💾 Archived View for spam.works › mirrors › textfiles › virus › cpivirus.txt captured on 2023-06-16 at 21:01:50.

View Raw

More Information

-=-=-=-=-=-=-

               Computer Viruses - A Protagonist's Point Of View
           -----===] CORRUPTED PROGRAMMING INTERNATIONAL [===-----
 
                            == CPI Newsletter #1 ==
                    [ Article Written By Doctor Dissector ]
                           Released : June 27, 1989
 
                           Call The CPI Headquarters
                                 619-566-7093
                        1200/2400 Baud :: Open 24 Hours
 
 
 
                              [1.1] Introduction:
                              -------------------
 
      Welcome  to  "Computer  Viruses  - A Protagonist's Point Of View." This 
 letter,  perhaps  the  beginning of a small newsletter. Well, this "letter," 
 is  written  by  one person right now, maybe I'll get some people to send in 
 more  info,  ideas,  and  examples  to CPI. If you would like to contribute, 
 please  upload  text  files to CPI Headquarters (see heading for number) and 
 leave a note to me telling me you are contributing to our magazine.
 
      Well,  as  an  overview,  this  article will cover a few topics dealing 
 with  viruses; however, there will be no examples covered as we are short of 
 programmers  at  the  moment. That reminds me, if you would like to become a 
 member  of  CPI, fill out the accompanying text file and upload it to CPI HQ 
 as  an upload to the Sysop, then leave me and the Sysop some mail to tell us 
 you  registered  to  become  a  member.  We  will get back to you as soon as 
 possible.
 
      The  purpose  of  this  magazine  is  to expand and broaden the general 
 computer  user's  view and knowledge of the dreadful computer Virus, as well 
 as  a  bit  on  Trojans  (not  the hardware, the SOFTWARE!). Then, after the 
 knowledge  of  these  computer  crackers  is  better  understood, the second 
 purpose  of  this  newsletter  is  to  teach  both methods of developing and 
 executing  a  better  virus/trojan.  We, VRI, feel viruses and trojans are a 
 vital  part  of  the  computer  world,  and should stand along the trades of 
 hacking,  phreaking, cracking, pirating, and pyro as an equal, not something 
 to be looked down upon (unless you are hit by one...).
 
      In  the  future,  we  hope CPI will grow and spread, just like a virus, 
 and  encompass  a large domain of the crackers, hackers, and other elite out 
 there  so  that  the  life  of  this group will be maintained, and that this 
 newsletter,  hopefully,  won't  be  the only issue to be released during the 
 group's existence.
 
                                             Doctor Dissector
                                             CPICV Editor/ANE Author
 
 
      Table Of Contents-
 
     Phile    Subject                                  Author
     -----    ---------------------------------------------------------
      1.1     Introduction & Table Of Contents.........Doctor Dissector
      1.2     Viruses- What, Where, Why, How...........Doctor Dissector
      1.3     Aspects Of Some Known Viruses............Doctor Dissector
      1.4     Ideas For Future Viruses.................Doctor Dissector
      1.5     Suggested Reading........................Doctor Dissector
      1.6     Conclusion...............................Doctor Dissector
      1.7     CPI Application..........................Doctor Dissector
     ----------------------------------------------------------------------
     
                      [1.2] Viruses- What, Where, Why, How
     
     
          If  you  are a beginner in this field, you may be curious to what 
     a  virus/trojan  is.  Perhaps  you heard about it through some BBS, or 
     known  someone  who had their system crashed by one. Well, this is for 
     you.
     
          In  the  Trojan  War,  way  back  when,  there existed the Trojan 
     Horse,  right? Well, nowadays, there is a modern version of the Trojan 
     Horse  existing  is  software.  The  modern, computer, Trojan horse is 
     really  simple,  a psychedelic hacker implants destructive code into a 
     normal  (or  fake)  file.  This modified/fake file, when executed will 
     destroy  or  remove  something  from the host computer, usually format 
     the  hard  drive,  delete all files, or something similar. In order to 
     distribute  the corrupt phile, the hacker goes and does one or more of 
     various  things;  depending on how deranged this individual is (hehe). 
     These things are covered in the following section.
     
          A  virus,  in  normal  terms  is an organism which spreads malign 
     from  one  host  to  another,  transmitting  itself through biological 
     lines  so  that  both  the  previous  host  and the future host become 
     infected  with  the virus. Today, there are computer viruses, and just 
     like  biological viruses, they spread from file to file, host to host, 
     infecting  everything  it  "sees."  These  computer viruses can either 
     destroy  the  code  it  infects immediately, or over a period of time, 
     corrupt  or  damage  the  host  system it thrives upon. For example, a 
     virus  hidden in a file on a BBS could be downloaded to a host system. 
     Then,  the  user  who  downloaded it executes the file, which executes 
     normally  (as  seen  by the operator), but at the same time, the virus 
     attacks  other files, and infects them, so that each file owned by the 
     user  becomes  infected  with the virus. Then, at a given time or when 
     something  is fulfilled by the host system, the virus becomes a trojan 
     and  destroys,  encrypts, or damages everything available, infected or 
     un-infected.  In  general,  a  virus is a timed trojan that duplicates 
     itself  to  other  files,  which, in effect sustains the virus's life-
     span  in  the  computer world, as more host systems are infiltrated by 
     the disease.
     
          Now  that  I've given you a description of the computer virus and 
     trojan, we can go onto more complex things... well, not really...
     
          Ok,  now, let's trace the life of a virus. A virus/trojan is born 
     in  the  mind  of  some  hacker/programmer  that  decides  to  develop 
     something   out   of   the   ordinary,  not  all  viruses/trojans  are 
     destructive,  often, some are amusing! Anyway, the hacker programs the 
     code  in  his/her  favorite  language;  viruses  can be developed with 
     virtually  any  language,  BASIC,  Pascal,  C, Assembly, Machine Code, 
     Batch  files,  and  many  more. Then, when the disease is complete and 
     tested,  the  hacker intentionally infects or implants the code into a 
     host  file,  a  file  that  would be executed by another un-suspecting 
     user,  somewhere  out there. Then, the hacker does one or more of many 
     things  to  distribute  his  baby.  The hacker can upload the infected 
     file  to  a local BBS (or many local/LD BBS's), give the infected file 
     to  a  computer  enemy,  upload the infected file to his/her workplace 
     (if  desired...hehe),  or  execute  the  phile  on  spot,  on the host 
     system.  Then,  the virus, gets downloaded or executed, it infiltrates 
     the  host  system,  and  either  infects  other  files, or trashes the 
     system  instantly.  Eventually,  the infected system's user gets smart 
     and either trashes his system manually and starts fresh, or some mega-
     technical  user  attempts  to recover and remove the virus from all of 
     the  infected files (a horrendous job). Then, the virus dies, or other 
     host  systems that were previously infected continue, and accidentally 
     upload  or  hand out infected files, spreading the disease. Isn't that 
     neat?
     
          Now,  to  answer  your  questions;  I  already  explained  what a 
     virus/trojan  is  and  how they are developed/destroyed. Now, where do 
     these  suckers come from? Why, some hacker's computer room, of course! 
     All  viruses  and  trojans  begin at some computer where some maniacal 
     hacker  programs  the  code  and implants it somewhere. Then, you ask, 
     why  do they do this? Why hack? Why phreak? Why make stupid pyro piles 
     of  shit?  Think about it... This is an ART! Just like the rest. While 
     Hacking  delivers  theft  of  services,  Phreaking  delivers  theft of 
     services,  Cracking/Pirating  delivers theft of software and copyright 
     law  breaks,  Pyro  delivers  unlawful  arson/explosives,  Viruses and 
     Trojans  vandalize  (yes,  legally  it is vandalism and destruction of 
     property)  computer  systems  and  files. Also, these are great to get 
     back  at arch-computer enemies (for you computer nerds out there), and 
     just  wreak  havoc  among  your computer community. Yeah, PHUN at it's 
     best...
     
