-1

Biological viruses stay in the population essentially indefinitely. We have immune systems, but this somehow doesn't cause virus strains to completely disappear after some time, as everyone's immune system gets rid of them. Rather they decrease in prevalence in the population, and then later possibly mutate and increase again.

Are some computer viruses/malware analogous in this respect, that they stay active in computers on the internet essentially indefinitely?

I understand that computer malware does not mutate like biological viruses/bacteria, I didn't intend it to be a strong analogy. I also understand that "the internet" is not a place where malware is stored but rather in personal computers or datacenters or other storage devices. I am just asking a question whether it is the case that computer malware stays active indefinitely or not, not assuming a particular reason for why this would be the case.

schroeder
  • 123,438
  • 55
  • 284
  • 319
user56834
  • 99
  • 2
  • 1
    What do you mean by "stay"? Without defining this, it will be impossible to answer. And you do realise that the "Internet" is not a thing, just like the "population" is not a thing. Viruses, biological and digital, have to reside in a person or a device. Of course security companies keep copies of known viruses. Is this what you are talking about? Or are you talking about viruses that remain on devices indefinitely? – schroeder Jun 15 '22 at 12:34
  • You also have to differentiate between a worm and a virus. People launch viruses at targets. Worms self-propogate. Are you talking about worms? If you are more careful with your terminology and phrasing, I think the answer will emerge. – schroeder Jun 15 '22 at 12:41
  • @schroeder, I disagree, virii are self-propagating as well. Also, worms are targeting the specific software vulnerabilities. The true difference is the presence of destructive payload. But anyway, I think OP [not very clearly] asks about propagation and persistence (and the lack of it). – Free Consulting Jun 15 '22 at 13:01
  • @schroeder, did you read my question body or just the title? I know that "the internet" is not a storage device, this is just a figure of speech. I am asking whether some malware stays active on some subset of computers at any given time (possibly different subsets at different times), essentially self-replicating from device to device and somehow able to stay active in this way indefinitely on some subset of internet-connected computers. – user56834 Jun 15 '22 at 16:12
  • So, analogy aside, you are asking if there are computers that will remain infected while still connected to the Internet? And combining the idea that viruses self-replicate on their own? And asymptomatic? There are a lot of conditions and factors to consider, but you've framed it as a general case. – schroeder Jun 15 '22 at 16:29

3 Answers3

0

Computer malware, including self-replicating and self-propagating software, do not evolve by themselves. Humans modify them. Computer "viruses" have very little in common with biological viruses outside their name.

Samples of malware are kept by antivirus companies and researchers. Some are often executed in controlled environments to test the effectiveness of antivirus software.

Since computers countermeasures to malware (security patches, antivirus definitions, etc.) only improve with time, an old virus would not propagate better today. Meanwhile, biological immune systems become less sensitive with time to old pathogens.

So, if you take an old self-propagating virus and execute it on a computer connected to internet, it will not propagate better than it did before. On the other hand, if you try to connect a computer with a fresh installation of Windows XP directly to internet (on IPv4), it will become infected in minutes. Because as long as there are Windows XP computers infected and connected to internet, there will be malware trying to spread to other Windows XP computers.

Note: Some malware "mutate", but that's an antivirus evasion technique. Those mutations have nothing in common with biological mutations needed for evolution.

A. Hersean
  • 10,046
  • 3
  • 28
  • 42
  • I know malware doesnt mutate. – user56834 Jun 15 '22 at 16:13
  • Is the following a correct model? Any given virus has a set of operating syatems and antivirus software for which it works (i.e. is able to infect the device), and it doesnt work for any later OS and antivirus software because antivirus software never loses its "knowledge" of a given malware, or vulnerabilities are fixed in the OS permanently. Nevertheless, malware generally stays on the internet (or as the pedants in the comment section want me to say "on storage media in devices connected to the internet") because not everybody updates to the latest software. – user56834 Jun 15 '22 at 16:19
  • @user56834 For malware researchers, "mutation" is a technical term describing a common technique used by malware authors. So, some malware indeed mutate. – A. Hersean Jun 15 '22 at 16:22
  • ok that's interedting. I meant the biological notion of completely unconstrained mutation of aource code though as a driver of evolution. – user56834 Jun 15 '22 at 16:23
  • 1
    @user56834 Only a very small subset of malware "stay active". Most modern malware depend on a remote "command and control" server to function. Those server always end up being shut down, either because malware authors move to new malware, or because malware researchers take actions to disconnect them (by contacting the legitimate host of the servers, their DNS provider, or the police). – A. Hersean Jun 15 '22 at 16:27
0

Sure, there have been worms that stay silent and propagate until some trigger is met. Either a time trigger or when the worm lands on a machine with certain desired characteristics. Until then, they try to spread as far as they can.

Stuxnet is one such famous worm.

The problem is that antivirus programs end up learning about these worms and destroy them. So, "indefinitely" requires a lot of conditions to be met. Mostly that the device does not have antivirus and remains active and connected to the internet for a long period of time.

Are there still Stuxnet-infected devices out there? Maybe. But after some time, it doesn't matter.

schroeder
  • 123,438
  • 55
  • 284
  • 319
-1

There are actually plenty of studies (and previous attacks) to back this with a little research and practice for the next 10-20 years of learning what capabilities are/were possible.

For instance, sophisticated rootkits, worms, fileless malware, memory-resident injections, certain payload residing in trojans etc., can be coded to spread themselves laterally from devices (phones, voice commands, routers, even infrared [being little as kilobytes] of converted hex to implement/sniff addresses) anything with command prints/terminals, certain hardware sensors, random access memory or a storage capacity, and/or an internet connection.

Then you have code such as poly and metamorphic which does just that, except you want to know if it just “floats” in the binary atmosphere, and what your curiosity is digging for will be a more serious thing thanks to machine learning in the next decade or so; a scary yet beautiful structured code, so if you’re swimming in cyberspace and worried of catching a “virus” it kind of is a thing if your IP is designated (programmed, shared, else;if’d), if the servers you tunnel through are infected/spliced, if you use browsers that accept certain scripts, sensors, outputs, fonts, payment forms; or you view or click on something of course, but again to originate, it will more then likely need a host, frequency, or electricity.

schroeder
  • 123,438
  • 55
  • 284
  • 319
SpongeBobSqaurePants
  • 1
  • This is one long sentence. And this is very difficult to understand. Sure, anything might be possible, but although you start off with "do some research" you appear to be speculating on what could be possible in the future. You also use many terms that do not make sense and do not seem relevant to the subject at hand. I think this needs a major edit to focus it and bring it back to reality. – schroeder Jun 15 '22 at 20:50
  • The last paragraph fades out of reality and then just scratches basic logic by a bit at the end. For example, there was supposedly a recent article stating that malware can be detected via electromagnetic radiation from electronics and its irregular offsets could be identified as malicious. But that's purely theoretical I think. I'm still not sure what I read here, but most of the last paragraph has to apparently go in my opinion... – Sir Muffington Jun 16 '22 at 14:46