Linux Today: Linux News On Internet Time.

Martin Vermeer: Vector

May 14, 2000, 18:49 (4 Talkback[s])
(Other stories by Martin Vermeer)

"My friend's idea was about replication too. He showed what he had built: a script, Visual Basic I suppose or something akin, that would replicate across a Windows client running Outlook, by copying itself to the hard disk and mailing itself out to all the entries in its address book. I remarked that this was in no way different from what the Melissa and Loveletter viruses had been doing. Nothing new under the sun. My friend agreed smilingly -- his shyish smile, which he ought to trademark as the whole Internet is using it -- and condescendingly, saying, wait till you see the payload. He explained that, contrary to your typical virus writer, he had no intention of putting anything destructive in there. Quite to the contrary!"

"You see," he explained, "what I am trying to build is a virus-like piece of software, a vector, that is not destructive and not even intrusive. Ideally, the recipient doen't even realize there is anything wrong. They receive an e-mail message containing a text version of the payload and that clicking on the attachment will bring up a printable version of same. Well, perhaps that happens, or perhaps it just produces an error message. Or alternatively, promise that clicking will delete the message or unsubscribe you, or give you an unforgettable experience. Anything to fool someone into clicking. Or it can choose a method at random, just to make it more interesting. What clicking always will do is sending out copies of the vector and its payload to all the addresses in the address book. Or mined from the received messages. By one of a variety of methods that can be expected to work often enough. Visual Basic vulnerabilites, ActiveX vulnarabilities -- the Redmond guys have really been a great help...."

"Quite. You know the saying of course, that the Internet interprets censorship as damage and routes around it. And that's true. But the Internet is still too vulnerable. Servers can be shut down or forced into submission, by governments, by legislators, and by companies that can afford to buy either of those. We need software solutions to make something that's invulnerable to that. Something that can live without servers, even personal ones, which can be always shut down. Guerillaware."

Complete Story

Related Stories: