Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security Operating Systems Software Windows

Profile of the Mind of a Virus Writer 310

Posted by timothy from the read-on-empty-stomach dept.
zdburke writes "Clive Thompson, writing for the NY Times, has profiled several young computer virus writers around the world. A young Austrian wrote a Batch Trojan Generator which has simple options for constructing your next virus: fomat drive C? Overwrite every file? It's very well written by an author who clearly knows his stuff."
This discussion has been archived. No new comments can be posted.

Profile of the Mind of a Virus Writer More

Profile of the Mind of a Virus Writer

Comments Filter:

  • Well, if the source of many viruses is correct... (Score:5, Funny)

    by Anonymous Coward on Monday February 09, 2004 @08:19AM (#8224388)
    ...they're pretty proficient in VB.

  • In other news... (Score:5, Funny)

    by La_Boca ( 201988 ) on Monday February 09, 2004 @08:20AM (#8224392) Journal
    ...US Slashdot editors get tricked once again by the "news media" to post another dupe.
  • ...by the DUPE virus!!!

  • am I the only one???? (Score:3, Insightful)

    by snatchitup ( 466222 ) on Monday February 09, 2004 @08:22AM (#8224401) Homepage Journal
    Or do the pictures of these guys remind you of the Calvin Cline ads awhile back that bordered on kiddie porn? These kids look like they are wearing makeup and exude a bit of homo-erotic teasing.

    It just gave me the creeps, knowing that this is an article for nerds.

    • Re:am I the only one???? (Score:3, Interesting)

      by Anonymous Coward
      I'm sorry these pictures are arousing previously unearthed feelings for you. I can sympathize with your feelings of uneasiness as the facade of homophobia slowly melts away to reveal your true inner self [photo.net].

      On a more serious note, get a grip. If the sight of some bare shoulders on a guy is having you squirm like a pre-pubescent girl, you've got some serious growing up to do.

      As for whatever brain donors modded his whining "Insightful," quit trying to rival the goatsecx guy and pull your heads out of own asses
    • actually, you're right on.

      Ryan McGinley, the photographer, is currently hot in the photo world largely due to his somewhat recent show at The Whitney Museum of American Art.

      A photograph of his and some text about him: http://www.whitney.org/information/press/104.html [papermag.com]


    • It is somewhat inconveniencing having these prettied up faces on the side of a supposedly serious news article in the New York Times. If you've got someone behind your shoulder, they might be given the impression you're not reading an article about virus makers.

    • No (Score:2)

      by FallLine ( 12211 )
      Or do the pictures of these guys remind you of the Calvin Cline ads awhile back that bordered on kiddie porn? These kids look like they are wearing makeup and exude a bit of homo-erotic teasing.

      It just gave me the creeps, knowing that this is an article for nerds.
      No, they're just Euro. :-)

  • Some you win, some you lose (Score:5, Informative)

    by stevey ( 64018 ) on Monday February 09, 2004 @08:22AM (#8224403) Homepage

    On the down side this is a duplicate article [slashdot.org], on the plus side this version has a link to the Google partner version of the article. (So no login required).

    I guess this means that I can't gain karma by posting a mirror. Do you think I'm in with a chance of anything else? ;)

  • Hmmm. (Score:5, Insightful)

    by DarkHelmet ( 120004 ) * <mark AT seventhcycle DOT net> on Monday February 09, 2004 @08:23AM (#8224412) Homepage
    You know, maybe I don't get it... Maybe it's just me.

    But it says right there... "Please write the online editor at daddypants@slashdot.org for any corrections.".

    I decide to write that it was a dupe. Sure enough, the thing gets posted anyway.

    I mean, that's partly what subscribers are for. And that's also why subscribers can't do comments early. Right?

    It's silly. Not only should the editors actually read slashdot, they should more importantly look at email from subscribers saying "It's a dupe!" before posting the thing.

