Question regarding future viruses ..
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Question regarding future viruses ..

  1. #1
    Senior Member
    Join Date
    Oct 2003
    Posts
    707

    Question regarding future viruses ..

    This is just something that I was podering for awhile. Could it be possible that in a couple of years from now virus writers create a virus which uses Steganography methods to hide itself? For example the virus resides and hides in data files like images, music, or movie files. I think that this would be a great technique for a virus to hide itself from detection. Also a very powerful method for the virus to be distributed.

    Lets just say a virus writer creates a virus uses steganography methods to hide the virus. The file is uploaded on to a P2P network. Where unsuspecting users download it. The file is downloaded, and then opened. Once opened the virus find a way to extract itself from the data file and begins its work. Another thing could it be possible for a virus writer to also incorporate his own steganography engine that would allow the virus to insert itself into a data file contained within the users drive? For example once the user has been infected to avoid detection the virus searches for a data file prefarable a music file to hide itself thus allowing it to do further damage. Now if this is possible that would open up the door to new key loggers,worms,trojans etc ... to be able to be hidden and propagated througout the internet in a more lethay way.

    Now that's just my own thoughts and I was just wondering what do you guys think ? ...
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  2. #2
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    That's not my biggest fear. Mine would be artificially intelligent virses which discover which attacks work against them and then rewrite thier own code to hide themselves better. Bring that concern to the level of paranoia, and one sees ens-of-the world type scenarions normall the realm of Isaac Asimov and Steven Speilberg.

    I think it would be tough to stegonagraphiocally hide them though, because at this point, I do not stegonagraphically embedded code can execute itslef unless it's decoded. But that could easil change.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  3. #3
    Senior Member
    Join Date
    Oct 2003
    Posts
    707
    Now A.I. viruses is something that I never thought about. As for A.I. virus methods I am thinking along the line of a virus which can learn and be able to adept to its residential environment in a system[s]. Like for example a virus which would be virtually able to take into account the operating system specs, type, programs being employed by that system etc ... This would allow the virus to be able to adjust its behaviour accordingly to the current environment in which it resides. For example, the virus would have the ability to quickly adjust to any new settings applied to the environment. New programs being installed,changed,deleted or even modified and updated. That I think would really change the playing field and give the virus a huge advantage. Except that if you take into cosideration the programming which would be required to produce a virus like that. That would be a feat in itself.

    Another method that I was thinking about as well would be a multi-protocol virus. Cause so far most current and modern viruses use either their own SMTP engines. Some might still use the classic MAPI class method but I doubt it. While their are other viruse that use the an advanced technique called API hooking. If you really notice a lot of these viruses use the main network protocols. I was wondering do you guys think that in the future or coming years people will decide to use other protocols such as: IPX/SPX ? NetBIOS ? or even SMB ? With more protocols to choose from it would allow the virus to further spread and infect more systems. Also making it more tricky to detect. Something real scary would be an artificial intelligence worm which uses steganography to conceal itself and uses its A.I. to propogate and defend it self againts Firewalls,IDS, A.V. products and maybe other things aswell. Not that I see it happening anytime soon its just something that I was just wondering about ...

    ------------------------------------------------------------------------------------------------------------------------
    In my opinion I compare viruses and anti-virus software to "Core Wars".

    "Core Wars is a game played by two or more programs (and vicariously by their authors) written in an assembly language called Redcode and run in a virtual computer called MARS (for Memory Array Redcode Simulator). The object of the game is to cause all processes of the opposing program to terminate, leaving your program in sole possession of the machine."
    Basically the point is that virus writers and a.v. software creators are always at war [ the battlefield is your computer,networks & the "Internet".] each always trying to outsmart one another. One developing new methods to do nothing but cause havoc while the other is a doctor doing his best to find new methods and cures to stop these attacks and doing his best to cure your computers in the process.

    To learn a little more about "Core Wars" just click on the link below:
    http://mcraeclan.com/Graeme/CoreWars.htm
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403

    Re: Question regarding future viruses ..

    Originally posted here by Agent_Steal
    Could it be possible that in a couple of years from now virus writers create a virus which uses Steganography methods to hide itself? For example the virus resides and hides in data files like images, music, or movie files. I think that this would be a great technique for a virus to hide itself from detection. Also a very powerful method for the virus to be distributed.
    This would basicly mean there's a flaw in the program used to view these files. This flaw would only be exploitable in this perticular viewer. Anybody using a different viewer wouldn't get infected. Unless both programs use the same flawed algorithm to decode the file.

    Most multimedia files like this cannot contain active content so it isn't going to happen. Unless offcource you use the formats MS creates. Alot of these allow active content and thus making them a potential virus carrier.

