Sunday, December 12, 2010

Computer Viruses Of A Non-Human Origin








Jack Dikian
December 2010

Introduction

For quite a while I’ve been tossing around the idea of computer system viruses and intrigued by whether a computer virus’ origin may be other than man made.

The origins of non-computer viruses in the evolutionary history of life are unclear: some may have evolved from plasmids – pieces of DNA that can move between cells, while others may have evolved from bacteria. In any case, these are not man made.

As we know computer viruses are usually small software programs that spread from one computer system to another and interfere with the operations of computers. These viruses may corrupt, modify or delete data. However, these are always hand crafted by humans for a ranging set of aims and objectives.

As computer systems become more and more interconnected, complex and ubiquitous - and at the same time our reliance upon them in our everyday life is becoming critical. Is it possible, in the future, for computer viruses or virus-like entities (possibly equivalent to the polymorphic and metamorphic viruses of today) to be self-producing and self-propagating within the complexity of computer systems - an Angie-May virus perhaps?

Whilst I plan to touch on the emergence of complex viruses and the inherent difficulties associated with their detection – the primary intention of this article is not to rehash current thinking – that is the introduction of an ever increasing number of antivirus utilities designed to detect potential viruses on entry and/or behaviours that are regarded suspicious. The main objective here is to raise the notion that future computer viruses may not be man made, ones that many evolve and change over time within the host, and that current strategies to anticipate and/or block the entry of these may be rendered ineffective.

We are aware for example that complex viruses such a metamorphic, polymorphic, and entry-point obscuring virus offer an entirely different and heightened threat to organizations. A better understanding of complex viruses and the limitations of current anti-virus engines may assist future potential threats. Moreover, we only usually consider a virus as a real threat when it’s discovered outside of a laboratory and "in the wild". Again the notion here is that a virus has been incubated somewhere other than the host.

Up to know, detecting a complex virus (as we know them) meant the detection of a threat that is either inherently difficult to detect, or exposes engine limitations that make it difficult to detect. This approach is still still looked at very much through the lens of experience. That is, a group of people on the one hand thinking up new and perhaps, in their minds “interesting” was to breach a system, and on the other, a number of organisations developing and selling more and more complex virus detection packages.


Humans viruses


A virus is a small infectious agent that can replicate only inside the living cells of organisms. Most viruses are too small to be seen directly with a light microscope. Viruses infect all types of organisms, from animals and plants to bacteria and archaea. Since the initial discovery of the tobacco mosaic virus by Martinus Beijerinck in 1898 about 5,000 viruses have been described in detail, although there are millions of different types. Viruses are found in almost every ecosystem on Earth and are the most abundant type of biological entity.


On the question of whether virus are alive, it seems viruses straddle the definition of life. They lie somewhere between supra molecular complexes and very simple biological entities. Viruses contain some of the structures and exhibit some of the activities that are common to organic life, but they are missing many of the others.


In general, viruses are entirely composed of a single strand of genetic information encased within a protein capsule. Viruses lack most of the internal structure and machinery which characterize 'life', including the biosynthetic machinery that is necessary for reproduction. In order for a virus to replicate, therefore, it must infect a suitable host cell.


And we learned in biology viruses exist in two distinct states. When not in contact with a host cell, the virus remains entirely dormant. During this time there are no internal biological activities occurring within the virus, and in essence the virus is no more than a static organic particle.


In this simple, clearly non-living state viruses are referred to as virions. These can remain in this dormant state for extended periods of time, waiting patiently to come into contact with the appropriate host. When the virions comes into contact with the appropriate host, they become active and are then referred to as a virus. It now displays properties typified by living organisms, such as reacting to its environment and directing its efforts toward self-replication. Virus can cause infections ranging from the more innocuous, such as a cold, to the more malevolent, such as hemorrhagic fever or rabies.


An increasing number of antiviral remedies are being developed that prevent the virus multiplying and help cause the illness to run its course more rapidly. Treating human viruses will depend on the strength of the individual’s immune system, their overall health status, age, the severity of the condition, and the type of viruses involved.


Minor illnesses caused by viral infections usually only require symptomatic treatment (such as painkillers and anti-inflammatories) while more severe conditions may require advanced medical treatment and sometimes even life-long treatment. Antiretroviral therapy suppresses the replication of the human immunodeficiency virus (HIV), even if there are no symptoms. The aim of treatment is to lower the concentration of virus (viral load).