     ----------------------------------------------------------------------
     ----------------------------------------------------------------------
     
                       [1.3] Aspects Of Some Known Viruses
     
     
          Many  viruses  have  been  written  before and probably after you 
     read  this article. A few names include the Israeli, Lehigh, Pakistani 
     Brain,  Alameda,  dBase,  and  Screen.  Keep in mind that most viruses 
     ONLY  infect COM and EXE files, and use the Operating System to spread 
     their  disease.  Also,  many viruses execute their own code before the 
     host  file  begins  execution,  so  after  the virus completes passive 
     execution  (without  "going  off")  the  program will load and execute 
     normally. 
     
          Israeli  - This one is a TSR virus that, once executed, stayed in 
     memory  and  infected  both COM and EXE files, affecting both HARD and 
     FLOPPY  disks.  Once  executed, the virus finds a place to stay in the 
     system's  memory  and upon each execution of a COM or EXE file, copies 
     itself  onto the host phile. This one is very clever, before infecting 
     the  file,  it  preserves  the  attributes  and date/time stamp on the 
     file,  modifies  the  files attributes (removes READ only status so it 
     can  write  on it), and then restores all previous values to the file. 
     This  virus  takes very little space, and increases the host file size 
     by  approximately  1800  bytes.  The trigger of this virus is the date 
     Friday  the  13th.  This  trigger will cause the virus to either trash 
     the  disk/s  or delete the files as you execute them, depending on the 
     version. Whoever wrote this sure did a nice job....
     
          Lehigh  -  This one infects the COMMAND.COM file, which is always 
     run  before bootup, so the system is ready for attack at EVERY bootup. 
     It  hides  itself  via  TSR type and when any disk access is made, the 
     TSR  checks  the  COMMAND.COM  to  see  if  it is infected. Then if it 
     isn't,  it  infects  it,  and  adds  a  point to its counter. When the 
     counter  reaches  4,  the  virus  causes  the disk to crash. This one, 
     however,  can be stopped by making your COMMAND.COM Read-Only, and the 
     date/time  stamp  is  not  preserved,  so  if  the  date/time stamp is 
     recent,  one  could  be  infected  with  this  virus.  This  virus  is 
     transferred  via  infected  floppy disks as well as a clean disk in an 
     infected  system.  It can not infect other hosts via modem, unless the 
     COMMAND.COM is the file being transferred.
     
          Pakistani  Brain  -  This one infects the boot sector of a floppy 
     disk.  When  booting off of the disk, the virus becomes a TSR program, 
     and  then  marks  an  unused portion of the disk as "bad sectors." The 
     bad  sectors,  cannot be accessed by DOS. However, a disk directory of 
     an  infected  disk  will show the volume label to be @ BRAIN. A CHKDSK 
     will  find  a few bad sectors. When you do a directory of a clean disk 
     on  an  infected  system, the disk will become infected. The virus has 
     no  trigger  and  immediately  begins  to mark sectors bad even though 
     they  are  good. Eventually, you will have nothing left except a bunch 
     of  bad  sectors  and  no  disk  space. The virus itself has the ASCII 
     written  into  it with the words "Welcome the the Dungeon" as well the 
     names  of  the  supposed  authors of the virus, and address, telephone 
     number,  and  a  few  other  lame  messages.  To inoculate your system 
     against  this  virus,  just type 1234 at byte offset location 4 on the 
     boot track (floppy disks).
     
          Alameda  -  This  virus  also infects the boot sector of the host 
     system.  It  is  very  small  and  inhabits  ONE sector. This one only 
     damages  floppy  disks.  If  you  boot from a diseased disk, the virus 
     loads  itself  into  HIGH memory and during a warm boot, it remains in 
     memory  and  infects  any  other  clean disks being booted from on the 
     infected  system. It then replaces the boot track with the virus track 
     and  replaces  the  boot  track  on the last track of the disk, so any 
     data  located  on  the  last  track  is  corrupted.  All  floppy disks 
     inserted  during  reboot can catch this virus. This virus only infects 
     IBM PC's and XT's, however, it does not infect 286's or 386's. 
     
          dBase  -  This  one is a TSR virus that works in a manner similar 
     to  the  Israeli  virus. It looks for files with a DBF extension, then 
     it  replicates  itself in all DBF files, preserving file size, and all 
     attributes.  After  the  first  90  days, the virus destroys your file 
     allocation  table  and  corrupts all data in the DBF files. This virus 
     creates  a  hidden  file,  BUG.DAT that indicates the bytes transposed 
     (in  order to preserve file specifications). Run a CHKDSK to make sure 
     you  don't  have  any  extra  hidden  files or a BUG.DAT in your dBase 
     directory.  If  you  create a BUG.DAT file manually in your directory, 
     making it read-only, you will be safe from this virus.
     
