Some New Ideaz for Future Viruses
---------------------------------
In this article, I'll explain about some possible new ideas, methods and
techniques to be used in future viruses, be it worms, trojans or file
infecting viruses
Note that all methods and ideas I've discussed here are not pure facts.
They're based upon what I think it's possible from my experience being a
virus writer/researcher and collector.
Learning Capability
-------------------
One technique which I've not seen so far in the virus scene is learning
capability. Someday somehow a virus with learning capability will emerge.
Some would say it's impossible but who knows....everything's possible. We've
seen the world's first JPEG infecting virus - Perrun (well not actually a
"real" JPEG infecting virus coz it requires the stub Exe file as a middle
man). JPEG infection is regarded as impossible all these years until the
appearance of Perrun.
Learning capability in viruses can be implemented using AI methods. This is
where the virus can learn about its residential environment in a system,
virtually taking into account the operating system specs, type, stats and
characteristics. The virus will then change its way of behavior, according
to its environment. For example, the virus will be able to quickly adapt to
its surroundings in the system when new softwares are being installed,
modified, updated or deleted or even system settings changed. This
represents a successor to the current polymorphism, metamorphism and
oligomorphism in current virus trends.
Virus -> Virus Communication: Developing a Common Virus Language
----------------------------------------------------------------
This is another technique which I've not seen in today's virus world.
Basically it involves developing a "virus language" for viruses to
communicate with each other. Like we humans communicate using our language,
be it English, Chinese, Spanish or Japanese; a common language for viruses
can be developed. This could be either composed of normal alphabetical words
or even jumbled words of numbers, characters and special symbols. By having
a common virus language, viruses can communicate with each other whether
it's the same virus instance on an infected system or a different virus that
supports the common language. Viruses can then exchange information
regarding the state or itself using AI methods and then adapt or change
itself according to these information. The medium of communication can be
either through network, utilizing network protocols, or IPC such as
mailslots, mapped memory and named pipes or any other medium which is
suitable. This, coupled with the learning capability of a virus makes a
virus mimics real world lifeform having its own intelligence and life.
Steganographic Viruses
----------------------
Viruses could utilize the power of steganography as a mean to propagate. By
residing and hiding in data files like image, music or movie files, it's a
perfect technique to hide from prying eyes or even detection of AV
softwares.
Multi-Protocol Viruses
----------------------
Modern worms uses email as a mean of primary propagation. They can either
use the classic MAPI method or impementing a built in SMTP engine or using
the more advanced API hooking (used by Win95.SKA). All these uses TCP/IP as
the main network protocol. In the near future, it's possible to see
viruses/worms that utilizes other network protocols such as Novell's
IPX/SPX, IBM's NetBIOS, or SMB. These viruses/worms can use one or a
combination of several of them to spread itself and reach out to more
systems.
Mobile Phone Viruses
--------------------
I'm not sure if this technology has appeared in the virus scene but I'll try
to explain it. Nowadays, mobile phones are becoming a must among people all
around the world, especially youths. Viruses/worms can infect mobile phones.
They can use the classic method of enumerating your address book, in this
case your contact no. of all your friends in your mobile and propagate
itself to each of them via SMS. This method is similar to that of the
Melissa virus and several other worms. Mobile phones are a heaven for
viruses/worms due to the widespread of use of mobiles around the globe. If
that's the case of widespread of mobile phone viruses, they'll probably have
AV softwares on mobile phones :)
Well, that's it. I've explained some possible ideas and techniques that
could be implemented in future viruses/worms. Till then, Adios.
Written by: allegro - 20 Sept 2002
<allegro16@hotmail.com>
Back
to index