Copy Link
Add to Bookmark
Report
40Hex Issue 02 File 003
40Hex Volume 1 Issue 2 0003
Virus Spreading - Fast Or Slow? By Nick Haflinger -=PHALCON=-
Call The LandFill BBS (914) Hak-Vmbs
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
One of the questions while writing your virus is how quickly you want it
to spread. The easy answer is "As fast as possible" but this is not always the
best answer. If a virus moves slowly, it will take much longer before somebody
notices hard drive space disappearing, he/she will notice fewer changes to the
file dates, and all other symptoms will be lessened. However, this does provide
longer for anti-virus people (pronounced Scum, with a capital S) to discover the
virus. This issue ties directly into the issue of activation, short or long.
Since the issues are virtually identical, I will cover both together, because
they are so closely tied.
The Case For Fast
=================
Viri should spread as quickly as possible. This allows as little time
as possible for the makers of antivirus programs to come up with an antidote
before the virus is widely spread. This should be tied with a short activation
period to cause as many problems as possible before detection is possible.
Because fewer copies are generated before activation, each copy may be larger.
This allows for more extensive anti-anti-viral tactics, which are becoming
increasingly more important as the number of anti-viral products rises. Just
remember, most of these products are shit. So don't worry too much.
The Case For Slow
=================
Viri should spread slowly, because this is less obtrusive, and therefore
users are less likely to notice a change in the system. This should be coupled
with a long activation period as to have maximum penetration before the virus
activates. A slow-spreading virus will circulate to more virus programmers who
will be able to modify the program for specific needs or to adapt to antiviral
tactics. On a purely academic note, slow spreading viri must be smaller, as
more copies must be generated. This means that viri must be programmed better,
which is good for the general community.
The Case Against Fast
=====================
Fast spreading of viri is likely to draw attention. Once a virus has
been caught, in most of the cases, it is dead and useless. A virus should
infect the greatest area in the shortest time before the anti-virus people
inevitably catch up to the virus. However, because of the necessity of a short
activation time, this virus has a lesser range than a slow-spreading virus. The
programmer must rely on either (a) the quick distribution of the virus along at
least a regional level --or-- (b) the ability of other virus programmers to
obtain and modify either the source code or dissassemble and modify the
distributed virus. If possible, the source should be distributed along trusted
channels. There should be as little chance as possible of an antiviral
researcher obtaining a copy of the sourse for your masterpiece.
The Case Against Slow
=====================
A slow spreading virus is much more likely to get caught by antiviral
people prior to its necessarily long pre-activation period. There will be more
defenses out against the virus before it has spread much. However, if the virus
is well-done, it will have spread far before it is caught.
Conclusion
==========
Actually, I lied. There is no conclusion to be drawn from this, as this
is in itself the conclusion of long hours of thought and much brainstorming on
BBSs. If you would like to comment, I can be reached on LandFill BBS, phone
number above. In a future article, I will attempt to cover anti-anti-virus
tactics. I may also respond to some important questions/comments I may recieve.
Start your viri now! And may the best bug win!
NH
