Become a fan of Slashdot on Facebook


Forgot your password?

Virus Writers - The Enemy Within 380

Slob Nerd writes "An interesting read from todays Observer "He's 21, he's got dreadlocks, likes punk bands... and his hobby could wreck your computer in seconds. Clive Thompson infiltrates the secret world of the virus writers who see their work as art - while others fear that it is cyber-terrorism.""
This discussion has been archived. No new comments can be posted.

Virus Writers - The Enemy Within

Comments Filter:
  • My Hero (Score:5, Informative)

    by DarkHelmet ( 120004 ) * <mark.seventhcycle@net> on Sunday February 22, 2004 @10:49AM (#8355318) Homepage

    I think this is the third time this story has been posted.

    Googled version to NY Times story []

    Of course, does it really count if the same story appears on a *different* page? Or a different website.

    Maybe it's time that slashdot subscribers get a cached version of the story hosted on slashdot. That way, when an editor is about to submit a duplicate story, it'll check for similar articles cached on the site. That way this kind of thing doesn't keep happening. Hell... Slashdot editors won't even have to read slashdot anymore!

    Thank you CmdrTaco for rejecting the story I just submitted in favor of this one. And I *know* the story I submitted wasn't a duplicate, or else my web server would have felt it. ;)

    You really are my hero.

    • Re:My Hero (Score:5, Informative)

      by DarkHelmet ( 120004 ) * <mark.seventhcycle@net> on Sunday February 22, 2004 @10:52AM (#8355334) Homepage
      Oh yeah...

      The slashdot article where this story already appeared is here: 9&mode=nested []

      • Re:My Hero (Score:5, Informative)

        by Motherfucking Shit ( 636021 ) on Sunday February 22, 2004 @11:02AM (#8355385) Journal
        And just three days after that, it appeared here: 8&mode=thread []

        Which, I imagine, makes this story not a dupe, but a triplicate!
        • Re:My Hero (Score:5, Funny)

          by Have Blue ( 616 ) on Sunday February 22, 2004 @11:24AM (#8355468) Homepage
          Not a dupe, but a tripe! Oh, wait...
        • Re:My Hero (Score:2, Redundant)

          by rlowe69 ( 74867 )
          Which, I imagine, makes this story not a dupe, but a triplicate!

          Would that be a tripe []? How appropriate.
        • Re: My Hero (Score:4, Funny)

          by Black Parrot ( 19622 ) on Sunday February 22, 2004 @12:39PM (#8355873)

          > And just three days after that, it appeared here:

          Maybe it's a viral story?

        • Re:My Hero (Score:2, Interesting)

          OK, in other virus news, slightly more up-to-date, female virus-writer Gigabyte has been arrested in Belgium.

 a by te.html

          Like many of the smarter vxers, she never released a virus into the ecosystem where it would thrive.

          If it were the US, she'd
          a) be 100% protected by the 1st amendment.
          b) be banged up for being a terrorist instead.

          My inbox has dozens of viruses dumped into it every day, which completely and totally pisses me off. However, I'd still shake th
          • My inbox has dozens of viruses dumped into it every day, which completely and totally pisses me off. However, I'd still shake the hand of the writers of some of the cleverer viruses

            So would I. Then I'd kick them in the kneecaps with my steel-toecapped boots.

            • by eugene ts wong ( 231154 ) on Sunday February 22, 2004 @06:54PM (#8357799) Homepage Journal
              You really do have an interesting point. If sending a virus to my computer can be called art or intelligence or cleverness, then can kicking in the virus writer's knees be considered art or cleverness? After all, the kicker is just exploiting a the weakness of the kickee, in the same manner that the virus writer is exploiting a weakness of someone else. It would be artistic because it would be sending a message, & it would displaying the human body in a way that isn't usually done. It would certainly get the kickee to think.
    • Re:My Hero (Score:5, Interesting)

      by AndroidCat ( 229562 ) on Sunday February 22, 2004 @11:01AM (#8355382) Homepage
      Clive Thompson has been shopping this story around. The two-parter in the Toronto Star [] was billed as "SPECIAL TO THE STAR". Special reformating of the same article as far as I can tell.

      I'm always skeptical of stories like this. Everytime there was a story where I knew the people and facts directly, the story was usually a mish-mash mixed or invented to sex up the story.

