Robert Slade: Chapter 2 - Early viral related programs

One of the factors involved in the success of viral programs is a study of the mindset of the user: a study of the psychology or sociology of the computer community. Since the spread of viral programs generally require some action, albeit unknowing, on the part of the operator, it is instructive to look at the security breaking aspects of other historical programs.

"Password trojans" are extremely popular in the university and college environments (where most of the new security breaking ideas and pranks tend to come from anyway). These programs can be extremely simple. An easy "painting" of the screen with a facsimile of the normal login screen will generally get the user to enter their name and password. It is quite simple to have a program write this information to a file, or even mail it to a specific account. Most of these programs will then send back a message to the user that the login has been denied; most users will accept this as an indication that they have either a mistake in entering the login data or that there is some unknown fault in the system. Few question it even after repeated refusals. Some programs are sophisticated enough to pass the login information on to another spawned process: few users even know enough to check the level of nesting of processes.

(A famous, if relatively harmless, prank in earlier computers was the "cookie" program which ran on PDP series computers. This program would halt the operation that the victim was working on and present a message requesting a cookie. There are consistent reports of viral programs following this pattern, including a very detailed report of a "Spanish Cookie" virus, however the author has never seen any such program. In the absence of such data I have, regretfully, come to the conclusion that this is another piece of computer folklore which has mutated into legend.)

Another, lesser known, prank has a closer relationship to current viral programs. In the RISKS-FORUM Digest (6-42) in March of 1988 there was a detailed outline of the use of the "intelligent" features of Wyse 75 terminals. This was a specific instance of a general case of the use of intelligent peripherals for security cracking. In this case, the terminal had a feature which would allow keys to be remapped from the host system. Another feature allowed the keys to be called for from the host. This allowed email messages (actually only the subject line) to be composed which would remap a key to correspond to the "kill process and logout" command, and then have the command submitted by the terminal. With only a little thought, an email virus could be written taking advantage of this fact.