Slashdot Mirror
The World of Virus Writers
No_Weak_Heart writes "Looking for a little weekend reading? You might try the cover story from this week's NY Times Magazine. It's titled The Virus Underground, and it takes a look at the world of malware scripters, virus writers and worm designers."
Someone did. It masquerades around the web and is known as "Google" :)
. ny times.com%2F2004%2F02%2F08%2Fmagazine%2F08WORMS.ht ml&sourceid=mozilla-search&start=0&start=0&ie=utf- 8&oe=utf-8
http://www.google.com/search?q=http%3A%2F%2Fwww
Now click the url it instructs you to.
The Virus Underground
By CLIVE THOMPSON
Published: February 8, 2004
his is how easy it has become.
Mario stubs out his cigarette and sits down at the desk in his bedroom. He pops into his laptop the CD of Iron Maiden's ''Number of the Beast,'' his latest favorite album. ''I really like it,'' he says. ''My girlfriend bought it for me.'' He gestures to the 15-year-old girl with straight dark hair lounging on his neatly made bed, and she throws back a shy smile. Mario, 16, is a secondary-school student in a small town in the foothills of southern Austria. (He didn't want me to use his last name.) His shiny shoulder-length hair covers half his face and his sleepy green eyes, making him look like a very young, languid Mick Jagger. On his wall he has an enormous poster of Anna Kournikova -- which, he admits sheepishly, his girlfriend is not thrilled about. Downstairs, his mother is cleaning up after dinner. She isn't thrilled these days, either. But what bothers her isn't Mario's poster. It's his hobby.
When Mario is bored -- and out here in the countryside, surrounded by soaring snowcapped mountains and little else, he's bored a lot -- he likes to sit at his laptop and create computer viruses and worms. Online, he goes by the name Second Part to Hell, and he has written more than 150 examples of what computer experts call ''malware'': tiny programs that exist solely to self-replicate, infecting computers hooked up to the Internet. Sometimes these programs cause damage, and sometimes they don't. Mario says he prefers to create viruses that don't intentionally wreck data, because simple destruction is too easy. ''Anyone can rewrite a hard drive with one or two lines of code,'' he says. ''It makes no sense. It's really lame.'' Besides which, it's mean, he says, and he likes to be friendly.
But still -- just to see if he could do it -- a year ago he created a rather dangerous tool: a program that autogenerates viruses. It's called a Batch Trojan Generator, and anyone can download it freely from Mario's Web site. With a few simple mouse clicks, you can use the tool to create your own malicious ''Trojan horse.'' Like its ancient namesake, a Trojan virus arrives in someone's e-mail looking like a gift, a JPEG picture or a video, for example, but actually bearing dangerous cargo.
Mario starts up the tool to show me how it works. A little box appears on his laptop screen, politely asking me to name my Trojan. I call it the ''Clive'' virus. Then it asks me what I'd like the virus to do. Shall the Trojan Horse format drive C:? Yes, I click. Shall the Trojan Horse overwrite every file? Yes. It asks me if I'd like to have the virus activate the next time the computer is restarted, and I say yes again.
Then it's done. The generator spits out the virus onto Mario's hard drive, a tiny 3k file. Mario's generator also displays a stern notice warning that spreading your creation is illegal. The generator, he says, is just for educational purposes, a way to help curious programmers learn how Trojans work.
But of course I could ignore that advice. I could give this virus an enticing name, like ''britney--spears--wedding--clip.mpeg,'' to fool people into thinking it's a video. If I were to e-mail it to a victim, and if he clicked on it -- and didn't have up-to-date antivirus software, which many people don't -- then disaster would strike his computer. The virus would activate. It would quietly reach into the victim's Microsoft Windows operating system and insert new commands telling the computer to erase its own hard drive. The next time the victim started up his computer, the machine would find those new commands, assume they were part of the normal Windows operating system and guilelessly follow them. Poof: everything on his hard drive would vanish -- e-mail, pictures, documents, games.
I've never contemplated writing a virus before. Even if I had, I wouldn't have known how to do it. But thanks to a teenager in Austria, it took me less than a minute to master the art.
