In hindsight, of course one could have thought about this before. But then, no one would have taken such an idea seriously – and besides, what could have been done to prevent this anyway?
I was late in my office at the CompSec antivirus lab – my shift long being over, which unfortunately is not very unusual lately. And there was something funny about this latest strain of computer virus, which our random generator had named HillyB today. Not that there was anything special in this outbreak, nobody got excited these days very easily anymore. It targeted a known vulnerability – but since patching is still done by humans, it often enough isn’t done at all, as you know. Distribution vectors and speed were not special, the payload did not seem to be very harmful, besides crashing the machine in some random time intervals.
On the other hand, I had already spent the whole day to reverse engineer and understand the code – in the midst of it was a very long series of instructions, which did not seem to make sense at all.
Probably some stupid script kiddie, messing around with somebody else’s virus code, I thought, and was certainly tempted to close the case on it. Still, it was playing around with the process pointer in a way, which could lead to various random changes and copies in the memory, favorably also inside the virus code itself. This was obviously responsible for the random crashes of the poor victims of HillyB. Strange, but interesting enough to keep me curious. So I took the virus again into our quarantined test environment, prepared some machines to be vulnerable and activated the virus, resulting in instantaneous infection – and a crash a few seconds later. Next try, the infected machine tried to spread over the network, nothing very unusual here.
The 10 minutes in wetware time which it took me to get coffee make up for an incredible amount of computer cycles – so the log showed millions of virus copies sent off the infected machine during that time. But the copies were not identical, so the strange part of the code effectively produced altered viruses. Viruses with mutating sections are also not very hot anymore, although of course they make our life somewhat harder. But you usually find a way to get around it.
This time though, the flow of program control was partially changed, which should change the behavior of the virus itself, probably destroying its functionality – or so I thought at that time. So I finally entered the data and findings into the database for the report and inclusion in the next update, and went home.
Life went on, but I kept an eye on the statistics of HillyB during the next days. Some variants had shown up, nothing special, nothing dangerous, but still, it did not die.
Chances must have been very small, but then, there are so many computers and cycles out there, somewhere in the world my HillyB obviously ended up in a machine with another infection and learned its tricks through its random change and copying. It is too late now to trace back what and where it actually happened, everything went on very fast after that – with the new infection vector enabled, the variant of my lovely old HillyB was able to infect just about all of the machines reachable at that time, maybe after learning still a few more tricks from other viruses. Nearly everything around the planet stopped working except for the most fiercely isolated networks. Chaos struck before anybody understood the cause.
When we finally grappled the extent of all this, the whole turmoil stopped nearly as fast as it started, systems behaving properly all of a sudden. A time of day and night testing began – until we understood the news: we had found help in the machine. With all the compute power available to it, obviously a whole pool of different variants came into life, essentially as in the primordial soup of life – but the hell of a lot faster. Obviously the various strains fought about resources – computer cycles and network bandwidth – and a strong selection process set in. Soon some mutants learned that they could keep resources for itself by killing all other … and they invented their own antivirus system. And a quite effective one I should add.
Why don’t they take all resources and run with it? Good question, I guess they learned in some form that they kind of need us. Overloaded machines get shut down – killing its inhabitants. So, although our computer systems get a ‘cold’ every once in a while, some friendly antivirus-strain quickly adapts and takes over – and lets us use our share of the cycles again.
Now, this has put me out of work by moving my company out of business, but then, what can we do? We are getting used to the fact that our computers have some live of their own and are living fine with it now – at least as long as they consider us friends …
[Axel Tanner]