Simple Virus For Teaching? 366
ed1023 writes "Currently I am teaching a 101 class on computers. It is more of a 'demystifying the black box' type of class. The current topic is computer viruses; I am looking for a virus with which I can infect the lab computers (only connected to local network, no outside network connection) that would be easy for the students to remove by hand. Can the Slashdot community point me in any directions? Is there an executable out there that would work, or do I try to write one myself, or is there one that is written that I can compile myself?"
What OS? And how annoying? (Score:3, Informative)
Re: (Score:3, Interesting)
That reminds me of something I did when I was a bit younger. I was leaving the company that day anyway, and some dude had been bugging me for months. At some time previous I'd shoulder-surfed the IT departments "test" account, which I logged onto on an unused PC in the office. I created a simple .bat file
Or something along that vein. I can't remember exactly how I made it work, but possibly by leaving the PC on, monitor off, when I left work th
Re: (Score:2, Troll)
Two days to run wireshark? LOL.
Re:What OS? And how annoying? (Score:4, Funny)
It looks like you're writing a joke.
Would you like help?
Re:What OS? And how annoying? (Score:5, Informative)
The interrupts and NOPs interfered greatly with the network cards, causing the whole thing to come crashing down when more than a couple of the computers were running at a time. It took at least a couple of days for the sysadmin to sort it out.
RIP George, thanks for introducing me to the Internet and I'm sorry that you didn't get to stick around for Linux and /. I should have taken your Minix class when I had the chance.
Re:What OS? And how annoying? (Score:5, Interesting)
This was both annoying as hell (plenty of syntax errors), and difficult to positively blame on mischief as:
The TSR was called <shift-space>.com and so a cursory perusal of the autoexec.bat would not reveal its presence, as shift-space just looks like a normal space (... but can be the name of a command)
IT spend an entire day trying to re-install Turbo Pascal, and the problem still persisted... (because it was in an independent TSR, not in the Turbo Pascal app itself)
Then, the next day, re-install of the entire system.
Another fun TSR one was the annoying keyboard beep. The TSR had a timetable of the classes build in, so that the keyboard click would be very short and almost unnoticable at the beginning of the class, and then gradually grew longer and longer during the class (first a faint click, than a more obvious click, and by the end of the hour an annoying beeeeeeeeeep). Fun thing is, as it was gradual, nobody really noticed when/how it started, but eventually that background noise was "just there"...
A, those were the days of highschool pranks...
Re: (Score:2)
I worked at a head office for a large oil and gas company in their call centre. One day a net send message popped up on all the computer screens in the office: (I've changed the wording to protect the guilty) "I'm XXX and I like licorice".
I laughed to myself, clicked ok to the message and then suddenly the phones began to ring off the hook. The amount of callers waiting on hold kept increasing to unimaginable numbers. A few min
Re: (Score:2)
When I was in high school we had a pre-windows PC lab of 15-20 computers and a Mac lab of 12-14 computers. One day I returned to the PC lab at the end of the day for something and I saw the PC teacher and the Mac teacher sitting at a computer. They called me over to them asking if I knew anything about this.
They told me this computer had a virus and it had my name on it. As soon as they said that, I remembered what I did. I did a net send to all the computers in the PC lab with the message "This is a vi
Re:What OS? And how annoying? (Score:5, Funny)
Not computer related, but similar.
A friend of mine carried a pager years ago. I wrote a script to send a message to his pager every morning at 3am, saying "Low Battery".
Re: (Score:2)
Re:What OS? And how annoying? (Score:5, Funny)
Windows IT guys can be clueless. In a previous job, IT insisted on shutting down my machine and take it away for cleaning because I saved the EICAR test string in cygwin so I could test my Unix boxes' clamav with it. There was no convincing them that the string "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" wasn't a virus.
Not even my creds as the author of the world's first heuristic AV scanner, nor my certifications were believed, because Symantec Antivirus claimed it was a virus, so it had to be.
That ITs internal HP printers LCD panels suddenly started displaying "INSERT COIN" had nothing to do with this, I swear.
Re: (Score:3, Informative)
Re: (Score:2)
What OS are you running?
This is very important, because if you use a Mac you can't get a virus on it. /joke
Re:What OS? And how annoying? (Score:4, Interesting)
If Linux (or similar), here's an example of a worm that spreads itself on the local host whenever executed as root:
Save as "virus" ./virus
chmod +x virus
rm -f virus
Sure (Score:4, Funny)
Here, let me link you to an executable file so you can download it and run it on an entire lab of computers. It's safe, don't worry.
EICAR (Score:5, Informative)
http://en.wikipedia.org/wiki/EICAR_test_file
Re:EICAR (Score:4, Interesting)
The file is simply a text file of either 68 or 70 bytes that is a legitimate executable file called a COM file that can be run by Microsoft operating systems and some work-alikes (except for 64-bit due to 16-bit limitations), including OS/2. When executed, it will print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" and then stop. The test string was specifically engineered to consist of ASCII human-readable characters, easily created using a standard computer keyboard. It makes use of self-modifying code to work around technical issues that this constraint makes on the execution of the test string.
Wow, that's pretty cool. Here's the string: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Re:EICAR (Score:5, Funny)
Thanks, dude. My virus scanner just started complaining about my browser cache.
Re: (Score:2)
No, it didn't, because that is only to be detected as a virus if it's a file by itself.
However, this might trigger on the most paranoid virus killers:
Re: (Score:2)
That might be an interesting comment string inside a jpeg.
Re: (Score:2)
I'm pretty sure you can find the Melissa virus around somewhere. Mostly benign. http://support.microsoft.com/kb/224567 [microsoft.com]
Not overly difficult to remove. Isolated to Word. Doesn't do perm. damage.
Re:EICAR (Score:5, Informative)
EICAR is detected by all AV products including ClamAV.
I'd put it in a zip file, then attach the zip to an email message. Show how real viruses propagate by mail. How about putting a copy on a USB pendrive then running eicar.com from Autostart? Any Windows AV product with a decent autoscanner should detect both of these and pop up a warning.
If you want to get really fancy you can set up a Linux box running MailScanner [mailscanner.info] with ClamAV and send an "EICAR-infected" e-mail message through it. You'll see MailScanner detect the virus, put it in a quarantine, and send notices to the admin and, optionally, the sender.
For a lay audience I think it's more important to stress the vectors than to concentrate on the payload itself.
Now if you could only find a site distributing Antivirus 2010. If you do, make sure you're using a Linux machine when you visit the site. If your class understands that there's more to the world than Windows, see how long it takes them to understand why there can't really be an AV program "scanning the C: drive."
Re: (Score:2)
Oh, how about one more example?
Put eicar.com on a website, then send an email with a embedded URL and a subject line having to do with nude celebrity videos. You know, the "Hey dude! Wassup! Check out this hot video of Angelina and Brad getting it on!" variety.
Make sure you craft an HTML version so the URL isn't displayed or use a TinyURL link.
Re:EICAR (Score:5, Insightful)
Then he's pretty stupid for wanting that. This'll look exactly the same as a real virus, and it will be easy to clean off, but it won't propagate or do nasty things like a real virus. For a computers 101 class, anything more than something like this is just asking for trouble.
Re: (Score:2)
Sorry, exactly the same as a real virus to scanning software.
Re: (Score:3, Funny)
I was surprised this didn't have the "What could possibly go wrong" tag. :)
Note in the question he did say "... do I try to write one my self ...". I've seen quite a few reports where someone wrote a proof of concept virus that was just a bit more virile than they thought, and it ended up everywhere. It'll lead to that "Oops, I thought I prevented it from doing ..." This is fun, we get a front row seat to someone making a complete ass out of themselves. I hope it doesn't c
how to write teh virus??? (Score:5, Interesting)
On any tech forum, including slashdot, you have wannabe haxx0rz who ask "how to write teh virus???" They never get a serious answer, obviously.
The OP (ed1023) thinks he can trick slashdot readers with some social engineering into thinking they're really helping someone this time by telling him "how to write teh virus???". Who knows, maybe he will succeed. Maybe he will write teh virus.
You may already have one (Score:2, Funny)
Re: (Score:2)
:p
Bringing up Windows in a question about viruses? You're right, that takes a huge leap of insight and originality here on Slashdot!
Norton (Score:4, Insightful)
Re:Norton (Score:5, Insightful)
I don't even know if I'm joking.
You missed a requirement: easy for the students to remove by hand
Re: (Score:2)
I don't even know if I'm joking.
You missed a requirement: easy for the students to remove by hand
All computer viruses are easy to remove by hand. Just rip the computer out of the electrical and network sockets and throw the computer out the window. Use your hands to do this.
