Miscellaneous - Entertaining Virology.

<b>Miscellaneous</b> - Entertaining Virology.

       If you suddenly opened the door,
       Do not be afraid, it is - a glitch.

       If the hump at Dizzy's grown,
       Be sure it is - a virus.


    Entertaining VIROLOGY.


          Alexander Desyatnichenko

             Sumy 15/01/1997.

           Special for ZX POWER.
________________________________


   After reading the nonsense written in
epigraph, someone will laugh and
say that about any Speccy
Viruses can be no question that
bacteria crawl modem only wires and feed hard drive. Frankly, 
when one year ago, I was first exposed to the virus, then I is 
also strongly razsmeshilo. Perhaps I would even

has already and will soon forget about
this story, if not note "These are the times!" in the first 
issue ZX Power, which convinced me

that I have not had a virus and
not "vyglyukovalsya" from muzykalki,
it's really not a one-time joke from the "black" humor, and 
especially echidna develop something directed

to develop a sense of vigilance
each sinklerista.

   It was in early 1996
year. I was browsing through new programs on floppy disks that 
came with the Vinnitsa - ran on stage and toys muzykalki, 
choosing which of them to keep and what erase. When it came to 
copy, then I, to my horror, I saw that the directories on the 
two diskettes somewhat modified, and copied the program 
stopped, although as is normal, and started working. All BASIC 
files are the same length (something about 4kBt), and code 
blocks renamed under the name of the main BASIC loader and 
changed their style to the figure. Feverishly downloading 
diskdoktor, I began to manually restore the most interesting 
program, but then, after looking closer to what's left of the 
catalog, I saw that in It left all the old data

as BASIC, and about code
files, but they are marked as
udalennye.Vosstanoviv Directory
them and removing all the tumors,
managed to return the disk to its original state. We can say 
that the virus was harmless, since no port the data itself - 
only a walk catalog. It now remains

only to find out what kind of program he built. Similarly, 
already I do not remember, but I found it in

bootloaders some toys and
muzykalki FUCK to MUDAK DEMO. K
Unfortunately, the virus itself, I did not preserve for 
history, since it is not thought that this might be of interest 
and that in general a virus on Speccy

can be taken seriously. Could
I then suggest that,
a year later, this issue will be
such important ...

   Based on the fact that the virus, I have described, differs 
from the virus, as described in the previous issue magazine, 
and from what was promised to describe yet another virus, it 
can be assumed that with the development dial-up networking on 
the ZX-Spectrum and connecting the IDE-propeller Number of 
viruses to increase significantly, because their writing fairly 
minimal knowledge. Concoct such a program from any hacker who 
knows how to deal with CALL 15635 to at CD disembarked zeros or 
abuse on all known and unknown

languages. Besides, probably, this
Exotic industry koderstva
will always be improved and, given that hakerkoder-sinklerist 
by their ingenuity and professionalism is an order of magnitude 
higher than any IBM-sysop-native, it can

lead to the most unpredictable
posledstviyam.Kak and conventional medicine, the most effective 
method of combating bacteria, is the prevention of diseases. 
Let's try together with you present the evolution of the virus

technologies to fully prepared
meet this obsession.

   So, first of all, I think that this type of virus will be 
incorporated in boot'y. Why? Because any boot is usually at the 
beginning of the disk and in any reads zero track. Thus, no one

seem strange that he
refers to the zero track.
Immediately after the reading will be able to boot without the 
user make changes to the directory, overwriting it. Of course, 
if the program will no longer boot after that, the user 
immediately throw this boot.Poetomu such

programs are likely to be
make changes only in the catalog, making the disc uncopyable 
whereas for ordinary user. Of course, that more experienced 
users will immediately notice the changes in the directory 
structure and will appropriate mery.Znachit, the next step will 
not viruses immediate action and "wait" viruses. How will this

look like? I think so:
virus is organized by the counter
read from disk, and each time will be made read-directory, the 
virus will read untapped sector of track zero, change 
validation bytes in it (for example, increasing its

value) and when this value
will be equal to, for example, 50 readings, the virus 
zaparyvaet several tracks on the disc, or rename the file names 
on a hi familiar to hackers again clears

