40Hex Volume 1 Issue 2 0003 Virus Spreading - Fast Or Slow? By Nick Haflinger -=PHALCON=- Call The LandFill BBS (914) Hak-Vmbs -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- One of the questions while writing your virus is how quickly you want it to spread. The easy answer is "As fast as possible" but this is not always the best answer. If a virus moves slowly, it will take much longer before somebody notices hard drive space disappearing, he/she will notice fewer changes to the file dates, and all other symptoms will be lessened. However, this does provide longer for anti-virus people (pronounced Scum, with a capital S) to discover the virus. This issue ties directly into the issue of activation, short or long. Since the issues are virtually identical, I will cover both together, because they are so closely tied. The Case For Fast ================= Viri should spread as quickly as possible. This allows as little time as possible for the makers of antivirus programs to come up with an antidote before the virus is widely spread. This should be tied with a short activation period to cause as many problems as possible before detection is possible. Because fewer copies are generated before activation, each copy may be larger. This allows for more extensive anti-anti-viral tactics, which are becoming increasingly more important as the number of anti-viral products rises. Just remember, most of these products are shit. So don't worry too much. The Case For Slow ================= Viri should spread slowly, because this is less obtrusive, and therefore users are less likely to notice a change in the system. This should be coupled with a long activation period as to have maximum penetration before the virus activates. A slow-spreading virus will circulate to more virus programmers who will be able to modify the program for specific needs or to adapt to antiviral tactics. On a purely academic note, slow spreading viri must be smaller, as more copies must be generated. This means that viri must be programmed better, which is good for the general community. The Case Against Fast ===================== Fast spreading of viri is likely to draw attention. Once a virus has been caught, in most of the cases, it is dead and useless. A virus should infect the greatest area in the shortest time before the anti-virus people inevitably catch up to the virus. However, because of the necessity of a short activation time, this virus has a lesser range than a slow-spreading virus. The programmer must rely on either (a) the quick distribution of the virus along at least a regional level --or-- (b) the ability of other virus programmers to obtain and modify either the source code or dissassemble and modify the distributed virus. If possible, the source should be distributed along trusted channels. There should be as little chance as possible of an antiviral researcher obtaining a copy of the sourse for your masterpiece. The Case Against Slow ===================== A slow spreading virus is much more likely to get caught by antiviral people prior to its necessarily long pre-activation period. There will be more defenses out against the virus before it has spread much. However, if the virus is well-done, it will have spread far before it is caught. Conclusion ========== Actually, I lied. There is no conclusion to be drawn from this, as this is in itself the conclusion of long hours of thought and much brainstorming on BBSs. If you would like to comment, I can be reached on LandFill BBS, phone number above. In a future article, I will attempt to cover anti-anti-virus tactics. I may also respond to some important questions/comments I may recieve. Start your viri now! And may the best bug win! NH