          Screen  -  This  one  is  another TSR virus that comes on and off 
     periodically.  When  it is on, it examines the screen memory and looks 
     for  any  4  digits  starting at a random place on the screen. Then it 
     transposes  two  of  them,  this is not a good thing. It infects every 
     COM  file  in  your  directory, HARD and FLOPPY disks can be infected. 
     You  can  use  a  ASCII  searcher  to  check  if  you  are infected by 
     searching  for  "InFeCt"  in your COM files. If you have this written, 
     read  the  4  bytes immediately preceding it and overwrite the first 4 
     bytes  of  the program with their value. Then, truncate the program at 
     their  stored  address. You will rid yourself of this virus. Make sure 
     you use a clean copy of you editor for this.
     
          Other  viruses  include  MAC, AMIGA, and many other environments. 
     By  the way, other computer systems other than IBM/DOS may become part 
     of CPI if you qualify.
     
          Anyway,  these  are  a few viruses I have read on and thus passed 
     the  information  to  you, I hope you can learn from them and get some 
     ideas for some.
     ----------------------------------------------------------------------
     
                         [1.4] Ideas For Future Viruses
     
     
          Since  I  have  covered  viruses  already in existence, lets talk 
     about  viruses that can or may exist in the near future. These are not 
     even   close   to   half  the  ideas  possible  for  destruction  with 
     trojans/viruses  available,  but  will  pose as a challenge to you who 
     are short of ideas.
     
          CSR  Virus  - A CMOS Stay Resident VIRUS that will implant itself 
     in  the  CMOS  memory of the AT (286/386/486?) which will execute upon 
     every bootup. This one would be VERY nice.
     
          Failsafe  Virus  - Preserves ALL attributes, Preserves file size, 
     remains  TSR  but hidden to TSR location programs, Modifies attributes 
     to  get  around  Read-Only  files, Infects ALL files (Not only COM and 
     EXE),  encrypts  all  data  on  trigger  (irreversible)  but preserves 
     original file size/attributes.
     
          Format  Virus - A virus which is TSR and when a DOS format or any 
     other  FORMAT  type  of call is called, will FORMAT every other track, 
     but will not allow DOS to notice.
     
          Write  Virus  -  A  virus  that  intercepts  write to disk, which 
     deletes the disk write, and marks sector as bad at write point.
     
          ASCII  Virus  -  Virus that would scramble ASCII text in any file 
     at trigger.
     
          Low  Level  Format  Virus  -  Virus  that  low level formats (BAD 
     format)  HD  in background with data still intact. I have seen regular 
     background  LLF  programs,  and it keeps data in place, but it does it 
     correctly... hmmm...?
     
          Hide Virus - A Virus that hides files slowly.
     
          Crash  Virus - Virus that emulates typical system crashes/freezes 
     occasionally.  Causes  BIOS to freeze and write BIOS ERROR messages on 
     screen.
     
          Modem  Virus  -  One  that  remains  in  boot  sector and TSR and 
     monitors  data  from  serial  ports,  puts in "artificial" line-noise. 
     NICE!
     
          These  are  just  a  few  I  thought  up... these could be really 
     good... Think of some more and call CPI HQ TODAY!
     ----------------------------------------------------------------------
     
                             [1.5] Suggested Reading
     
     
          The  following list is a compiled listing of some material I have 
     read   as  well  as  other  sources  you  MIGHT  find  information  on 
     concerning viruses and trojan horses. Happy trashing....
     
