VIRUSES

VIRUSES

By their nature, most viruses attack your computer without your knowledge. However, some viruses display whimsical pictures or messages on the screen just for fun (or to warn you that it just wiped out all your data). Since few people will ever see a virus, here are some of the more interesting ones that have infected computers in the past.

AIDS virus

Although most viruses try to hide their presence on a computer, the AIDS virus (see Figure B-15) blatantly announces its presence with a message designed to taunt the user. Despite its threatening message, the AIDS virus is rare, so unless you're still running any version of MS-DOS, chances are good your computer will never risk infection by this particular virus.

Click To expand Figure B-15: The AIDS virus attempts to frighten a user after it has infected a computer.

Ambulance virus

Not all viruses deliberately damage files. Some of them, like the Ambulance virus (see Figure B-16), simply infect computers so they will display an animation of an ambulance rushing across the screen, complete with the wail of a siren. While not dangerous, the Ambulance virus can still demonstrate that even harmless viruses can still be a nuisance.

Click To expand
Figure B-16: The Ambulance virus does nothing but make noise and draw an ambulance rushing across your screen.

Boza virus

Sometimes a virus deliberately announces its presence simply to boast that it has succeeded in infecting another computer. The Boza virus (see Figure B-17) infects computers and then displays a simple dialog box that announces its claim to fame as the world's first Windows 95 computer virus.

Click To expand
Figure B-17: The Boza virus does nothing but remind people that it was the first Windows 95 virus in the history of the world.

Casino virus

Once a virus has infected a computer, it can trash any files at any time. Since random hard disk trashing can get boring, the Casino virus (see Figure B-18) makes a game out of its infection. After an infection, the Casino virus displays a video slot machine on the screen for the user to play. If the user plays and wins, the Casino virus leaves the hard disk alone. If the user tries to exit out of the video slot machine game or plays the game and loses, the Casino virus trashes the hard disk.

Click To expand
Figure B-18: The Casino virus threatens to trash a hard disk if the user fails to win at the video slot machine.

Senna Spy Internet Worm Generator 2000

In much the same way as hackers tried to create special programs for mass-producing viruses and Trojan horses, hackers have now created the Senna Spy Internet Worm Generator 2000 for mass-producing worms that use the VBScript language (see Figure B-19).

Click To expand
Figure B-19: Senna Spy Internet Worm Generator 2000 simplifies the creation of VBScript worms.

While the program can create worms quickly and easily, the worms it creates are not necessarily malicious; they simply provide a skeleton program that can retrieve addresses stored in Microsoft Outlook to email themselves to other people. If you want to customize the worm to add a malicious payload of some sort, you'll still need to understand the VBScript language. Still this program is likely to help an aspiring worm programmer understand the basics to retrieving Outlook addresses and getting the worm to email itself to others.

VBS Monopoly Worm

While not one of the more dangerous digital threats out there, the VBS Monopoly worm may be one of the more amusing ones. Written in Visual Basic Script, this worm consists of three files: a picture named MONOPOLY.JPG and two additional Visual Basic scripting files MONOPOLY.WSH and MONOPOLY.VBE.

The MONOPOLY.WSH files executes the MONOPOLY.VBE file, which sends out an email message to everyone in the user's Outlook Address Book. The message has the following subject and message:

Subject: Bill Gates joke

Message: Bill Gates is guilty of monopoly. Here is the proof. :-)

After executing the MONOPOLY.VBE file, the worm displays the MONOPOLY.JPG file (as shown in Figure B-20) and displays the message:

Click To expand
Figure B-20: The VBS Monopoly worm displays a picture of Bill Gates after it infects your computer.

Bill Gates is guilty of monopoly. Here is the proof.

VBS Worm Generator

This is a sophisticated worm generator that offers pull-down menus for mass-producing custom worms that can start infecting the Internet as soon as you release them into the wild (see Figure B-21). Some of its replication methods include sending itself to email addresses stored in Microsoft Outlook and through IRC by infecting the mIRC or Pirch IRC programs.

Click To expand
Figure B-21: The VBS Worm Generator can mass-produce custom worms to spread to your enemies.

To avoid detection, the VBS Worm Generator tries to encrypt its VBScript code. For payloads, the program allows a hacker to display a message and picture, crash the computer, or gain access to a website. Since the VBS Worm Generator provides the complete VBScript source code to a worm, hackers can just modify the code and create custom worms nearly as fast as the VBS Worm Generator can produce them.

Virus Creation Laboratory (VCL)

Released in 1992, the Virus Creation Laboratory (VCL) was written by a hacker dubbed the Nowhere Man (see Figure B-22).VCL provided pull-down menus so users could customize a virus with little or no knowledge of programming. In theory, VCL sounds formidable but in reality, bugs and its limited features kept VCL from creating any new viruses that could seriously threaten anyone.

Click To expand
Figure B-22: The Virus Creation Laboratory offered a graphical user interface for mass-producing computer viruses.

Most of the viruses VCL creates either don't work or don't spread. On top of that, VCL viruses are easily identified by nearly all antivirus programs. Although the threat that hackers could mass-produce viruses using VCL initially panicked the antivirus community, the limited capabilities of VCL have guaranteed the program a place as an interesting but unsuccessful footnote in computer virus history.

Other hackers have tried to create similar virus-making toolkits, such as the ScareMaker Project (see Figure B-23), but like the Virus Creation Laboratory, the viruses and worms these toolkits create are rarely successful.

Click To expand
Figure B-23: The ScareMaker Project was an attempt to create a Windows version of the Virus Creation Laboratory.