Counter ... Thus, the very
boot as it drops out of suspicion - Georgia currently program
a week, and then deteriorated
("... Probably got a floppy disk
Khrenova "), overwriting boot'a
to another drive, he, like, does not spoil anything ... Of 
course, he virus will stay in the program

well hidden, for example,
pereksorennym, in the form of tablets
movement of sprites or characters
font'a ... How could protect against
such a calamity? Well, obviously, as well
as a woman is protected from unwanted pregnancy - stick up! In 
other words, the motto of the day should be: "Save floppy - 
cover the window! " 

   Well, predicts next?
Imagine - you're playing
loadable game, pass it
to the end, it will ship FINAL CUT and
immediately overwrites several tracks after it. Or
you have loaded on the disc table
records and, if your name is in it
is higher than the authors' names, the directory of the drive 
to be format ... Or you ships deferred status, copy

files of the operating envelope, perform any other action with
using a program that engages
write to disk ... How not sealed, but something to write
have razkleivatsya. I have already
completely silent on the methods of direct
Programming VeGeshki by which the virus can organize counter 
hits disk generally somewhere between sectors, in addition, not 
every even a very experienced hacker can find a virus in your 
system program where all procedures are built on this metode.A 
even rumors that are going experiments records on disk glued ...


   Of course, all of the above examples can hardly be 
considered real virus, as they can not reproduce.

After all, for the reproduction of the virus is necessary, as 
at IBM, to join file and then burn to disc

with him, but on this Srectrum'e
will be immediately zametnym.Chto can think of in this area?
Well, for example, the virus can adhere only to the last
file, or if the virus itself is shorter than 255 bytes, it can 
enroll in the free space on the last sector now is fayla.A 
cool, from what I would like to caution - you can become author 
virusonosnoy program without even realizing it! Imagine - you 
write a program in assembly language with a built-author of the 
virus assembly and fills this line:

CALL 15635. During the broadcast
also, unknown to you, CALL 15635
zamenivaetsya on CALL addr, where
addr - address of the subroutine, connected by the translator, 
in which the virus Pooshan "all registers get up with your 
drive everything he likes again "remembers"

register values, making your
15635 CALL and RET. Thus,
if you do not see the compiled code in a disassembler, and 
immediately release it, then then try to prove that

it's not you write a virus. More
nightmares will run the virus,
Attached to debuggere - you
debug a program, and the debugger
introduced it in their changes, and recorded on the disc. When 
you return upload it the same, but

an infected program, then he
determines on its label that
here already visited, removes all
their tracks and zamylivaet your eyes unspoiled program, and
before recording again makes his
business ... What do the authors
software programs - to display on
screen tablet with an inscription about this content: "The 
author program ensures that its

product is absolutely free from
viruses and is ready to pay compensation in case of ... "etc. 
Yes, think that my article I

many coders do not give easy
sleep - some are at night to write these viruses, the other - 
their seek, and others - to produce all

and more new antivirusy.Poistine endless possibilities 
ingenious invention K. Sinclair! Although, I confess, we are in 
blame, because this Lord even could not imagine that vzbredet 
someone in the head connected to Spectrum'u Winchester, modem 
and download viruses. 

   But not all as bad as I nafantaziroval, because all the 
Spectrum IBM did not, and even the epidemic

steep virus, I think we do not
faces. Instead, I eventually want to appeal to all users
wish - if someone finds themselves in such a virus, then
Let him not with his razpostranyaet
all the inherent malevolence, and tells his brothers about the 
programs it contains. I want to wish success to you and the 
magazine ZX Power, which first took

for coverage of this new issue.

From the Editor:

   Unfortunately for technical
reasons we could not perform
promise the last time
but vow to return to this issue in the following
issues of our magazine with you. A
You, dear readers, help me
us in this: write about your
encounters with viruses, both old and new, and steadfast send 
"infected" drives to address our editorial staff indicated

in "Authors" for more
detailed study and possible
finding a vaccine! Drives will
returned to their owners.


    We will wait for your letters!
________________________________