Virus Writers - The Enemy Within

Slob Nerd writes "An interesting read from todays Observer "He's 21, he's got dreadlocks, likes punk bands... and his hobby could wreck your computer in seconds. Clive Thompson infiltrates the secret world of the virus writers who see their work as art - while others fear that it is cyber-terrorism.""

endbreeding

[Anonymous Coward]

End - Breeding

It's where the family tree doesn't spread out,
but the ends of the branches meet up.

Anyone seen a good written virus?

[Anonymous Coward]

Whenever I disassembled viruses or worms, I had to scream. Even in the good old DOS-times and even with bootsector viruses, where size was an important factor, they were simply horrible written. (i.e. unnecassary bloated)

While some may imply in their posts, that virus writers are technically skilled, I've yet to see a single example of beeing better than the avarage bad programmer...

Complete Bullshit

[ktanmay]

It's not like I don't have appreciation for the fine arts, but this is taking it too far, it is almost to the extent of patronizing virus writers.

Ok fine, what if someday, a student doing research in microbiology decides, just for the sake or fine arts, I'll release a mutant plague bacteria...

Re:My Hero

[AndroidCat]

Clive Thompson has been shopping this story around. The two-parter in the Toronto Star [thestar.com] was billed as "SPECIAL TO THE STAR". Special reformating of the same article as far as I can tell.

I'm always skeptical of stories like this. Everytime there was a story where I knew the people and facts directly, the story was usually a mish-mash mixed or invented to sex up the story.

Just an idea!

[HaRR0]

Maybe if the government or anti virus companys made like an online virtual internet for young people to upload there virus into this "virtual internet" to watch it spread and make a game like point scheme or something along the lines there wouldnt be much havoc online , I think it is mostly boredom that virus creaters do this for!

Re:Virus Writers

[gustgr]

I don't belive they are completelly skilled. I would pay to see one of these VB virus writers to build an application which can improve our OS's or Networks.

Like the elders say it takes 10 years to a three grow but only 10 minutos to take it down. It's the same with computer virus.

Re:Hmmm

[skifreak87]

To play Devil's Advocate isn't there something good arising from virus writers? If there were no major viruses out there, I guarantee you most users wouldn't have anti-virus software and wouldn't know not to click on email attachments from unknown sources. Then, if someone really did want to cause major havoc, it would be even worse than it is now. I don't know if this is true, but I think it's possible. If no one ever expected a virus/worm, how long would it take to actually get the virus/worm off of every user's computer. It's rather quick now because most people have anti-virus software that can be updated really quickly.

From the all-mouth-and-no-meat department

[tagishsimon]

Umm. Slight absence of any mention of virus writing for profit: there's enough evidence that a number of recent virii were mainly about installing SMTP Relays on infected machines to propogate spam, or leaving a backdoor open so that this could later be done.

Or else installing DDOS software aimed at Spamhaus servers, or leaving backdoors open for same.

So. Art: Check. Vandalism: Check. Profit Motive: Check. Insubstantial "infiltration" by journalist: Check.

Ferinstance

http://yro.slashdot.org/article.pl?sid=03/12/03/14 23258&mode=nested [slashdot.org]

- Oops. There goes Spamhaus

http://securityresponse.symantec.com/ [symantec.com]

- most of this week's crop install backdoors.

http://www.groklaw.net/article.php?story=200402210 51056136 [groklaw.net]

- Your IP Addy for sale to a spam-merchant near you...

Terrorism

[octal666]

Well, actually terrorism is using threats and violence to force someone to think or behave as you want.

Common virus-writers are more like random violence, they do not use to pursue economical or political agendas, more usually want recognition inside their own community.

I, for one, am fed up with this ciber-terrorists media propaganda.

Embellishment

[`Sean]

I'm always skeptical of stories like this. Everytime there was a story where I knew the people and facts directly, the story was usually a mish-mash mixed or invented to sex up the story.

That's usually the case with any subject! Every movie, documentary, or article that I've seen or read and have had personal experience with has been a load of bunk. I've been interviewed for numerous newspaper and magazine articles and they very rarely use any of my quotes in context. They'll usually intentionally remove the context to twist words to mean whatever agenda they're trying to push.

My personal experiences with the media have basically ruined my ability to enjoy anything anymore. Since I know for a fact that virtually every story I've contributed to has been embellished by the authors to increase its entertainment value, I assume that any story that's been done about a subject I'm not personally familiar with has been tainted as well. And, most of the time, I'm correct. A simple five minute Google or encyclopedic search on the subject gives me more accurate data than the story that I'm following up on.

Re:MOD PARENT +1 INSIGHTFUL

[nutznboltz]

If we just educated people better, viruses/diseases wouldn't be a problem. Works the same way for AIDS as it does W32.Klez.

Now that's sarcasm at its finest. Over 20 years with the same human virus and the problem just keeps getting worse. I doubt people are getting less educated about it over time.

