This is the first part (of many others to come) consisting of basic a introduction to different viruses, some terminology and other aspects required before starting to understand or write viruses.
A virus is (taken from Windows XP’s Help And Support Center):
A program that attempts to spread from computer to computer and either cause damage (by erasing or corrupting data) or annoy users (by printing messages or altering what is displayed on the screen).
But wait a second… to this definition is not correct from some points of view; for example we could place in this category also programs that only reproduce, parasite different files, and do not do damage to users data, or annoy them, except maybe for the disk usage…
But you should not confuse viruses with John von Neumann’s self-reproducing mathematical automata. Google for more information about it because it’s not part of our subject, or maybe I don’t want to get scientific and speak about it
What programs are connected to virology?
The abstract definition of viruses has become more abstract with the help of know-it-all antivirus programmers, which for some money integrated in there software Trojan / hoaxes / malware / backdoor removers, so anytime a antivirus product pops up with a notification of such a program being found on a computer, a normal user doesn’t get interested in this aspect and it’s concerned of being infected with a virus (disinterest, what else)!
But what is the difference between these programs? I’ll make for you a little list with some personal definitions ok so let’s start:
adware – belong to the malware category, besides spyware; it’s not a virus, it’s and application normally shifted alongside with other programs, it’s main role being to pop up, while your connected to the web, some ads. most of the time they get installed because you do not read the files accompanying different software which are free or get free doing some ads for big/medium/small companies.
spyware – these are the fierce animals of malware, they spy on you, but not the subtle way James Bond does, they get installed through different exploits and surveillance the websites you visit, personal information, etc. and send them to different firms (or government, NSA, FBI, CIA ?)
Trojan – Trojans are programs written for specific tasks, in this list we could include flooders (DoS), hidden proxy server, virus droppers, also for different purposes that antivirus vendors think that could do harm to other people’s data.
backdoor – a backdoor is a program which if it’s not released by an underground website could be called “˜Remote Administration Tool’, so it’s a tool that let’s you control, or do specific tasks on other computers; famous backdoor/Trojan backdoor clients (and server) are: BO2K, SubSeven, R3C, Insane Network.
virus – this one belongs to our subject, of course could it is well divided in more types of viruses, classified by language used to create them, how they infect, and what they infect.
worm – these programs/scripts also belong to virology (think so?!) because they also have the basic concept of viruses (parasites, worms. ring a bell?) to spread, beautifully, widely, and all other fancy adjectives you can find.
The “first” virus
Sometime in the early 1970s, the Creeper virus was detected on ARPANET a US military computer network which was the forerunner of the modern Internet. Written for the then-popular Tenex operating system, this program was able to gain access independently through a modem and copy itself to the remote system. Infected systems displayed the message, ‘I’M THE CREEPER : CATCH ME IF YOU CAN.’
Shortly thereafter, the Reaper program was anonymously created to delete Creeper. Reaper was a virus: it spread to networked machines and if it located a Creeper virus, Reaper would delete it. Even the participants are unable to say whether Reaper was a response to Creeper, or if it was created by the same person or persons who created Creeper in order to correct their mistake.
And now a list of the first viruses “to be the first”:
1981 :: Elk Cloner – Boot sector virus
1986 :: Brain – Stealth file virus
1986 :: Virdem – DOS COM file infector
1987 :: Suriv-1 – DOS COM real time file infector
1987 :: Suriv-2 – DOS EXE file infector
1987 :: Suriv-3 – DOS COM & EXE file infector
1987 :: Cascade – Encrypted Virus
1987 :: Christmas Tree Worm – Worm (Internet Virus)
1988 :: Morris Worm – Worm which used exploits against Unix system to spread
1990 :: the Chameleon family – A polymorphic virus family
1991 :: Tequila – A polymorphic boot virus
1991 :: Dir II – The one and only virus to use link-technology
1992 :: Win.Vir_1_4 -Windows virus
1994 :: Shifter -OBJ file infector
1994 :: ScrVir-a – C and Pascal source code files infector
1995 :: Winstart -BAT file virus
1996 :: Boza – Windows 95 virus
1996 :: OS2.AEP – OS/2 EXE file infector
1996 :: Laroux – Excel virus
1997 :: Linux Bliss – Linux virus
1997 :: ShareFun – Macro virus spreading through mail, with MS Mail
1997 :: Homer – Worm that used FTP to propagate
1997 :: Win95.Mad – Self-encrypting Windows 95 virus
1998 :: Win95.HPS and Win95.Marburg – Windows polymorphic viruses
1998 :: Cross – Multi-platform virus, infected MS Access and Word files
1998 :: Triplicate (Tristate) – MS Word, Excel and PowerPoint file infector
1998 :: Red Team – EXE infector virus, spreading through Eudora
1998 :: Java.StrangeBrew – Java web application virus
1999 :: Happy99 (Ska) – Modern-Day Worm
1999 :: SK; – HLP file infector virus
1999 :: Melissa – Word Macro virus incorporating Internet Worm functionality
1999 :: Gala – Corel Draw, Photo-Paint, Ventura file infector
1999 :: Bubbleboy and KakWorm – Worms spreading through IE vulnerabilities
1999 :: Babylonia – Worm with remote self-rejuvenation (don’t get scared by the term, it means that it automatically downloaded new versions of it)
2000 :: Inta – Windows 2000 file infector
2000 :: LoveLetter – Script Virus to break Guiness Book record
2000 :: Star – AutoCAD package virus
2000 :: Jer – Internet Worm using social engineering and mass marketing to get user to let them be infected
2000 :: Liberty – PalmOS virus
2000 :: Stream – ADS and NTFS filesystem viruses
2000 :: Fable – PIF file infector
2000 :: Pirus – PHP Script virus
2000 :: Hybris – Worm with self-rejuvenating based on a 128-bit RSA key
2001 :: Mandragore – Gnutella file-sharing Internet Worm
2002 :: LFM and Donut – .NET Framework viruses
2002 :: Spida – SQL Server worm
2002 :: Benjamin – Kazza file-sharing network worm
2003 :: Slammer – Fileless Worm with flash-worm capabilities
Wow. that’s quite a long list, don’t you think? And it isn’t all; if you want to see it all, then go to viruslist and read all the history of malware, and then surely you can say that this list is even to small = )
I think that we should classify viruses so we will now better about which kind of viruses we speak. you’d probably seen in the list different classifications, but it’s time we clearly point them out (of course this is my personal classification, agree with it or not, it’s your choice):
By what they infect
- Binary File Infector
In this category we will include the classic ones: exe, com, obj file infectors; plus the CAD, Corel and any other weird (?_?) extension virus we can find.
- SourceCode File Infectors
As you would imagine, in this category will be included viruses that infect source code files Pascal, C, etc. Think that I know a couple or two of this type.(?)
- BOOT Sector Infectors
Simple, complex, tiny and all other boot sector viruses will be part of this category. P.S. I hate doggie-B
- MS Office Infectors
We all have heard of them, laught about them, though they were dead, but we all know that they are extremely dangerous viruses. yes I’m talking about macro viruses, that populate Word, Excel, PowerPoint, Access.
- Script Infectors
And finally our last category dedicated for the viruses which infect script files like js, vbs, mrc and inject themselves into html files including a
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths. Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands. LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks. Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS. APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs. GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc