Loading ...
Sorry, an error occurred while loading the content.

the next step: p2p viruses?

Expand Messages
  • Ben Houston
    Hi all, Just a neat idea that I was thinking about this morning... Someone is probably going to create some viruses that create a p2p network(s) between
    Message 1 of 4 , Feb 15, 2001
    • 0 Attachment
      Hi all,

      Just a neat idea that I was thinking about this morning...

      Someone is probably going to create some viruses that create a p2p
      network(s) between infected computers. It should be easy if the virus
      simply remembers the IP address of the last computer it infected - then a
      back link could be created from a new infection to the previous infection in
      order to get connect to the cloud of the p2p virus. In order to prevent the
      tracing of the source the links should vary with time.

      Then I was trying to think of what advantages a p2p virus would have over
      just simple normal email viruses. I think it might be that it could take
      advantage of the CPU cycles of all the computers in the p2p virus network.
      Basically it could function as a huge genetic algorithm / genetic program
      and try to evolve different types of viruses though a mutation and selection
      process within and between the computers. This wasn't possible before since
      GA's/GP's suck computing power at a tremendous rate - but almost all GA/GP
      methods are easily and efficiently implemented in parallel. Also the most
      efficient solutions could instantly start to propagate from multiple nodes
      at once - a new variant wouldn't only have one initial starting point, it
      could start at a subset of the nodes already in the p2p virus network.

      DISCLAIMER: I feel it is okay to discuss these things since I think that
      someone will write one if it is actually possible with or without me
      discussing the possibility. I think that if we discuss it freely we can
      figure out if it is a real or simply imagined threat and how we could
      possibly counter something like this. A quick guess would be that a p2p
      collaborative anti-virus system might be the best counter... ;-)

      All the best,
      -ben houston
      http://www.exocortex.org/~ben
    • Joe Repka
      ... And they may already have. The dumb virus implementations have immediate and sensational results, and so are easily identified and caught. The smart ones
      Message 2 of 4 , Feb 15, 2001
      • 0 Attachment
        >Someone is probably going to create some viruses that create a p2p
        >network(s) between infected computers.

        And they may already have. The dumb virus implementations have immediate
        and sensational results, and so are easily identified and caught. The smart
        ones wouldn't make themselves so immediately obvious and harmful. In
        nature, an organism is infected for some time before it is aware of the
        infection, which gives the virus more time to propagate and to spread to
        other hosts. A successful Internet virus would have to do the same.


        >Then I was trying to think of what advantages a p2p virus would have over
        >just simple normal email viruses. I think it might be that it could take
        >advantage of the CPU cycles of all the computers in the p2p virus network.
        >Basically it could function as a huge genetic algorithm / genetic program
        >and try to evolve different types of viruses though a mutation and selection
        >process within and between the computers.

        They could be small and not rely on user actions to propagate.

        Thomas Ray's Tierra system of evolving code might work over networks, for
        example.

        The virus may have no other 'purpose' than to survive and propagate, or it
        may have designed functions such as parasiting on resources or collecting
        data.

        Maybe we should start thinking in terms of contagious parasites rather than
        viruses.

        >GA's/GP's suck computing power at a tremendous rate - but almost all GA/GP
        >methods are easily and efficiently implemented in parallel. Also the most
        >efficient solutions could instantly start to propagate from multiple nodes
        >at once - a new variant wouldn't only have one initial starting point, it
        >could start at a subset of the nodes already in the p2p virus network.


        Programmers with truly insidious intentions could take approachers that are
        a lot smarter than the virus writers that have so far caught world-wide
        attention. The inital infection could be started by distributing incomplete
        organisms (DNA fragments) that propagate independently and combine within a
        host to create the complete virus at some later time, thus hiding its
        origin. The could could ride in executables that have other benign or
        pleasant overt effects.

        >DISCLAIMER: I feel it is okay to discuss these things since I think that
        >someone will write one if it is actually possible with or without me
        >discussing the possibility.

        Such discussion is beneficial, I would think. Awareness of the possible
        threat is the first step toward defense. Even though this might inspire one
        or more virus writers, it also alerts very many more potential victims.



        Joe Repka
      • Ben Houston
        ... I understand what you are saying. Basically you simply want the initial virus to setup all the computers are potential hosts. The actual resource usage
        Message 3 of 4 , Feb 16, 2001
        • 0 Attachment
          > The virus may have no other 'purpose' than to survive and propagate, or it
          > may have designed functions such as parasiting on resources or collecting
          > data.

          I understand what you are saying. Basically you simply want the initial
          virus to setup all the computers are potential hosts. The actual resource
          usage part of the virus could come later after the whole network of hosts
          has been setup. Strange idea.

          > Maybe we should start thinking in terms of contagious parasites rather
          than
          > viruses.