Re: (Score:2)
You missed a requirement: easy for the students to remove by hand
He didn't say what that hand was holding...
Re:Norton (Score:4, Funny)
You can use an acetylene torch with just one hand, I'm sure.
Note to self... (Score:4, Insightful)
Do NOT click on any links posted in the comments on this article.
Re:Note to self... (Score:5, Funny)
Note to tool462, stop using windows.
Sneeze on them (Score:2)
Stoned (Score:4, Interesting)
Stoned [computerarcheology.com] is a classic and a pleasure to disassemble. It fits in a boot sector (512 bytes) and it's not particularly malicious, but it has all the elements that a virus needs. I don't know if it would still work on a modern computer, though: Some old viruses used funky instructions that became obsolete (like "POP CS"), and this one seems to have issues working on large-capacity disks.
Re: (Score:2)
IIRC that's a boot sector virus that propagates when a sector read is performed on a floppy drive. Modern labs are pretty unlikely to still have floppy drives. The code to stoned is written in Assembler too, so they would need to be taught that to understand it. They'll also need a good understanding of the old DOS BIOS interupt codes to make sense of what it's doing.
That's all good for us guys who grew up hacking in the 80s, not so great for the modern ones.
Re: (Score:2)
Or if you really want to get retro, (and remove any risk of propagation by netwok), get some DOS boot disks and the Pakistani Brain Virus.
(For history buffs: the first "real" PC virus evar, which I hand-disassembled on legal paper so I could write what might have been one of the first virus removal tools - a simple hex edit of the boot sector to skip over its code. :)
Oh, yeah, and get offa my lawn!
Fake it. (Score:2)
Virii all have different signatures, so it doesn't matter what signature you choose.
Just write a script that pokes something into the registry and adds a funny file to the Windows system directory, and use it on each computer before class.
Then write a script that pretends to find it and tell them where it is when they run it in class.
Ask them what they should do next.
Re:Fake it. (Score:5, Informative)
Re:Fake it. (Score:4, Informative)
Well, if you want to get all prissy about the Latin, then it's incorrect to use the word to describe a single unit of the substance, in the way it's not correct to call a single water molecule "a water". Id est, since a viral program is itself a cell in the viral infection of many computers, there's no term for it other than "viral program" and no term for several of them other than "viral programs". The "virus" would be some arbitrarily bounded subset of the population of said viral programs infecting machines, which could devolve to a single program infecting a single machine, but would still not be the correct term for that program or, indeed, for the viral infection being suffered by that machine. It could correctly refer to the running program and its data (which in most computers includes its instructions) and the progress of its states, but I'm pretty sure nobody much thinks of it that clearly when using the word "virus". Nor is it correct to use "a virus" to refer to a type of virus (exempli gratia Stuxnet, Sasser, Hopper, et cetera) but only to an instance of that type of virus as it is spreading, or, again, some arbitrary subset thereof, wherein it has its physical expression and aggregate, fluid form.
As for whether it annoys you for people to use a latinate word that is both convenient and apt despite its not being precisely Latin, well, tough titty, because apparently the Latin version of it is a mispronunciation of the Proto-Indo-European word for the same gooey mess, so insisting on going only as far back as Latin for the value of correctness of form is false cognitive closure, and that gives everyone else cause to be annoyed at you.
Re: (Score:2)
hat off.
PS: I frequently use scenarii which, I learnt recently, should not be used in english.
Re:Fake it. (Score:5, Interesting)
+5, Informative?...REALLY?!?...
OK, let's start with a handily recent post on the Language Log [upenn.edu] about Latin plurals (the post is about "syllabus", but "virus/viruses/*viri/**virii" show up in the comments).
Now, onward...
Well, if you want to get all prissy about the Latin, then it's incorrect to use the word to describe a single unit of the substance, in the way it's not correct to call a single water molecule "a water".
Actually (and ignoring the somewhat startling categorisation of computer virus as "substance"), not in the same way at all. You can't call a single molecule of water "a water" because "water" is a mass noun in English, and those don't (i) take indefinite articles, and (ii) don't pluralize nicely (inter alia). It's possible that this portion of your argument comes from here [icrisat.org], which points out that in Latin, "virus" ("poison") was a mass noun. Of course, in English, "virus" is very clearly a count noun in English, since it can be (and overwhelmingly is) used with an indefinite article.
