Posted by david b.
on February 7, 2013
Ruchna Nigam, representative of the FortiGuard Labs, now takes the floor to talk about some essential things human and computer viruses have in common.
Ruchna Nigam: Okay, now that you have had your Biology lesson, let’s look at some of the attack strategies that are common between the biological world and the computer world, what I like to call “God vs. Man”.
Virus wins the race by quantity
So, one thing we see in common is something called “outnumbering defenses”. What the HIV virus does is it replicates itself to a number that is so high that it renders the defense system of the human body helpless. This can sort of be compared to a denial-of-service attack in the computer virus world, where you overload one resource so much that it fails to function. For example, if I send too many requests to a server, it won’t be able to process those after a while and it loses its basic functionality.
PC viruses propagate to multiple hosts
One basic difference between the biological world and the computer world is that human viruses try to overload one host by massively infecting it. This was interesting at the beginning of computer viruses when just infecting someone’s machine was exciting enough, whereas now the purpose of computer viruses is monetary gains. The idea is to propagate to more and more victims to get higher gains. So, this practice is used in a lot of the new worms and botnets (see left-hand image)
. For example, the Conficker worm
managed to infect six and a half million hosts in a short period of four days.
The “Waiting Room” Effect
Getting infected via a certain environment
Another thing we can see in common between human viruses and computer viruses is that there can be instances where the victim actually happens to contact the virus by himself, and manages to get himself infected. For instance, if you go visit a doctor and you find yourself in the waiting room – even though you might not be ill, you are exposing yourself to the danger of getting the flu. This is somewhat similar to what we see in the computer world in the form of drive-by downloads
and phishing, in which case the users manage to get themselves infected consciously or unconsciously.
For example, a lot of the new mobile viruses are caught just sitting on highly visited websites. So, you visit it, and you unknowingly get your phone infected. A lot of the new Android viruses come packaged with legitimate applications. You think you are installing an innocent application, like a photo display or something, but actually what happens is it comes packaged with another virus. So, you actually went to the virus and got yourself infected.
Polymorphism – another thing in common
Another thing we can see in common is something called polymorphism. Polymorphism is basically the phenomenon of replicating a virus but making certain changes every time it’s replicated. This wasn’t actually invented by computer attackers, it’s already a phenomenon we see in the world of human virology, where you have something called error checking proteins. So, every time a human virus cell replicates, the body makes sure it’s not too different from the original form.
But what influenza does is it directly attacks these error checking proteins, so basically that means every time the cell is replicated it’s a new form of the virus, and every time it replicates it’s forming a new mutant of itself, which is something we’ve seen in viruses like Koobface and Sality.
The basic difference in polymorphism between the computer world and the biological world is that biological viruses, when mutating, change the basic functionality of the virus, it is possible to change the basic functionality. Whereas in the case of computer viruses, you are only changing the form of the virus, you are not changing the functionality of it, because changing the functionality would require writing new lines of code, whereas all you are doing is changing the package in which it comes.
Viruses can mix and form hybrids
Another thing we saw is something called “virus mixing”. For example, if you happen to have one particular variety of the flu, called flu A, and you got really unlucky and you managed to get yourself infected by another strand of the flu, this could result in the creation of a hybrid variety of the flu called flu C. Basically, you get infected by two separate varieties, but in the end they manage to create a hybrid.
This is something that we also see in computers. For example, if you have a computer that is infected by a mass mailer called MyDoom, what a mass mailer does is it sends out a copy of itself to all the contacts present on your computer. And if you also happen to get infected by a file infector which basically corrupts all the files present on your drive, what actually happens is it also infects the copy of this mass mailer which is present on your drive. When the mass mailer does mail itself to all your contacts, it’s actually mailing a hybrid variety of it, which is the mass mailer infected by a file infector.
Read previous: An Attacker’s Day into Human Virology 2: Structure and Hallmarks of the Immune System
Read next: An Attacker’s Day into Human Virology 4: Which World Wins the Race?
Like This Article? Let Others Know!
Comment via Facebook: