Results 1 to 6 of 6

Thread: The age old "super virus" threat. a not to distant reality?

Hybrid View

  1. #1
    Junior Member
    Join Date
    Mar 2010
    Posts
    47

    Default The age old "super virus" threat. a not to distant reality?

    Dear all
    Everyone will probably have heard of the age old "super virus" problem where a virus is written so that it mutates so fast that it cannot be detected by anti-virus scanners.
    However one was never created.
    i would like to start a discussion as to whether the following program could/is likely to be used to produce this virus:
    the program i am referring to is called Tierra, it quite simply creates a load of "artificial life forms" that then compete with each other for cpu time.
    running this program shows natural selection as the bots evolve as they compete with each other.
    this is run in a virtual section of RAM cornered off by the program.
    the point i am making is that natural selection will always prevail, just because these bots are designed to run in a virtual box does not mean that if they were set loose they would cease to function.
    how long would it be before one evolved the ability to attach itself silently to an email or a file?
    and for that matter how long before some idiot removes the safety protocols that keep the bot in the RAM and the RAM alone?
    the source code is released so do we think this is a possibility?
    --yoma

    Code:
    http://en.wikipedia.org/wiki/Tierra_(computer_simulation)
    oh by the way i fully suggest that you run it.
    in most simulations some of the bots take on a viral role, its quite interesting!

    home page is:
    Tierra home page
    and i am aware that mutating computer viruses have been around for donkeys years however none of these can mutate very much or very quickly.
    these bots can mutate dramatically and very quickly
    Last edited by lupin; 05-21-2010 at 08:13 AM. Reason: Edit button...

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: The age old "super virus" threat. a not to distant reality?

    There is an edit button, which you have discovered for your final post. I suggest you use it.

    These bots mutate in a controlled environment, and as such I don't see any real threat to them. Have a look at one of the related links for a real game of core wars (which has its own hills and has been in existence for quite some time).

    It's been briefly touched on here before (briefly because it's not really related to backtrack in any way), but look at Immunity Sec's paper on Nematode technology. It's a bit more useful than the Tierra simulation, though it is harder to write.

    The whole concept of a supervirus is, at this time, pretty distant IMO. We very rarely get cross platform virus patterns, though it's possible to weaponise software in existence already to cross platform attack thing, the very concept isn't that well supported yet. Nor is it viable - broken programs on *nix based systems tend to be fixed pretty quickly if there is a threat to them, so cross platforming becomes not so useful (even if it is still possible).

    Quick mutation virus-like programs have been around for ages. Even a true-polymorphic can get scanned and caught.

    Try not to post three times to yourself, you didn't really provide any good information that you couldn't have put in the first post.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  3. #3
    Senior Member hypervista's Avatar
    Join Date
    Feb 2010
    Posts
    121

    Default Re: The age old "super virus" threat. a not to distant reality?

    +1 Gitsnik.

    The threat posed by massively polymorphic malware is diminshing. The trend in malware detection/prevention research is toward malware behavior analysis as opposed to the classic digitial signature based detection. For a number of reasons, signature based malware detection is unsustainable. Malware behavior analysis holds great promise against the "super virus" because there are a discrete set of logical ways to accomplish pwnage and the idea is to focus on that discrete set of logical methods as opposed to trying to scan for every variant of implimentation. For example, there are only about ten logical ways to implement a key logger, yet there are literally thousands of variant key loggers in the wild, each with their own digital signature but at a low level they all implement one or more of the ten logical methods. Same goes for other intrinsic malware behavior patterns (memory hiding, syscall hooking, etc.).

    UC Berkley is working on a very interesting malware behavior analysis tool called BitBlaze.
    Last edited by hypervista; 05-21-2010 at 11:28 AM. Reason: added link

  4. #4
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    18

    Default Re: The age old "super virus" threat. a not to distant reality?

    Gitsnik's right.... It's pretty much impossible to have any virus, no matter how intelligent, take out the majority of the infrastructure in the world, country or even local region because of the diversity among systems.

    Lets assume the same architecture.... x86 maybe. That's realistic, but even then you have to code it to work on every os for that architecture. Then what happens when it comes across a device (ARM for example, in the case of a smart-phone) that's using a vastly different architecture. The binary simply won't run.

    Especially with the smartphone revolution we have enough diversity among devices with IP connectivity to keep a solid control over anything going on. Not to mention. Yeh a "super virus" would hurt.... but even if by magic it worked on every os ever created for an x86 architecture there's still a handful of devices out there on different architectures, PPC, SPARC, MIPS, ARM that 'we' as a security industry could leverage to squash out whatever happenes
    ---Desktop---
    Q6600 3.4ghz (378x9) - 1.5v
    Gigabyte EP45-UD3P
    8gb (4x2gb) OCZ Gold DDR2-800 (5-4-4-12)
    eVGA GTX 285 SC
    eVGA 9800 GTX KO (PhysX / CUDA)
    750W Pc P&C PSU
    Windows 7 Pro 64-Bit & <<Back|Track4

    ---Netbook---
    ASUS Eee 1005ha
    Windows 7 Pro 32-Bit & <<Back|Track4

  5. #5
    Junior Member
    Join Date
    Mar 2010
    Posts
    47

    Default Re: The age old "super virus" threat. a not to distant reality?

    its not a question of intelligence, its a question of random mutation followed by active selection.
    if you have 100 million bots for example all randomly mutating at the same time and you find a way to delete the majority of them there will always be some left over to simply repopulate.
    the rate of mutation in tierra is very high so the possibilities are endless.

  6. #6
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: The age old "super virus" threat. a not to distant reality?

    Actually, random mutation is still only going to produce a finite number of results that come to the appropriate result, and the possibilities are not endless. They are large, sure, but not endless.

    There's only a finite number of ways a program or bot or whatever can steal information X from machine Y (for example), those possibilities can all be tracked down and stopped with enough time.

    I'd say at least 60% of the programmers on this board have, at some time or another, disassembled and/or coded virus' for their development work, and I'd almost guarantee that (if any of them had), they'd have had the same or similar thought as to the one you have had. Like I said before - we've had true polymorphic's in the past (there's actually another name for them that escapes me). Evolution isn't going to help them evade detection indefinitely, just for a short time if at all.

    If you got one past the AV filters for a while, you still have to propagate quickly and efficiently, bypassing all the fast-worm defensive systems, and still account for other stuff as well. In all the past years I've spent disassembling viral applications, I've not seen anything to suggest that a super virus is even remotely possible - and the industry tends to agree. Hard to track down, yes, but not impossible.

    Evolution is not going to get you to pwn every machine.

    Also, by the way, in the grand scheme of things Tierra isn't that great for this sort of thing. The proven "limited-growth" evolution reduces quite a lot of the possibilities, and even if one wanted to the only real thing that "evolution" of this kind is going to come up with is different signature-evasion changes (reducing program efficiency etc.) - not the overall "program x is trying to send information y and it shouldn't be" scanning that we now see with these heuristic algorithms.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

Similar Threads

  1. Silly question: Where are "home" and "system" icons ?
    By fjecp in forum Beginners Forum
    Replies: 2
    Last Post: 04-07-2010, 08:57 PM
  2. Virus "pwnd" me twice today
    By Virchanza in forum OLD Pentesting
    Replies: 23
    Last Post: 05-07-2009, 07:26 AM
  3. Replies: 17
    Last Post: 10-04-2007, 03:54 AM
  4. Any hope for "ipw2100" or "broadcom" card?
    By tom73 in forum OLD Newbie Area
    Replies: 4
    Last Post: 08-16-2007, 05:16 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •