THE UNIX VIRUS CHILDRENS MANUAL - Silvio Cesare CONTENTS -------- IMPROVING THIS MANUAL WHAT IS A VIRUS? WHAT CAN A UNIX VIRUS DO? WHAT CAN A WINDOWS VIRUS DO? WHAT DO UNIX VIRUS'S LOOK LIKE? IMPROVING THIS MANUAL --------------------- For any comments or suggestions (even just to say hi) please contact the author Silvio Cesare, . This paper already has future plans to include more parasite descriptions and more parasite teqniques. Plus, i plan on writing a POP-UP book about virus's and how wonderful virus's are. WHAT IS A VIRUS? ---------------- A virus is code that infects program files, critical files, processes, ELF's, and mission critical data. Here are some pictures to help you :) (Parents: please take time to discuss the pictures, preferably to keep them from getting scared) A WAREZ infector (The BoW virus): _||||||||||||||||||||||||_ / \ / \_/ \ | \____ _____/ | | / o /\ /\ o \ | | \___/ \___/ | | /\ | \ ______________________ / \_ .____| | | |____. _/ \ |___| |___| / \______________________/ _____| |_____ / \ | | | / __________ \ | |\/\/\| I LUV BOW! |\/\/\| | ~~~~~~~~~~ | | | < > ( b0rn 2 1nf3ct! ) \__________________/ Notice, the very sharp hands, and very big head, which contains million s and zillions of program code to infect your system and make it sick. An ELF infector virus (Clifford The Big Red Virus): /-------------\ | , | | O ^ o | [| M |] | U | \___________/ | | | | | | / \ \ \ \ / \ / \ |/ \ | \ \ | \|\ // | \ / \ / \ \ / \ Notice it's U shaped mouth, which acts as a suction cup. Also, notice its many many tenticles! They are used to spread throughout your system very very quickly, and can cause it to instantly die! This is a naughty virus. One drawback of this virus, is it is: 1) Very hard to program 2) Has poor eye site (notice there are no pupils) A windows virus (The BLOB!): _____________________________ ( ) ( ) ( Memo to Sandy: ) ( Hey Sandy ............. ) ( ) (!!!!!!!!!!!!!!!!!!!!!!!!!!!!!) ( O o O o O o O o O o O o O o ) ( o O o O o O o O o O o O o O ) ( O o O O o o O o o O O o O o ) ( \/\/ \/\/\/\/ \/\/ \/\/\/ \/) ( @ ) ( /\ /\/\/\ /\/\/\/\ /\/\/\/\ ) ( O o O o O o O o O o O o O o ) ( o O o O o O o O o O o O o O ) ( O o O O o o O o o O O o O o ) (!!!!!!!!!!!!!!!!!!!!!!!!!!!!!) ( ) ( Aol, no wonder it's #1 ) ( Text file! ) (_____________________________) This virus is very hard to detect. Notice how the nasty mean angry part of the virus is in the middle, while outside of the virus, it just looks like a regular file! This virus has many eyes, and viscious teeth ! It can trick Norton's, and so forth. The gH virus (LamegHost): , ; , .-'"""'-. , ; , \\|/ .' '. \|// \-;-/ .. \-;-/ // ; ; \\ //__; :. .; ;__\\ `-----\'.'-.....-'.'/-----' '.'.-.-,_.'.' '( (..-' '-' This virus turns your operating system into a flood network, to DoS people on irc, it also downloads rootshell.com and hack.co.za directly to your box, and then loads a backdoor into every daemon in inetd. Very naughty virus, it was used on whitehouse.gov. That sums up the intro, on to WHAT CAN A UNIX VIRUS DO? WHAT CAN A UNIX VIRUS DO? -------------------- Virus's are very fascinating, their very existance is superior to that of the mind controling human. A UNIX virus can do basically anything with the correct privledges. ME UNIX o o <- [ Can i have ] 01010101010100 -> [ Why yes ] _\ [ ROOT access] 01010101010100 [ you may.] . . [ please ? ] 01010101010101 \____/ 01010101010011 01010110101010 Once you have the correct permissions, here's what you can do: Infect many processes on the system: _____ .' '. / O o \ | | | \ / | \ '---' / '._____.' _____ _____ .' '. .' '. / O o \ / o O \ | | | | | \ / | | \ / | \ '---' / \ '---' / '._____.' '._____.' _____ _____ _____ .' '. .' '. .' '. / O o \ / O O \ / o O \ | | | | | | | \ / | | \ / | | \ / | \ '---' / \ '---' / \ '---' / '._____.' '._____.' '._____.' _____ _____ _____ _____ .' '. .' '. .' '. .' '. / o o \ / o O \ / O o \ / o o \ | | | | | | | | | \ / | | \ / | | \ / | | \ / | \ '---' / \ '---' / \ '---' / \ '---' / '._____.' '._____.' '._____.' '._____.' This shows how the virus's spread. Look at each ones eyes, they differ from the other. This is what we call maximum stealthism! It makes it hard for virus detectors to find the virus's. Backdoor the systems: (telnet system 31337) (*:backdoor LISTEN) hacker system O -> [] -> |----| < | - | |\ |____| A hacker (yourself) can gain access to a system, and run even more virus. Running many virus's is called a "parade" amongst us virus writers. Destroy your system: $ ls fork():unable to fork new process THE SANDMAN VIRUS HAS YOUR WEAK SOUL THE SANDMAN VIRUS HAS YOUR WEAK SOUL THE SANDMAN VIRUS HAS YOUR WEAK SOUL THE SANDMAN VIRUS HAS YOUR WEAK SOUL THE SANDMAN VIRUS HAS YOUR WEAK SOUL THE SANDMAN VIRUS HAS YOUR WEAK SOUL Rewriting MBR...done Removing init...done Removing /usr/bin/printf..............done Rebooting! This virus hides, waiting, forever if it hasto, then, when all recources are used up, BAM!!!!!!!!!!!! IT DESTROYS YOUR SYSTEM. Expose you to vile paraphanalia: @@@ @. .