      • Embellishment (Score:5, Interesting)

        by `Sean ( 15328 ) * <> on Sunday February 22, 2004 @11:23AM (#8355464) Homepage Journal

        I'm always skeptical of stories like this. Everytime there was a story where I knew the people and facts directly, the story was usually a mish-mash mixed or invented to sex up the story.

        That's usually the case with any subject! Every movie, documentary, or article that I've seen or read and have had personal experience with has been a load of bunk. I've been interviewed for numerous newspaper and magazine articles and they very rarely use any of my quotes in context. They'll usually intentionally remove the context to twist words to mean whatever agenda they're trying to push.

        My personal experiences with the media have basically ruined my ability to enjoy anything anymore. Since I know for a fact that virtually every story I've contributed to has been embellished by the authors to increase its entertainment value, I assume that any story that's been done about a subject I'm not personally familiar with has been tainted as well. And, most of the time, I'm correct. A simple five minute Google or encyclopedic search on the subject gives me more accurate data than the story that I'm following up on.

        • by AndroidCat ( 229562 ) on Sunday February 22, 2004 @11:41AM (#8355560) Homepage
          Allow me my rose coloured glasses. I might suspect that all news stories are equally flawed, but it's only the "teenage haxor angst" ones that I know are flawed. :^)

          News stories are definitely like sausages and laws--never ever watch any of them being made.

          • Re:Embellishment (Score:5, Interesting)

            by `Sean ( 15328 ) * <> on Sunday February 22, 2004 @12:13PM (#8355708) Homepage Journal

            I might suspect that all news stories are equally flawed, but it's only the "teenage haxor angst" ones that I know are flawed.

            My mistake...I should have qualified my post with a "Virtually every..." instead of simply saying "every...". I'm just bitter about constantly getting misquoted. The first misquote of my career goes back to 1996 when an MacWeek author writing a Web graphics piece misquoted me as saying that JPEG is a lossless compression when I explicitly told him in both a phone and e-mail interview it was lossy.

            But I'm not bitter...

            • Re:Embellishment (Score:5, Interesting)

              by AndroidCat ( 229562 ) on Sunday February 22, 2004 @12:48PM (#8355922) Homepage
              I got enrolled into a fictitious hacker group called "Top 40" in Montreal in 1983. Not by name, just by association. The reporter of that story crashed a Hudson Yacht-Club Get-Together looking for the scoop on this infamous group, and was unpleasant enough at the door ("What are you trying to hide?") that they let him in so he could see that we were just harmless computer enthusiasts. Some of us were starting small companies at the time. Oddly enough, he never put that in his story, which was mainly about a vast underground network of eevil hackers. (I guess a social gathering at a yacht club didn't fit his fable.)

              I wonder if that reporter was Clive in his early years?

              The actual story was that 4 teenagers got busted by Bell-cops for using their Applecat modems to phreak. Woo!

        • I...very rarely use any...quotes in context...every story I've...done...I...tainted...And, most of the time, I'm...more accurate...than the story that I'm following up on.

          This guy has no idea what he's talking about. Mainstream media reporters do great work. This man contradicts himself and generally brags about how he exploits ellipses to twist people's words around on Slashdot (though presumably, he does this in everyday conversation). He clearly has no credibility.

          FOX News. Fair and balanced.

      • Re:My Hero (Score:3, Funny)

        by gruntled ( 107194 )
        The New York Times, like most large papers, offers its stories to other publications via the wire, which these days is just an FTP server. When I broke a big story, my byline appeared in papers all over the world.
    • Re:My Hero (Score:5, Informative)

      by squiggleslash ( 241428 ) on Sunday February 22, 2004 @11:20AM (#8355453) Homepage Journal
      Worst of it is that this in The Observer, a British Sunday newspaper that hasn't had any credibility in the tech community since the infamous "Peddlars of Paedophile Porn" episode back in '97.

      For those who missed it: That paper printed photographs on its front page of the chairman of a large British ISP and the owner of a famous anonymous remailer in Finland that was the target of a campaign by the Scientologists, under the above headline. Their logic? For the former individual: there's paedophile porn on the Internet, so if you're running an ISP you must be selling such pornography. Kind of like the Queen is a child pornographer, after all she was head of the Royal Mail at the time (Britain's post office), and child porn often gets sent by mail...