    But maybe it's just me thinking in a perfect world. Forget it.

    • Re:Hmmm. (Score:3, Informative)

      by keesh ( 202812 ) *
      I've reported at least a dozen of these and never once had any response. Has anyone ever had any luck from a daddypants email? I suspect they're devnulling it...
      • I have, once. But there have been about five other times where I have not been successful.
      • I have reported several stories as dups. Never got any direct answer, but they disappeared from /. within a minute. If it helps any, I have always included the original URL in my email.

        Maybe you reported it as a dup just before it went live, and then it was too late. If only a few people bother to tell daddypants, odds are that once in a while they will be too late. Suppose only one out of a hundred is a dup, maybe that is reasonable odds. Also, if I see one hundred red new articles, and report the oc

    • Re:Hmmm. (Score:5, Funny)

      by __past__ ( 542467 ) on Monday February 09, 2004 @10:00AM (#8225011)
      I mean, that's partly what subscribers are for. And that's also why subscribers can't do comments early. Right?
      Do I understand correctly - you actually pay money for being allowed to do the job of the (paid, but incompetent) editors, so that I (freeloader) don't have to read dupes?
    • As a subscriber, you got to see the dupe before the rest of us!

  • Automatic virus creation is nothing new. (Score:5, Informative)

    by juuri ( 7678 ) on Monday February 09, 2004 @08:24AM (#8224413) Homepage
    This has been around for something like 12 years, IIRC, Nowhere Man of that funny group of happy guys at [NuKE] wrote the VCL (Virus Creation Lab) in 92 (maybe 93?). Basically it was a text based GUI app with windows and drop downs that let you design a virus and produced a working one ready for distribution.

    Today's viruses are absolutely pathetic compared to some of the older stuff.

  • Since I missed it the first time around... (Score:5, Insightful)

    by andih8u ( 639841 ) on Monday February 09, 2004 @08:28AM (#8224432)
    Downstairs, his mother is cleaning up after dinner. She isn't thrilled these days, either. But what bothers her isn't Mario's poster. It's his hobby. When Mario is bored -- and out here in the countryside, surrounded by soaring snowcapped mountains and little else, he's bored a lot -- he likes to sit at his laptop and create computer viruses and worms.

    Maybe this is just crazy talk, but couldn't this woman just take his computer away from him? She knows that he's upstairs doing illegal stuff...he's 16, take away his laptop. "Oh, well little Billy's just upstairs making pipe-bombs...I'll leave him alone."

    Parents are there to be...parents.

    • Re:Since I missed it the first time around... (Score:5, Insightful)

      by mxf8bv ( 118038 ) on Monday February 09, 2004 @08:33AM (#8224449)
      Well, he claims it is for educational purposes and even published it on his website. So probably it's not illegal what he's doing - as long as he doesn't (admit to) realease his creations into the wild.

      • Re:Since I missed it the first time around... (Score:5, Insightful)

        by Anonymous Coward on Monday February 09, 2004 @09:04AM (#8224574)
        I think we should start looking at intent. The article said it: These people publish their works on the Internet knowing, even wanting, their viruses to be used by script kiddies. Just read what some of the people that were interviewed said. Things like "When my first virus was issued as an alert, I was thrilled." That says illegal to me, or at least should.
    • When Mario is bored -- and out here in the countryside, surrounded by soaring snowcapped mountains and little else, he's bored a lot...

      Is it me, or does it sound like he's got plenty of outdoors-fun potential? Hiking, camping, skiing, etc. Maybe if mom had booted him out the door more often to go and play...

    • When I was a kid, I did lots of illegal stuff, including making pipe bombs. I never hurt anyone including myself, and my parents had a vague idea of what was going on. They let me do these things, and guess what: They were some of the best parents out there. So when people blame parents for letting their kids do things like smoke pot, have guns, make firecrackers, as if it were wrong in and of itself, and use the latest disaster as 'proof' I get annoyed.

