THE UNIX VIRUS CHILDRENS MANUAL

        - Silvio Cesare <silvio@big.net.au>

CONTENTS
--------

IMPROVING THIS MANUAL
WHAT IS A VIRUS?
WHAT CAN A UNIX VIRUS DO?
WHAT CAN A WINDOWS VIRUS DO?
WHAT DO UNIX VIRUS'S LOOK LIKE?


IMPROVING THIS MANUAL
---------------------

For any comments or suggestions (even just to say hi) please contact the author
Silvio Cesare, <silvio@big.net.au>.  This paper already has future plans to
include more parasite descriptions and more parasite teqniques. Plus, i plan
on writing a POP-UP book about virus's and how wonderful virus's are.


WHAT IS A VIRUS?
----------------

A virus is code that infects program files, critical files, processes, ELF's,
and mission critical data. Here are some pictures to help you :)
(Parents: please take time to discuss the pictures, preferably to keep them
          from getting scared)

A WAREZ infector (The BoW virus):

                   _||||||||||||||||||||||||_
                  /                          \
                 /             \_/            \
                |       \____     _____/       |
                |       /  o /\  /\ o  \       |
                |       \___/      \___/       |
                |              /\              |
                \    ______________________    /
                 \_  .____|   |  |   |____.  _/
                   \      |___|  |___|      /
                    \______________________/
                   _____|              |_____
                  /                          \
                 |                            |
                 |      /  __________  \      |
                 |\/\/\|   I LUV BOW!   |\/\/\|
                       |   ~~~~~~~~~~   |
                       |                |
                      <                  >
                      (  b0rn 2 1nf3ct!  )
                      \__________________/

        Notice, the very sharp hands, and very big head, which contains million
s        and zillions of program code to infect your system and make it sick.

An ELF infector virus (Clifford The Big Red Virus):

    /-------------\
    |      ,      |
    |   O  ^  o   |
   [|      M      |]
    |      U      |
     \___________/
      | | | | | |
     / \ \ \ \ / \
   / \  |/ \ | \   \
   |   \|\ //   |    \
  / \  / \  \  /       \

        Notice it's U shaped mouth, which acts as a suction cup. Also, notice
        its many many tenticles! They are used to spread throughout your system
        very very quickly, and can cause it to instantly die! This is a naughty
        virus. One drawback of this virus, is it is:
                1) Very hard to program
                2) Has poor eye site (notice there are no pupils)

A windows virus (The BLOB!):

           _____________________________
          (                             )
          (                             )
          ( Memo to Sandy:              )
          (    Hey Sandy .............  )
          (                             )
          (!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)
          ( O o O o O o O o O o O o O o )
          ( o O o O o O o O o O o O o O )
          ( O o O O o o O o o O O o O o )
          ( \/\/ \/\/\/\/ \/\/ \/\/\/ \/)
          (              @              )
          ( /\ /\/\/\ /\/\/\/\ /\/\/\/\ )
          ( O o O o O o O o O o O o O o )
          ( o O o O o O o O o O o O o O )
          ( O o O O o o O o o O O o O o )
          (!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)
          (                             )
          ( Aol, no wonder it's #1      )
          ( Text file!                  )
          (_____________________________)

        This virus is very hard to detect. Notice how the nasty mean angry
        part of the virus is in the middle, while outside of the virus, it just
        looks like a regular file! This virus has many eyes, and viscious teeth
!        It can trick Norton's, and so forth.

The gH virus (LamegHost):

              , ; ,   .-'"""'-.   , ; ,
              \\|/  .'         '.  \|//
               \-;-/      ..     \-;-/
                // ;               ; \\
               //__; :.         .; ;__\\
              `-----\'.'-.....-'.'/-----'
                     '.'.-.-,_.'.'
                       '(  (..-'
                         '-'

        This virus turns your operating system into a flood network, to DoS
        people on irc, it also downloads rootshell.com and hack.co.za directly
        to your box, and then loads a backdoor into every daemon in inetd.
        Very naughty virus, it was used on whitehouse.gov.

