A virus is born from the cross breeding of three other families of programs: the Trojan horse, the worm, and the logic bomb.
A logic bomb is a piece of code hidden within a larger program. Usually it is no more than a simple IF/THEN statement. IF such-and-such is true, THEN do something. Judging by the name, logic bomb, you can guess what that "something" usually entails.
The classic example of a logic bomb being put to use is when a system programmer is fired for in-adequate job performance, or for some other hu-miliating reason. A few days after he walks away, the head honchos at the firm get a message from the programmer: "Pay me X thousand dollars be-fore July 31st and I'll tell you how to save your software and records from total annihilation." The programmer has, you see, implanted a logic bomb that will detonate at that certain date. A worm is a program with one purpose: to rep-licate itself. All it does is look at its environment, see where it can make a copy of itself, and it does so. Then there are
two copies of the worm. Each of those reproduces, and there are four. Four quickly become eight, and so on. Soon an entire computer or network is clogged with hundreds or even thou-sands of unstoppable reproduction machines.
Then there's the virus. A virus comes from the mating of these two other breeds. When a worm takes on a logic bomb aspect to it, you get a pro-gram that will replicate as much as it can, and then explode when "something" happens. The whole thing hides itself within an application program, as a Trojan horse.
Logic bombs are dangerous, but at least they are contained. Worms and viruses on the other hand, are unpredictable. Therefore, I say a true hacker will never release a worm, because they are too destructive with no purpose. A true hacker may release a virus if it can move harmlessly throughout a system, erasing itself as it goes, mak-ing sure it never backtracks to where it's been be-fore.
A virus can be programmed to e-mail pass-words to a specific address, or it can be used as a battering ram to brute force new passageways into computer systems. There are lots of ways in which hackers can use viruses, but it is difficult to use them safely.
There have been rumors of a microcomputer virus which, if it exists, would gladden the heart of many a hacker. The virus is called the AT&Tack Virus. Once it copies itself onto a computer, it tries to find a Hayes brand or compatible modem. If one exists, it silences the modem's speaker and dials a Preprogrammed number.
Apparently then whoever is at the telephone number it calls has remote access to your computer.
To me, this seems like nothing more than a rumor. Indeed, as of this writing none of the commercially available virus detection software makes any mention of an AT&Tack Virus. Besides, it seems to me this sort of thing would work better as a Trojan horse in a graphics display program, rather than as a virus.
Covert Channels
One of the fun things about using Trojan horses and viruses is the designing of covert channels to get the data they collect back to you in some read-able form. Consider a virus that attaches itself to the login program and thus collects passwords. It does no good to have this virus halfway across the world with no way to get back that list of pass-words it is reaping. One method has already been mentioned: the virus can periodically e-mail you a list of passwords. Take heed not to have that e-mail sent to any account where you can be identified.
It would also be a good idea to encrypt the mail before it is sent. One problem with encryption is that a key is required. Anyone finding your virus or Trojan horse will easily figure out what the key is and be able to interpret e-mail or temporary files that the virus/Trojan horse produces. So you have to encrypt the key... which requires another key... which means more hiding needs to be done... an-other key.... Well, this could go on forever. Make the best of the situation. If you're going to be encrypting anyway it may be easier to have your virus or Trojan horse send the encoded data to an unmoderated newsgroup. Disadvantage:
You have to spoof the post, or some-one may notice that this user (who is unknowingly activating your virus or Trojan horse) is posting a lot of "garbage" to the group.
You may also have the encrypted file uploaded to the incoming directory of an anonymous FIT site somewhere. Make certain files can be downloaded from that directory, because as mentioned earlier, often the ability to download from such directories is turned off for security reasons.
To send short messages (like a single password)(Normally a Trojan horse or virus would send back to you three pieces of information: username, password, and the address of the computer where that usemame-/password was valid. However, if you targeted a,spe-cific individual by giving that individual sole access to your Trojan horse, then only a password would be needed.
Of course, viruses and Trojan horses don't have to be messengers for only password information. You may be a hacker, but you may also be a spy, a crasher, or whoknows- what-else. As far as I know, the informa-tion you need covertly passed back to you could be virtually anything.) you may have your rogue program rename a world-changeable file to that message. By "world-changeable," I am referring to the security protections placed on that file - set it to very low protection, so that anyone can change its attributes. Your Trojan horse/virus will come into your directory under the disguise of various users from all around the network, and attempt to rename that file to that message. You don't want your Trojan horse/virus to
generate an error message. (You can set up a process to constantly run in the back-ground, monitoring the state of that file. As the file's name changes, the background process stores the new name, then gives the file its original name, thus allowing another copy of your Trojan horse or virus the opportunity to send its
message.)
Other short messages can be sent a bit at a time. For example, the existence of file X in a certain directory means that your rogue program is sending the digit one. If the directory is empty, the file deleted, a zero bit is being transmitted. A background process is running in your home directory to monitor the appearance
and disappearance of that file. When enough zeros and ones accumulate, the program translates them into a character of the message.
The extended ASCII code uses eight bits to define a character. For instance, 01000001 represents the capital letter A. 01000010 is B ', and so forth. For your virus or Trojan horse to send an eight character password, 64 deletions and creations of file X would be needed. Those bits would be sent one at a time,
whenever the rogue program had the opportunity to do so unnoticed.