      The allegation against the anonymous remailer was, in many ways, even worse. The service was free and had been crippled so it couldn't be used to send binaries in any practical way, so in no sense could he have been described as "peddling" that kind of material. The allegation came at a time when the service - used by a variety of groups from abuse victims who wanted to discuss issues anonymously on Usenet to Amnesty International and dissidents who needed privacy - badly needed help as the CoS had various lawsuits against it citing copyright infringement. Attackers of the CoS had used the service to publish, anonymously, various CoS tracts. The service shut down one week after the Observer article was published.

      The Observer ran this campaign for two weeks and finally went silent over it, never issuing an public apology or a retraction. During this time Britain's fledgling Internet community went, to put it mildly, pretty much ape-shit.

      For me it was a bit of an epithany, I suspect it was for many others too, as it demonstrated how low the press can get when they're trying to get readers. This wasn't some third rate tabloid, it was a newspaper famous for its supposed high-minded liberalism and commitment to truth - it was an article in The Observer that lead to the founding of Amnesty International, another that lead to Britain's withdrawl from Suez.

      Do I take seriously an article published in it about virus writers? You bet I don't. I don't think anyone in their right mind can take that newspaper seriously.

      • Re:My Hero (Score:3, Interesting)

        by plugger ( 450839 )
        I don't read the Observer, as I agree with you that it embellishes stories to create better headlines. In contrast though, its sister paper, The Guardian, really does try to keep the record straight. They have a 'corrections and clarifications' column where they correct any wrong assertion that they print, however minor. They also have a reader's editor. His job is to investigate complaints and queries from the readers and publish his findings in a monthly column.
      • Re:My Hero (Score:3, Informative)

        by saforrest ( 184929 )
        Attackers of the CoS had used the service to publish, anonymously, various CoS tracts. The service shut down one week after the Observer article was published.

        Well, (which is what I assume you're talking about) was shut down willingly by its maintainer shortly after a raid by the Finnish police seized personal information on an user who'd posted Scientology data.
    • Re:My Hero (Score:5, Interesting)

      by gaijin99 ( 143693 ) on Sunday February 22, 2004 @01:31PM (#8356131) Journal
      I think this is the third time this story has been posted.
      And, as always, they refer to the virus as "computer virus", not "Windows virus". I believe that there are, what, two virus for UNIX systems? Yet somehow magically the Windows virus transmogrofy and become known as "computer virus".

      Googling reveals that this trend in helping BillG cover up the fact that its his OS, not computers, that are virus laden is quite widespread. Search for "Computer Virus" and you'll get around 1.5 million hits; "Windows Virus", by contrast only turns up around 35 thousand hits.

      We really do need to work to spread the meme that its not a computer virus, its a Windows virus. Make more people aware of the fact that its a Windows problem, not a computer problem, and it does two things: firstly it might make them consider alternatives to Windows, and secondly if they know its a Windows specific problem they might try and pressure MS into making Windows more secure.

  • Virus Writers (Score:5, Insightful)

    by ThisNukes4u ( 752508 ) <tcoppi@gmail . c om> on Sunday February 22, 2004 @10:53AM (#8355345) Homepage
    Virus writers, while technically skilled, are complete dumb butts for using their skills in ways that are harmful to society and businesses, even if it's not their fault that it is easy to do thanks to Microsoft. They'd be better off using their skills for something more productive.
    • Re:Virus Writers (Score:5, Insightful)

      by flatt ( 513465 ) on Sunday February 22, 2004 @10:58AM (#8355370) Homepage Journal
      I doubt you'll get much opposition to your point but are you going to pay them? It's the same reason kids get involved in gangs and whatnot: boredom and lack of belonging/recognition.

      Easy problem to find, harder problem to solve.
      • True its the same reason kids get involved in games and whatnot, but its been said before and I'll say it again : Its all fun and games until someone gets hurt. Virus writers are just lucky computers haven't advanced far enough where medical machines can be remote controlled via the internet. (Watch, if some old guy dies because his breathing unit goes down from a virus they'll be hell to pay.)

