Viruses and ALife

I fought the whole weekend against the Win32/Tenga.a
or W32/Stanit virus. Finally I succeeded, but this
resilient and resistant vermin really started to "bug" me.
The nasty parasite is very hard to destroy without damaging
your system severely, because it infects nearly all Exe files,
especially those in the Windows and System directories.
Before I realized it, the virus had infected over 900 Exe
files on my old Windows 98 system in an instant.

Wikipedia says correctly: "Unlike biological viruses,
computer viruses do not simply evolve by themselves,
except in the cases where copying errors and recombination
have led to actual evolution of computer viruses; however,
these cases are very rare compared to the rapid generation
of new malware by human programmers. They cannot come into
existence spontaneously, nor can they be created by bugs
in regular programs. They are deliberately created by
programmers, or by people who use virus creation software."
http://en.wikipedia.org/wiki/Computer_virus
http://en.wikipedia.org/wiki/Virus

What if someone writes a resistant virus which is able to
mutate and modify itself? Would it be a dangerous threat?
Or would it be interesting to create a biotope for
artificial viruses, a place where they can live,
mutate and replicate? Tom Ray made a first try with
Tierra, but much more sophisticated landscapes and
environments are possible. What do you think?

-J.

Precisely why I run Linux.  For those few times that I need to run a Windows
application, I run it in a Windows  nicely encapsulated in VMWare and tucked
away behind a couple of good firewalls.

I would love to know how many productive person-hours have been lost to the
kind of activity described below.

--Doug

On 12/19/05, Jochen Fromm <fromm at vs.uni-kassel.de> wrote:


--
Doug Roberts
505-455-7333 - Office
505-670-8195 - Cell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://redfish.com/pipermail/friam_redfish.com/attachments/20051219/b8b85fce/attachment.htm

> What if someone writes a resistant virus which is able to
> mutate and modify itself? Would it be a dangerous threat?
> Or would it be interesting to create a biotope for
> artificial viruses, a place where they can live,
> mutate and replicate? Tom Ray made a first try with
> Tierra, but much more sophisticated landscapes and
> environments are possible. What do you think?

I wonder how difficult that would actually be to do. There's some book
I read a long long time ago where they actually used a model from
malware as the foundation for some kind of time-budgeting system, I
think on a university network or something. (I wish I could remember
more.)

--
Giles Bowkett = Giles Goat Boy
http://www.gilesgoatboy.org/

Jochen - I'm curious, how did you contract the virus? I ask because I don't
use anti-virus software (at least not localy, I think some is running on the
Gmail server) - instead, I just don't open emails or attachments that I
don't recognise. This has served me well for the past decade - am I just
being lucky or do I need to change my strategy?

Robert

On 12/19/05, Jochen Fromm <fromm at vs.uni-kassel.de> wrote: -------------- next part --------------
An HTML attachment was scrubbed...
URL: http://redfish.com/pipermail/friam_redfish.com/attachments/20051219/97c57455/attachment.htm

Of course I don't open suspicious e-Mail attachments, too. I guess the virus
came in over the network share on drive C: (perhaps through the use of a
random IP address and some form of IPC/Inter-Process Communication
mechanism). In order to exchange data between my Laptop and my computer, I
experimented with a network share on the boot drive C:, and forgot to remove
it. Like other worms, the Virus Win32.Tenga.a (also named W32/Gael or
W32/Stanit) seems to infect Windows machines with open file shares. I would
definitely recommend to remove any unnecessary file shares and to install an
anti-virus software, otherwise you might not notice a worm or virus at all
until it is too late. I use "AntiVir" from the German Company H+BEDV because
it is free (http://www.antivir.de/), but any other anti-virus software will
do it as well.

-J.

________________________________

Von: Friam-bounces at redfish.com [mailto:Friam-bounces at redfish.com] Im Auftrag
von Robert Holmes
Gesendet: Montag, 19. Dezember 2005 18:01
An: The Friday Morning Applied Complexity Coffee Group
Betreff: Re: [FRIAM] Viruses and ALife

Jochen - I'm curious, how did you contract the virus? I ask because I don't
use anti-virus software (at least not localy, I think some is running on the
Gmail server) - instead, I just don't open emails or attachments that I
don't recognise. This has served me well for the past decade - am I just
being lucky or do I need to change my strategy?

Robert

On 12/19/05, Robert Holmes <rholmes62 at gmail.com> wrote:
> Jochen - I'm curious, how did you contract the virus? I ask because I don't
> use anti-virus software (at least not localy, I think some is running on the
> Gmail server) - instead, I just don't open emails or attachments that I
> don't recognise. This has served me well for the past decade - am I just
> being lucky or do I need to change my strategy?

As a corporate desktop-support guy, this falls into my baliwick.

Modern viruses spread more and more like "real" viruses, that is, they
take advantage of the permiability of the computer's interfaces with
the world, and  shortcomings of the computer's immune-system.

Just not opening attachements may not be enough. Just like in the
real-world, not licking doorknobs in not enough to prevent getting a
cold. Just existing on the network, with a compromised "skin" or weak
"immune system", puts one at risk.

In the case of Win32/Tenga, the virus (acting as what is technically
called a "worm") running on some computer, somewhere, scans the
network looking for computers that have a particular immune system
problem, in this case, a particular vulnerability with a part of
Windows RPC (remote procedure call) feature. Once found, the virus
injects viral code into the computer through the vulnerability, and
thus, reproduces (or does whatever else it wants to do with your
computer). E-mail has nothing to do with it.

RPC, or remote procedure call, is a method where one computer can ask
another computer to execute programs.  It's a very useful and good
thing to have, and is, when working properly, safe. However, there are
mistakes in the RPC system that allow more than the intended effects.
When they are discovered, people write viruses to take advantage.
Tenga can inject attack code into the computer through a particular
RPC vulnerability. This was addressed in windows patch MS03-026. Of
course, virus variants are created to take advantage of newly
discovered (or newly created) vulnerabilities.

Because your computer can be attacked and get infected simply by
existing on a network (especially if your network is always-on and you
have an real internet-accessible IP address), it is most important to
keep your system updated with new critical updates, as they are
released. For windows users this means visiting the Windows Updates
website once a month, at least, or enabling "automatic updates", or
participating in your enterprise's patching and updating program.

It is equally, if not more, important to either keep your computer
behind a local router, which affords some firewall-like protection, or
(and) to run a "personal firewall" on the computer too. Firewalls
protect the computer from unknown, as well as known, threats, by
preventing unauthorized attempts to connect into your computer--like a
bandage preventing anything from penetrating its "skin".

It is thirdly important to run anti-virus software and anti-spyware
software, to deal with known and some unknown threats that make it
anyway, or via other channels (such as attachments).

I also use Anti-Vir, and microsoft's Anti-Spyware(beta) (at the
office, they use TrendMicro Enterprise Anti-virus, and Anti-Spyware,
and Patchlink, and LANDesk).

~~James


--
~~James
_____________________________________
turtlezero.com -- its turtles, all the way down!