      Before you damn the parents of the Columbine psyc

  • Deja-vu (Score:5, Funny)

    by hyperherod ( 574576 ) on Monday February 09, 2004 @08:31AM (#8224442)
    I think I've been here before... I've been told this usually happens because of a glitch in The Slashdot...

  • VB generator (Score:3, Funny)

    by InsaneCreator ( 209742 ) on Monday February 09, 2004 @08:32AM (#8224446)
    oh, wow... he wrote a VBS generator... how 1337... It's not even a real trojan; it just deletes files (at least it seem so from the article).

    When I was 17, there wren't any trojans that would come with source code. At that time, NetBus was pretty popular, so I wrote my own client-server trojan using Delphi. Since I was the ony person who had access to it, it was completely immune to antivirus software and that meant lots & lots of fun with school computers. :)

    Ah, good old times...

    • Re:Virus generators (Score:3, Interesting)

      by A55M0NKEY ( 554964 )
      A good virus generator would be able to produce viruses without anything in common. I bet there is a string, common to all this kid's generator's viruses that antivirus programs can find and use to block all present and future viruses generated by this bot.

      Another good feature would be to include the code for the generator itself with each copy of the generated viruses that would intermittently pop up a dialog box saying: "The virus you have been infected with needs to evolve, please answer a few questio

      • That's a good point, who knows there might be something in VB that says if this code has this line and this line in it add this to the executable.

        Makes you wonder how AV SW scan files so fast.

  • script kiddies (Score:5, Insightful)

    by tuxette ( 731067 ) * <tuxette.gmail@com> on Monday February 09, 2004 @08:33AM (#8224455) Homepage Journal
    The people who release the viruses are often anonymous mischief-makers, or ''script kiddies.'' That's a derisive term for aspiring young hackers,

    Aspiring young hackers?! Aspiring young hackers don't cut and paste other people's code.

    • "Aspiring young hackers?! Aspiring young hackers don't cut and paste other people's code."

      What did you expect when all these new worms are released under GPL? :)
    • Aspiring young hackers?! Aspiring young hackers don't cut and paste other people's code.

      Sure they do. It's called "open source".
    • Aspiring young hackers?! Aspiring young hackers don't cut and paste other people's code.

      Agreed, as someone who long was aspiring to be in IT (why?!?). I believe I was referred to along the lines of dork etc... Never script kiddie. But then All my code are belong to me! no cut & paste here
    • Aspiring, wannabe, it's a subtle distinction.
    • I see from the stuff on his website that he doesn't comment his code. If he is an aspiring young hacker, he'll never be a very good one.
  • ...and then there were the countless dupes announcing the duped story...

  • Warning: E-mail viruses detected (Score:5, Funny)

    by SiChemist ( 575005 ) on Monday February 09, 2004 @08:43AM (#8224486) Homepage
    Our virus detector has just been triggered by a message you sent:-

    To: editor@slashdot.org
    Subject: Profile of the Mind of a Virus Writer
    Date: Mon Feb 9 6:00:55 2004

    Any infected parts of the message have not been delivered.This message is simply to warn you that your computer system may have a virus present and should be checked. The virus detector said this about the message:

    Report: message.zip contains Worm.MyDupe.Slashdot

  • Cool (Score:5, Insightful)

    by Dark Lord Seth ( 584963 ) on Monday February 09, 2004 @08:44AM (#8224488) Journal

    It has pictures, name and locations.

    Now the sysadmins have someone to beat up and the legal department can take some potshots at them for paying damages caused by virusses.

  • Timothy, do you ever check the fucking stories? (Score:4, Insightful)

    by theolein ( 316044 ) on Monday February 09, 2004 @08:44AM (#8224489) Journal
    This one is a dupe, yet again. Christ, man, use the fucking search feature or hand over the moderator status to someone who will. And yes, you are definitely the worst one when it comes to duplicating stories.
  • Imagine what its going to be like in 5 years when there aren't any more programming jobs in the US. I bet there will be hundreds of new viruses weekly.

