The virus I want to see
Originally published 2001 in Atomic: Maximum Power Computing Last modified 03-Dec-2011.
Computers provide people with so many new ways to be ignorant.
Ignorant, not stupid. There are lots of ways to look stupid using a computer, but most of them don't happen because you're really as dense as a neutronium dumpling. They happen because you just don't know what the heck's going on.
This is only going to get worse, if you ask me.
Or better, if you enjoy watching people look stupid.
I've been reflecting on this ever since the halcyon days of Sircam, when I decontaminated a lot of interesting looking file attachments. Clip off the first 137216 bytes, folks, to get the clean original file from an unfortunate Sircam victim's computer. Every now and then some schmuck still sends me this file in order to have my advice, so there's still some chance to use the decontamination trick.
Overall, though, I was disappointed with Sircam.
Sure, it was a big winner as far as longevity goes. Most virus/trojan outbreaks only last a week or three. Hybris ("Hahaha@sexyfun.net") e-mails came in a storm when it was young and virile, but it didn't hang on very long.
Sircam was a hardy perennial, by comparison. Right now, Klez is showing similar staying power, but it's a lot less fun.
I've got a broadband Internet connection, so I don't mind being sent giant file attachments by strangers. As long as they're interesting. The problem with Sircam was, and is, that the attachments usually aren't interesting. The people who get the bug generally don't seem to have anything good for it to send me.
The best dirt Sircam ever sent me was a document from a company that helps other companies through receivership. It named a business that hadn't yet announced receivership. I could have gone short on their stock and turned myself into part of an insider trading test case, but I didn't.
Apart from that, it's all been dross. Job application letters. University course listings. Video card drivers. A Word document featuring a French Canadian horticultural club director disporting herself on an armchair. Someone's letter to the editor of a local newspaper. A bill of sale from an asphalt paving equipment vendor. A newsletter from a Weavers and Spinners Guild. Various spreadsheets, the most interesting of which only contained data about pesticide effectiveness and Minimum Detectable Levels in soil and water.
It's just not good enough.
But it will be.
What we need is a competent trojan writer.
Most viruses and trojans are written by inexperienced programmers who go on to pupate and then emerge as useful members of society. Or as proper computer criminals, at least. Not the digital equivalent of an arsonist, which is what you are if you write viruses.
Sircam was written in Delphi, fercryinoutloud. No wonder the darn thing's 134 kilobytes. I remember when the only personal computer virus in the world fit into the boot sector of an Amiga floppy disk, I do. Kids today. I ask you. Where are my pills?
Sooner or later some deranged Proper Programmer is going to create an elegantly coded trojan, with a really fun payload. What I'm waiting for is an automatic groupware feature, so that the trojan can open a person's computer to the world and let anybody anywhere read, and write, their documents.
This can happen already, when people get tricked into installing cDc Back Orifice or SubSeven or something. These fine applications unquestionably have appeal. But they could be more elegant.
Windows XP has promise, in this regard. Only WinXP Professional has the full Remote Desktop feature, but both Professional and Home Edition have Remote Assistance.
Remote Desktop gives you something approaching Back Orifice-style access to a WinXP computer remotely, and lets you fiddle with things as if you were sitting in front of the PC.
Remote Assistance is much the same thing, but it has to be triggered by sending a request for assistance to someone else, via e-mail or instant message. Special file attached to request message, double-click, off you go.
All of this is supposed to be password protected and encrypted and, like, totally secure, dude. But this is Microsoft we're talking about here. They still release major applications, time and time again, with buffer overflow vulnerabilities. It's as if General Motors kept making cars that could be started with a Paddle Pop stick. And, furthermore, an awful lot of WinXP users log into the administrator account by default and don't even use a password for that. So it's not as if there are any filesystem permissions standing in a trojan's way.
I therefore look forward avidly to receiving many, many "MsRCincident" attachments from people with the new BendMeOver.winxp virus, cordially inviting me to have my way with their PC, should I feel so inclined.
In the meantime, though, I'll keep chopping Sircam off the front of the few interesting looking incoming attachments I still get, and hoping for salacious gossip or a murder confession or IfThisGetsOutItCouldBringDownTheGovernment.doc. And dreaming of the day I get read/write access to the computer of someone who, as it turns out, has previously been sending me messages about how to Get A Credit Card Merchant Account or Enlarge Your Penis Today or Buy Kathmandu Temple Kiff or Be A Millionaire Like Others Within A Year.
Man, that's gonna be sweet.