Id est, since a viral program is itself a cell in the viral infection of many computers, there's no term for it other than "viral program" and no term for several of them other than "viral programs".
You appear in the preceding to be claiming that the word "virus" doesn't exist in English (or perhaps simply that is has no referent) a claim some information security researchers (and doctors!) might take issue with (cue lambasting for the stranded preposition in 3...2..1 [upenn.edu]).
That being said, this raises an interesting point about...something. Maybe the type/token distinction? When someone says "I wrote a virus", we take him (or her, I suppose) to be making a claim about an implementation of some specific algorithm in some specific language, but not to any particular token of it.
The "virus" would be some arbitrarily bounded subset of the population of said viral programs infecting machines, [...]
I don't understand the grounds on which you're making this claim.
[...] which could devolve to a single program infecting a single machine, but would still not be the correct term for that program or, indeed, for the viral infection being suffered by that machine. It could correctly refer to the running program and its data (which in most computers includes its instructions) and the progress of its states,
OK, so the "running program, and its data" counts pretty much as a "single token of the substance" at hand, in my book. So now it sounds like you're contradicting your opening claim.
but I'm pretty sure nobody much thinks of it that clearly when using the word "virus".
As I just mentioned, you seem to be contradicting yourself (although I may just be misreading you), so you'll forgive if I take claims of clear thinking only quasi-seriously.
Nor is it correct to use "a virus" to refer to a type of virus (exempli gratia Stuxnet, Sasser, Hopper, et cetera) [...]
Why is this 'incorrect'? "I wrote a virus. I'm calling it Johnny5." Seems like a perfectly good use of "a virus" to me.
[...] but only to an instance of that type of virus as it is spreading, [...]
Again, isn't this in contradiction to how you started this comment?
or, again, some arbitrary subset thereof, wherein it has its physical expression and aggregate, fluid form.
Aside from the impossibility of "some arbitrary subset" of an instance (I'll assume that was just a typo/thinko), now you're just engaged in verbal wankery. I mean, I suppose you might choose to model the spread of contagion in a network of computers as the flow of a kind of flu
DON'T DO IT! You'll get fired (Score:5, Insightful)
It sounds instructive, but you will probably get fired for lacking good judgement.
There are plenty of stories where teachers do similar things that end up getting them fired. Teaching students how to write viruses, faking a classroom kidnapping, how to plan a terrorist attack, etc.
Teaching your students how to write a virus is a classic case of bad judgement. Your superiors will tell you "What were you thinking?" and you will get let go.
Teach them verbally how viruses are created, but don't assign anything as homework.
Re: (Score:3, Insightful)
It wasn't even mentioned that this is a coding class.
It is a class about computers, and he wants to teach virus removal.
Stop being such a lawyer and actually read the summary ffs.
Re: (Score:2, Insightful)
Re: (Score:2, Informative)
Re:DON'T DO IT! You'll get fired (Score:4, Informative)
No where was it mentioned about creating one. Ever.... actually read the summary ffs.
I think you may have missed this part of the summary:
do I try to write one my self
Re:DON'T DO IT! You'll get fired (Score:5, Informative)
Someone has already suggested the EICAR test file, which is ideal. It pops up a message box, and is easy to remove. He can add links the various windows startup files, the registry, he can go old school and call it from a batch file, and he's safe in the knowledge that he's in no danger of hosing his systems.
Nowhere in the stub did he say he was going to teach the kids about actually writing the virus they were to remove. Reading comprehension fail.
Re: (Score:2)
Not illustrate, demonstrate. Which, while I don't share the extreme views of the GP, I think is likely to come back to bite you. These people don't know what a script is, showing them a "psuedo-virus" isn't going to substantially enlighten them, nor enhance their lives in any meaningful way. Move on to useful things and spend more time on those.
Re: (Score:2)
At my university, we have a computer security lab just for this purpose. It's completely isolated from the internet and the campus network, with all computers, servers, switches, etc. available for student access.
As with all dangerous things, the key is to make everyone aware of the dangers and the consequences, and then closely supervise them. A lab course I took actually required us to use plutonium for neutron activation. As far as dangerous things go, that's on the top of the list. But we wore film badg
Re: (Score:2)
Re: (Score:2)
He's not asking how to teach them to write a virus...
Please (re?)read the post...
