Slashdot Mirror

← Back to Stories (view on slashdot.org)

The World of Virus Writers

Posted by michael on from the underachiever dept.

No_Weak_Heart writes "Looking for a little weekend reading? You might try the cover story from this week's NY Times Magazine. It's titled The Virus Underground, and it takes a look at the world of malware scripters, virus writers and worm designers."

23 of 505 comments (clear)

  1. Losers by BWJones · · Score: 5, Insightful

    it takes a look at the world of malware scripters, virus writers and worm designers.

    I guess my initial reaction was fsck 'em. Fsck 'em all. However, it could be suggested that they have made corporations and governments aware of many intrinsic insecurities in certain popular operating systems which may have prevented some larger potential catastrophe. The problem for these guys, is that we will never know and they will continue to be reviled and hated as losers. (That is unless they are talented enough to score a job with Symantec, the NSA or some other organization dealing with comp. security.)

    --
    Visit Jonesblog and say hello.
    1. Re:Losers by Rand+Al'Thor · · Score: 5, Insightful

      That may be a side effect in very few cases, but for the most part I think it's safe to say there is no redeeming factor to any virus or its author.

    2. Re:Losers by Dukael_Mikakis · · Score: 5, Insightful

      It's true that virus writers are malevalent and don't have pure intentions when hacking their scripts and all, but in a general sense, where would our security be without virus writers?

      If you consider computer security like the human immune system, then perhaps it may be seen that these people (while malicious) allow security to keep up with that hacks that can be done. If you kept a person in a bubble for twenty years and then promptly released him into the dirty, disease-ridden world he'd likely get sick and potentially die pretty quickly, as his body has no capacity to survive the world. However, with immunizations (i.e. intentional delivery of malicious agents in small doses, possibly on some schedule) and just general exposure to the germs in the world, most people have no problem surviving this world. Yes, MyDoom, and Trojans, and all the other viruses are more than nuisances and they cost people time, money, data, and other things, but these are in relatively small doses. If we had been in a bubble free of viruses for all this time, then whenever we're released into the "real world", anybody could take advantage of all these exploits (open sockets, DDoS, back doors, etc.) at once and perhaps bring the whole infrastructure down.

      It's the fact that virus writers are always developing viruses and releasing them that allows us to fix these problems individually, on a manageable time-scale. If they wanted to do some damage, maybe they should withhold all their viruses and unleash them all at once to cripple everything so much more.

    3. Re:Losers by BWJones · · Score: 5, Insightful

      If you consider computer security like the human immune system, then perhaps it may be seen that these people (while malicious) allow security to keep up with that hacks that can be done.

      If you make the biological systems analogy, you will also have to acknowledge that a diverse operating system ecosystem is critical to the health and well being of things, especially as the Internet becomes more widely available. We need Linux, IRIX, Solaris, Windows, OS X and embedded OS's to maintain the health of things.

      --
      Visit Jonesblog and say hello.
    4. Re:Losers by BWJones · · Score: 3, Insightful

      What confounds me is that there hasn't been a major virus with a real nasty payload, say a virus that spreads like MyDoom, but after sending itself out to all the email contacts found, it proceeds to nuke the drive by writing random junk through it all (preventing any way of recovering the data).

      Like really virulent biological virii, computer virii that work this way will limit the extent to which they can spread......unless of course.......they work out slightly more sophisticated methods of damage, or they delay the damage for a period of time before "expressing" themselves.

      --
      Visit Jonesblog and say hello.
    5. Re:Losers by GoodNicsTken · · Score: 5, Insightful

      That's where I think your completely wrong. I'm actually surprised more of the /. crowd doesn't agree with the following viewpoint:

      Software flaws exist PERIOD. They always have and always will. What would you rather have:

      1. A small group of 100 or so people (Govenrment, individuals, organized crime, etc) with the ability to log into your machine, do whatever they want to with it (Set up a kiddie porn ring, steal your identity, etc.)

      2. A virus that exploits the flaw, disrupts computer networks forcing people to patch the flaw. (Many still don't, as Code Red is alive and well)

      I'm all for #2. The flaws exist. Without viruses, then people would NOT patch there systems. When somebody relases a virus, they are saying, hey there's a problem here that needs immediate attention or just about anyone can take over your computer. These guys should be rewarded not punished. IMO they are performing a service letting everyone know of a flaw they discovered, and providing incentive to correct the flaw.

      As computers become a bigger part of our everyday life, they are trusted more and more. I would be a lot more concerned in a world with no viruses, and computers that are generally considered "Secure." That puts the power to ruin someones life in the hands of a few.

    6. Re:Losers by IthnkImParanoid · · Score: 3, Insightful

      If the virus nukes the drive, the DDoS and/or backdoor is suddenly no longer effective. Computer viruses, unlike the biological kind, have a goal in mind in addition to mindless reproduction. If the point is to open a backdoor to allow spammers to use it, why kill off your host?