@ @\=/@ .- -. o /(.|.)\ | \ ).( / 8======D~~ '( v )` |\ \|/ (|) '-` This virus randomly prints pornographic ascii images to your console. In conclusion, a unix virus can do anything to your system. Onto the next section WHAT CAN A WINDOWS VIRUS DO? WHAT CAN A WINDOWS VIRUS DO --------------------------- Windows95/98 VIRII are very different from UNIX VIRII (VIRII meaning VIRUS plural). The most popular of Windows95/98 VIRII can be found at www.virusexchange.com. Some examples of what Windows VIRII can do are: Mess with financial software databses like the Divinci virus. Delete all of your HTTP cookies. Delete your system using the deltree command. Run netbus or back orifice on your system, and make it impossible to remove. Make copies of itself, go into stealth mode, and permutate ( increase their existance ) themselves like rabbits onto your system. Alter the memory of another process on your system. ex: Altering notepad when writing critical notes to your friends in elementary school. Get all of the buddies on your buddy list and send them the trojan, this happened with the famous internet worm by Robert Morris. Turn your system into a WAREZ server. Get credit card information for your system. Change your bootup system image (to a pornagraphic one, you will likely get grounded, happyhacker.org teaches you howto do this). Change the shutdown system image (to a pornagraphic one, you will likely get grounded, happyhacker.org teaches you howto do this). Make really loud annoying sounds at night. Ok, that is the end of this section, onto WHAT DO UNIX VIRUS'S LOOK LIKE? Parents: Review this material with your children, three times through. WHAT DO UNIX VIRUS'S LOOK LIKE? ------------------------------- Unix virii are hard to spot, this section gives you some info on howto spot them and write them for fun. Smiley the Virus: _____ .' '. / O o \ | | | \ / | \ '---' / '._____.' Dalnet, the Virus: @@@ @. .@ @\=/@ .- -. o /(.|.)\ | \ ).( / 8======D~~ '( v )` |\ \|/ (|) '-` (NOTE: This is how DALNET got its name) The gH virus (LamegHost): , ; , .-'"""'-. , ; , \\|/ .' '. \|// \-;-/ .. \-;-/ // ; ; \\ //__; :. .; ;__\\ `-----\'.'-.....-'.'/-----' '.'.-.-,_.'.' '( (..-' '-' (NOTE: Used in the incredible whitehouse.gov defacement) An ELF infector virus (Clifford The Big Red Virus): /-------------\ | , | | O ^ o | [| M |] | U | \___________/ | | | | | | / \ \ \ \ / \ / \ |/ \ | \ \ | \|\ // | \ / \ / \ \ / \ A WAREZ infector (The BoW virus): _||||||||||||||||||||||||_ / \ / \_/ \ | \____ _____/ | | / o /\ /\ o \ | | \___/ \___/ | | /\ | \ ______________________ / \_ .____| | | |____. _/ \ |___| |___| / \______________________/ _____| |_____ / \ | | | / __________ \ | |\/\/\| I LUV BOW! |\/\/\| | ~~~~~~~~~~ | | | < > ( b0rn 2 1nf3ct! ) \__________________/ Enourmous Penis Virus (Aka, Big John): 8====================================================================== =============================================================================== =============================================================================== =============================================================================== =============================================================================== =============================================================================== =============================================================================== =============================================================================== =============================================================================== =============================================================================== ======================================D (NOTE: This virus fills up your file system, quickly) The Million Man March (Aka Lots`o`penis): 8========D~~~ 8========D~~~8========D~~~8========D~~~8========D~~~8========D~~ ~8========D~~~8========D~~~8========D~~~8========D~~~8========D~~~8========D~~~ 8========D~~~8========D~~~8========D~~~8========D~~~8========D~~~8========D~~~ 8========D~~~ 8========D~~~ 8========D~~~ 8========D~~~ 8========D~~~ 8====== ==D~~~ 8========D~~~ 8========D~~~ 8========D~~~ 8========D~~~ 8========D~~~8 ========D~~~ 8========D~~~ 8========D~~~ 8========D~~~ 8========D~~~ 8==== ====D~~~ 8========D~~~ 8========D~~~ (NOTE: This virus fills up NFS nodes) See you next time! And remember, VIRII ARE FUN! :-D