The GIANT BLACK BOOK of COMPUTER VIRUSES

The GIANT BLACK BOOK of COMPUTER VIRUSES

Publication Details

  • Author: Mark Ludwig

  • Publisher: American Eagle Publications, Inc.

  • Address: Post Office Box 1507 Show Low, Arizona 85902

  • Year: 1998

  • Copyright: 1995, 1998 by Mark A. Ludwig. All rights reserved.

  • ISBN: 0-929408-23-3

Dedication

  • Inspired by Genesis 1:21,22: "And God saw that it was good. And God blessed them, saying 'Be fruitful and multiply, fill the earth and subdue it.'"

Table of Contents (Second Edition)

  • Preface to the Second Edition: Page 1

  • Part I: Self-Reproduction

    • Introduction: Chapter 1, Page 3

    • Computer Virus Basics: Chapter 2, Page 15

    • The Simplest COM Infector: Chapter 3, Page 21

    • Companion Viruses: Chapter 4, Page 39

    • A Parasitic COM Infector: Chapter 5, Page 47

    • A Memory Resident Virus: Chapter 6, Page 63

    • Infecting EXE Files: Chapter 7, Page 71

    • An Advanced Resident Virus: Chapter 8, Page 81

    • An Introduction to Boot Sector Viruses: Chapter 9, Page 91

    • The Most Successful Virus: Chapter 10, Page 109

    • Advanced Boot Sector Techniques: Chapter 11, Page 123

    • Infecting Device Drivers: Chapter 12, Page 133

    • Source Code Viruses: Chapter 13, Page 143

    • Macro Viruses: Chapter 14, Page 159

    • A Windows Companion Virus: Chapter 15, Page 167

    • A Simple $32$-Bit Windows Virus: Chapter 16, Page 179

    • A Multi-Section Windows Virus: Chapter 17, Page 207

    • A Section Expanding Virus: Chapter 18, Page 215

    • A Sophisticated Windows File Infector: Chapter 19, Page 237

    • A Unix Virus: Chapter 20, Page 253

    • Viruses and the Internet: Chapter 21, Page 261

    • Many New Techniques: Chapter 22, Page 269

  • Part II: Anti-Anti-Virus Techniques

    • How a Virus Detector Works: Chapter 23, Page 273

    • Stealth for Boot Sector Viruses: Chapter 24, Page 281

    • Stealth for DOS File Infectors: Chapter 25, Page 293

    • Windows Stealth Techniques: Chapter 26, Page 305

    • Polymorphic Viruses: Chapter 27, Page 317

    • Retaliating Viruses: Chapter 28, Page 341

    • Advanced Anti-Virus Techniques: Chapter 29, Page 353

  • Part III: Genetics and the Future

    • Genetic Polymorphic Viruses: Chapter 30, Page 363

    • Darwinian Evolution or De-Evolution?: Chapter 31, Page 371

    • The Future Threat: Chapter 32, Page 383

  • Part IV: Payloads for Viruses

    • Destructive Code: Chapter 33, Page 401

    • A Viral Unix Security Breach: Chapter 34, Page 427

    • Adding Functionality to a Windows Program: Chapter 35, Page 431

    • KOH: A Good Virus: Chapter 36, Page 435

  • Resources: Page 455

  • Index: Page 459

Preface to the Second Edition

  • Purpose: Reflect new developments in computer viruses and provide better value.

  • Key Developments in the Past Three Years:

    • Introduction of Windows 95: Profoundly influenced virus development.

      • Virtually stopped DOS-based software development, pushing DOS programs into oblivion.

      • Older DOS-based viruses are no longer real-world threats.

      • Increased complexity of operating systems and applications opened new possibilities.

      • Macro viruses: Most important category, popular among writers, successful in establishing populations.

    • Growing popularity of the Internet:

      • Potential for network-savvy viruses is obvious.

      • Led to internet-related virus hoaxes (e.g., "Good Times Virus" hoax).

      • Approaching a point where hoaxes will be replaced by real threats.

  • Content Focus:

    • Exploration of new developments and possibilities in detail.

    • DOS viruses: Still the best starting point for learning about viruses due to simplicity and coverage of basic techniques. They still constitute the bulk of existing viruses.

    • Evolutionary Viruses: Discussion expanded and rewritten.

      • Previous attempts to grapple with open-ended Darwinian evolution found practically worthless for writing potent viruses.

      • A "heretical" approach yields more exciting results for computer viruses.

  • Book Format Change:

    • All source code moved to an accompanying diskette (now included at no extra charge) to keep the book cost reasonable.

    • Exception: Part of KOH source code is printed in the book because its export from the United States on disk is illegal.

  • Recommended Usage: Print both ISR references and virus source code, and study each chapter with both readily available.

  • Date: May 15, 1998

Chapter 1: Introduction

  • Book's Aim: To simply and plainly teach how to write computer viruses.

  • Distinction from other books: Not those that "decry viruses and call for secrecy" while providing insufficient technical details.

  • Nature of the book: Technical and to the point, offering complete virus sources and knowledge for proficient cutting-edge virus or anti-virus programming.

  • Potential Offense: Acknowledges that publicly sharing "inside information" may offend those who seek to control such knowledge.

  • Author's Stance on Freedom: Defends freedom, specifically the freedom to learn technical information about computer viruses.

    • Critiques the "elitist mentality" as a