Mario drags the virus over to the trash bin on his computer's desktop and discards it. ''I don't think we should touch that,'' he says hastily.
im a bit of a zealot myself - but in fairness to other OS', not particularly MS--if one was used as much as Windows is, I could be sure there would be many more viruses than currently exist, for say, Linux, currently.
Not the extent that exist for Windows, however.
We're like rats, in some experiment! -- George Costanza
I won't say where or whom, but there are some virus writers that work for major software corporations - not for writing AV software, but rather to put out viruses to punish software pirates. If Joe Blow stops worrying about viruses, after all, there's going to be a lot more 'liberated' software floating around.
It's already been done Just type in the URL like this and then click on the link.
After the IBM superbowl commercials? Id say several million.
no
Here's the kiddies website: http://www.geocities.com/spth666/main.htm
mix_master_mike
vafrous
Well that would do you absolutely NO good what-so-ever. It's amazing the amount of people that think they know about a subject, when they are really very ignorant... Believe it or not there are "white hat" virus writters just like hackers.. YAM (Youth Against Macafee) was one of the biggest back in the day.. Here's why your wrong: "I have written a how-to about using Mozilla Mail to avoid Windows viruses." Well, it might help protect against an OUTLOOK virus, but how the hell does it prevent "Windows" type virus? If I stick an infected floppy into your computer does Mozilla block it?? lol..
Mod +5 Drunk
This type of virus is at least a decade old, why worry about it now? In fact the older virus creation lab (Search for that if you want proof, you'll find it) automattically created self-morphing virii using the assembler 8086 code set. The sky isn't falling, and any virus detector can pick up morphing virii.
Mod +5 Drunk
I've always been surprised that I have *never* found a virus or a backdoor in a crack or a keygen I downloaded off one of those sites. If there someone their trying to punish isn't it more likely freeware users? Anyone remember Whack-a-Mole?
Quack, quack.
Take the url for the second page, search it in google, click the link and so on ad naeseum since it looks to be one hella long article.
The photographer, Ryan Mcguinley, made a splash last year with his show at the whitney
he is famous for his pictures of the east village gay-grafiti scene.
This is a popular comment to make and I'm sure the MS marketing dpeartment is doing everything it can to keep it alive. Unfortunately, it is utterly, totally and completely wrong.
You assume that the number of viruses is directly proportional to the percentage market penetration of a given OS. You have absolutely no data to support this. Conversely, the claim that the number of viruses in the wild is proportional to the number of security flaws in a given OS is much more supportable and defensible.
It's simple: I demand prosecution for torture.
That was a great way to duplicate the link in the story submission....you know, without the google referrer.
:)
A real service you did us there
It's nothing but crumpled porno and Ayn Rand.
Those virus writers are poor misunderstood scientists. They are really just researchers into artificial life forms. Occasionally one or two are bound to escape into the wild. If you come across one in the wild you should leave it be, don't feed it or take it home as a pet.
Government of the people, by corporate executives, for corporate profits.
Yeah, just like the "The doument you are opening contains macros or
customizations. Some macros may contain viruses that could harm your
computer. [...]" warnings prevented Word macro viruses...
A user naive enough to click on such a link does, in some important
sense, _want_ to visit that page. Your suggested warning is just
another thing that such users see as "getting in the way of doing what
I want to do". Therefore, if implemented it would become more part of
the problem than the solution (as users will become ever more familiar
with ignoring "warnings" and clicking through them). If you understand
users, you will know that in helping them to not shoot themselves in
the feet, the only useful appraoch is to remove everything capable of
firing the bullets (and quite a few things beside!)...
On the Word macro virus front, things got notably better _NOT_ when MS
implemented the above warning (that the users could blithely ignore and
even _disable_ right there on the warning dialog -- what a travesty of
mis-design that was!) but when it released a version of Word that
defaulted to not running macros unless they were signed with an
acceptable (as configured by the user/admin) key (there are legion
flaws in the design of this feature, but it was strong enough to
significantly impact the Word macro virus problem). In IE, removing
support for this mis-feature (read RFC 2616) will have a much greater
impact than trying to "direct" users who don't want to be directed with
"warnings" and other stuff that "gets in their way".
