Simple Virus For Teaching? 366
ed1023 writes "Currently I am teaching a 101 class on computers. It is more of a 'demystifying the black box' type of class. The current topic is computer viruses; I am looking for a virus with which I can infect the lab computers (only connected to local network, no outside network connection) that would be easy for the students to remove by hand. Can the Slashdot community point me in any directions? Is there an executable out there that would work, or do I try to write one myself, or is there one that is written that I can compile myself?"
Re:What OS? And how annoying? (Score:3, Interesting)
That reminds me of something I did when I was a bit younger. I was leaving the company that day anyway, and some dude had been bugging me for months. At some time previous I'd shoulder-surfed the IT departments "test" account, which I logged onto on an unused PC in the office. I created a simple .bat file
Or something along that vein. I can't remember exactly how I made it work, but possibly by leaving the PC on, monitor off, when I left work the last time.
The boss knew the people I went to work for so it didn't end well for me, but looking back it was incredibly funny and the couple weeks out of employment turned out to be very beneficial to my career in the long run.
I heard a couple months later from some old co-workers that it took IT about two days to figure out and in the meantime, old mateys account was unusable.
Live and learn I guess. Was still funny, and incredibly basic.
Stoned (Score:4, Interesting)
Stoned [computerarcheology.com] is a classic and a pleasure to disassemble. It fits in a boot sector (512 bytes) and it's not particularly malicious, but it has all the elements that a virus needs. I don't know if it would still work on a modern computer, though: Some old viruses used funky instructions that became obsolete (like "POP CS"), and this one seems to have issues working on large-capacity disks.
Try this instead. (Score:5, Interesting)
What do you expect a student to learn from being told "there is a virus on this machine, remove it by hand"?
If they are in the "demystifying the black box" phase, they have no idea what you're talking about.
Teach them that viruses are just programs like Word or Excel, except with a specific malicious purpose. Give them an overview of how a machine or user might be tricked into running malicious software. Teach them about how malicious software might propagate. Use historical examples. Talk about privileges.
Virus is a slang term that brings up all kinds of scare reactions in ordinary people. They immediately assume that machines are vulnerable to bacteria floating around on the wind, or something similar. You need to de-emphasize the term "virus". It's just software. Then teach them that 99% of all malicious software runs on Windows, and that it's a reflection of the number of vulnerabilities in Windows code and market share.
Write a simple program that copies itself to the Windows folder and starts itself at boot. The program should show an alert box saying "HACKED BY PROFESSOR HANDSOME!!!!" if it sees it is being run from the Windows folder. Put it on a USB key with an autorun.ini, tell them you have placed a virus you wrote on there, and let them sort it out. Just be sure you're on an XP machine and that autorun is enabled.
Better yet, email the .exe to the entire class. Call it CS101-Example.exe, and use the harmless infection to talk about social engineering. Then take them through the 'infection' process, and show them how to remove the file by hand.
Re:EICAR (Score:4, Interesting)
The file is simply a text file of either 68 or 70 bytes that is a legitimate executable file called a COM file that can be run by Microsoft operating systems and some work-alikes (except for 64-bit due to 16-bit limitations), including OS/2. When executed, it will print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" and then stop. The test string was specifically engineered to consist of ASCII human-readable characters, easily created using a standard computer keyboard. It makes use of self-modifying code to work around technical issues that this constraint makes on the execution of the test string.
Wow, that's pretty cool. Here's the string: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
write it yourself (Score:3, Interesting)
Write it yourself. The fact that you would even consider this without thinking about the potential for it to be a serious Career Limiting Move means that it should be a fun ride :)
Seriously though, install XP at some base service pack level - sp1 or sp2 might do, then connect it to the internet without any firewall. The viruses will find you.
But you could have a bit more fun than that. Write an exe file that simply pops up a "if this was a virus you'd be pwn3d by now" message. Then pick one of the popular kids in the class (lets call her Jane Smith), and send an email around to your whole class from an anonymous hotmail account (or some service that allows sending exe files) with a subject of "Ha Ha. Look at what Jane Smith got up to last night." and include the exe file with a message "pics attached". Fail everyone who opens it. You'll probably still lose your job due to the idiots they put in power, but at least you'll have taught your class a lesson (the lesson being "if you're a teacher, it pays not to think for yourself".)
You don't say what the age of your students is. If it's a university or TAFE level class you might get away with it, but you only have to offend one daddy's girl and it's all over.
