Marshall Brain's Blog

---

Something else to worry about #8

[See previous]

The Virus Underground

From the article:

"A year ago he created a rather dangerous tool: a program that autogenerates viruses. It's called a Batch Trojan Generator, and anyone can download it freely from Mario's Web site. With a few simple mouse clicks, you can use the tool to create your own malicious ''Trojan horse.'' Like its ancient namesake, a Trojan virus arrives in someone's e-mail looking like a gift, a JPEG picture or a video, for example, but actually bearing dangerous cargo.

Mario starts up the tool to show me how it works. A little box appears on his laptop screen, politely asking me to name my Trojan. I call it the ''Clive'' virus. Then it asks me what I'd like the virus to do. Shall the Trojan Horse format drive C:? Yes, I click. Shall the Trojan Horse overwrite every file? Yes. It asks me if I'd like to have the virus activate the next time the computer is restarted, and I say yes again.

Then it's done. The generator spits out the virus onto Mario's hard drive, a tiny 3k file. Mario's generator also displays a stern notice warning that spreading your creation is illegal. The generator, he says, is just for educational purposes, a way to help curious programmers learn how Trojans work.

But of course I could ignore that advice. I could give this virus an enticing name, like ''britney--spears--wedding--clip.mpeg,'' to fool people into thinking it's a video. If I were to e-mail it to a victim, and if he clicked on it -- and didn't have up-to-date antivirus software, which many people don't -- then disaster would strike his computer. The virus would activate. It would quietly reach into the victim's Microsoft Windows operating system and insert new commands telling the computer to erase its own hard drive."

Now any 14 year old can generate an email virus... Just what we need.

What's interesting about this story is what it tells us about our operating systems -- the operating systems that are now so important to our business and personal lives. These operating systems are still so ignorant that they allow any random program to format a hard disk. I cannot think of a reason why you would want a user application (as opposed to a trusted OS application) to have the ability to format a drive.

It would also seem like a lot of these problems could be solved with "authenticated applications" -- applications are not allowed to run unless they come from a trusted source, are signed with a certificate from a trusted source, and are willfully installed by a human being. Why would you want your computer running random, untrusted executables that you have not intentionally installed? Trojan horses have been around for 20 or 30 years -- why haven't these holes been closed?

In related news, this story is fascinating: Stripped-Down MyDoom Hits Microsoft.... Again. The original MyDoom.A virus created something on the order of a million zombie machines. The MyDoom.C virus is exploiting all of those zombies to mount a new denial of service attack on Microsoft.

This problem could also be solved by authenticated applications. There is no reason why anyone would want a random zombie application from an unknown source installing itself without permission and running in the background. The OS should protect against that.