I'm pretty sure, from the way others have posted on this article, and from the tech skills of the reporter, that it was a double-extension trojan, i.e. "file.jpg" was actually "file.jpg.bat" or whatever.
Although this is most likely the virus that is created by this program, it is also possible to write a program thus that pretends to be a JPEG, with the way Windows handles extensions.
I [may] disapprove of what you say, but I will defend to the death your right to say it.
Correction. They have no virus, trojan, worm, etc that you know of. And of course you would have no way of knowing because you dont run a firewall or antivirus. For all you know your sending out tons of email and infecting other systems. Do us all a favor, turn on the freakin firewall. It came free with the OS if your too cheap to buy a hardware solution.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Windows (or any operating system) needs more than an extension to execute a file. In order for a program to self execute it needs it needs to be compiled for your operating environment. If you rename Something.exe to Something.jpg Windows will first look at the extension then send your jpg file to the associated viewer to be interpreted as jpg data (which it is not, and thus cause the jpg viewer to produce an error (if it is well written), or crash (if it is not). Now if you take a jpg file and rename it to an exe and double click on it. Windows will assume that the program is executable, and it will load the boot header (collection of bytes at the start of any executable that is produced when the program is compiled) and grant all requests that the boot header asks for (things like memory, address space, etc). If this process fails in any way (like, say, the boot header is complete garbage because it's really jpg data) then the operating system (if it is good) will produce an error, or (if it is bad) crash. So JPG's cannot double as executables nor the other way around. BUT...
It is possible that embedded in the meta data of the JPG file (usually used for embedding the date the file was created and the camera used to take it) is some compiled machine code (it would have to be small and simple otherwise the size of the JPG file would disproportionate to the actual image) and IF the JPG viewer that some unlucky user had, contained some buffer overflow error, then it might be possible to load a simple program into RAM, then by virtue of the buffer overflow get it to execute and thus enabling a larger more complex program to run.
However this error would only exist in that specific version of that specific software, so it's ability to spread would be limited. The danger is if the program that interprets that JPG file is system wide or part of Windows standard suite of applications. Then your audience is huge. This is what makes Windows such a dangerous platform for script viruses. Because they have chosen to make their IE engine the central rendering engine of all of their applications (and they have made it easy and powerful enough to entice just about every other application developer to use it as well). Further more they have given their IE engine so many abilities, like the ability to arbitrarily execute machine code (this is how by visiting Apple.com you can install QuickTime, because the web site can download a program on your computer and execute itself, true you need to approve it, but once you say yes every subsequent visit is automatic, they REALLY need to add a "Never trust This source" checkbox) This means if there is a single flaw in the IE engine then that flaw is exploitable across every windows workstation and every application that uses IE as a rendering engine. Now why Mozilla doesn't make an ActiveX Gekko engine with the same function names as the IE ActiveX module so users have a choice which rendering engine they want, is a mystery to me yeah it would be hard, but it's not like Microsoft could pull the rug out from under them, Microsoft is very invested in their API, any change they made to it would break all the 3rd party apps.
-Jason
Here's a clickable link that does work.
From there, click the link that says "try visiting that web page by clicking on the following link".
Keep in mind the Swiss have mandatory gun ownership, and have more guns per capita than the US, however gun related crime is extremely rare in Switzerland.
h ee t.htm
Fact sheet about swiss gun regulations:
http://pages.prodigy.net/vanhooser/swiss_fact_s
(/. breaks up the link a bit)
Patent: from Latin patere, to be open
I fail to understand why everybody waites for a subscription free link to NY times.Come on if we can register and login at Slashdot why cant we have nonsensical false name logins at NY times?
Wanted : A Signature.
I read 4 of the 10 dreadful pages of this article. I finally had to stop reading after many times, stopping and thinking how much information in this article is totally false. It wasn't a totally loss, I really did get a good laugh out of the parts taht wern't 100% dreadful. Everything about the "life" or "lifestyle of a virus writer and his 9 yearold friends" is maybe true for 1% of script kids who could even come in range of being concidered a "virus writer". This artice is a sorry excuse for what you call "decent research about the subject". All of us are dumber even having read it. *AGHHH!*
So if you asked me, "In once sentance, what did you think of that article?" I'd reply, "A compete waste of bytes."
-mod6