners, and the result
would be removed any way.

And then there were the piggybacks. old viruses that came across a mass
mailer worm running in an infected machine, and infecting the worm. So
every time the worm would mass mail, it would spread two infectious
agents at the same time.

Which resulted in virus scanners alarming on a file infector, and
cleaning the worm, but at the same time overlooking it. This happened
last year, mainly with Klez variants, IIRC.


Gabriele Neukam




--
Ah, Information. A good, too valuable these days, to give it away, just
so, at no cost.

Leythos wrote:
> A virus that would "learn" would be rather large, we're not talking
> about a simple programmed virus, but one that could reinvent itself to
> continue to spread by learning/testing blocking methods.

Software that can write (and modify) itself is still quite a ways away.
(Skynet anyone?)

Learning programs are generally implemented as rule-based
expert-databases, ie. they build memory but don't modify themselves.

--
Ben M.

----------------
What are Software Patents for?
To protect the small enterprise from bigger companies.

What do Software Patents do?
In its current form, they protect only companies with
big legal departments as they:
a.) Patent everything no matter how general
b.) Sue everybody. Even if the patent can be argued
invalid, small companies can ill-afford the
typical $500k cost of a law-suit (not to mention
years of harassment).

Don't let them take away your right to program
whatever you like. Make a stand on Software Patents
before its too late.

Read about the ongoing battle at http://swpat.ffii.org/
----------------

In article <vYUTb.1239$>,
says...
> Leythos wrote:
> > A virus that would "learn" would be rather large, we're not talking
> > about a simple programmed virus, but one that could reinvent itself to
> > continue to spread by learning/testing blocking methods.
>
> Software that can write (and modify) itself is still quite a ways away.
> (Skynet anyone?)
>
> Learning programs are generally implemented as rule-based
> expert-databases, ie. they build memory but don't modify themselves.

Yea, in the 70's we tried to build a robot, self contained, that would
find a wall outlet and plug itself in to recharge. As kids, without
funding, it was quite difficult to build this type of device. We managed
to get it to follow walls, determine textures from the video images, and
to find an outlet, but only if it was coded on the wall. It was
interesting that we could get it to learn a room, but we could never get
it to do anything we didn't program it for.

I would guess that a "learning" application would only be limited by the
ability of the designer.


--
--

(Remove 999 to reply to me)

Jason Eberly wrote:
> On Mon, 02 Feb 2004 13:59:51 -0800, aniram wrote:
>
>
>>Just curious, or I may be watching too many Sci-fi movies. Is it
>>possible that computer virus mutates by itself and exposing to the
>>public? Computer viruses may originally be instructed by human, but is
>>it possible that they became out of control and starts attcking computer
>>without human instruction? .... just like flu and other viruses that
>>attack human's health.
>
> I had an idea for something along the lines of a 'learning virus'
> (speaking strictly academically, mind you... I do *NOT* write, nor do I
> endorse the writing of, viral code of any sort.)
>
> The basic idea, originally, was to create a database of potential/known
> exploits, and use a simple macro language of some sort to define them.
> It occurs to me now that something like Nessus would be an ideal engine,
> as it is thoroughly researched and frequently updated.
>
> The virus could be a separate entity from this database - checking in
> with 'known' database access points for information about how to
> fingerprint a given target system and then again to determine the best
> attack vectors (or a general spread assuming the system could not be
> fingerprinted reliably).
>
> Ultimately, I suppose, to survive and thrive without a dependency on a
> static host somewhere the database itself would have to be distributed.
> I imagine something like a peer-to-peer network, with each infected host
> maintaining a small portion of the database, and multiple redundant
> hosts communicating with one another - would probably do the trick. I
> mean, once a virus takes off, owned hosts are cheap, right?
>
> The original concept called for the system to attempt (and learn) new
> attacks and exploits 'in the wild,' but in retrospect that seems a lot
> of work - given that the crucial information (attack vector definitions)
> is readily available and in a fairly predictable and machine-readable
> format already, from multiple public sources...
>
> Ah, the perils of the idle mind...

I was thinking along these lines a couple of years ago. The problem is,
I don't think anybody can update the exploit database indefinitely -
somebody will catch up to them sooner or later.

The bigger the infection, the harder the hunt (and burnings at the stake).

--
Ben M.

