Black_book_of_Computer_Virus.pdf
The Little Black Book of Computer VirusesVolume One:The Basic TechnologyBy Mark A. LudwigAmerican Eagle Publications, Inc.Post Office Box 1507Show Low, Arizona 85901 - 1996 - Copyright 1990 By Mark A. LudwigVirus drawings and cover design by Steve WarnerThis electronic edition of The Little Black Book of Computer Viruses iscopyright 1996 by Mark A. Ludwig. This original Adobe Acrobat filemay be copied freely in unmodified form. Please share it, upload it,download it, etc. This document may not be distributed in printed formor modified in any way without written permission from the publisher. Library of Congress Cataloging-in-Publication DataLudwig, Mark A. The little black book of computer viruses / by Mark A. Ludwig. p. cm. Includes bibliographical references (p. ) and index. ISBN 0-929408-02-0 (v. 1) : $14.95 1. Computer viruses I. Title QA76.76.C68L83 1990 005.8- -dc20 And God saw that it was good.And God blessed them, saying ""Genesis 1:21,22Be fruitfuland multiply. Preface to the Electronic EditionThe Little Black Book of Computer Viruses has seen fivegood years in print. In those five years it has opened a door toseriously ask the question whether it is better to make technicalinformation about computer viruses known or not.When I wrote it, it was largely an experiment. I had no ideawhat would happen. Would people take the viruses it contained andrewrite them to make all kinds of horrificly destructive viruses? Orwould they by and large be used responsibly? At the time I wrote,no anti-virus people would even talk to me, and what I could findin print on the subject was largely unimpressive from a factualstandpoint—lots of hype and fear-mongering, but very little solidresearch that would shed some light on what might happen if Ireleased this book. Being a freedom loving and knowledge seekingAmerican, I decided to go ahead and do it—write the book and getit in print. And I decided that if people did not use it responsibly, Iwould withdraw it.Five years later, I have to say that I firmly believe the bookhas done a lot more good than harm.On the positive side, lots and lots of people who desper-ately need this kind of information—people who are responsiblefor keeping viruses off of computers—have now been able to getit. While individual users who have limited contact with othercomputer users may be able to successfully protect themselves withan off-the-shelf anti-virus, experience seems to be proving that suchis not the case when one starts looking at the network with 10,000 users on it. For starters, very few anti-virus systems will run on10,000 computers with a wide variety of configurations, etc. Sec-ondly, when someone on the network encounters a virus, they haveto be able to talk to someone in the organization who has thedetailed technical knowledge necessary to get rid of it in a rationalway. You can’t just shut such a big network down for 4 days whilesomeone from your a-v vendor’s tech support staff is flown in toclean up, or to catch and analyze a new virus.Secondly, people who are just interested in how thingswork have finally been able to learn a little bit about computerviruses. It is truly difficult to deny that they are interesting. The ideaof a computer program that can take off and gain a life completelyindependent of its maker is, well, exciting. I think that is important.After all, many of the most truly useful inventions are made not bygiant, secret, government-funded labs, but by individuals who havetheir hands on something day in and day out. They think of a wayto do something better, and do it, and it changes the world. However,that will never happen if you can’t get the basic information abouthow something works. It’s like depriving the carpenter of hishammer and then asking him to figure out a way to build a betterbuilding.At the same time, I have to admit that this experiment calledThe Little Black Book has not been without its dangers. The Stealthvirus described in its pages has succeeded in establishing itself inthe wild, and, as of the date of this writing it is #8 on the annualfrequency list, which is a concatenation of the most frequentlyfound viruses in the wild. I am sorry that it has found its way intothe wild, and yet I find here a stroke of divine humor directed atcertain anti-virus people. There is quite a history behind this virus.I will touch on it only briefly because I don’t want to bore you withmy personal battles. In the first printing of The Little Black Book,the Stealth was designed to format an extra track on the disk andhide itself there. Of course, this only worked on machines that hada BIOS which did not check track numbers and things like that—particularly, on old PCs. And then it did not infect disks every timethey were accessed. This limited its ability to replicate. Someanti-virus developers commented to me that they thought this wasThe Little Black Book of Computer Viruses a poor virus for that reason, and suggested I should have done itdifferently. I hesitated to do that, I said, because I did not want it tospread too rapidly.Not stopping at making such suggestions, though, some ofthese same a-v people lambasted me in print for having published“lame” viruses. Fine, I decided, if they are going to criticize thebook like that, we’ll improve the viruses. Next round at the printer,I updated the Stealth virus to work more like the Pakistani Brain,hiding its sectors in areas marked bad in the FAT table, and to infectas quickly as Stoned. It still didn’t stop these idiotic criticisms,though. As late as last year, Robert Slade was