        The only difference between gangs (real life ones) and virus writers is the fact that gangs do direct damage wherea

        • by ccmay ( 116316 ) on Sunday February 22, 2004 @02:01PM (#8356308)
          Virus writers are just lucky computers haven't advanced far enough where medical machines can be remote controlled via the internet.

          The PACS system (digital X-ray reading monitors) at the hospital where I work caught Code Red last year, and was down for a day or two. X-rays were being read on printed films just like the old days. Slowed everything down significantly. I don't know that it directly affected any patient's health, but it certainly could have.


    • Re:Virus Writers (Score:5, Interesting)

      by gustgr ( 695173 ) <> on Sunday February 22, 2004 @11:04AM (#8355394) Homepage
      I don't belive they are completelly skilled. I would pay to see one of these VB virus writers to build an application which can improve our OS's or Networks.

      Like the elders say it takes 10 years to a three grow but only 10 minutos to take it down. It's the same with computer virus.
      • Besides, its not like the "script kiddie" even has to be smart enought to code the virus in the first place. Often just capture one in the wild and modify it a bit to pick on your favorite target. Or for the REALLY weak on programming skills, just use a virus writer like this. (a link to the description, not the actual virus writer) macro_virus_generator.asp
    • Re:Virus Writers (Score:4, Insightful)

      by tommck ( 69750 ) on Sunday February 22, 2004 @11:11AM (#8355424) Homepage
      Did you see the jobs they have? assistant in a home for the disabled?
      There aren't that many high tech jobs in eastern Europe. I know a guy who moved to the US from Bulgaria and he said that all his friends were bored with life and wrote viruses for fun. Nobody there would hire them to do tech work.

      Ironically, now that outsourcing is targetting Eastern Europe, one of your problems (viruses, etc) might be subdued a bit (a bit!) by one of our other problems (jobs leaving the country). Of course, people elsewhere will always be around to write them.
    • Re:Virus Writers (Score:5, Insightful)

      by Dark Lord Seth ( 584963 ) on Sunday February 22, 2004 @11:25AM (#8355479) Journal

      These aren't virus writers, these are just regular script kiddies. Nothing interesting.

  • by Anonymous Coward on Sunday February 22, 2004 @10:58AM (#8355367)
    And the technical side of the article is a pile of shit as well. Virii don't "reprogram parts of your computer". Script kiddies generally don't download virii, but trojan clients.
  • by PollGuy ( 707987 ) on Sunday February 22, 2004 @11:00AM (#8355374)
    Think that's code for "From the >/dev/null dept."?

  • by Anonymous Coward on Sunday February 22, 2004 @11:01AM (#8355378)
    Whenever I disassembled viruses or worms, I had to scream. Even in the good old DOS-times and even with bootsector viruses, where size was an important factor, they were simply horrible written. (i.e. unnecassary bloated)

    While some may imply in their posts, that virus writers are technically skilled, I've yet to see a single example of beeing better than the avarage bad programmer...
  • Complete Bullshit (Score:5, Interesting)

    by ktanmay ( 710168 ) on Sunday February 22, 2004 @11:01AM (#8355381)
    It's not like I don't have appreciation for the fine arts, but this is taking it too far, it is almost to the extent of patronizing virus writers.

    Ok fine, what if someday, a student doing research in microbiology decides, just for the sake or fine arts, I'll release a mutant plague bacteria...
  • by nordicfrost ( 118437 ) on Sunday February 22, 2004 @11:02AM (#8355384)

    With quotes like this: 'This guy,' he proclaimed, 'is the best at Visual Basic.' I really understand the level of these guys... Show me an 1 k, auto-replicating, ASM-written worm spreading like the lightening through an undocumented hole and I'll be impressed. These are nothing more than wannebe punks.
  • Nothing like two [] consecutive dupes [] to start a Sunday!

    And here I was, with my coffee and breakfast all ready to read /. till lunch :(

    Next story please!

