Why has no-one made THIS virus?

Factual Questions
1

Okay, so I’ve been typing away all day, making a new virus. (Not really, it’s all fiction. Just go with this paragraph). It’s based upon the idea of 6 degrees of seperation email-stylee - that is, you can get to anyone’s email address in six steps.

Now, assume I want to hack into someone’s computer - let’s say Mr Super-Rich, and get his credit card details. I send out an email with my virus on it. The virus does nothing, except attach itself to every email that is sent, and when it reaches a new computer it does exactly the same thing. Eventually, it will reavh Mr Super-Rich’s computer, where it takes his credit card details, sends them back to me, and then sends some sort of signal to all my unsuccessfull virus’ telling them to self-destruct.

This virus has the advantage of no-one knowing about it - the virus doesn’t actually DO anything to most users, and wouldn’t slow the system down significantly because it is piggy-backed on the end of existing emails sent, rather than sending out hundreds of emails at once. It would also be hidden from the victim, because it would do nothing to Mr Super-Rich either, simply send all his money to me!

I presume there is a very good reason (accepting the deterrent of a long time in jail) why no-one clever chap has done this, but I can’t think of one. What do you chaps think - why hasn’t some unscrupulous chap done this?

I just want to add that I have neither the expertise or the time to write a virus like this, and I’m sure it doesn’t need to be re-itterated that it is a BAD thing to do- I’m just wondering about the logistics of it, that’s all.

2

And yes, the profusion of chaps should re-iterate how rubbish I am at programming - if I can’t string a sentence together, how am I supposed to string a virus together?

3

AFAIK a virus cannot operate in this totally benign way. For it to propagate it must fool the recipient into executing some code, e.g. by opening an attachment, so that it can install itself on their machine. Most people are hopefully suspicious of doing this and more recent email software less likely to do it automatically by default.

4

Well there’s a few things preventing that from happening.

First of all your virus will be doing something.
Quite a bit actually

It needs to check if it is on Mr. Super Rich’s computer. It can only do this by actually doing something right ?

You might try and make it so that it just sits there and waits for the words “I am Mr Super Rich ha ha ha” to be typed in perhaps.
It would then know for sure it was on Mr. Super Rich’s PC.
This would require it to be Memory Resident. (not not not good to avoid detection)

You might have it so that it scans the HDD and looks for a folder titled “Mr_Super_Rich’s_Really_Exclusive_Porn_Stash_that only super_rich_people_have_access_to_because_it_features_gold enammeled_women_doing_emerald-encrusted_things_to_the_sapphire_delivery_boy”.

It would then know for sure it was on Mr. Super Rich’s PC right ? In order for it to do this it have to execute a search. Another action.

Bear in mind that it also has the secondary action of adding itself to emails … this requires it to be activley doing stuff.

It will also include a search function to harvest the credit card number. At it simplest just a search hoping that Mr Super Rich is going to write a document containing the text “My CC details”. More advanced you might have a little key capture routine or maybe some scripts to pick up on browser activity.

Also your virus is going to most likely need its own SMTP engine or an engine of some sort to get that information back to you.

Its also needs a way to send a message to every computer it infected AND it needs a self distruct sequence.
So your Virus , which we are going to classify as what is known as a Trojan, is already a pretty complicated piece of kit. (Mind you all of this could be done with a tiny tiny footprint) and there are a whole lot of possible points of failure along the way.

All of this DOing Stuff is going to raise the hackles of any AV software.

Newer versions of Outlook will spot the “append me to all outbound email” action and alert the user

Email filters will pick up your code

Virus checkers will also pick up on the rogue code.

Most filters and AV checkers now incorporate Heuristics , which means that anything that acts in a “Virus Like” fashion will be picked up and dealt with.

Remeber you have no control over where your threat will go.
This would work if two simple criteria are met.

Everyone (including Mr. SR) who recieves the email has no email filter or virus checker or firewall. (sending outbound insructions and data)

Mr. Super Rich is incredibly dumb.

Wouldnt it be simpler to just go through his trash to find a CC receipt ?

Maybe even get a waiting job at his favourite restaurant ?

If all else fails how about just asking him for a loan ?

The more I think about this the more ways I am actually coming up with to circumvent protection measures…hmmmmm… thabnks fo rthe idea :slight_smile:

5

How would a virus recognise Mr Super-rich’s computer as different from all the others it passes through? If you know enough about it to program the virus you probably have access anyway, and don’t need it.

It would be pretty risky. It would contain your own details, making it very easy to trace back to you.

6

Now Peter that’s just dumb.

Why would it contain creator details?

Lets operate from the principle that our virus creater by the very fact that he can code the thing knows how to cover his tracks.

Lets take an example .

creater opts not to include his email address in the code.

How will he get the info ?

Lets have our code submit its findings to a website say.

How you gonna trace him now ?

Check website access ?

He’s a spoofin’ piece of know it all using anomlysiers and a stolen GRIC dialler to access the site. How you gonna get him now ?

Thats just one possible way.

If he can code this well , you’re right , he will know other ways to get the info, but lets look at this as the theoretical exercise it is.

And I already addressed one possible way for the code to know when it resided on Mr SR’s box.

Hey Stig , maybe you could qualify your question with some variables and assumptions. Maybe we could make Mr. SR super paranoid or super IT savvy and see if we cant figure a way to relieve him of a few K .

7

I figure Mr SR would just be running XP with your basic virus checker and a firewall of some description, along with Outlook doing its business. Neither paranoid nor a luddite, just taking standard precautions against virus’ and the such.

I would presume the programmer JUST knows the name, and probably the city, in which the guy lives. Would the trojan be able to have a look in the computer to see if it belongs to a Mr Super Rich in Boston? Is there a place where address details for a computer SHOULD be?

But as for the “virus-like activity” mentioned above, this rather knackers the whole plan, doesn’t it? Or can these kinda things be circumvented?

How about building in something that destroys a virus checker? Before th checker can act, the code is changed so that it doesn’t look for MY virus? Can THAT be done?

8

Sorry to hijack, but Stig, that is the coolest username I’ve seen in a long while. :slight_smile:

9

GQ shall be of no further help in explaining circumvention techniques.

This is closed.

-xash
General Questions Moderator