Back in the days viruses had to hide themselves in executables to travel from machine to machine, undetected.
Today, as most users don't care about what processes are running on their system, and since the most common vector of infection is through the internet, what we call "viruses" are actually worms: they don't infect other programs, they are just self-replicating, malicious, executables.
As defined in this case, an "old-skool" virus would be one written in assembly whose primary vector of infection is by embedding itself in executable files.
1) They infect boot sectors of floppy and hard disk, or
2) They infect partition tables of hard disk or,
3) They infect .COM (most commonly Command.com) and .EXE
Old school virus infects the executable files such that when the executable files are run, the virus stays resident in memory and infects all other executable files and floppy disks, hence the reason Command.com is the most popular target.
The file size of the executable might increase when the virus infects it. To minimise this and avoid detection based on file size, the virus need to small enough to hide in the slack space, hence the reason most of them are written in assembly.
To overcome boot sector virus on a floppt is easy. I made a clean copy of newly formatted MS-DOS disk and then kept a copy of Boot Sector 0 in a file which I then use to override the Boot Sector 0 in the infected floppy using Norton Diskedit. Same applies to partition tables.
Executables that are infected are a pain to clean, but knowing that Command.com is most often targetted, I alway keep a clean copy of Command.com renamed as abc.def (to avoid detection by the virus) on my system. Create an entry in autoexec.bat to do a file compare between command.com and abc.def and alert me of changes.
These are the problems I had cleaning old school virus.
New school virus are easy to handle, they don't infect executables. They create entries in Windows startup to run themselves. Find the right entries and remove them and the virus won't be problem when you next boot up.
The biggest threat I see is when some of the old school virus writers return and start infecting/corrupting executable files such as Command.com via drive-by download.
Actually I working on a side project to combat new school virus. If anyone is interested, just drop me a mail via my account.
New school is the web browser, JavaScript and interpreted languages (ruby, python, etc). Old school is assembly, C and C++. Like Web 2.0 versus Web 1.0.
Old school isn't snazzy and exciting and has a higher entry point. You won't find many old school fart apps.
Do viruses of this type (exe infecting) still have much impact "in the wild"? Most news these days seems to be about worms and trojan horses. I presume this is because it's harder to transport a "useful" payload inside of a true virus, so they are more often than not written to satisfy the curiosity of the author.
In old days, software were copied (yeah, on floppies) from friend to friend. A true "sneakernet" P2P^W F2F-network.
Nowadays, software is either obtained directly from authors (or packagers), or from more centralized P2P sources, and, in my personal perception, most of time flash drives are used is to transfer documents, not executables.
It's fun. It's a whole lot of fun, in fact. Mind you, I've never released any (I did release a metamorphic code engine for .NET some years ago, but that's the closest I've come), but it's really fun to think through it and come up with clever ideas. It also helps you gain perspective for the security side of things.
Its a way of having your work everywhere, imagine being able to know that millions of people have your work on there computer, and seeing it read and blogged about, i guess its exciting.
I am torn by these young tinkerers; on one hand they're exploring the technology around them unlike most their peers, but on the other hand they very often seem to be totally full of themselves.
I think that the title of that post does not do justice to the interview. Old-skool vs New School is a tiny part of an interview representative of the psychology of a virus writer. Virus writing seems like the most brilliant way to kill your creativity. Or in other words making your creativity a slave of the most boring of all arts: destruction.
Well, you can destroy something blandly, or you can destroy it in an intricate, even intelligent fashion. Just as you can create something blandly — to just barely serve its purpose.
See, destruction is also creation. She creates viruses. These things then go on to destroy other stuff.
Destruction is not at all a boring art. It's as legitimate an art as creation.
Somewhere around 10th grade I finally gave in to my urge to put a lot of energy behind a simple question: why do parasites exist? Why are there lice, ticks, bacteria and viruses?
Turns out they do, just because they do. They're legitimate 'creations,' living beings. And in non-parasitic beings, they inspire toughness and survival strategies — if it can't adapt to the parasite (in one way or another) it'll die out.
