So, Who Wrote Sobig? 187
An anonymous reader writes "F-Secure's Virus Blog posted links to a 48-page technical study on who wrote the infamous Sobig worm which went around the world last year. The study is done by anonymous authors.
The study concludes that author of this worm is a Russian programmer and goes out all the way to name him. This file has now been posted publicly but on Geocities and and Tripod. So you can have a look by yourself and make your own conclusions."
Good American Programmers? (Score:2, Interesting)
Viruses for profit (Score:5, Interesting)
Circumstantial evidence. (Score:4, Interesting)
Granted he should probably burn at the stake just for writing SPAM software...
Avast, slashbots! (Score:5, Interesting)
Re:Good American Programmers? (Score:1, Interesting)
Actually, this cannot be attributed to tougher law enforcement or any other similar reasons. The thing is that there are not that many big Viruses/Worms/Anything-else-you-want-to-call-them around. So the possibility of the virus-writer being from any random country is almost equal. (My English skills arent so good, so please forgive me if my sentences werent clear.)
Re:Viruses for profit (Score:5, Interesting)
The problem isn't that professionals are necessarily better than amateurs at a task -- we know this isn't true. But being a professional allows you to work full-time on something. Many people are motivated by financial rewards (and egoboo doesn't put bread on the table, either).
When a lot of money gets involved, organized crime gets involved, and they bring with them the infrastructure for serious misdeeds.
I want my script kiddiez back.
fairly convincing (Score:3, Interesting)
The comparible code-base (unusual string concatanations that appear in both the virus and his commercial software) I suppose I *could* also overlook that because I know that a lot of developers copy code snippets from support pages and such. Especially for such generic functions as sending email.
But, then throw in the fact that send-safe and the sobog virus have very consistent release schedules. That is a little suspicious.
Not only that, but, if you remember when SoBig first came out - it was quite a long time after before people started to realize that it was creating spam proxies. send-safe was using those proxies even before the massive outbreak. Now that is kinda weird.
So, when you add up all of those things, It seems convincing to me. Is it enough to raid his office computers?
Frustrated yes, but not for money. (Score:3, Interesting)
Re:Do we ever really hear about good viruses? (Score:3, Interesting)
I think it's not very likely. It isn't the payload that necessarily gets viruses noticed. If a virus (well, technically a worm in this case) tries to exploit buffer overruns in remote services (as was done by worms like Code Red and Blaster), it's going to get caught by the log entries from failed intrusions. If a virus (again, technically a worm in this case) tries to mail itself out to people, it's going to be easy for savvy users to see it for what it is. Even if a virus just modifies executables, it's going to raise alarms on a system that keeps checksums of such files. Even the increasingly archaic boot sector viruses will get caught by a simple BIOS setting.
All the popular infection vectors that viruses and worms use leave too much evidence. I don't think any virus that has infected a large number of computers will stay hidden for long.