evaluating this bookin his own virus book and finding it wanting because the viruses itdiscussed weren’t very successful at spreading. He thought thisobjective criticism. From that date forward, it would appear thatStealth has done nothing but climb the wild-list charts. Combiningaggressive infection techniques with a decent stealth mechanismhas indeed proven effective . . . too effective for my liking, to tellthe truth. It’s never been my intention to write viruses that will makeit to the wild list charts. In retrospect, I have to say that I’ve learnedto ignore idiotic criticism, even when the idiots want to make melook like an idiot in comparison to their ever inscrutable wisdom.In any event, the Little Black Book has had five good yearsas a print publication. With the release of The Giant Black Book ofComputer Viruses, though, the publisher has decided to take TheLittle Black Book out of print. They’ve agreed to make it availablein a freeware electronic version, though, and that is what you arelooking at now. I hope you’ll find it fun and informative. And if youdo, check out the catalog attached to it here for more great infor-mation about viruses from the publisher.Mark Ludwig February 22, 1996Preface to the Electronic Edition IntroductionThis is the first in a series of three books about computerviruses. In these volumes I want to challenge you to think in newways about viruses, and break down false concepts and wrong waysof thinking, and go on from there to discuss the relevance ofcomputer viruses in today’s world. These books are not a call to awitch hunt, or manuals for protecting yourself from viruses. On thecontrary, they will teach you how to design viruses, deploy them,and make them better. All three volumes are full of source code forviruses, including both new and well known varieties.It is inevitable that these books will offend some people.In fact, I hope they do. They need to. I am convinced that computerviruses are not evil and that programmers have a right to createthem, posses them and experiment with them. That kind of a standis going to offend a lot of people, no matter how it is presented.Even a purely technical treatment of viruses which simply dis-cussed how to write them and provided some examples would beoffensive. The mere thought of a million well armed hackers outthere is enough to drive some bureaucrats mad. These books gobeyond a technical treatment, though, to defend the idea that virusescan be useful, interesting, and just plain fun. That is bound to proveeven more offensive. Still, the truth is the truth, and it needs to bespoken, even if it is offensive. Morals and ethics cannot be deter-mined by a majority vote, any more than they can be determinedby the barrel of a gun or a loud mouth. Might does not make right. If you turn out to be one of those people who gets offendedor upset, or if you find yourself violently disagreeing with some-thing I say, just remember what an athletically minded friend ofmine once told me: “No pain, no gain.” That was in reference tomuscle building, but the principle applies intellectually as well asphysically. If someone only listens to people he agrees with, he willnever grow and he’ll never succeed beyond his little circle ofyes-men. On the other hand, a person who listens to different ideasat the risk of offense, and who at least considers that he might bewrong, cannot but gain from it. So if you are offended by somethingin this book, please be critical—both of the book and of yourself—and don’t fall into a rut and let someone else tell you how to think.From the start I want to stress that I do not advocateanyone’s going out and infecting an innocent party’s computersystem with a malicious virus designed to destroy valuable data orbring their system to a halt. That is not only wrong, it is illegal. Ifyou do that, you could wind up in jail or find yourself being suedfor millions. However this does not mean that it is illegal to createa computer virus and experiment with it, even though I know somepeople wish it was. If you do create a virus, though, be careful withit. Make sure you know it is working properly or you may wipe outyour own system by accident. And make sure you don’t inadver-tently release it into the world, or you may find yourself in a legaljam . . . even if it was just an accident. The guy who loses a year’sworth of work may not be so convinced that it was an accident. Andsoon it may be illegal to infect a computer system (even your own)with a benign virus which does no harm at all. The key word hereis responsibility. Be responsible. If you do something destructive,be prepared to take responsibility. The programs included in thisbook could be dangerous if improperly used. Treat them with therespect you would have for a lethal weapon.This first of three volumes is a technical introduction to thebasics of writing computer viruses. It discusses what a virus is, andhow it does its job, going into the major functional components ofthe virus, step by step. Several different types of viruses aredeveloped from the ground up, giving the reader practical how-toinformation for writing viruses. That is also a prerequisite fordecoding and understanding any viruses one may run across in his2 The Little Black Book of Computer Viruses . understanding any viruses one may run across in his2 The Little Black Book of Computer Viruses day to day computing. Many people think of viruses as sort of ablack. any event, the Little Black Book has had five good yearsas a print publication. With the release of The Giant Black Book ofComputer Viruses, though, the