Animal to Human Viruses


The study of animal viruses is important for a number of reasons. Many animal viruses are also important from a human medical perspective. The emergence of the SARS virus in the human population, coming from an animal source, highlights the importance of animals in bearing infectious agents; avian influenza viruses can directly infect humans.


Generally, rising food prices is under developed countries where people are unable to afford basic supplies, has resulted some communities in Central Africa, for example to increasingly turn to the forests for food. In doing so, hunters expose themselves to hidden dangers - microscopic pathogens living in the blood of forest animals.


Whilst many of these viruses are harmless, some are potentially deadly when passed to humans. Scientists point out there's nothing new about these viruses. What is new, however, is the frequency of people's contact with them and how easily they can now be spread around the world.


Epidemiologist Dr. Nathan Wolfe is following the hunters. "Individuals have been infected with these viruses forever," Wolfe said. "What's changed, though, is in the past you had smaller human populations; viruses would infect them and go extinct. Viruses actually need population density as fuel."


Wolfe works mostly in the forests of Cameroon tracking these viruses that can jump from animals to humans - what are called Zoonotic viruses. Of the 1415 pathogens known to affect humans, 61% are Zoonotic.


The most prolific and deadly Zoonotic is HIV, the virus that causes AIDS. In 1999, scientists at the University of Alabama at Birmingham traced the origins of HIV back to a subspecies of chimpanzee. The virus might have jumped to humans when the blood of an infected chimpanzee came in contact with the blood of a bush meat hunter during the killing or butchering of the animal.


It took decades, but that simple, seemingly insignificant transmission set off a global epidemic, or pandemic, that so far has killed or infected tens of millions of people. HIV probably crossed into humans as far back as the early 1900s, but it wasn't until air travel became common that the virus spread, and AIDS became a global epidemic in the 1980s.


Computer Virus


A computer virus is a computer program that can copy itself and infect a computer. It’s important to distinguish a computer virus from other malware programs such as adware and spyware that do not have the reproductive ability.


A computer virus can spread from one computer to another (in some form of executable code) when its host is transferred from one computer over a network, the Internet, or even carried using a removable medium such as a CD or USB. The effectiveness of these viruses (to spread) is increased when they use computer hosts that are commonly accessed by other systems.


Complex viruses


A polymorphic virus is a virus that changes its appearance in host programs. For instance, it encrypts its body with a different key each time, and prepends a decryption routine to itself. The decryption routine (known as the "decryptor") is mutated randomly across virus instances, so as to be not easily recognizable.

A metamorphic virus, by comparison, is a virus that also changes its appearance in host programs, however it does so without necessarily depending on encryption. The difference in appearance comes from changes made by the virus to its own body such as through the insertion and removal of "garbage" instructions and switching between two different opcodes that are functionally-equivalent making analysis and detection difficult.

Examples of computer viruses


1. Encrypted Viruses – The encrypted virus is probably the most difficult kind of bug to detect and the most difficult to stop. You may accidentally have downloaded one of these bugs and before you know it, your entire computer can be infected. Many top virus protection programs miss encrypted viruses because these bugs use a different form of encryption every time. When the bug wants to run wild, it decrypts itself. In most cases, your virus protection can then identify it and stop it.

2. Secret Viruses – These types of viruses will make changes to files on your computer, or completely replace files, but then try to trick your computer and your anti virus program into thinking that the originals are being used. Most advanced virus protection programs can stop these common computer viruses dead in their tracks.

3. Time Delay Viruses – These types of viruses take a much slower, more disciplined path towards ruining your computer. Instead of instantly trying to take over your computer the moment you download them, they will wait and slowly infect files bit by bit. You may not have been online for days but then suddenly find yourself with an infection. These common computer viruses are the reason why you should run your virus protection every few days, just in case.

4. The Anti-Virus Virus – Believe it or not, there are viruses out there that do nothing more than attack your pre-installed anti virus program in hopes of disabling it so other viruses can then be downloaded. This is why many people have a virus protection program as well as a separate anti-spyware or anti-malware program on their computer.