      --
      It's nothing but crumpled porno and Ayn Rand.
    7. Re:Losers by radish · · Score: 4, Insightful

      They did, back in the old days. I'm thinking of the bootsector viruses, and exe-infectors. These frequently had payloads to format c: on Davinci's birthday or some such thing. The thing is, now most "infections" aren't from true viruses, but trojans or worms. They also usually have a purpose, which is often backdooring a box to use it as a spamrelay or something. So kill the box, you kill the reason for writing the worm in the first place. In fact, not only that, but if you do anything which looks interesting, you increase your chances of getting discovered, and removed. The best worms get in, stay quiet, and attempt to spread. I like to think of them less as viruses and more as parasites - organisms which depend on their host for their own existence, and so have it in their best interest to preserve it not kill it.

      --

      ---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"

  2. Reporters.. by grub · · Score: 5, Insightful


    Whenever I read of a new virus or hear of one on the radio, I wish they'd start to hammer home the fact that 99.99% (wild number I pulled from my arse) of these affect Windows machines only. The ignorant masses just assume that viruses and worms are a way of life, they don't know that it's a way of life only if you use a certain OS.

    --
    Trolling is a art,
    1. Re:Reporters.. by shamilton · · Score: 3, Insightful

      I have two Windows XP boxes which I use near continuously, and neither have ever had any sort of virus, trojan, worm, etc. One of those is completely without a firewall.

      Not that I'm any sort of Windows zealot -- my two windows boxes are eclipsed by a dozen or so BSDs between home, work, and server room, which seem to require far more frequent security maintainence.

      --
      "[A] high IQ is like a Jeep; you will still get stuck, just farther from help!" --Just d' FAQs, c.g.a
    2. Re:Reporters.. by metlin · · Score: 4, Insightful

      You're right, most of these are kids who have just learnt programming on Windows. I'll quote from the article --


      ''This guy,'' he proclaimed, ''is the best at Visual Basic.''

      In the virus underground, that's love. Visual Basic is a computer language popular among malware authors for its simplicity; Philet0ast3r has used it to create several of the two dozen viruses he's written.

      This is the problem - back when I was a kid, I used to mess around with things like TSRs and assembly code to create things that had virus like behaviour to scare the crap out of my teachers in school.

      These days, these kids just pick up an odd scripting language or two, or some easy language like VB and just do malicious code simply because its easy.

      This is not programming or 'crazy skills' - its sheer adoloscence being shown in another way.

      Instead, if they spent their time tinkering with the internals of a Linux Kernel or coding other cool stuff (like, Scene graphics programs, for instance!) it would be a much better use of their time and enthusiasm.

    3. Re:Reporters.. by npsimons · · Score: 4, Insightful
      if one was used as much as Windows is, I could be sure there would be many more viruses than currently exist, for say, Linux, currently.

      That, sir, is a fallacy. There is no hard evidence to support that claim, and there probably never will be. As a counterpoint, however, consider how many web servers run Linux and Apache versus how many run Windows and IIS. Then consider how many worms and security holes there are for those respective platforms.
      --
      Nathan's blog
  3. this helps prove... by tsunamifirestorm · · Score: 5, Insightful

    my theory that the most dangerous people are people who are bored.

  4. Master? by sperling · · Score: 5, Insightful
    But thanks to a teenager in Austria, it took me less than a minute to master the art.

    The author's obviously as clueless as any nontechie trying to explain or master anything technical. Such a trojan creator could be created in an hour by any competent programmer. The existing virus underground would fall over laughing if anyone dared claiming knowledge or skill after using or creating this tool.

    --
    The next great MMORPG.
  5. All been said before by lambent · · Score: 5, Insightful

    I managed to read the first of 10(?!) pages before I decided it was just another alarmist (altho slitely journalistically poetic) piece of trash.

    They're trojans, not viruses. I haven't seen a respectable virus in like 5 years. Viruses are self replicating. Trojans require lusers to activate. (britney--spears--wedding--clip.mpeg, indeed). What pisses me off is this reporter's beliefe that all this terminology is synonymous (virus, trojan, worm).

    After reading the next few pages, i was surprised that the author bothered to extrapolate on the terminology "script-kiddie". (Nice job, Clive) But then he goes on about dreadlocks being the hairstyle of choice .... buh.

    After that it degenerates into political commentary.

    What the hell ever happened to ASM viruses? What happened to TINY?

    My favourite quote: "This guy is the best at Visual Basic". That's not a compliment, dude. That's like being the best at tying your shoelace.

  6. Re:Article Text by DR+SoB · · Score: 4, Insightful

    Thanks for posting the full article! So it's a BATCH FILE generator they are getting worked up about? LOL! Try running a search for "Virus Creation Laboratories" or "VCL", and you will see a tool that has been around since the EARLY 1990's that does a MUCH better job then a batch file creator. You can actually pick from a variety of languages and it will auto-generate the code. (is it really good to post this stuff on /. anyways? I shudder thinking of how many script kiddies are probably reading this!). A batch file Trojan, btw, is NOT a computer virus.

    --
    Mod +5 Drunk
  7. I hate the press... by Awptimus+Prime · · Score: 4, Insightful

    "Looking for a little weekend reading? You might try the cover story from this week's NY Times Magazine. It's titled The Virus Underground, and it takes a look at the world of malware scripters, virus writers and worm designers."

    It's not a "world". It's something someone does when they sit down at a desk. I really wish the things some geeks do would quit being portrayed with such silly words.

    Over-dramatized, to portray an image that is very rarely accurate. It's, most often, some boring person with a bone to pick with the system or a company. Yeah, so they used code instead of throwing a brick through a window. That doesn't make them any more interesting than a teenager bashing a mailbox.

  8. The "Scene"? by officepotato · · Score: 4, Insightful

    I have to wonder, when reading articles like this, how closely does the "scene" the article's author has discovered relate to the larger population in general. I've read a few articles that seem to be essentially interviews of some random, anonymous, highschooler, that supposedly represents the general population of computer-savvy evildoers.

    Are there actual, functioning, hacker groups, of a scale larger than Joe and his friends? It seems that the social attitude that accompanies black-hats (at least from the article that I'm questioning) doesn't lend itself to large organizations or control structures.

    On the other hand, it is kinda cool to imagine that there's a huge organized computer-crime secretly flourishing across the country. You could make a movie about that sorta thing, maybe call it "Hackers". Oh, wait...

  9. I agree by dsci · · Score: 3, Insightful

    For the sheer intellectual challenge, Philet0ast3r replied, the fun of producing something ''really cool.'' For the top worm writers, the goal is to make something that's brand-new, never seen before. Replicating an existing virus is ''lame,'' the worst of all possible insults.

    and

    Philet0ast3r said he isn't interested in producing a network worm, but he said it wouldn't be hard if he wanted to do it. He would scour the Web sites where computer-security professionals report any new software vulnerabilities they discover. Often, these security white papers will explain the flaw in such detail that they practically provide a road map on how to write a worm that exploits it. ''Then I would use it,'' he concluded. ''It's that simple.''

    So these *expert* programmers (of Visual Basic) read of security vulnerabilities that describe the exploit, then code it, and call *that* new and creative.

    This NYT article completely overrated the skill of these 'worms.'

    --
    Computational Chemistry products and services.
  10. If a Virus writer want to be a real pain... by Ghengis · · Score: 3, Insightful

    And get some script kiddies in trouble, he'd just post the executable, and not tell anyone that it also emails authorities around the world information about the computer you run it from. While this may "brown-out" some servers as the article says, it would leave a nice trail to the luser who started the whole mess.

    --

    "The best laid plans of mice and men gang oft agley..." - ROBERT BURNS

  11. Naive by hackrobat · · Score: 5, Insightful
    The Slammer worm would find an unprotected SQL server, then would fire bursts of information at it, flooding the server's data ''buffer,'' like a cup filled to the brim with water. Once its buffer was full, the server could be tricked into sending out thousands of new copies of the worm to other servers. Normally, a server should not allow an outside agent to control it that way, but Microsoft had neglected to defend against such an attack. [emphasis added]

    It's funny. Which software company will deliberately, knowingly leave out holes in its software? "Microsoft had neglected..." Look, every program, small and big, has bugs. When you're talking of one of the leading database products in the market, you're talking of a very complex piece of software that's bound to have holes here and there. That statement is naive.

    Even Microsoft admits that there are flaws the company doesn't yet know about.

    Really? Which company knows of all the flaws in its software?

  12. Re:Metamorphic Viruses by Vellmont · · Score: 4, Insightful

    Typical journalist with a little bit of knowledge gone too far. (If you truly do work for PC Magazine).

    Polymorphic/Metamorphic viruses have been around for 10 years at least, and the dumb journalists were just as scared then. I'm still waiting for the dire predictions to come true "when we start seeing more of these". As others have pointed out there's always part of the code that you can't mask, so there's always something to identify the virus with. I'm sure it takes a bit more work to identify the viruses, but the sky hasn't fallen yet.

    You should know better if your bio is true, being a grad student of computer science.. but then again grad student quality has dipped pretty low in recent years in CSCI. There's also the journalist taint factor to consider. I'm guessing the magazines/newspapers/TV networks must put lead in the watercooler.

    --
    AccountKiller
  13. Let's continue with this thought process... by That's+Unpossible! · · Score: 3, Insightful

    So someone takes my code I have put on my webpage and described as capable of virus activity, and that person spreads it, and now I am guilty of 2nd-degree something or another.

    So this means if I am a chemist, and I describe in detail how to create dynamite, and someone makes the dynamite and blows something up, I am 2nd-degree guilty for that as well?

    I believe ultimately that information should not be restricted in any way whatsoever, so I disagree with this idea completely.

    --
    Ironically, the word ironically is often used incorrectly.