  • Just an idea! (Score:4, Interesting)

    by HaRR0 ( 755365 ) on Sunday February 22, 2004 @11:02AM (#8355390) Homepage
    Maybe if the government or anti virus companys made like an online virtual internet for young people to upload there virus into this "virtual internet" to watch it spread and make a game like point scheme or something along the lines there wouldnt be much havoc online , I think it is mostly boredom that virus creaters do this for!
    • Re:Just an idea! (Score:2, Insightful)

      by rholliday ( 754515 )
      I think the government's time and money would be best spent elsewhere. That would be a major, and largely pointless, undertaking. And even if for some godawful reason a "virtual internet" was created to be the punishment-free testbed for young virus writers, with their egos, they would never be satisfied until they got on the "real" internet and messed with "real" people.
  • by CGP314 ( 672613 ) <(ten.remlaPyrogerGniloC) (ta) (PGC)> on Sunday February 22, 2004 @11:04AM (#8355397) Homepage
    First time from wired... it's a story.

    Second time on NYT... it's a dupe.

    Third time on the observer... it's a trupe?

    -Colin []
  • cash money (Score:5, Funny)

    by CGP314 ( 672613 ) <(ten.remlaPyrogerGniloC) (ta) (PGC)> on Sunday February 22, 2004 @11:10AM (#8355419) Homepage
    Boy, I'd love to be the author of that article. He just keeps making money selling it over and over again. In addition the paper's owners must take note of his name when it draws a metric herd of slashdotters.

    ::Walks off to write an article about virii::

    -Colin []
  • Wreck MY computer? (Score:4, Insightful)

    by Anonymous Coward on Sunday February 22, 2004 @11:14AM (#8355431)

    Sorry, no, all my computers run Linux, FreeBSD and Mac OS X.

    I wish that, just for once, articles aimed at the public would be a little more accurate."

    "He's 21, he's got dreadlocks, likes punk bands... and if you use Microsoft software, his hobby could wreck your computer in seconds"

  • by tagishsimon ( 175038 ) on Sunday February 22, 2004 @11:17AM (#8355439) Homepage
    Umm. Slight absence of any mention of virus writing for profit: there's enough evidence that a number of recent virii were mainly about installing SMTP Relays on infected machines to propogate spam, or leaving a backdoor open so that this could later be done.

    Or else installing DDOS software aimed at Spamhaus servers, or leaving backdoors open for same.

    So. Art: Check. Vandalism: Check. Profit Motive: Check. Insubstantial "infiltration" by journalist: Check.

    Ferinstance 23258&mode=nested []

    - Oops. There goes Spamhaus []

    - most of this week's crop install backdoors. 51056136 []

    - Your IP Addy for sale to a spam-merchant near you...
  • Terrorism (Score:3, Interesting)

    by octal666 ( 668007 ) on Sunday February 22, 2004 @11:17AM (#8355442)
    Well, actually terrorism is using threats and violence to force someone to think or behave as you want.

    Common virus-writers are more like random violence, they do not use to pursue economical or political agendas, more usually want recognition inside their own community.

    I, for one, am fed up with this ciber-terrorists media propaganda.
  • OT: Punk? (Score:5, Funny)

    by nurb432 ( 527695 ) on Sunday February 22, 2004 @11:20AM (#8355451) Homepage Journal
    Since when is Iron Maden considered punk? Geesh, pansy...
  • Nice guy (Score:5, Funny)

    by Dark Lord Seth ( 584963 ) on Sunday February 22, 2004 @11:22AM (#8355460) Journal
    'Anyone can rewrite a hard drive with one or two lines of code,' he says. 'It makes no sense. It's really lame.' Besides which, it's mean, he says, and he likes to be friendly.

    Then come over and install your friendly little programs on my PC. You can do so for free! No more annoying "distribution" anymore, you just come here, install your friendly little program and leave*, that is all. Sounds like a deal? Tell me in advance, because I might need to buy some essentials** for your visit.

    * Might or might not involve a hearse.
    ** Like a toe tag and body bag.

  • by bdejong ( 312792 ) on Sunday February 22, 2004 @11:23AM (#8355467) Homepage []

    - bram
    • by Fnkmaster ( 89084 ) * on Sunday February 22, 2004 @12:23PM (#8355778)
      Wow, BAT files and Javascript viruses! Man, that is K-RAD! Reminds me of going to a computer store and editing autoexec.bat to do an ECHO "THIS COMPUTER SUCKS" loop when I was 10 years old. Would really confuse the people who worked there.

      Anyway, anybody who thinks this qualifies as elite virus writing needs their head examined. There is really nothing elite about a script file. Not to mention that it should be apparent in this day and age that trashing other people's computers is not only very uncool but incredibly likely to get you thrown in federal pound-me-in-the-ass prison.

  • by tealover ( 187148 ) on Sunday February 22, 2004 @11:30AM (#8355505)
    Here's a link [] to the first paragraph.

    Is this a copyright violation ?
    • Is this a copyright violation ?

      No. Since it credits the author it's certainly been paid for. (It'd be far too easy to prove plagiarism if not.) Either the NYT syndicated it or the writer himself, depending on his contract with them.

      Actually most of the interesting articles in the NYT get sundicated. If you want to read one that requires a payment to read (after a few weeks) just use their search function which gives you a paragraph or two and then Google on a likely phrase. You ususally find a copy of it

  • cannot kick-start? (Score:5, Insightful)

    by bo0ork ( 698470 ) on Sunday February 22, 2004 @11:32AM (#8355519)
    "A virus cannot kick-start itself; a human needs to be fooled into clicking on it."
    What, the author never heard of floppy disks, autostart.ini or malformed html?
  • by rjshields ( 719665 ) on Sunday February 22, 2004 @11:38AM (#8355546)
    When Mario is bored, he likes to sit at his laptop and create computer viruses and worms. Online, he goes by the name Second Part to Hell.

    I suggest a new handle for Mario - Two Sandwiches Short of a Picnic
  • Hacks are art. (Score:2, Insightful)

    by Cybrr ( 535845 )
    Cracks are not.

    It's easier to destroy than to create.
  • by Robo Dojo ( 570993 ) on Sunday February 22, 2004 @11:54AM (#8355625)
    1. Cooking*
    2. Cars
    3. Boats
    4. Trains
    5. Swords
    6. Guns

    Just because you do them, doesn't mean you test them out on innocent people. How are these virus writers any different?

    *Applies to slashdot readers, only.
    • by rmpotter ( 177221 ) on Sunday February 22, 2004 @12:24PM (#8355783) Homepage
      Well... the act of creating a virus and storing it on a publicly accessible web server _is_ tantamount to distributing it, is it not? Would you take a bag of loaded hand guns and leave them on the floor in the middle of a daycare? Would you park your unlocked, running Ferrari next to a bar and ask a group of drunken patrons to "watch" it for you? In some ways, a computer virus is to software as hate literature is to the printed word. I don't see a solution to either problem. At best, I would hope virus writers would "share" their code in a more responsible -- ie more restrictive -- way. Open, unauthenticated access to destructive software should not be legal. "Free expression" -- even if it is a piece of software -- should not be permitted to harm millions of people. Perhaps legal virus writers should be regulated -- much like companies who produce and ship hazardous materials.
  • Virus Conspiracy (Score:3, Interesting)

    by superpulpsicle ( 533373 ) on Sunday February 22, 2004 @12:51PM (#8355936)
    If you think teenage punks are the ones writing all the virus you're in for a surprise.

    Someone needs to do some serious research and see how many came out of Norton Lab.

    It's easy to blame some kid playing a guitar in his bedroom. It's another thing to hire a lawyer and blame virus scan companies.
    • by jjohnson ( 62583 ) on Sunday February 22, 2004 @01:48PM (#8356221) Homepage
      If you have any evidence, or anything beyond "it all fits" type speculation, then you've got a huge story there. If you don't, then your tinfoil hat is showing.
      • Re:Virus Conspiracy (Score:3, Interesting)

        by Reziac ( 43301 )
        There was an interview with McAfee himself back about 1989 (probably to plug his book) in which he made some remark to the effect that it behooved antivirus companies to "create a market" even if that meant releasing viruses themselves.

        While I don't *know* of any such activities by AV companies, this interview may well be the origin of such rumours -- it wasn't exactly the sort of thing as to inspire consumer confidence!