  • One way to end this... (Score:2, Funny)

    by Anonymous Coward
    Get the parents of these kids to start coding malware.

    Parent: "Hey Vorogon32! That was a super neat idea to include multithreading in your latest worm! Awesome!"

    Kid: "Awww Mom!"

  • Sadly, this NY Times story got more readers... (Score:5, Insightful)

    by SpaceRook ( 630389 ) on Monday February 09, 2004 @08:47AM (#8224502)
    This [nytimes.com] article is about as ill-informed as that BBC article that was posted last week. From the article:

    MyDoom's ultimate target was an obscure software company named SCO. Champions of the open Net have portrayed SCO as the Antichrist since it sued to establish part-ownership of a popular and free computer operating system called Linux. Linux has become an icon of the so-called open-source movement, which is seeking to limit the influence of companies like SCO and the industry giant, Microsoft, which closely guard their software.
    • Those statements seem accurate to me. You can't really knock a news outlet for reporting facts, even if the facts might lead to an erroneous conclusion.
      • I did not read the article, but the quoted statement is grossly inaccurated:
        • ASAIK, it has been demonstrated that mydoom did not target SCO, only appeared to;
        • obscure software company named SCO? : well, this is almost fun :-)
        • open Net : what is it ?
        • so called open source : like it has not been around for more than ten years, sponsored by companies like IBM and Oracle, and several times mentioned by mainstream press;
        • which is seeking to limit the influence of companies like SCO and the industry gian
    • You miss-quotethe: the author wrote:

      > geeks in the "open source" software community.

      Evidently in the popular media open source gets to have quotes around it, as in "so-called" "open source." At least Mr. Thompson has graduated from calling us "hackers" and now uses the slightly better term "geeks." (I suppose it is better to be called a homosexual than a fag...).

      I therefore can't believe this was posted with the description "It's very well written by an author who clearly knows his stuff." Well-wr
  • Is looking like a freak a requirement a requirement for a "malware" coder?

  • Oh, the irony (Score:5, Funny)

    by rjshields ( 719665 ) on Monday February 09, 2004 @08:59AM (#8224547)
    "Stephen Mathieson, Detroit. The 16-year-old virus writer is dismissive of hackers who release other people's viruses: "The kids just cut and paste.""

    So, we have a 16 year old virus writer accusing other hackers of being childish. Doesn't that seem just a tad ironic?

  • Challenge, schmallenge (Score:3, Interesting)

    by W1K-Galoot ( 745033 ) on Monday February 09, 2004 @09:04AM (#8224576)
    Michelangelo was a master. A spray-can toting kid is just a vandal. These aren't "masters" either, no matter how much they label themselves as such. Want to show off your elite skills, kids? Want to show how much better than Microsoft you are? Write a self-replicating program that patches holes instead of exploiting them.
    Nope. They're vandals posing as artists.

    • Re:Challenge, schmallenge (Score:4, Insightful)

      by globalar ( 669767 ) on Monday February 09, 2004 @01:13PM (#8226825) Homepage
      It's a sign of immaturity that you have to prove yourself and exercise your ability in every small way. For example, locksmiths don't go around opening people's doors and leaving strange notes just because they can. They have a job where these abilities are applied for a wage. Their capabilities are productive and non-intrusive.

      Some hackers find problems with popular software, others create security schemes, some experiment with protocols, some reverse engineer drivers, etc. Some hackers are productive and non-intrusive.
    • The last worm that tried to fix a hole was buggy and caused more damage than the original.

      Apparently, these folks don't realize that the traffic from spreading the worm is a large portion of the damage caused.

      Perhaps they should read some of the literature that's rather widely available?
  • You have just received the Amish computer virus. Because we don't have any computers, or programming experience, this virus works on the honor system.