That sums up the intro, on to WHAT CAN A UNIX VIRUS DO?


WHAT CAN A UNIX VIRUS DO?
--------------------

Virus's are very fascinating, their very existance is superior to that of the
mind controling human. A UNIX virus can do basically anything with the correct
privledges.

   ME                                               UNIX
o      o   <- [ Can i have ]                   01010101010100 -> [ Why yes ]
   _\         [ ROOT access]                   01010101010100    [ you may.]
.      .      [ please ?   ]                   01010101010101
 \____/                                        01010101010011
                                               01010110101010

Once you have the correct permissions, here's what you can do:

Infect many processes on the system:
                         _____
                       .'     '.
                      /  O   o  \
                     |           |
                     |  \     /  |
                      \  '---'  /
                       '._____.'
                  _____         _____
                .'     '.     .'     '.
               /  O   o  \   /  o   O  \
              |           | |           |
              |  \     /  | |  \     /  |
               \  '---'  /   \  '---'  /
                '._____.'     '._____.'
            _____         _____         _____
          .'     '.     .'     '.     .'     '.
         /  O   o  \   /  O   O  \   /  o   O  \
        |           | |           | |           |
        |  \     /  | |  \     /  | |  \     /  |
         \  '---'  /   \  '---'  /   \  '---'  /
          '._____.'     '._____.'     '._____.'
     _____         _____         _____         _____
   .'     '.     .'     '.     .'     '.     .'     '.
  /  o   o  \   /  o   O  \   /  O   o  \   /  o   o  \
 |           | |           | |           | |           |
 |  \     /  | |  \     /  | |  \     /  | |  \     /  |
  \  '---'  /   \  '---'  /   \  '---'  /   \  '---'  /
   '._____.'     '._____.'     '._____.'     '._____.'

        This shows how the virus's spread. Look at each ones eyes, they differ
        from the other. This is what we call maximum stealthism! It makes it
        hard for virus detectors to find the virus's.

Backdoor the systems:

    (telnet system 31337)            (*:backdoor      LISTEN)
       hacker                             system
        O                 ->     []   ->  |----|
        <                                 |  - |
        |\                                |____|

        A hacker (yourself) can gain access to a system, and run even more
        virus. Running many virus's is called a "parade" amongst us virus
        writers.

Destroy your system:

        $ ls
        fork():unable to fork new process
        THE SANDMAN VIRUS HAS YOUR WEAK SOUL
        THE SANDMAN VIRUS HAS YOUR WEAK SOUL
        THE SANDMAN VIRUS HAS YOUR WEAK SOUL
        THE SANDMAN VIRUS HAS YOUR WEAK SOUL
        THE SANDMAN VIRUS HAS YOUR WEAK SOUL
        THE SANDMAN VIRUS HAS YOUR WEAK SOUL
        Rewriting MBR...done
        Removing init...done
        Removing /usr/bin/printf..............done
        Rebooting!

        This virus hides, waiting, forever if it hasto, then, when all
        recources are used up, BAM!!!!!!!!!!!! IT DESTROYS YOUR SYSTEM.

Expose you to vile paraphanalia:

                  @@@
                 @. .@
                 @\=/@
                 .- -.
    o           /(.|.)\
    |           \ ).( /
    8======D~~  '( v )`
    |\            \|/
                  (|)
                  '-`

        This virus randomly prints pornographic ascii images to your console.


In conclusion, a unix virus can do anything to your system. Onto the next
section WHAT CAN A WINDOWS VIRUS DO?


WHAT CAN A WINDOWS VIRUS DO
---------------------------

Windows95/98 VIRII are very different from UNIX VIRII (VIRII meaning VIRUS
plural). The most popular of Windows95/98 VIRII can be found at
www.virusexchange.com. Some examples of what Windows VIRII can do are:

Mess with financial software databses like the Divinci virus.

Delete all of your HTTP cookies.

Delete your system using the deltree command.

Run netbus or back orifice on your system, and make it impossible to remove.

