Econet worm

bbc micro/electron/atom/risc os coding queries and routines
Post Reply
User avatar
Posts: 5
Joined: Sat Apr 03, 2021 6:24 pm

Econet worm

Post by Webbo »

Back in my school days (must have been around '88) I was discussing viruses and worms with my IT teacher and the question came up around whether there was a risk for 8 bit micros. This developed into writing a proof of concept worm for the school Econet network:
  • Code stored in zero page (around &0150) and linked to a break incercept vector so it would survive breaks
  • Via interrupts, periodically used OSWORD POKE to attempt to push a copy of itself onto a random Econet station ID
  • Used OSWORD JSR to execute the code on the remote machine
It had no payload but was very persistant and we ended up having to make sure all of the micros were powered off at the end of the day to get rid of it and the source was quickly deleted!

Another approach we tried was a more traditional virus that was a little more destructive (in that it modified non write protected disks). It again was stored in zero page and whenever a disk boot was attempted, it instead displayed a fake "disk fault" error whilst renaming the existing !boot file and replacing it with a copy of itself and set it to be bootable with a *opt4,2. The idea was that the end user would see the disk error and so try another one, spreading the infection. (again I stress that this was a proof of concept only and never used maliciously!)

Did anyone else experiment with worms / viruses on the BBC micro and did any ever make it into the wild ?
Posts: 1193
Joined: Fri Aug 28, 2015 9:34 pm

Re: Econet worm

Post by SteveF »

That sounds pretty clever; I have to admire your consideration in deleting the source, although it would have been nice to see it now...

I did tinker with creating a (non-networked) virus a bit (in my mid-teens IIRC) but to be frank I simply wasn't a good enough programmer to really pull it off. To me it always seemed the big catch on the Beeb was finding somewhere for the virus code to live where it wouldn't get trampled on and just crash the machine when something the virus had hooked got called and the virus code was no longer there. This was always a problem for the legitimate resident utilities I wrote.

A few years later I did wonder if infecting ROMs running in sideways RAM might be reasonably practical - a lot of them will have spare space at the end, and you could patch the service call entry point to call the virus code before chaining onto the ROM's own service handler. I never tried to implement that though.

As best I recall, I don't think I had any malicious intent when I did tinker with this. I think I had a Master at this point and I had some idea that if I got the thing working well enough to show to any of my friends, I'd make it so it only replicated if a certain set of values could be found in the CMOS RAM. But things never got far enough for that to be an issue.
Post Reply

Return to “programming”