|
ZX Power #02
24 мая 1997 |
|
Miscellaneous - Entertaining Virology.
If you suddenly opened the door,
Do not be afraid, it is - a glitch.
If the hump at Dizzy's grown,
Be sure it is - a virus.
Entertaining VIROLOGY.
Alexander Desyatnichenko
Sumy 15/01/1997.
Special for ZX POWER.
________________________________
After reading the nonsense written in
epigraph, someone will laugh and
say that about any Speccy
Viruses can be no question that
bacteria crawl modem only wires and feed hard drive. Frankly,
when one year ago, I was first exposed to the virus, then I is
also strongly razsmeshilo. Perhaps I would even
has already and will soon forget about
this story, if not note "These are the times!" in the first
issue ZX Power, which convinced me
that I have not had a virus and
not "vyglyukovalsya" from muzykalki,
it's really not a one-time joke from the "black" humor, and
especially echidna develop something directed
to develop a sense of vigilance
each sinklerista.
It was in early 1996
year. I was browsing through new programs on floppy disks that
came with the Vinnitsa - ran on stage and toys muzykalki,
choosing which of them to keep and what erase. When it came to
copy, then I, to my horror, I saw that the directories on the
two diskettes somewhat modified, and copied the program
stopped, although as is normal, and started working. All BASIC
files are the same length (something about 4kBt), and code
blocks renamed under the name of the main BASIC loader and
changed their style to the figure. Feverishly downloading
diskdoktor, I began to manually restore the most interesting
program, but then, after looking closer to what's left of the
catalog, I saw that in It left all the old data
as BASIC, and about code
files, but they are marked as
udalennye.Vosstanoviv Directory
them and removing all the tumors,
managed to return the disk to its original state. We can say
that the virus was harmless, since no port the data itself -
only a walk catalog. It now remains
only to find out what kind of program he built. Similarly,
already I do not remember, but I found it in
bootloaders some toys and
muzykalki FUCK to MUDAK DEMO. K
Unfortunately, the virus itself, I did not preserve for
history, since it is not thought that this might be of interest
and that in general a virus on Speccy
can be taken seriously. Could
I then suggest that,
a year later, this issue will be
such important ...
Based on the fact that the virus, I have described, differs
from the virus, as described in the previous issue magazine,
and from what was promised to describe yet another virus, it
can be assumed that with the development dial-up networking on
the ZX-Spectrum and connecting the IDE-propeller Number of
viruses to increase significantly, because their writing fairly
minimal knowledge. Concoct such a program from any hacker who
knows how to deal with CALL 15635 to at CD disembarked zeros or
abuse on all known and unknown
languages. Besides, probably, this
Exotic industry koderstva
will always be improved and, given that hakerkoder-sinklerist
by their ingenuity and professionalism is an order of magnitude
higher than any IBM-sysop-native, it can
lead to the most unpredictable
posledstviyam.Kak and conventional medicine, the most effective
method of combating bacteria, is the prevention of diseases.
Let's try together with you present the evolution of the virus
technologies to fully prepared
meet this obsession.
So, first of all, I think that this type of virus will be
incorporated in boot'y. Why? Because any boot is usually at the
beginning of the disk and in any reads zero track. Thus, no one
seem strange that he
refers to the zero track.
Immediately after the reading will be able to boot without the
user make changes to the directory, overwriting it. Of course,
if the program will no longer boot after that, the user
immediately throw this boot.Poetomu such
programs are likely to be
make changes only in the catalog, making the disc uncopyable
whereas for ordinary user. Of course, that more experienced
users will immediately notice the changes in the directory
structure and will appropriate mery.Znachit, the next step will
not viruses immediate action and "wait" viruses. How will this
look like? I think so:
virus is organized by the counter
read from disk, and each time will be made read-directory, the
virus will read untapped sector of track zero, change
validation bytes in it (for example, increasing its
value) and when this value
will be equal to, for example, 50 readings, the virus
zaparyvaet several tracks on the disc, or rename the file names
on a hi familiar to hackers again clears
Counter ... Thus, the very
boot as it drops out of suspicion - Georgia currently program
a week, and then deteriorated
("... Probably got a floppy disk
Khrenova "), overwriting boot'a
to another drive, he, like, does not spoil anything ... Of
course, he virus will stay in the program
well hidden, for example,
pereksorennym, in the form of tablets
movement of sprites or characters
font'a ... How could protect against
such a calamity? Well, obviously, as well
as a woman is protected from unwanted pregnancy - stick up! In
other words, the motto of the day should be: "Save floppy -
cover the window! "
Well, predicts next?