    Some virusses already use technics to hide themselves. To make detection difficult the virus is able te change itself (thereby changing it's 'signature'). This is called a polymorphic virus. Other virusses try to hide themselves once active. These are the stealth virusses. The worst ones use all of these technics.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Some virusses already use technics to hide themselves. To make detection difficult the virus is able te change itself (thereby changing it's 'signature'). This is called a polymorphic virus. Other virusses try to hide themselves once active. These are the stealth virusses. The worst ones use all of these technics.
    You forget "armored" viruses that employ certain techniques to prevent removal.

    Polymorphic and all those are not good, but as previously stated a virus with true AI would be.
    Now A.I. viruses is something that I never thought about. As for A.I. virus methods I am thinking along the line of a virus which can learn and be able to adept to its residential environment in a system[s]. Like for example a virus which would be virtually able to take into account the operating system specs, type, programs being employed by that system etc ... This would allow the virus to be able to adjust its behaviour accordingly to the current environment in which it resides. For example, the virus would have the ability to quickly adjust to any new settings applied to the environment. New programs being installed,changed,deleted or even modified and updated. That I think would really change the playing field and give the virus a huge advantage.
    Viruses already do that. that is not AI. That is what a good/many viruses will do. AI does not mean self modifying, self updates, searching for new exploits, no. AI is when a virus becomes self aware, then you have issues. If it could simulate human thinking, even to a limited extent that would make the problem so much harder. As my ecology teacher says, "Adapt, migrate or die." Most will die, but with limited AI, it will most likely have the first basic instinct, survival.

    -Cheers-


    PS: Kind of cool, but I do not think true AI has been developed yet.

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    What about virusus also designed to give false information to routers and scanners requesting patch level and antivurs update information. (Acticle here) This would knock the pants off Cisco's new "self-defending" networks, and it wouldn't be hard for them do do this to an unpatched system somehow, which are exactly the systems these networks defend against by not allowing access.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  7. #7
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Hi,

    The steganography approach has already been done? I seem to recall a proof of concept virus about 2 years ago called "runonce" or "onetime" or something like that. It was a .jpg but also had its own reader. It did work, but only on one computer, it could not replicate.

    I also remember a proof of concept virus that would attack NT4 and commercial Unix flavours, I cannot remember what it was called, but I was worried at the time because we were running Windows on the desktops but has Unix servers for Citrix and the e-mail system, and some of the apps.

    Nothing ever came of these, which I put down to the environment not being right at the time?

    The worst viruses are those that do things by degrees?.................corrupt a file every 37 minutes, randomly change "9" for "7" and so on. They are nibbling away at the system, so it could be one hell of a job to work out what restore you have to go back to. Obviously they reset their file data to the system date and time each time that they run.

    I am talking about commercial environments here.

    Just a few thoughts
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  8. #8
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    The steganography virus. Well, a word macro virus is kinda like that. The one that nihil is refering to is the closest thing that has been out there, but there was a major flaw in it. Like he said, the jpg had its own reader. If you didn't have the reader installed on your system, then you didn't get the virus.

    A jpg, mov, mp3, etc doesn't get executed, only read. When you "open" a jpg, you are actually running photoshop (or whatever image program shows you the picture). Same thing with mp3 and avi and etc, etc, etc.

    The second one that nihil mentioned, about the NT4/unix system exploited a little known feature on nt4/nix that isn't on 9x machines. Every file on NT has the ability to attach a second file to it. I don't remember the actual name of what it is called though. When you look at a directory list, you might see the file nakedchixor.jpg. But if you look at the properties of the file, you would see nakedchixor.jpg|something.exe. Now, every time, on an NT system, that you double click nakedchixor.jpg, you also run the linked file. So if this file was a virus... you get the idea. At least I think that is the one that nihil is talking about.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  9. #9
    Nihil, I always thought that most viruses written by companies would steal information or have trojan, then corrupt/destroy everything. After all, a competing company would gain much more from the information and destruction, then just destruction. I suppose the worst viruses are the ones that kill people, like ebola.

    -Cheers-

    PS: Ebola can not be transmitted via computer, so dont tweak Some people might think that and well... Lol

  10. #10
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Sorry, PM8228

    What I was trying to say was viruses that attack commercial systems. For example gradually screw up accounts payable, accounts receivable, inventory and so on. I was not thinking of "industrial espionage" viruses

    As private users all we need do is f-disk, reload and start again? In a commercial environment that is hardly an option?

    Something that gradually corrupts data over time is very difficult to recover from if you don't know when it started. Also if it runs for weeks or months before detection, you have one hell of a data cleansing task in front of you

    This is the kind of thing you might get from a disgruntled employee (very dangerous, they know the system) or a disgruntled customer?

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides