Self-Replicating Automata/History

Introduction

edit

A self-replicating automaton is a mechanism which construct copies of itself; generally, it is assumed that building materials come from the environment hosting the automaton. Abstract models were first developed by John von Neumann in the late 1940s, termed kinematic and tessellation models. The kinematic model is based on now modern notions of robotics. The tessellation model is now know as cellular automata.

The origins of self-replicating code could be traced back to simple pranks and geek humour. The reluctance of society to accept inevitable changes and its inherent suspicion - both gifts of its adaptive response for survival - as well as the social animals' craving for individuality has resulted in these interesting forms being looked upon as a contagion rather than primary stages of artificial life.

This view of being a contagion has in turn influenced the whole linguistics of the community which itself is composed of “virus writers” and “anti virus writers”. Continuing the tradition it is sincerely hoped that every time the term "virus" is used it is in good humor.

Few highlights in the evolution of the present automaton are now discussed. Detailed analysis will follow in the Evolution section.

The 80s

edit

By 1990 at least 50 viruses affecting IBM PCs and around 15 viruses affecting the Apple Mac machines were well known (analysed and studied by the antiviral community).

It is generally accepted that the first virus to spread in the wild was Elk Cloner which spread on Apple II floppy disks.It appeared around 1981-82. This period was followed by the legendary paper by Fred Cohen. By 1986 there were many strains of Brain virus prevalent. It was a boot sector infector. The common story is that it originated in Pakistan, its authors being two brothers. Virdem, the first file infector also emerged in the same year.

In 1984, A. K. Dewdney introduced the game "Core War" to the public, in an article in Scientific American.[1]

In 1987, many file infectors started appearing, especially infecting COMMAND.COM The first one of these is considered to be Lehigh virus. The file infectors mainly concentrated on the simple binary format or COM files. But research on how to develop EXE infectors was also going on. This culminated in the production of the Jerusalem virus family. The Concept of Worms, code which is able to self replicate without infection, was also well developed by this time. Christmas Worm, with a high replication rate infected the IBM Mainframes during this period.

Robert Morris released an internet worm in 1988, resulting in the first internet crisis. Early 90s saw the emergence of Virus Exchange (VX)BBS allowing programmers to share ideas and code.

The 90s

edit

Till this point the antivirus softwares mainly searched for the viral presence by using certain signatures or code traces which would be present in any infected file. But with the appearance of Polymorphic viruses this philosophy had to change. In 1991, the first polymorphic virus Tequila was released.

In 1992 Michaelangelo gained a lot of publicity from the Media. Then came the MtE from Dark Avenger. This year also saw the appearance of Construction Kits for Viruses with pulldown menus and easy interface requiring very little programming experience to create a virus.

1995 brought with it a new concept in viral technology – Macro Viruses. Concept was the first macro virus and it infected Word Documents. This marks one of the earliest deviations from simple infection of the executables to infection of data files.

After the launch of Windows 95, the first true Win95 virus Boza appeared in 1996. This year also saw the Laroux, or a Excel Spreadsheet infector, and Staog, a Linux virus. A java virus, Strange Brew was observed in 1998, further extending the possibilities of victim files.

In 1999 Melissa was released causing worldwide chaos. Corner appeared, which infected Powerpoint presentations. Tristate also emerged which infected Documents, Spreadsheets, and Presentations.

2000 onwards

edit

A major shift from viruses to worms could be seen in the latter years of the 90s. More and more worms started appearing. In 2000 Love Letter worm became the fastest spreading worm till date. It was also an interesting example of social engineering used for maximisation of spread. Streams, the proof of concept virus was the first to utilise the Alternate Data Stream of NTFS file system.

With the appearance of more and more languages and platforms, new ways of coding viruses evolved. Pirus for example was coded in PHP Scripting Language. It tries to infect HTML and php pages.Another example is Gnuman specifically attacking the gnutella p2p system. Winux, a proof of concept virus which could operate under both windows and Linux was released in 2001. Another example is the PeachyPDF-A, the first worm to utilise pdf files for its propagation.

Continuing with the trend as discussed above LFM-926, the first virus to shockwave Flash files(.swf) was released in 2002. In March 2002, Sharp-A the first .NET worm written in C# (apparently by a female hacker known as Gigabyte) was released. In late May, came Benjamin which attacked kazaa p2p system. Another interesting specimen was the Perrun virus which attached a portion of itself to JPEG image files.

2003 was another year of the worms. Some examples of worms which started spreading in this year were sobig (which had its own smtp engine), Slammer, Lovgate, Blaster etc. Social engineering techniques also developed quite a bit.

In February 2004 it was seen that virus writers were starting to use their craft for money. A German magazine managed to buy a list of infected IP addresses from a distributor of the virus Randex. These IP addresses were for sale to spammers who could use the infected machines as mail zombies. The end of April saw the Sasser worm which is the first to effectively use the LSASS Windows vulnerability; a vulnerability that allowed the worm to spread via an open FTP port instead of through E-mail.

The proof-of-concept Worm W64.Rugrat.3344 showed up the end of May. This is claimed to be the first malware that specifically attacks 64-bit Windows files only (it ignores 32-bit and 16-bit files). It was created using IA64 (Intel Architecture) assembly code.

In June Symb/Cabir-A which infects Nokia Series 60 mobile phones. It uses the bluetooth technology to spread to all bluetooth enabled devices in the vicinity. Early September saw W32/Amus-A show up. The only thing that qualified this beast to even be mentioned here was that it uses the Microsoft Speech engine in Windows to read out loud: "hamsi. I am seeing you. Haaaaaaaa. You must come to turkiye. I am cleaning your computer. 5. 4. 3. 2. 1. 0. Gule. Gule."

On 14 September that paragon of virus-free file type, the JPEG image, came under attack. To be accurate, the image file itself is not so much to blame as a Microsoft common .DLL file that processes the image file type and has a buffer overrun error that could allow someone to add malicious code to a JPEG image which can then open holes in an attacked system. Shortly after, some Trojan exploits started to appear.

Santy worm appeared towards the end of 2004. It was written in Perl and used google to search for victims, which were phpBB forums and used certain vulnerabilities in phpBB code for spreading.

In 2005, at the end of January Bropia worm appeared which targets MSN Messenger for spreading. This is a sophisticated worm that spreads via E-mail and the MSN Messaging client. Its messages are very close to what a real user would send and, for the first time, attempts to spoof the return address as being from an anti-virus company (Trend or Symantec, and Microsoft, although coming from Microsoft has been a social engineering ploy for some time now).

Around 2006, some mathematicians explore the possibility of a computer program that generates, not merely another copy of the same program, but a better program. [2]

  1. Dewdney, A. K. (1984). "In the game called Core War hostile programs engage in a battle of bits". Scientific American. Retrieved 2008-11-18. {{cite journal}}: Unknown parameter |month= ignored (help)
  2. Matt Mahoney. "A Model for Recursively Self Improving Programs". 2008. which seems to be a kind of w: Gödel machine.