Make copies of itself, go into stealth mode, and permutate ( increase
their existance ) themselves like rabbits onto your system.

Alter the memory of another process on your system.
ex: Altering notepad when writing critical notes to your friends in
elementary school.

Get all of the buddies on your buddy list and send them the trojan, this
happened with the famous internet worm by Robert Morris.

Turn your system into a WAREZ server.

Get credit card information for your system.

Change your bootup system image (to a pornagraphic one, you will likely get
grounded, happyhacker.org teaches you howto do this).

Change the shutdown system image (to a pornagraphic one, you will likely get
grounded, happyhacker.org teaches you howto do this).

Make really loud annoying sounds at night.

Ok, that is the end of this section, onto WHAT DO UNIX VIRUS'S LOOK LIKE?
Parents: Review this material with your children, three times through.


WHAT DO UNIX VIRUS'S LOOK LIKE?
-------------------------------

Unix virii are hard to spot, this section gives you some info on howto spot
them and write them for fun.

Smiley the Virus:

                         _____
                       .'     '.
                      /  O   o  \
                     |           |
                     |  \     /  |
                      \  '---'  /
                       '._____.'


Dalnet, the Virus:

                  @@@
                 @. .@
                 @\=/@
                 .- -.
    o           /(.|.)\
    |           \ ).( /
    8======D~~  '( v )`
    |\            \|/
                  (|)
                  '-`

(NOTE: This is how DALNET got its name)


The gH virus (LamegHost):

              , ; ,   .-'"""'-.   , ; ,
              \\|/  .'         '.  \|//
               \-;-/      ..     \-;-/
                // ;               ; \\
               //__; :.         .; ;__\\
              `-----\'.'-.....-'.'/-----'
                     '.'.-.-,_.'.'
                       '(  (..-'
                         '-'

(NOTE: Used in the incredible whitehouse.gov defacement)


An ELF infector virus (Clifford The Big Red Virus):

    /-------------\
    |      ,      |
    |   O  ^  o   |
   [|      M      |]
    |      U      |
     \___________/
      | | | | | |
     / \ \ \ \ / \
   / \  |/ \ | \   \
   |   \|\ //   |    \
  / \  / \  \  /       \


A WAREZ infector (The BoW virus):

                   _||||||||||||||||||||||||_
                  /                          \
                 /             \_/            \
                |       \____     _____/       |
                |       /  o /\  /\ o  \       |
                |       \___/      \___/       |
                |              /\              |
                \    ______________________    /
                 \_  .____|   |  |   |____.  _/
                   \      |___|  |___|      /
                    \______________________/
                   _____|              |_____
                  /                          \
                 |                            |
                 |      /  __________  \      |
                 |\/\/\|   I LUV BOW!   |\/\/\|
                       |   ~~~~~~~~~~   |
                       |                |
                      <                  >
                      (  b0rn 2 1nf3ct!  )
                      \__________________/


Enourmous Penis Virus (Aka, Big John):

        8======================================================================
===============================================================================
===============================================================================
===============================================================================
===============================================================================
===============================================================================
===============================================================================
===============================================================================
===============================================================================
===============================================================================
======================================D

(NOTE: This virus fills up your file system, quickly)


The Million Man March (Aka Lots`o`penis):

 8========D~~~ 8========D~~~8========D~~~8========D~~~8========D~~~8========D~~
~8========D~~~8========D~~~8========D~~~8========D~~~8========D~~~8========D~~~
8========D~~~8========D~~~8========D~~~8========D~~~8========D~~~8========D~~~ 
8========D~~~ 8========D~~~ 8========D~~~ 8========D~~~   8========D~~~ 8======
==D~~~  8========D~~~ 8========D~~~ 8========D~~~ 8========D~~~  8========D~~~8
========D~~~ 8========D~~~  8========D~~~   8========D~~~  8========D~~~  8====
====D~~~ 8========D~~~      8========D~~~

(NOTE: This virus fills up NFS nodes)

See you next time! And remember, VIRII ARE FUN! :-D