Really, I don't get why people are biased against 'evil' black hats. If they target you and your app failed, you better get some security going. It's better some 'artist' who just feels the need to destroy intricate systems in an ingenuous fashion makes me aware of my security holes than someone with a malicious intent.
From the interview, I can't see anything sociopathic or even malevolent in her (granted, I haven't read the whole thing.)
[+] [-] ique|15 years ago|reply
[+] [-] gregschlom|15 years ago|reply
Today, as most users don't care about what processes are running on their system, and since the most common vector of infection is through the internet, what we call "viruses" are actually worms: they don't infect other programs, they are just self-replicating, malicious, executables.
[+] [-] Leynos|15 years ago|reply
[+] [-] kschua|15 years ago|reply
1) They infect boot sectors of floppy and hard disk, or 2) They infect partition tables of hard disk or, 3) They infect .COM (most commonly Command.com) and .EXE
Old school virus infects the executable files such that when the executable files are run, the virus stays resident in memory and infects all other executable files and floppy disks, hence the reason Command.com is the most popular target.
The file size of the executable might increase when the virus infects it. To minimise this and avoid detection based on file size, the virus need to small enough to hide in the slack space, hence the reason most of them are written in assembly.
To overcome boot sector virus on a floppt is easy. I made a clean copy of newly formatted MS-DOS disk and then kept a copy of Boot Sector 0 in a file which I then use to override the Boot Sector 0 in the infected floppy using Norton Diskedit. Same applies to partition tables.
Executables that are infected are a pain to clean, but knowing that Command.com is most often targetted, I alway keep a clean copy of Command.com renamed as abc.def (to avoid detection by the virus) on my system. Create an entry in autoexec.bat to do a file compare between command.com and abc.def and alert me of changes.
These are the problems I had cleaning old school virus.
New school virus are easy to handle, they don't infect executables. They create entries in Windows startup to run themselves. Find the right entries and remove them and the virus won't be problem when you next boot up.
The biggest threat I see is when some of the old school virus writers return and start infecting/corrupting executable files such as Command.com via drive-by download.
Actually I working on a side project to combat new school virus. If anyone is interested, just drop me a mail via my account.
[+] [-] trotsky|15 years ago|reply
[+] [-] 16s|15 years ago|reply
Old school isn't snazzy and exciting and has a higher entry point. You won't find many old school fart apps.
[+] [-] rbanffy|15 years ago|reply
[+] [-] Luyt|15 years ago|reply
[+] [-] Leynos|15 years ago|reply
[+] [-] drdaeman|15 years ago|reply
Nowadays, software is either obtained directly from authors (or packagers), or from more centralized P2P sources, and, in my personal perception, most of time flash drives are used is to transfer documents, not executables.
[+] [-] alexsherrick|15 years ago|reply
[+] [-] tptacek|15 years ago|reply
[+] [-] machrider|15 years ago|reply
[+] [-] daeken|15 years ago|reply
[+] [-] unknown|15 years ago|reply
[deleted]
[+] [-] darkstar211|15 years ago|reply
[+] [-] cschep|15 years ago|reply
[+] [-] waste|15 years ago|reply
[+] [-] gsivil|15 years ago|reply
[+] [-] adimitrov|15 years ago|reply
See, destruction is also creation. She creates viruses. These things then go on to destroy other stuff.
Destruction is not at all a boring art. It's as legitimate an art as creation.
Somewhere around 10th grade I finally gave in to my urge to put a lot of energy behind a simple question: why do parasites exist? Why are there lice, ticks, bacteria and viruses?
Turns out they do, just because they do. They're legitimate 'creations,' living beings. And in non-parasitic beings, they inspire toughness and survival strategies — if it can't adapt to the parasite (in one way or another) it'll die out.
Really, I don't get why people are biased against 'evil' black hats. If they target you and your app failed, you better get some security going. It's better some 'artist' who just feels the need to destroy intricate systems in an ingenuous fashion makes me aware of my security holes than someone with a malicious intent.
From the interview, I can't see anything sociopathic or even malevolent in her (granted, I haven't read the whole thing.)
[+] [-] tricky|15 years ago|reply
[+] [-] r11t|15 years ago|reply
[+] [-] netatalk|15 years ago|reply
Have not heard that name in a while! Admired his code