5. The Multi-Headed Virus – This is one of the most nefarious bugs on the whole Internet. Not only are there parts of this virus that will attach themselves to .exe files on your computer, but it will also affect your computer’s start up so that you begin running the virus every time you turn your computer on automatically.

6. The Misdirection Virus – This type of virus is downright scary. It has a built in subprogram that is made to give false readings to your virus protection software. You think you have a bug in one directory, when, in fact, the virus is busy harming your computer in a whole other area.

7. A Cloning Virus – The cloning virus is an old fashioned type of bug. When you download it, it will quickly create duplicates for .exe files you have on your computer, hoping that you’ll click on it when you really mean to click on a healthy program you already have.

8. The Author Virus – When you download a virus, it usually attaches itself to a program and then runs when you run that program. The Author Virus, on the other hand, finds an .exe file and actually deletes and rewrites code so that the program is changed. Few common computer viruses run this way since the level of virus needs to be so sophisticated.

9. The Bad Penny Virus – The very first computer virus to ever hit the Internet was a Bad Penny virus. This is a bug that automatically passes itself on to everyone on a network or on the Internet unless something stops it. This was the whole reason why firewalls were invented.

10. When most of us think of viruses, we think of PC’s running Windows software. However, there are a handful of bugs out there for the Mac.

11. Rewriting Virus – This bug made a habit out of rewriting some of your most needed files, as well as filling up your hard drive with all sorts of invisible files you couldn’t normally see.

12. The Melissa Virus – This was a bug that hit everyone, both PC users and Mac users. It would automatically email itself to other people without permission. It can be extra harmful if you use a private mail server at your place of employment. The Melissa virus has gone down in history as one of the most common computer viruses of all time.

Identifying viruses

Most anti-virus software typically uses two different techniques to detect know viruses and other suspicious software behaviour, prompting for an intervention. The first method examining files to looking for known viruses by means of a virus dictionary (know viruses finger prints). The second method is to identify suspicious behavior from any computer program which might indicate infection.

A virus dictionary approach

In the virus dictionary approach, when the anti-virus software examines a file, it refers to a dictionary of known viruses that have been identified by the author of the anti-virus software. If a piece of code in the file matches any virus identified in the dictionary, then the anti-virus software can then either delete the file, quarantine it so that the file is inaccessible to other programs and its virus is unable to spread, or attempt to repair the file by removing the virus itself from the file.

Polymorphic and metamorphic viruses, which encrypt parts or modify parts of themselves as a method of disguise, so as to not match the virus's signature in the dictionary will therefore not usually be identified.

The suspicious behavior approach, by contrast, doesn't attempt to identify known viruses, but instead monitors the behavior of all programs. If one program tries to carry out an instruction such as writing data to an illegal section of a program (say the executable program) this is flagged as suspicious and the user is alerted to this.

Unlike the dictionary approach, the suspicious behavior approach therefore provides protection against viruses that don’t yet exist in any virus dictionaries. However, it also sounds a large number of false positives, and users probably become desensitized to all the warnings.

Treating Viruses

Treating viral infections are difficult because viruses live within the body’s own cells, making it hard for our immune system to combat it. Viruses also mutate causing treatments that might work today, unusable for the future.

Whilst bacterial infections can be treated with antibiotics, viral infection cannot. Antiviral medications do not destroy their target pathogen - instead they inhibit their development.

Most human viral infections can be successfully fought by the body's own immune system as well as treating the symptomatology.


Future Computer Viruses

So far, we’ve examined the workings of viruses, the phenomena of viral infection increasing burden of the disease in low endemicity countries, in terms of morbidity and mortality rates. We touched on how human immunodeficiency virus such as the influenza virus, crossing the species barriers from animals to humans.

I wanted to explore the parallels of pathogenic viruses with those infecting computer systems. Importantly, examine whether these parallels share more than just a narrative, nomenclature, and perhaps even the legitimatization by association, what some may describe as computer hacking computer crime, computer fraud, etc,

Moreover, I wanted to question the notion of what of computer viruses, particularly complex viruses that are self-generating – perhaps through automated in-code generators and are not contained or limited to the system of origin. Is it valid for example to describe software bugs, faulty code, or systems’ errors as artificial viruses that may spread through the interconnectedness of modern system platforms.

Incomplete..


1 comment: