Along the same lines, I wrote my first ever (and last) virus for the BBC micro...
Some history:
Waaay back in the mists of time (1988) I was a 1st-year undergrad in Physics. Together with a couple of friends, I wrote a virus, just to see if we could (having read through the Advanced User Guide and the Econet System User Guide), then let it loose on just one of the networked BBC machines in the year-1 lab.
I guess I should say that the virus was completely harmless, it just prepended 'Copyright (c) 1988 The Virus' to the start of directory listings. It was written for the beebs (the lab hadn't got onto PC's by this time, and the Acorn range had loads of ports, which physics labs like :-)
It spread like wildfire. People would come in, log into the network, and become infected because the last person to use their current computer was infected. It would then infect their account, so wherever they logged on in future would also infect the computer they were using then. A couple of hours later, and most of the 50 or so computers in the yr1 lab was infected, and it had spread to the yr2 machines as well, we were told later.
You have to remember that viruses in those days weren't really networked. They came on floppy disks for Atari ST's and Amiga's. I witnessed people logging onto the same computer "to see if they were infected too" - at which point the act of logging in would infect them...
Of course "authority" was not amused. Actually they were seriously unamused, not that they caught us. They shut down the year-1,2,3 network and disinfected all the accounts on the network server by hand. Ouch.
There were basically 3 ways the virus could be activated:
- Typing any 'star' command (eg: "* .", which gave you a directory listing). Sneaky, I thought, since the virus announced itself when you did a '* .' When you thought you'd beaten it, you'd do a '* .' to see if it was still there :-)
- The events (keypress, network, disk etc.) all activated the virus if inactive, and also re-enabled the interrupts, if they had been disabled
- The interrupts (NMI,VBI,..) all activated the virus if inactive, and also re-enabled the events, if they had been deactivated.
On activation, the virus would replicate itself to the current mass-storage media if it wasn’t already present. This was to cause problems because we hadn't really counted on just how effective this would be. Within a few days of the virus being cleansed (and everyone settling back to normal), it suddenly made a re-appearance again, racing through the network once more within an hour or two. Someone, we decided, had put the virus onto their floppy disk (by typing *. on the floppy when saving their work, rather than the network) and had then brought the disk back into college and re-infected the network.
If we thought authority was unamused last time, this time they held a meeting for the entire department, and calmly said the culprit, when found, would be expelled - no ifs, no buts. Excrement and fans came to mind. Of course, they thought we'd just re-released it, but in fact it was just too successful for comfort...
Since we had "shot our bolt", owning up didn't seem like a good idea. The only solution we came up with was to write another (silent, this time :-) virus which would disable any copy of the old one, whilst hiding itself from the users. We built in a time-to-die of a couple of months, let it go, and prayed...
We had actually built in a kill-switch to the original virus, which would disable and remove it - we didn't want to be infected ourselves (at the start). Of course, it became a matter of self-preservation to be infected later on in the saga - 3 accounts unaccountably (pun intended :-) uninfected... It wasn't too hard to destroy the original by having the new virus "press" the key combination that deleted the old one.
So, everyone was happy. Infected with the counter-virus for a while, but happy. "Authority" thought they'd laid down the law, and been taken seriously (oh if they knew...) and we'd not been expelled. Everyone else lost their infections within a few months ...
It is vaguely possible that I still have the source code, on a degrading 5.25” floppy somewhere in the attic, but it’s not likely, and I don’t have any way to read that hypothetical floppy disk anyway…
In any event, I've never written anything remotely like a virus since [grin].
Waaay back in the mists of time (1988) I was a 1st-year undergrad in Physics. Together with a couple of friends, I wrote a virus, just to see if we could (having read through the Advanced User Guide and the Econet System User Guide), then let it loose on just one of the networked BBC machines in the year-1 lab.
I guess I should say that the virus was completely harmless, it just prepended 'Copyright (c) 1988 The Virus' to the start of directory listings. It was written for the beebs (the lab hadn't got onto PC's by this time, and the Acorn range had loads of ports, which physics labs like :-)
It spread like wildfire. People would come in, log into the network, and become infected because the last person to use their current computer was infected. It would then infect their account, so wherever they logged on in future would also infect the computer they were using then. A couple of hours later, and most of the 50 or so computers in the yr1 lab was infected, and it had spread to the yr2 machines as well, we were told later.
You have to remember that viruses in those days weren't really networked. They came on floppy disks for Atari ST's and Amiga's. I witnessed people logging onto the same computer "to see if they were infected too" - at which point the act of logging in would infect them...
Of course "authority" was not amused. Actually they were seriously unamused, not that they caught us. They shut down the year-1,2,3 network and disinfected all the accounts on the network server by hand. Ouch.
There were basically 3 ways the virus could be activated:
- Typing any 'star' command (eg: "* .", which gave you a directory listing). Sneaky, I thought, since the virus announced itself when you did a '* .' When you thought you'd beaten it, you'd do a '* .' to see if it was still there :-)
- The events (keypress, network, disk etc.) all activated the virus if inactive, and also re-enabled the interrupts, if they had been disabled
- The interrupts (NMI,VBI,..) all activated the virus if inactive, and also re-enabled the events, if they had been deactivated.
On activation, the virus would replicate itself to the current mass-storage media if it wasn’t already present. This was to cause problems because we hadn't really counted on just how effective this would be. Within a few days of the virus being cleansed (and everyone settling back to normal), it suddenly made a re-appearance again, racing through the network once more within an hour or two. Someone, we decided, had put the virus onto their floppy disk (by typing *. on the floppy when saving their work, rather than the network) and had then brought the disk back into college and re-infected the network.
If we thought authority was unamused last time, this time they held a meeting for the entire department, and calmly said the culprit, when found, would be expelled - no ifs, no buts. Excrement and fans came to mind. Of course, they thought we'd just re-released it, but in fact it was just too successful for comfort...
Since we had "shot our bolt", owning up didn't seem like a good idea. The only solution we came up with was to write another (silent, this time :-) virus which would disable any copy of the old one, whilst hiding itself from the users. We built in a time-to-die of a couple of months, let it go, and prayed...
We had actually built in a kill-switch to the original virus, which would disable and remove it - we didn't want to be infected ourselves (at the start). Of course, it became a matter of self-preservation to be infected later on in the saga - 3 accounts unaccountably (pun intended :-) uninfected... It wasn't too hard to destroy the original by having the new virus "press" the key combination that deleted the old one.
So, everyone was happy. Infected with the counter-virus for a while, but happy. "Authority" thought they'd laid down the law, and been taken seriously (oh if they knew...) and we'd not been expelled. Everyone else lost their infections within a few months ...
It is vaguely possible that I still have the source code, on a degrading 5.25” floppy somewhere in the attic, but it’s not likely, and I don’t have any way to read that hypothetical floppy disk anyway…
In any event, I've never written anything remotely like a virus since [grin].