Question regarding future viruses ..

[Agent_Steal]

Nihil I think that the virus that you are talking about is called "W32.Winux" or also known as "W32/Lindose.2132". Please feel free to correct me if I am wrong.

W32.Winux is not a platform-independent virus. W32.Winux's initial injection point must be a Windows machine -- it cannot start by infecting a Linux box. Once it infects a Windows computer though, it starts looking for certain files under the Windows file system and the Linux file systems. When it finds what it's looking for, it opens files and inserts code.

It initially infects a Windows system and seeks out certain Windows files (PE file types, which include .exe files). W32.Winux's uniqueness stems from the fact that it doesn't stop there. After infecting a Windows system, W32.Winux then starts looking through the system for any known Linux files -- for instance, through shared file systems or remote drives. It looks through those for Linux ELF files, which also include Linux system binaries.

Here's a link to learn a little more about it ...
http://us.mcafee.com/virusInfo/defau...&virus_k=99060

Is this the virus which you were talking about ? Will it ever be possible for virus writers to create a collection of viruses which would be able to cripple the Net ? Or would that just be impossible ?

Seeing as technology increases every year and people wanting to have networked homes I think that this would just give a virus writer another challenge to create a virus which would create quite some chaos. Imagine waking up at 3:00 a.m. to hear your stereo blarring or you tv turned on ... I am probably going a little overboard but who can say that this will not be possible in a couple of years from now ...

[nihil]

Hi, Agent_Steal,

Well done! that is exactly the one I was talking about. April 2001, so I must have read the advisories about 2.5 years ago. I guess the only reason I remember it is because it was so unusual because of its cross platform capabilities. As the write up says it was "proof of concept" and not in the wild.

I do not think that crippling the Net will come from a complex cross platform virus. They would be too complicated to write and too big.

I think that the real danger lies in the structure of the Net itself? Looking back on personal experiences and what I have read (I am talking commercial/institutional environments here) what seems to happen is that one of these things attacks, spreads so far, then the sheer volume of traffic crashes the servers. In the past this has given us the breathing space to do the clean up and patching?

Over the last couple of years there has been a preponderance of mass mailers and network aware worms, exploiting vulnerabilities in operating systems. These spread very rapidly and have caused areas of the Net to collapse under the sheer volume. In a way they are more similar to DoS attacks in that they are more brute force and ignorance than guile and stealth.

So far (thank God!) no-one has managed to bring the two approaches together. The fact that the individual elements of the Net have been unable to cope with the traffic has, perversely, acted as a form of protection.

Today we have PCs running at 3GHz and everyone wants faster and faster connections (Cable, Satellite, ADSL) so we are infact creating an environment in which the scenario you suggest is more likely? We are providing the environment....it could not have happened in the days of 486s and 14.4 dial-up connections.

Home networking increases the number of infected machines as several recent mass mailers have also been network aware. If you and your brother both have separate machines, you won't be in his address book and vice versa? if you are both on a home network, that protection is gone?

To achieve the disaster you envisage would require subtly infecting a large number of machines Worldwide with a "sleeping" virus, then unleashing it simultaneously. This would crash the net, either through overload or by forcing admins to shut down.

If you want to see something really frightening, look up the analyses of the Magistr virus, in particular the one by Kaspersky Labs. There are some very competent bad guys out there

Just my £0.02

Sorry for the rant

Cheers

[PM8228]

I think that the real danger lies in the structure of the Net itself?

And Bill Gates wonders why he cant have a monopoly. One virus for all platforms. Hrm.....

To achieve the disaster you envisage would require subtly infecting a large number of machines Worldwide with a "sleeping" virus, then unleashing it simultaneously. This would crash the net, either through overload or by forcing admins to shut down.

The internet is a collection of everybody's computer that is connected in a huge network, WAN; basically a larger LAN. The difference is that to connect you need providers. Say you had a LAN setup like this...


Comp5
Comp6 - | - Comp3 - Comp2 - Comp1 ->Internet
Comp4

To disable this all you have to do is take down Comp1. The same idea is with the internet, take out major providers would basically cripple the internet. That is the downfall of commercializing the internet.

-Cheers-

PS: The network pic sucks.. Also, I've never administrated a network, but that does sound like a pain in the ass Nihil.

[nihil]

Hi PM8228,

I see what you are getting at and have read articles about various countries having hundreds of people working in their "cyberwarfare" departments.

That is a bit different to this thread?

1. It is targeted
2. It is funded
3. It requires considerable resources working as a team?

I think that Agent_Steals scenario is more of a "cluster bomb" than a sniping rifle? I think it will be more a case of ensuring that there are sufficient sources of infection distributed across the Net, than on specific targeting of strategic nodes.

My main reason for this argument is that I don't think that the bad guys are numerous enough or organised enough for global specific targetting. I just hope that I am right, as your scenario would obviously be much more efficient

Cheers