Imagine - you're playing
loadable game, pass it
to the end, it will ship FINAL CUT and
immediately overwrites several tracks after it. Or
you have loaded on the disc table
records and, if your name is in it
is higher than the authors' names, the directory of the drive
to be format ... Or you ships deferred status, copy
files of the operating envelope, perform any other action with
using a program that engages
write to disk ... How not sealed, but something to write
have razkleivatsya. I have already
completely silent on the methods of direct
Programming VeGeshki by which the virus can organize counter
hits disk generally somewhere between sectors, in addition, not
every even a very experienced hacker can find a virus in your
system program where all procedures are built on this metode.A
even rumors that are going experiments records on disk glued ...
Of course, all of the above examples can hardly be
considered real virus, as they can not reproduce.
After all, for the reproduction of the virus is necessary, as
at IBM, to join file and then burn to disc
with him, but on this Srectrum'e
will be immediately zametnym.Chto can think of in this area?
Well, for example, the virus can adhere only to the last
file, or if the virus itself is shorter than 255 bytes, it can
enroll in the free space on the last sector now is fayla.A
cool, from what I would like to caution - you can become author
virusonosnoy program without even realizing it! Imagine - you
write a program in assembly language with a built-author of the
virus assembly and fills this line:
CALL 15635. During the broadcast
also, unknown to you, CALL 15635
zamenivaetsya on CALL addr, where
addr - address of the subroutine, connected by the translator,
in which the virus Pooshan "all registers get up with your
drive everything he likes again "remembers"
register values, making your
15635 CALL and RET. Thus,
if you do not see the compiled code in a disassembler, and
immediately release it, then then try to prove that
it's not you write a virus. More
nightmares will run the virus,
Attached to debuggere - you
debug a program, and the debugger
introduced it in their changes, and recorded on the disc. When
you return upload it the same, but
an infected program, then he
determines on its label that
here already visited, removes all
their tracks and zamylivaet your eyes unspoiled program, and
before recording again makes his
business ... What do the authors
software programs - to display on
screen tablet with an inscription about this content: "The
author program ensures that its
product is absolutely free from
viruses and is ready to pay compensation in case of ... "etc.
Yes, think that my article I
many coders do not give easy
sleep - some are at night to write these viruses, the other -
their seek, and others - to produce all
and more new antivirusy.Poistine endless possibilities
ingenious invention K. Sinclair! Although, I confess, we are in
blame, because this Lord even could not imagine that vzbredet
someone in the head connected to Spectrum'u Winchester, modem
and download viruses.
But not all as bad as I nafantaziroval, because all the
Spectrum IBM did not, and even the epidemic
steep virus, I think we do not
faces. Instead, I eventually want to appeal to all users
wish - if someone finds themselves in such a virus, then
Let him not with his razpostranyaet
all the inherent malevolence, and tells his brothers about the
programs it contains. I want to wish success to you and the
magazine ZX Power, which first took
for coverage of this new issue.
From the Editor:
Unfortunately for technical
reasons we could not perform
promise the last time
but vow to return to this issue in the following
issues of our magazine with you. A
You, dear readers, help me
us in this: write about your
encounters with viruses, both old and new, and steadfast send
"infected" drives to address our editorial staff indicated
in "Authors" for more
detailed study and possible
finding a vaccine! Drives will
returned to their owners.
We will wait for your letters!
________________________________
Other articles:
Similar articles:
В этот день... 6 May