Re: (Score:2)
Sure... he is teaching his computer newbs how to WRITE a virus in a 'demystify computers' class. And next period in health they will be designing the DNA of a retrovirus.
Re: (Score:2)
>Let's not do an instructive simulation of a common computer anomaly, lest some tech-retarded administrator punish you for being a good teacher.
Re: (Score:2, Interesting)
Go fish... (Score:3, Informative)
Just pick any of the scores of .exe files masquerading as cracks on LimeWire. You’ll have to turn off the AV and executable file filter to download it, of course...
Good times (Score:2)
There's virus source out there. Be careful. (Score:2)
Obviously, you should know exactly what it is that the virus is doing. No, not approximately: I mean all the way down to the machine instruction level. If it comes only in a binary, disassemble and figure out everything. Use virtual machines to add a layer of protection, and be aware that some malware knows it's being run in a VM and may behave differently under these conditions. Of course, those are much more than you need.
The safest bet is to write your own. That way, you know what it's doing.
Try this instead. (Score:5, Interesting)
What do you expect a student to learn from being told "there is a virus on this machine, remove it by hand"?
If they are in the "demystifying the black box" phase, they have no idea what you're talking about.
Teach them that viruses are just programs like Word or Excel, except with a specific malicious purpose. Give them an overview of how a machine or user might be tricked into running malicious software. Teach them about how malicious software might propagate. Use historical examples. Talk about privileges.
Virus is a slang term that brings up all kinds of scare reactions in ordinary people. They immediately assume that machines are vulnerable to bacteria floating around on the wind, or something similar. You need to de-emphasize the term "virus". It's just software. Then teach them that 99% of all malicious software runs on Windows, and that it's a reflection of the number of vulnerabilities in Windows code and market share.
Write a simple program that copies itself to the Windows folder and starts itself at boot. The program should show an alert box saying "HACKED BY PROFESSOR HANDSOME!!!!" if it sees it is being run from the Windows folder. Put it on a USB key with an autorun.ini, tell them you have placed a virus you wrote on there, and let them sort it out. Just be sure you're on an XP machine and that autorun is enabled.
Better yet, email the .exe to the entire class. Call it CS101-Example.exe, and use the harmless infection to talk about social engineering. Then take them through the 'infection' process, and show them how to remove the file by hand.
Re: (Score:2)
Somebody please mod parent up!
Re: (Score:2)
Yeah, about writing a small virus, you do know that a lot of the early virus were written without thought to their global spread (best example is the morris worm), and that if your particular one gets out, no matter how innocent, it will be a federal felony to have done that? Worth your job? No.
Best bet would be for the parent to officially contact an AV company and ask them, they will be able to give professional advice and possibly even live code (but I doubt that, would likely need to go looking for one
Re: (Score:3, Informative)
Better yet, email the .exe to the entire class.
Are you insane?!? Absolutely DO NOT DO THIS!!
The gap between my suggestion and what those researchers did is pretty wide. My idea:
o Doesn't involve bilking people out of their private credentials;
o Would be limited to a class studying malicious software (how's that for an appropriate context)
o Involves a known-harmless teaching payload;
o Would be fully understood and removed by students at the end of the class.
Deception is inherently disrespectful, even if it is done with good intentions.
What may seem like a "harmless infection" to you demeans the students, because you're encouraging the instructor to abuse the trust that their students have placed in him. In short, what you are proposing causes harm to the teaching profession.
I have a hard time understanding why any real teacher in this fellow's position would abstain from imparting on
Write your own? (Score:5, Informative)
It's Windows, so it's easy... just create a CD or USB drive with two files:
autorun.inf :
[autorun]
open=installpopup.bat
installpopup.bat : /k echo "Hi I am a virus"
cmd.exe
copy installpopup.bat "C:\Documents and Settings\All Users\Start Menu\Programs\Startup"
Bonus is that it has plenty of legitimate uses for system automation for your little script kiddies as well.
That virus will fail on Vista/7 (Score:4, Informative)
if UAC is enabled, Explorer is not running with privileges that can write to the All Users profile.
For that matter, this will fail on any system where the profile directory isn't in "C:\Documents and Settings", which includes any non-English OS.
Use
copy installpopup.bat "%userprofile%\Start Menu\Programs\Startup" instead
Re: (Score:2)
if UAC is enabled, Explorer is not running with privileges that can write to the All Users profile.
For that matter, this will fail on any system where the profile directory isn't in "C:\Documents and Settings", which includes any non-English OS.
Use
copy installpopup.bat "%userprofile%\Start Menu\Programs\Startup" instead
Thanks! I'm by no means a Windows guru, nor have anything other than my corporate WinXP box to test on :P
Re: (Score:2)
That script will also fail if, like we do, Autorun is (sensibly) disabled using Group Policy. If it isn't then I'd go talking to your IT department as to why not. :)
Re: (Score:2)
Instead of
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup"
Use
"%ALLUSERSPROFILE%\Start Menu\Programs\Startup"
or to avoid Vista/W7 UAC issues:
"%USERPROFILE%\Start Menu\Programs\Startup"
Are you looking for an open source virus (Score:2)
Why not a live virus? (Score:2)
Perhaps a better learning experience would be to connect the lab (or a handful of the students own computers) to the Internet, and stick a box running Snort (www.snort.org) with Emerging Threats (www.emergingthreats.net) signatures in between. If, by some miracle (or the fact that they're all Mac's) you don't have any immediate indicators of infection, then head on over to teh Googles and search for 'smiley tool bar' or 'free porn' with the I'm-Feeling-Lucky button. That ought to do the trick.
Get a full p
Virus Creation Laboratory? (Score:2)
A friend of mine who taught at a community college actually did this back in the mid 90s. He took a copy of Nowhere Man's Virus Creation Lab and tossed together a couple annoying but non-destructive viruses and infected a few stand alone machines for the students to play with.
You can probably still find VCL out there, or a more modern DIY virus kit. Though with the new ones, I'm not sure I would trust they don't have any hidden functionality.
An answer for your OP: (Score:2)
You don't want an actual virus. Viruses are becoming less common, they are now the delivery vector more than anything. Most of my badware experience in the last year or three has been exploits, generally server-hosted and browser-targetting. Malware is the payload and payday, that's where the action is. Malware is also typically the user-facing component as well.
Go find Antivirus 2009, or the most recent respin of that godawful thing. It's fairly straightforward to remove, fairly obvious when it's present,
Re: (Score:2)
One of my relatives PCs got some really nasty malware recently that pretended to be antivirus software and would halt any action taken by the user with a popup saying the thing you were doing (Taskmanager.exe and the like) was infected. It implied you had to pay $30 to buy the 'full version' of the software to fix it, and the only way to pay was with a credit card. I have never seen a more aggressive piece of software and I had no idea how to fix it other than a boot from CD reformat. Scary stuff :\
Re: (Score:2)
That certainly sounds familiar. It's most likely the newest variant. There have been easily a dozen major updates of Antivirus XP, they've been nasty to remove.
It *is* possible to remove it, though, and even without reinstall. The real trick is getting a wedge under it to start with, because it's very tenacious until then.
Easy web browser one (Score:2)
It might be caught by modern browsers, but if you turn off all the security features (or just load up IE5 or something like that), you might be able to pull the one where you open an html document (with embedded javascript for the "virus" portion) and it, in turn, opens up two copies of itself. Those two each open two copies, and so on and so forth, until you've brought your machine to a screeching halt with the glut of windows opening up.
Easy to fix, too. Just manually shut down the machine (either hard po
simple and effective.... (Score:2)
You can use a simple command like >> start iexplore -k "error.htm"
Use http://download.cnet.com/Bat-To-Exe-Converter/3000-2069_4-10555897.html [cnet.com] to convert the file to an executable. Have your students run the file so that it opens the error page in IE kiosk mode.(Annoying enough to not have a "Close" button) Demonstrate how open windows can be tracked to their parent process(error.htm is opened by sh4dY.exe) from within task manager. Hunt down and term
Really Simple (Score:2)
If you wanted to teach students about viruses and had a Win 98 system or any system that has DOS you could do really simple demos. A nice sounding batch file with a format command would be a start. Once the students understand that even primitive programmers can create malware easily then you might show them some of the scripts that people plug into their own programs to cause devastation. Next might be to explain that advanced programmers and even governments can write really sinister viruses but t
So when students make a copy and it goes wild (Score:2)
Who are they going to blame?
I can picture that bright, inquisitive kids (and maybe of the few bad apples too) get a hold of a virus and create a copy of it / upload it to a server / save it to a usb drive, and then it gets out and infects other school computers, then guess who's door they're going to knock on?