Re:What OS? And how annoying? (Score:4, Interesting)
If Linux (or similar), here's an example of a worm that spreads itself on the local host whenever executed as root:
Save as "virus" ./virus
chmod +x virus
rm -f virus
Re:DON'T DO IT! You'll get fired (Score:2, Interesting)
Re:Fake it. (Score:5, Interesting)
+5, Informative?...REALLY?!?...
OK, let's start with a handily recent post on the Language Log [upenn.edu] about Latin plurals (the post is about "syllabus", but "virus/viruses/*viri/**virii" show up in the comments).
Now, onward...
Well, if you want to get all prissy about the Latin, then it's incorrect to use the word to describe a single unit of the substance, in the way it's not correct to call a single water molecule "a water".
Actually (and ignoring the somewhat startling categorisation of computer virus as "substance"), not in the same way at all. You can't call a single molecule of water "a water" because "water" is a mass noun in English, and those don't (i) take indefinite articles, and (ii) don't pluralize nicely (inter alia). It's possible that this portion of your argument comes from here [icrisat.org], which points out that in Latin, "virus" ("poison") was a mass noun. Of course, in English, "virus" is very clearly a count noun in English, since it can be (and overwhelmingly is) used with an indefinite article.
Id est, since a viral program is itself a cell in the viral infection of many computers, there's no term for it other than "viral program" and no term for several of them other than "viral programs".
You appear in the preceding to be claiming that the word "virus" doesn't exist in English (or perhaps simply that is has no referent) a claim some information security researchers (and doctors!) might take issue with (cue lambasting for the stranded preposition in 3...2..1 [upenn.edu]).
That being said, this raises an interesting point about...something. Maybe the type/token distinction? When someone says "I wrote a virus", we take him (or her, I suppose) to be making a claim about an implementation of some specific algorithm in some specific language, but not to any particular token of it.
The "virus" would be some arbitrarily bounded subset of the population of said viral programs infecting machines, [...]
I don't understand the grounds on which you're making this claim.
[...] which could devolve to a single program infecting a single machine, but would still not be the correct term for that program or, indeed, for the viral infection being suffered by that machine. It could correctly refer to the running program and its data (which in most computers includes its instructions) and the progress of its states,
OK, so the "running program, and its data" counts pretty much as a "single token of the substance" at hand, in my book. So now it sounds like you're contradicting your opening claim.
but I'm pretty sure nobody much thinks of it that clearly when using the word "virus".
As I just mentioned, you seem to be contradicting yourself (although I may just be misreading you), so you'll forgive if I take claims of clear thinking only quasi-seriously.
Nor is it correct to use "a virus" to refer to a type of virus (exempli gratia Stuxnet, Sasser, Hopper, et cetera) [...]
Why is this 'incorrect'? "I wrote a virus. I'm calling it Johnny5." Seems like a perfectly good use of "a virus" to me.
[...] but only to an instance of that type of virus as it is spreading, [...]
Again, isn't this in contradiction to how you started this comment?
or, again, some arbitrary subset thereof, wherein it has its physical expression and aggregate, fluid form.
Aside from the impossibility of "some arbitrary subset" of an instance (I'll assume that was just a typo/thinko), now you're just engaged in verbal wankery. I mean, I suppose you might choose to model the spread of contagion in a network of computers as the flow of a kind of flu
Re:What OS? And how annoying? (Score:5, Interesting)
This was both annoying as hell (plenty of syntax errors), and difficult to positively blame on mischief as:
The TSR was called <shift-space>.com and so a cursory perusal of the autoexec.bat would not reveal its presence, as shift-space just looks like a normal space (... but can be the name of a command)
IT spend an entire day trying to re-install Turbo Pascal, and the problem still persisted... (because it was in an independent TSR, not in the Turbo Pascal app itself)
Then, the next day, re-install of the entire system.
Another fun TSR one was the annoying keyboard beep. The TSR had a timetable of the classes build in, so that the keyboard click would be very short and almost unnoticable at the beginning of the class, and then gradually grew longer and longer during the class (first a faint click, than a more obvious click, and by the end of the hour an annoying beeeeeeeeeep). Fun thing is, as it was gradual, nobody really noticed when/how it started, but eventually that background noise was "just there"...
A, those were the days of highschool pranks...
how to write teh virus??? (Score:5, Interesting)
On any tech forum, including slashdot, you have wannabe haxx0rz who ask "how to write teh virus???" They never get a serious answer, obviously.
The OP (ed1023) thinks he can trick slashdot readers with some social engineering into thinking they're really helping someone this time by telling him "how to write teh virus???". Who knows, maybe he will succeed. Maybe he will write teh virus.