        Someone here on /. posted a link to the interview (this was about 2 or 3 years ago), a
  • Karma penalty ? (Score:5, Insightful)

    by S3D ( 745318 ) on Sunday February 22, 2004 @12:54PM (#8355949)
    Sholdn't be there Karma penalty for posting dup...triplicate article ? Isn't it amount to trolling ?
  • by Andrevan ( 621897 ) on Sunday February 22, 2004 @01:09PM (#8356014) Journal
    The New York Times Magazine a little while ago had a slightly more insightful article which also interviewed the dreadlocked guy and Phil3t0aster and stuff, additionally taking a peek into the culture of virus writers and script kiddies. I don't know if they put their magazine stuff online, but it was a good article.
  • by gad_zuki! ( 70830 ) on Sunday February 22, 2004 @01:13PM (#8356031)
    Let look at a lot of these exploits, they generally are .scr, .vbs, .bat, etc files. By blocking these attachments by default you're going to avoid most attempts at compromising your machine.

    Sure, this is old hat to slashdotters, but I think it would behoove all email client writers to do this by default as MS does now. Now, that leaves us with macro word/excel viruses, other exploits, and the zip files themselves. The first two can be taken care of by a competent virus scanner or system patching and the latter forces the user to open the zip archive thus revealing the true extension (most compression utilities do this) and copies the file(s) to some location thus giving the virus scanner more of a chance to check the thing for viruses.

    Its far from a perfect solution, but it will make people sensitive to file extensions and file types. It will also save disk space and bandwidth by compressing attachments (or even the message itself). Added functionality can be added like signed zip archives, AV hooks into zip programs, etc. Heck, the zip format already provides a cross-platform encryption scheme. Sure its not 3DES/RSA or anything, but it sure beats nothing (especially for those worried about sniffing).

    This is essentially the setup many of the companies I work with have. You get your pdf, doc, xls, etc but anything executable is either deleted or quarantined. I don't see why email clients written for residential customers can't do the same.

    Data loss isn't even an issue, the worst case scenario is asking the guy who sent you that .exe to zip it because your mailer doesn't support executable extensions. If you get a bounce back or a message saying "I didnt send you an .exe" then you can safely assume the file is no good and just delete it or set your mailer to auto-delete.

    This can be done in three steps:

    1. Implement auto-zipping. Geeks and security sensitive people will probably enable this by default. Or it should be default with newer version of mailers.

    2. Once a significant amount of traffic is in the zip format set your mailer to reject all executables. It also could auto-remail the person sending you executables. (this may be exploited by spammers looking for live email addresses).

    3. Watch zip vendors work closer with AV vendors to provide better protection from viruses in zip archives.
    • Why don't mailers just forbid executables by default?
      Not by looking at extensions, but by looking at the header.

      Who ever needs to send executables by mail?
      Not the millions that do get infected by viruses now.

      I don't see the need to zip them. Just reject them.
      Maybe setup some new service for "shared data" on Internet (has existed before) where you can put the executables that you would have otherwise mailed. Of course, virus-scanned.
    • Outlook Express automatically blocks any attachments which could potentially be viruses. But then the users get annoyed and uncheck it.
  • How many more times does that article have to appear in newspapers before it's considered a virus? ;)
  • Prison is not appropriate punishment for these jackasses. In fact, it's counterproductive, as it extinguishes any possibility for redemption. Prison is basically a trade school for criminals.

    Some of these kids are quite smart and would have a bright future if they stayed on the rails. Prison will not correct them. Shame and pain will.

    Therefore, I propose we whip them bloody in the public square, then let them go.


  • Score: -1, Troll
    He calls VB a computer language.
  • Quit using MS Outlook. It's address book is a well written virus cannon capable of well-aimed bursts or scatter shot that can cover the globe in days. Outlook Express is no different. It may be a crippled version of Outlook but we all know it's cannon functions exactly the same way. ;-)
  • Old Article (Score:3, Informative)

    by snookerdoodle ( 123851 ) on Sunday February 22, 2004 @03:21PM (#8356719)

    While this article is dated today (2/22/04) in the guardian, it appeared at least a couple of other places a couple of weeks earlier:

    The Impact Lab [] Some place called "sofa. rites de passage" []

    And in the NY Times 2/8/04 ($ required):

    The Virus Underground []


  • by frovingslosh ( 582462 ) on Sunday February 22, 2004 @04:29PM (#8357067)
    He's 21, he's got dreadlocks, likes punk bands...

    Sounds like we now know who to send the mobs with torches and pickforks after.

MESSAGE ACKNOWLEDGED -- The Pershing II missiles have been launched.