Yes, there's plenty of ways that kids can get virus code on their own. But there's a big difference between when a kid picks up a loaded gun from home, vs getting one from the teacher, and hoping that
I once had such a class. (Score:2)
It was filled with people who barely knew how to work a television remote, let alone use a computer. I think you might be wasting your time...
You're a lousy teacher. (Score:2)
Teach them how a computer actually works - if they don't know what's normal, how the heck are they supposed to recognize when something is wrong?
Besides, if they're too stupid to recognize what's normal by now (like they've never really used a computer before), you're wasting your time "demystifying computers." If they're too old, or too young, you're again wasting your time. Perhaps we should send you to Soviet Russ
Re: (Score:2)
Why?
Nobody's too old to want to learn new tricks. Nobody's too young for an introduction to computers (provided they have the motor skills to use one). Plenty of people get discouraged from learning things about their computers---like how to fix them---precisely because of that attitude. So they call up their nephews and brother-in-laws and don't ever bother with it: many are perfectly capable and intelligent people, but they never learn because they assume they'll screw it up. Which they will, if they neve
Bad idea (Score:4, Insightful)
Maybe ask a clamav virus signature author... (Score:4, Informative)
...if they know of a good virus candidate?
http://www.clamav.net/ [clamav.net]
lol Monkey.b ! memories.. (Score:2)
write it yourself (Score:3, Interesting)
Write it yourself. The fact that you would even consider this without thinking about the potential for it to be a serious Career Limiting Move means that it should be a fun ride :)
Seriously though, install XP at some base service pack level - sp1 or sp2 might do, then connect it to the internet without any firewall. The viruses will find you.
But you could have a bit more fun than that. Write an exe file that simply pops up a "if this was a virus you'd be pwn3d by now" message. Then pick one of the popular kids in the class (lets call her Jane Smith), and send an email around to your whole class from an anonymous hotmail account (or some service that allows sending exe files) with a subject of "Ha Ha. Look at what Jane Smith got up to last night." and include the exe file with a message "pics attached". Fail everyone who opens it. You'll probably still lose your job due to the idiots they put in power, but at least you'll have taught your class a lesson (the lesson being "if you're a teacher, it pays not to think for yourself".)
You don't say what the age of your students is. If it's a university or TAFE level class you might get away with it, but you only have to offend one daddy's girl and it's all over.
Remove by hand? (Score:2)
Use some VMs in a virtual network (Score:2)
and please don't ever try and teach a medical class
MBR virus (Score:2)
Simple... (Score:2)
Core Wars (Score:2)
Cripe I'm old. I remember when writing a worm was an AI project. I also remember when air was clean and sex was dirty. It was all a long time ago...
Give them something entertaining and instructive to do: Introduce them to Core Wars. Modern viruses have little or nothing in common with EICAR any more. You could introduce almost all the concepts of a Comp 101 class through good Core Wars competition.
Re: (Score:2)
Yea, er... did you miss the FIRST TWO FUCKING SENTENCES of the post?
Here, in case you really did:
Currently I am teaching a 101 class on computers. It is more of a demystifying the black box type of class.
Re:How about... (Score:4, Informative)
Er, did you even read the damn post?
Here, let me help you out with the first four fucking words:
Currently I am teaching...
Re: (Score:2)
Re: (Score:2)
... which is fine, because he's not teaching them how to write a virus, but how to recognize and respond to an infection!
Lots of words put down, when you didn't properly read the post. At least you noticed EICAR wasn't suitable :)
Re: (Score:3, Insightful)
No, the guy wants a live virus that the students need to be able to remove, not an inert file that will simply trip an AV scanner to remove it.
Re: (Score:2)
To be fair, it was annoying and could cause problems with the system. ;)
Re: (Score:2)
While Live CDs are the best way to remove a lot of viruses, and the only way to remove some, you're just being a dork.
I know, I know....AC and all....
But, instead of doing this pointless crap to get FRSTSOYSPOSGSTTPTT, why don't you do something useful.
Like, maybe point the poster to something that could be exactly what they're looking for:
http://www.bo2k.com/software/index.html [bo2k.com]
BackOrifice 2000.
Remote control/administration tool, which can be used for all sorts of perfectly legitimate things, or be totally
Comment removed (Score:5, Insightful)