It appears to me that overcoming human nature requires more than education.

Re:Anyone seen a good written virus?

[CausticWindow]

Yes, I've seen good written virus. Back in the good old Amiga days, there were several viruses with codemorphing etc.

Viruses serve a purpose

[CrypticSpawn]

Lets face it, without viruses alot of the flaws in our operating systems would still be open today, then hackers would have free reign into your system without your knowledge. More and more people wouldn't be using firewalls, more people wouldn't be using anti-virus software. Lets face it, the internet is still very fragile, remember way back in 1988 when one worm took down the internet, that can still happen today sad to say, but we are more knowledgible of how viruses use our software to do moreso now than anytime before. Microsoft is trying to change to that operating system where everything has to use their new .NET infrastructure so security will be tigher, not just in their operating system, but also in the applications third parties write. However, I know from past experience with Microsoft, they will end up trying to be backwards compatible and end up inheriting all those problems from before. But perhaps this time they will use their new purchase of Virtual PC to implement those backward compatibility environments totally away from their new operating system. But somehow I think Microsoft will end up even implementing that badly, because they want to give their users so much ease of use and cool features they end up shooting themselves in the foot, allowing people to use their own gullibility to weaking Microsoft's operating system. This same thing can be said about alot of operating systems out there trying to mimic them to some degree.

Re:Embellishment

[`Sean]

I might suspect that all news stories are equally flawed, but it's only the "teenage haxor angst" ones that I know are flawed.

My mistake...I should have qualified my post with a "Virtually every..." instead of simply saying "every...". I'm just bitter about constantly getting misquoted. The first misquote of my career goes back to 1996 when an MacWeek author writing a Web graphics piece misquoted me as saying that JPEG is a lossless compression when I explicitly told him in both a phone and e-mail interview it was lossy.

But I'm not bitter...

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Some other hobbies...

[rmpotter]

Well... the act of creating a virus and storing it on a publicly accessible web server _is_ tantamount to distributing it, is it not? Would you take a bag of loaded hand guns and leave them on the floor in the middle of a daycare? Would you park your unlocked, running Ferrari next to a bar and ask a group of drunken patrons to "watch" it for you? In some ways, a computer virus is to software as hate literature is to the printed word. I don't see a solution to either problem. At best, I would hope virus writers would "share" their code in a more responsible -- ie more restrictive -- way. Open, unauthenticated access to destructive software should not be legal. "Free expression" -- even if it is a piece of software -- should not be permitted to harm millions of people. Perhaps legal virus writers should be regulated -- much like companies who produce and ship hazardous materials.

Re:My Hero

[plugger]

I don't read the Observer, as I agree with you that it embellishes stories to create better headlines. In contrast though, its sister paper, The Guardian, really does try to keep the record straight. They have a 'corrections and clarifications' column where they correct any wrong assertion that they print, however minor. They also have a reader's editor. His job is to investigate complaints and queries from the readers and publish his findings in a monthly column.

Re:Embellishment

[AndroidCat]

I got enrolled into a fictitious hacker group called "Top 40" in Montreal in 1983. Not by name, just by association. The reporter of that story crashed a Hudson Yacht-Club Get-Together looking for the scoop on this infamous group, and was unpleasant enough at the door ("What are you trying to hide?") that they let him in so he could see that we were just harmless computer enthusiasts. Some of us were starting small companies at the time. Oddly enough, he never put that in his story, which was mainly about a vast underground network of eevil hackers. (I guess a social gathering at a yacht club didn't fit his fable.)

I wonder if that reporter was Clive in his early years?

The actual story was that 4 teenagers got busted by Bell-cops for using their Applecat modems to phreak. Woo!

Virus Conspiracy

[superpulpsicle]

If you think teenage punks are the ones writing all the virus you're in for a surprise.

Someone needs to do some serious research and see how many came out of Norton Lab.

It's easy to blame some kid playing a guitar in his bedroom. It's another thing to hire a lawyer and blame virus scan companies.

Why don't mailers auto-zip and block executables?

[gad_zuki!]

Let look at a lot of these exploits, they generally are .scr, .vbs, .bat, etc files. By blocking these attachments by default you're going to avoid most attempts at compromising your machine.

Sure, this is old hat to slashdotters, but I think it would behoove all email client writers to do this by default as MS does now. Now, that leaves us with macro word/excel viruses, other exploits, and the zip files themselves. The first two can be taken care of by a competent virus scanner or system patching and the latter forces the user to open the zip archive thus revealing the true extension (most compression utilities do this) and copies the file(s) to some location thus giving the virus scanner more of a chance to check the thing for viruses.

Its far from a perfect solution, but it will make people sensitive to file extensions and file types. It will also save disk space and bandwidth by compressing attachments (or even the message itself). Added functionality can be added like signed zip archives, AV hooks into zip programs, etc. Heck, the zip format already provides a cross-platform encryption scheme. Sure its not 3DES/RSA or anything, but it sure beats nothing (especially for those worried about sniffing).

This is essentially the setup many of the companies I work with have. You get your pdf, doc, xls, etc but anything executable is either deleted or quarantined. I don't see why email clients written for residential customers can't do the same.

Data loss isn't even an issue, the worst case scenario is asking the guy who sent you that .exe to zip it because your mailer doesn't support executable extensions. If you get a bounce back or a message saying "I didnt send you an .exe" then you can safely assume the file is no good and just delete it or set your mailer to auto-delete.

This can be done in three steps:

1. Implement auto-zipping. Geeks and security sensitive people will probably enable this by default. Or it should be default with newer version of mailers.

2. Once a significant amount of traffic is in the zip format set your mailer to reject all executables. It also could auto-remail the person sending you executables. (this may be exploited by spammers looking for live email addresses).

3. Watch zip vendors work closer with AV vendors to provide better protection from viruses in zip archives.

Re:My Hero

[You're All Wrong]

OK, in other virus news, slightly more up-to-date, female virus-writer Gigabyte has been arrested in Belgium.

http://www.sophos.com.au/virusinfo/articles/giga by te.html

Like many of the smarter vxers, she never released a virus into the ecosystem where it would thrive.

If it were the US, she'd
a) be 100% protected by the 1st amendment.
b) be banged up for being a terrorist instead.

My inbox has dozens of viruses dumped into it every day, which completely and totally pisses me off. However, I'd still shake the hand of the writers of some of the cleverer viruses, I bear them no grudge; they're simply filling a niche created by incompetant programmers at microsoft.

YAW.

Re:My Hero

[gaijin99]

I think this is the third time this story has been posted.

And, as always, they refer to the virus as "computer virus", not "Windows virus". I believe that there are, what, two virus for UNIX systems? Yet somehow magically the Windows virus transmogrofy and become known as "computer virus".

Googling reveals that this trend in helping BillG cover up the fact that its his OS, not computers, that are virus laden is quite widespread. Search for "Computer Virus" and you'll get around 1.5 million hits; "Windows Virus", by contrast only turns up around 35 thousand hits.

We really do need to work to spread the meme that its not a computer virus, its a Windows virus. Make more people aware of the fact that its a Windows problem, not a computer problem, and it does two things: firstly it might make them consider alternatives to Windows, and secondly if they know its a Windows specific problem they might try and pressure MS into making Windows more secure.

Re:My Hero

[lambent]

How is the exploitation of incompetence in any way clever?

You don't become a hero by beating up on those weaker than yourself.

Re:Deftones aren't a punk band

[Ithika]

That would be a marvellous idea if it weren't for the fact that you haven't coined a new word or used an existing word in a new context, you've misspelt an existing word. That makes it wrong, not new.

I fail to see how - no matter how much you tilt your head and squint your eyes - virii can be taken for a misspelling of viruses. Please explain. Everyone else admits that people who use 'virii' meant to spell it that way. Which means they meant to differentiate it from the accepted use of the word virus (that is, from a biological virus).

Perhaps you should look up the definition of that word, since the only time that pointing out a common spelling mistake would be hypocritical would be if I were to make one myself.

Yes, that would be true if it was nothing more than a common spelling mistake. However many people - myself included - happen to like it for one reason or another and intentionally don't use the word 'viruses'.

I am fully aware what hypocrisy is, and I also believe it would be hypocritical of you to rubbish neologisms that you don't like whilst giving the reason that they're badly spelled, all the while using words which are just as new to the English language without a second thought.

Regards,

ithika.

Make posting the code for a virus illegal.

[bigmoosie]

IIRC posting, writing, or keeping copies of instructions for making bombs is illegal in the US. Why? Because bombs harm many people and do lots of damage. Viruses should fall under the same catagory.

Yes, virus writers are rather skilled compared to their counterparts script kiddies (and even worse click kiddies). I don't care how skilled they are, they can put their talent to other things.

The art behind virus writting is make it do good things in a few lines. Put that talent to work on opensource software. Imangine if some of these people got together and worked on the 2.6 kernel for linux. Maybe it would have been out 6 months earlier or it may have some more advanced features.

There are many things they can do, but the fact is they should not write viruses or even post the code/instructions/tools for making viruses anywhere.

IMHO

~ryan

Re:Virus Conspiracy

[Reziac]

There was an interview with McAfee himself back about 1989 (probably to plug his book) in which he made some remark to the effect that it behooved antivirus companies to "create a market" even if that meant releasing viruses themselves.

While I don't *know* of any such activities by AV companies, this interview may well be the origin of such rumours -- it wasn't exactly the sort of thing as to inspire consumer confidence!

Someone here on /. posted a link to the interview (this was about 2 or 3 years ago), and it was live then, but last time I went looking for it, I couldn't find it. Anyone...??