By their nature, most viruses attack your computer without your knowledge. However, some viruses display whimsical pictures or messages on the screen just for fun (or to warn you that it just wiped out all your data). Since few people will ever see a virus, here are some of the more interesting ones that have infected computers in the past.
Although most viruses try to hide their presence on a computer, the AIDS virus (see Figure B-15) blatantly announces its presence with a message designed to taunt the user. Despite its threatening message, the AIDS virus is rare, so unless you're still running any version of MS-DOS, chances are good your computer will never risk infection by this particular virus.
Not all viruses deliberately damage files. Some of them, like the Ambulance virus (see Figure B-16), simply infect computers so they will display an animation of an ambulance rushing across the screen, complete with the wail of a siren. While not dangerous, the Ambulance virus can still demonstrate that even harmless viruses can still be a nuisance.
Sometimes a virus deliberately announces its presence simply to boast that it has succeeded in infecting another computer. The Boza virus (see Figure B-17) infects computers and then displays a simple dialog box that announces its claim to fame as the world's first Windows 95 computer virus.
Once a virus has infected a computer, it can trash any files at any time. Since random hard disk trashing can get boring, the Casino virus (see Figure B-18) makes a game out of its infection. After an infection, the Casino virus displays a video slot machine on the screen for the user to play. If the user plays and wins, the Casino virus leaves the hard disk alone. If the user tries to exit out of the video slot machine game or plays the game and loses, the Casino virus trashes the hard disk.
In much the same way as hackers tried to create special programs for mass-producing viruses and Trojan horses, hackers have now created the Senna Spy Internet Worm Generator 2000 for mass-producing worms that use the VBScript language (see Figure B-19).
While the program can create worms quickly and easily, the worms it creates are not necessarily malicious; they simply provide a skeleton program that can retrieve addresses stored in Microsoft Outlook to email themselves to other people. If you want to customize the worm to add a malicious payload of some sort, you'll still need to understand the VBScript language. Still this program is likely to help an aspiring worm programmer understand the basics to retrieving Outlook addresses and getting the worm to email itself to others.
While not one of the more dangerous digital threats out there, the VBS Monopoly worm may be one of the more amusing ones. Written in Visual Basic Script, this worm consists of three files: a picture named MONOPOLY.JPG and two additional Visual Basic scripting files MONOPOLY.WSH and MONOPOLY.VBE.
The MONOPOLY.WSH files executes the MONOPOLY.VBE file, which sends out an email message to everyone in the user's Outlook Address Book. The message has the following subject and message:
Subject: Bill Gates joke
Message: Bill Gates is guilty of monopoly. Here is the proof. :-)
After executing the MONOPOLY.VBE file, the worm displays the MONOPOLY.JPG file (as shown in Figure B-20) and displays the message:
Bill Gates is guilty of monopoly. Here is the proof.
This is a sophisticated worm generator that offers pull-down menus for mass-producing custom worms that can start infecting the Internet as soon as you release them into the wild (see Figure B-21). Some of its replication methods include sending itself to email addresses stored in Microsoft Outlook and through IRC by infecting the mIRC or Pirch IRC programs.
To avoid detection, the VBS Worm Generator tries to encrypt its VBScript code. For payloads, the program allows a hacker to display a message and picture, crash the computer, or gain access to a website. Since the VBS Worm Generator provides the complete VBScript source code to a worm, hackers can just modify the code and create custom worms nearly as fast as the VBS Worm Generator can produce them.
Released in 1992, the Virus Creation Laboratory (VCL) was written by a hacker dubbed the Nowhere Man (see Figure B-22).VCL provided pull-down menus so users could customize a virus with little or no knowledge of programming. In theory, VCL sounds formidable but in reality, bugs and its limited features kept VCL from creating any new viruses that could seriously threaten anyone.
Most of the viruses VCL creates either don't work or don't spread. On top of that, VCL viruses are easily identified by nearly all antivirus programs. Although the threat that hackers could mass-produce viruses using VCL initially panicked the antivirus community, the limited capabilities of VCL have guaranteed the program a place as an interesting but unsuccessful footnote in computer virus history.
Other hackers have tried to create similar virus-making toolkits, such as the ScareMaker Project (see Figure B-23), but like the Virus Creation Laboratory, the viruses and worms these toolkits create are rarely successful.