    Please delete all the files from your hard drive and hand-deliver this virus to everyone on your mailing list. Thank you for your cooperation.
  • Call me cynical but I think this story is a well-constructed lie.

    First, the accurate but uncheckable details: name of some guy in Austria, his 15-year old girlfriend.

    Secondly, as has been remarked, the photos. They are just too well shot, and I can't for a second believe that a virus author would sit still while the makeup girls did their thing, lighting got the shadows right... no frigging way!

    Thirdly, the technical details are obviously wrong. Formatting hard drives? Deleting files? That is so 1980's. Today's virus writers are obsessed with the social interface: how to confuse people into clicking the attachment.

    Forthly, the timing. A long, detailed investigation into youthful virus writers just as the worst ever virus hits the Internet, with no mention of mafia connections, of zombie spam engines, of "sorry, andy, but this was just my job",...? WTF?

    Conclusion: it's a set-up. These young dudes don't exist as described, the shots are of actors, and the story was invented behind a desk. Someone wants to create a convincing enemy for new legislation which will paint uncontrolled hacker youthdom as the enemy of all that is right and proper. Long prison sentences for simply creating the wrong kind of software ("because it could be released and do harm"). Rapid implementation across the globe ("cause these guys are in, like, Austra!").

    Now, allow me to get really cynical and ask this question: why is no-one bothering with profiles of the organized criminals behind most of the damage done to people's computers? Could it be because misdirecting the blame at youth hackerdom means the problem will not be solved, and so the hand of oppressive government can become stronger and stronger...

    Of course, I could be wrong, and really viruses like mydoom could just be the work of guys like this.
    • Pretty good theory, and it wouldn't be the first time the New York Times made up a story. [capmag.com]

    • First, that sort of thing is in numerous articles.. so it's a useless starting point.

      Second, the photos aren't very good. It's easier to tell if you look at the pictures in the NYTimes magazine. One's blurry and grainy, another is heavily dodged (darkened) everywhere except where that "Benny" guy is, and the detroit kid does seem to have on makeup, but the picture is just slow shutter with soft focus and a light flare.

      Third, when I read the article.. it talked about how formatting hard drives was old an

    • I don't think you're cynical or paranoid for being suspicious or paranoid of this article, but...

      Thirdly, the technical details are obviously wrong. Formatting hard drives? Deleting files? That is so 1980's. Today's virus writers are obsessed with the social interface: how to confuse people into clicking the attachment.

      It's not uncommon for mainstream media writers to get the technical details wrong. However, your criticism suggests to me that you didn't read the article. The subjects of the story ta

  • Go ahead a flame away, but... (Score:3, Insightful)

    by Ghengis ( 73865 ) <SLowLaRIS&xNIX,Rules> on Monday February 09, 2004 @09:31AM (#8224781) Homepage Journal
    Come on! Get it together /.! You guys had this article on Friday! [slashdot.org] Don't you read your own site?

  • Men are pigs..and virus writers! (Score:3, Insightful)

    by cabazorro ( 601004 ) on Monday February 09, 2004 @09:36AM (#8224809) Journal
    On the creator of the Sobig.F virus...
    ''The F.B.I. is out for the Sobig guy with both
    claws, and they want to make an example
    of him,'' David Perry.

    Women don't write viruses?
    Women don't read slashdot?
    I feel so pigeonholed!!
  • this article is completely ruined by this one line:

    Philet0ast3r's party was crammed with 20 friends who were blasting the punk band Deftones, playing cards, smoking furiously and arguing about politics.

    this writer may know his computers, but he sure doesnt know his music genres.

  • I always wanted to write my own virus damage routine, which fragments the hard drive, but I never got around to do it. It should be easy with the Windows API for defragmenting already there. This russian guy(Bosinsky? Kaspersky? Markovich? I forgot) had a simple example how to use the API but you need a Visual C Compiler.

