The term “computer virus” was coined by Fred Cohen in the early 1980s, because like its biological counterparts, the computer virus is essentially a sequence of information that codes its behavior in a host system.
Almost thirty years later, the term still fits and the similarity between the two are many, and the differences not that big, say Fortinet researchers Axelle Apvrille and Guillaume Lovet.
There are some strategies used by biological viruses are not needed by their computer equivalents. For example, the HIV virus and the common flu replicate so much as to overwhelm a person’s immune system, but modern computer viruses have no need of infecting their host massively.
“Actually, biology’s outnumbering strategy is more comparable to DDoS bots,” comment the researchers, and link HIV’s and the flu’s behavior to that of the Sality worm and other computer viruses who seek to terminate the running of AV solutions on targeted machines.
As malware authors are mostly driven by the opportunity to make money, they prefer to make their creations eminently spreadable and to infect as many machines as possible via a great number of propagating mechanisms (through email attachments, URIs in Instant Messages, P2P, drive-by-downloads and more).
They are also interested in keeping the hosts infected, so they either frequently update the malware, copy it and hide instances of it in many places across the machine or make it hide into places where most AV solutions won’t detect it – the Master Boot Record, for example. Biological viruses are also known to do that.
When it comes to the viruses’ ability to change in order to evade detection, biological viruses are and computer ones are both capable of polymorphism and successful at it. But the same cannot be yet said for the ability of mixing, as there are still rare examples of malware intentionally or unintentionally “infecting” or changing other malware in order to propagate itself.
“Most biological viruses are not effective straight away. This is either because they haven’t replicated enough yet and are not numerous enough, and/or because they do not immediately start to replicate,” say the researchers, and point out that this “time bomb” approach is not often seen with computer viruses. “This is perhaps because the vast majority of virus writers now (nearly) only focus on business and money, and all dates are as good for that matter.”
But the biggest difference seems to be in the fact that computer viruses are simply more complex and contain more “code” that dictates their behavior, thus allowing their creators more space to implement advanced tricks such as packing, encryption, virtual machine detection or anti-debugging tricks.
Just imagine what would happen if biological viruses had the equivalent techniques at their disposal to thwart those who want to study and analyze them – never mind those who are infected with them!
All in all, given the similarities between the two types of viruses, the question that the researchers are trying to answer is whether the lines between the two can be blurred enough in the future to allow biological viruses to affect machines and computer ones “infect” people?
While biologic viruses have been successfully synthesized by scientists, computer viruses that evolve by themselves have still not been spotted in the wild. They have been instances where researchers created computer viruses that evolve along the Darwinian rules, but they were never released outside of a lab.
“Without going as far as spontaneous sentient life creation, would it at least be possible that a computer virus appears out of the data flowing on the wires around the World?” ask the researchers.
“No documented case of such exists, yet the question is not so incongruous. Security researchers, more than anyone, know that software is full of bugs, and that presented with particular inputs, the execution flow may be diverted to arbitrary or unexpected portions of the memory. What if that portion contains data that, accidentally, forms the code of a simple virus? Unlikely? Yes, and even more so if we expect that virus to have capacities to evolve. But impossible? No.”
Their conclusion matches the one they made regarding the possibility of biological and computer viruses existing and functioning in each other’s original realms.
With the use of electronic devices (medical or otherwise) embedded in the human body and their inevitable need to communicate with outside devices, a computer virus can physically affect humans. And when researchers code synthetic viruses, they use computers to do it.
“Seeing that the infamous Stuxnet virus, in 2010, was able to creep through a uranium enrichment plant, seize control of its PLC, and destroy its centrifuging gear, one could reasonably think that a virus infecting the computers sporting DNA databases is not outside the realm of possibility,” they point out. “From there, the virus could very well inject a parasitic replicative sequence in the genes being synthesized, and see it grown in lab (or worse, at industrial scale). Thereby hoping from the computer into the biological realm.”