----------------
What are Software Patents for?
To protect the small enterprise from bigger companies.

What do Software Patents do?
In its current form, they protect only companies with
big legal departments as they:
a.) Patent everything no matter how general
b.) Sue everybody. Even if the patent can be argued
invalid, small companies can ill-afford the
typical $500k cost of a law-suit (not to mention
years of harassment).

Don't let them take away your right to program
whatever you like. Make a stand on Software Patents
before its too late.

Read about the ongoing battle at http://swpat.ffii.org/
----------------

On Thu, 05 Feb 2004 06:04:04 +0000, Ben Measures wrote:

[snip]
> I was thinking along these lines a couple of years ago. The problem is,
> I don't think anybody can update the exploit database indefinitely -
> somebody will catch up to them sooner or later.
>
> The bigger the infection, the harder the hunt (and burnings at the
> stake).

As to the stake burnings, perhaps you are correct - but putting the
genie back in the bottle might be a difficult task regardless of the
fate of the hapless author.

As for the exploit database updates - you wouldn't have to update it,
ever. You just configure the beastie to get them from some of the nice
folks (like Nessus) who constantly update their security scanner script
definitions. And, that seems to be a reasonably stable process, at
least as of this writing.[1]

Slap on something to keep it propagating wildly - say, for example, a
mass mailer routine that, instead of trying to make up a believable
subject line, simply REPLIES to valid correspondence, and to people who
WOULD expect to receive a message from that particular sender with that
particular subject line - and the P.T. Barnum factor would keep it
around for ages, or at least long enough for the next wave of 'zero day'
plugins to come down the pipe.

All of which would be highly annoying, but as far as AI is concerned the
only really interesting thing would be the sort of parasitic
relationship between the worm and the maintainers of the exploit
database. And also marginally between the worm and the otherwise valid
sender/receiver pairs, I suppose...

[1] Of course, one minor change to the way the plugins are distributed
would kabosh the whole affair, or at least force the need for human
intervention. So I guess no Skynet this year...

</ramble>

Jason Eberly wrote:
> On Thu, 05 Feb 2004 06:04:04 +0000, Ben Measures wrote:
>
> [snip]
>
>>I was thinking along these lines a couple of years ago. The problem is,
>> I don't think anybody can update the exploit database indefinitely -
>>somebody will catch up to them sooner or later.
>>
>>The bigger the infection, the harder the hunt (and burnings at the
>>stake).
>
>
> As to the stake burnings, perhaps you are correct - but putting the
> genie back in the bottle might be a difficult task regardless of the
> fate of the hapless author.
>
> As for the exploit database updates - you wouldn't have to update it,
> ever. You just configure the beastie to get them from some of the nice
> folks (like Nessus) who constantly update their security scanner script
> definitions. And, that seems to be a reasonably stable process, at
> least as of this writing.[1]

Heh, a "community-supported" virus of this type would speed up the war
between virus writers and exploit patchers.

This would probably result in one of two states:

A.) The virus runs rampant. Everybody wakes up to the security threat
and implement a rigorous maintenance plan for updating software.
Exploits are eventually rendered ineffective by speedy patching.

B.) The virus runs rampant. Discovered vunerabilities in software are
kept classified and not publicised. Big companies apply the patches
before smaller groups even hear of the vunerability. Viruses boom
amongst the "dirty peasants".

We're at this crossroads already - it'd be interesting so find out where
we'll end up (with or without this virus).

--
Ben M.

----------------
What are Software Patents for?
To protect the small enterprise from bigger companies.

What do Software Patents do?
In its current form, they protect only companies with
big legal departments as they:
a.) Patent everything no matter how general
b.) Sue everybody. Even if the patent can be argued
invalid, small companies can ill-afford the
typical $500k cost of a law-suit (not to mention
years of harassment).

Don't let them take away your right to program
whatever you like. Make a stand on Software Patents
before its too late.

Read about the ongoing battle at http://swpat.ffii.org/
----------------

Ben Measures wrote:

> B.) The virus runs rampant. Discovered vunerabilities in software are
> kept classified and not publicised. Big companies apply the patches
> before smaller groups even hear of the vunerability. Viruses boom
> amongst the "dirty peasants".

That's not going to happen. It would cut into internet commerce.

Consider Amazon and E-Bay, just for examples; You think they make most
of their money off other big biz?