    And its not really causing damage that can't be reversed, it is just slowing down the computer a lot :-))

    • what if someone wrote a virus that defragmented the hard drive, or something similar? it suprises me that there aren't more beneficial viruses (that i know of)...i've actually heard of viruses protecting computers from other viruses, but are there any other beneficial viruses out there?

  • When reading articles like this... (Score:4, Insightful)

    by vasqzr ( 619165 ) <vasqzr@noSpaM.netscape.net> on Monday February 09, 2004 @09:56AM (#8224979)
    Just sit back and laugh. Journalists can't cover this stuff. It's a joke.

    Now, think about how off-center computer-related articles are. Anything that deals with technology.

    Have you ever had first-hand experience with a story your local paper covered? And while reading the story, you think to yourself, "Where the hell did they get their (mis)information??"

    Apply that to EVERY story in the news. Scary, isn't it?

  • VB? WTF?! (Score:5, Interesting)

    by fudgefactor7 ( 581449 ) on Monday February 09, 2004 @10:10AM (#8225095)
    Visual Basic is a computer language popular among malware authors for its simplicity; Philet0ast3r has used it to create several of the two dozen viruses he's written.

    Jeez...VB? Real virus hax0rz work in assembly, it's smaller, neater, and faster. These guys are a bunch of script kiddie punks. No wonder they were hip to being interviewed, they had no talent and wanted a name for themselves.

    Perhaps we should kill them.
    • VB is a script kiddie languange.. just like basic use to be years ago.. i remember writing stuff in basic to mess around with the school computers.. anyways.. long time ago.

      Ask these kids about the big 0h notation, or the time complexity of their program and they won't a have a clue.. they are just following some instructions and some other people's code. Afterall 3K seems pretty big footprint for a virus.. I had a friend who use to regularly write 1/2 k viruses.. just cause the code was so clean and opt

  • Profile of the Mind of a Virus Writer.. (Score:3, Funny)

    by Savage-Rabbit ( 308260 ) on Monday February 09, 2004 @10:31AM (#8225271)
    That's easy, Bart Simpson with a Windows PC....
  • Something that very many of you seem to be missing is the fact that the world needs hackers. While I don't condone the release of a virus (that is actually executing it in the wild) I think that it's absolutely necessary for them to exist. The guys who do this sort of coding set the standards for the industry. If nobody ever pointed out the flaws in microsoft's code, then it would never be fixed. If you all are going to sit here and point fingers at people who write exploits, I'd hope you stop and think f
    • I think you've got the focus in the wrong place.

      Finding and fixing security holes is the responsibility of the OS creators - you can say "oh, if nobody hacked into your OS here then how would we fix the security holes? The responsible OSs have people working on them that would STILL look for security holes, would STILL fix them, even if there wasn't a threat.

      If a cracker wants to do good things, crack into a box and then tell the company in charge how you did it. Just being a cracker makes you no boon
  • In the article, Mr. Thompson doth enscribe:

    Technically, ''viruses'' and ''worms'' are slightly different things...

    [A virus is] a tiny program, and when you click on it, it will reprogram parts of your computer to do something new, like display a message. A virus cannot kick-start itself; a human needs to be fooled into clicking on it.

    Thank you /. editors, for letting me know the article is "very well written by an author who clearly knows his stuff." [sic doxamatum]

  • Just pranksters (Score:2, Insightful)

    by groomed ( 202061 )
    I don't see what all the fuss is about. Most of these guys are just pranksters. I see some people here frothing at the mouth about how these guys should be locked into the slammer for months, even years. What a vicious and repellant sentiment. Ironically it seems to mirror the sad, mean outlook on life that drives the virus writers: I will make them pay for my misery!

    Clearly some pranks are off-bounds. When the prank goes from mischief to outright malice, swift and appropriate punishment needs to be meted

Slashdot Top Deals

God doesn't play dice. -- Albert Einstein

Close