     
          "Know Thy Viral Enemy" by Ross M. Greenberg
           BYTE Magazine
           June 1989, pg 275-280
     
          "Viruses: Assembly, Pascal, BASIC & Batch" by Tesla Coil ][
           Phreakers And Hackers Underground Network Newsletter (PHUN)
           Issue #3, Volume 2, Phile #2
     
          "Computer Viruses: A High Tech Disease" by Abacus
           2600 Magazine
           Volume 5, Number 2
     ----------------------------------------------------------------------
     
                                [1.6] Conclusion
     
     
          Thus   ends  the  first  issue  of  CPI's  "Computer  Viruses:  A 
     Protagonist's  Point  Of  View." We hope you enjoyed it and we hope it 
     was informative and complete (at least about the specific issues).
     
          We,  VRI,  hope that you will share your information and comments 
     with  us  at  VRI  Headquarters,  as this newsletter will require both 
     information  and  an expansion of our current member base. If you feel 
     you  have  what  it takes to gather, read, or program for VRI, send us 
     an application today.
     
          Oh  yeah, if this happens to be the only issue of VRICV, oh well, 
     and  many thanx to those who read it at least once, and enjoyed it (or 
     laughed  at  it).  Until our (my?) next issue, have phun and don't get 
     toooo wild......
     
     
     
     
      =====[ CPI Headquarters * 619-566-7093 * 1200/2400bps * 24Hrs ]=====
    [1.7] CPI Application
     -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

                  >> CORRUPTED PROGRAMMING INTERNANATIONAL<<
                          >> MEMBERSHIP APPLICATION <<

     -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

NOTE: The following information is of a totally confidential nature. We must
      question you in depth  and thouroughly so that our  knowledge and idea
      of you will be quite complete.  Remember, it is the fate of our voting
      members who  will decide upon your  membership,  as the result of your
      response to this questionairre. Please answer the following completely
      and to the best of your ability.


PERSONAL INFORMATION:
-----------------------------------------------------------------------------
     Alias(es) You HAVE Used :
 Alias(es) You Currently Use :
         Your REAL FULL NAME :
     Your Voice Phone Number :(###)###-####
      Your Data Phone Number :(###)###-####
           Your City & State :
                    Your Age :
            Occupation/Grade :
         Place Of Employment :
           Work Phone Number :
  Your Interests And Hobbies :

Is Your Job IN ANY WAY Related To ANY Governmental/Law Enforcement Agency?
If So, In What Way? (Such as FBI, Sheriff, Police)
:
:


COMPUTER INFORMATION/EXPERIENCE
-----------------------------------------------------------------------------
  Computer Experience (time) :
  Modeming Experience (time) :
 BBS's You Frequent (Name/#) :
            Elite References :
     Computers You Have Used :
      Computer You Are Using :
         Computer You Prefer :
    Languages You Have Tried :
     Languages You Know Well :
          Your Best Language :
      Have You Ever Phreaked :
          Do You Phreak Alot :
        Have You Ever Hacked :
           Do You Hack Alot  :
       Have You Ever Cracked :
           Do You Crack Alot :
    Ever Made A Virus/Trojan :
       Major Accomplishments :


MISC INFORMATION
-----------------------------------------------------------------------------
Answer In 4 Lines Or Less:


What do you think Corrupted Programming International is?
:
:
:
:

When did you first hear about CPI?
:
:
:
:

Why do you want to be a member of CPI?
:
:
:
:

Do you know any of the members of CPI?  Can you name a few?
:
:
:
:

Have you considered the distribuition of viruses/trojans as a "crime"?  Why
or why not?  (Morally speaking?)
:
:
:
:

Have you written any text files?  (On any underground type of subject?)
:
:
:
:

Are you a member of any other group(s)?  Can you name them and their HQ BBS?
:
:
:
:

Can you contribute to CPI?  How?
:(Do you have access to info concerning virus/trojans)
:(Exceptional programmer?)
:(Got connections?)
:(Anything extraordinary?)


-----------------------------------------------------------------------------
       .Answer Each Question To The Best And Fullest Of Your Ability.
-----------------------------------------------------------------------------

 Future CPI Support BBS's Will Be Active - Applications May Be Turned In Then