          I understand this might be like plasmids (extra-chromosomal DNA) being
          exchanged laterally through a network of living bacteria cells. First the
          network of living cells is established and then it starts to change though
          the exchange of information laterally. Thus maybe it could be termed a
          "parasitic (bacterial) colony"?

          > The could could ride in executables that have other benign or
          > pleasant overt effects.

          That was the problem with the recent "SexyFun" virus/worm. It was hidden in
          a somewhat lame screen saver from what I understand.

          A PhD friend of mine, Hassan Masum, who I mentioned this to a few days ago
          mentioned that the viruses could watch over each other. Pretty much someone
          could prevent one user from removing the virus by holding the other
          computers' data hostage. I guess a dialog would put up and the virus would
          inform the user "disinfect this computer and three others get their data
          trashed." Unfortunately, it is assuming always up connectivity - otherwise
          a temporary Internet service interruption will cause it to trigger.

          > Such discussion is beneficial, I would think. Awareness of the possible
          > threat is the first step toward defense. Even though this might inspire
          one
          > or more virus writers, it also alerts very many more potential victims.

          Actually I was reading a book earlier this year that proposed this idea in
          some ways. It was called "Darwin Among the Machines." It proposed that AI
          would develop within our networks through evolution before we are able to
          engineer it ourselves. Basically it was sort of saying that since we do not
          know how or understand how something will "live" within our networks thus
          evolution is the only alternative. I didn't really buy it at the time - and
          even now I still don't.

          Take care,
          -ben houston
          http://www.exocortex.org/~ben

          -----Original Message-----
          From: Joe Repka [mailto:repka@...]
          Sent: Thursday, February 15, 2001 2:28 PM
          To: decentralization@yahoogroups.com
          Subject: Re: [decentralization] the next step: p2p viruses?


          >Someone is probably going to create some viruses that create a p2p
          >network(s) between infected computers.

          And they may already have. The dumb virus implementations have immediate
          and sensational results, and so are easily identified and caught. The smart
          ones wouldn't make themselves so immediately obvious and harmful. In
          nature, an organism is infected for some time before it is aware of the
          infection, which gives the virus more time to propagate and to spread to
          other hosts. A successful Internet virus would have to do the same.


          >Then I was trying to think of what advantages a p2p virus would have over
          >just simple normal email viruses. I think it might be that it could take
          >advantage of the CPU cycles of all the computers in the p2p virus network.
          >Basically it could function as a huge genetic algorithm / genetic program
          >and try to evolve different types of viruses though a mutation and
          selection
          >process within and between the computers.

          They could be small and not rely on user actions to propagate.

          Thomas Ray's Tierra system of evolving code might work over networks, for
          example.

          The virus may have no other 'purpose' than to survive and propagate, or it
          may have designed functions such as parasiting on resources or collecting
          data.

          Maybe we should start thinking in terms of contagious parasites rather than
          viruses.

          >GA's/GP's suck computing power at a tremendous rate - but almost all GA/GP
          >methods are easily and efficiently implemented in parallel. Also the most
          >efficient solutions could instantly start to propagate from multiple nodes
          >at once - a new variant wouldn't only have one initial starting point, it
          >could start at a subset of the nodes already in the p2p virus network.


          Programmers with truly insidious intentions could take approachers that are
          a lot smarter than the virus writers that have so far caught world-wide
          attention. The inital infection could be started by distributing incomplete
          organisms (DNA fragments) that propagate independently and combine within a
          host to create the complete virus at some later time, thus hiding its
          origin. The could could ride in executables that have other benign or
          pleasant overt effects.

          >DISCLAIMER: I feel it is okay to discuss these things since I think that
          >someone will write one if it is actually possible with or without me
          >discussing the possibility.

          Such discussion is beneficial, I would think. Awareness of the possible
          threat is the first step toward defense. Even though this might inspire one
          or more virus writers, it also alerts very many more potential victims.



          Joe Repka



          To unsubscribe from this group, send an email to:
          decentralization-unsubscribe@egroups.com
        • wesf@cs.utexas.edu
          ... I don t believe in GAs, but what if the creators issued updates to the worm over the P2P net as fast as the antivirus companies issued signature updates?
          Message 4 of 4 , Feb 19, 2001
          • 0 Attachment
            --- In decentralization@y..., "Ben Houston" <ben@e...> wrote:
            > Someone is probably going to create some viruses that create a p2p
            > network(s) between infected computers. It should be easy if the virus
            > simply remembers the IP address of the last computer it infected - then a
            > back link could be created from a new infection to the previous infection in
            > order to get connect to the cloud of the p2p virus.

            I don't believe in GAs, but what if the creators issued updates to the worm
            over the P2P net as fast as the antivirus companies issued signature
            updates?

            Wesley Felter, wondering how long it will be until I see Usenet messages
            signed "Death to vermin"
          Your message has been successfully submitted and would be delivered to recipients shortly.