Slashdot Mirror
The World of Virus Writers
No_Weak_Heart writes "Looking for a little weekend reading? You might try the cover story from this week's NY Times Magazine. It's titled The Virus Underground, and it takes a look at the world of malware scripters, virus writers and worm designers."
I wonder if more code contests would stop the number of virus writers. How many virus writers are just people who can program, but want it know they are good. Maybe some other outlet of demonstrating their talent would prevent them from "needing" to demonstrate it another way, such as a virus.
Are for the time being usually kids just looking for a little attention. They're the computer geek version of the guys who soup up cars, or join the varsity team. They believe that is the way for them to make their mark. The real worry is when you start having government funded virus writers. When someone from china or russia or the middle east are writing virus to shut down systems or create havok for the intent to kill, or bring down defenses for an invasion or terrorist act. Think about what could happen if there's a standoff in taiwan or such and the chinese figure out a way to infect the navy systems with a virus, leaving our fleet defenseless off chinese shores, etc.
NYT Random Login Generator
http://www.majcher.com/nytview.html
I mean, seriously, once it hits the NYT magazine, it's not so much an underground item. I'm sure the article is interesting but it's the nature of underground "sports" that you can never really know exactly who and what is going on.
One of my favorite phrases is, "There are no Famous Hackers" meaning simply, that the famous "super-genuius-crackers" in the news who get caught aren't really all that smart are they ?
(I read it anyway, surprised to hear that one of my favorite bands is still popular
"Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."--Benjamin Franklin
Yes, but you also fail to understand that 99% of those viruses do not spread through flaws in windows, but by people opening up stupid attachments.
How many large spread worms have affected OS X in past year? None that I can remember.
Why? Not be because it is so much more secure then microsoft. But because there is not as many computers running OS X.
If OS X had as large as market share as windows, would we be seeing OS X worms? sure thing.
This goes with any OS. I am not saying Microsoft is perfect, far from it, but do not go believing that if no one ran windows the days of viruses would be finished.
(Older Examples: Mistfall Engine, ZMist virus.)
When we start seeing more of these, AV companies will have a hard time keeping up.
All the major email-bourne worms we've seen to date have had very benign (IMO) payloads, typically a minor DDoS and/or backdoor. These have caused extra load on the Net, and could cause more spam or the harvesting of CC's, but their damage could be far, far worse.
Of course, a lot of script-kiddies use these viruses as bragging-rights (I 0wn 6421 zombie machines), so it's perhaps against their interests to do true damage, but it won't be long until someone does. And then the typical media figure of $X billions just may be legit, as I suspect the people who get infected are the same ones who never backup their systems.
I've been working on a presentation discussing this here (warning 500Kb powerpoint!).
My money is on the anti-global guys stepping up first.
typical american "our law is the world's law" mentality. there is no jurisdiction.
and yes, i live here.
I posted this article months ago, but no one seemed to care. Just wait til they start putting viruses into v-cards.
Actually, this was previously posted on /.:
Random NYTimes.com Registration Generator
You'll have to block referer or save the page locally, however, because NYT blocked all registrations originating from that domain.
That sounds a lot like Bill Gates argument on why Windows is the most secure operating system available. Not that I agree with Bill about windows, but you make a pretty good point. I don't see how something can be very secure without some real-world testing. Now if I could just get my coworkers to stop opening up every attatchment in their inboxes. :)
-
Tech News, Reviews and Tutorials
The method by which the virus is delivered is interesting. Quote:
"These days, many elite writers do not spread their works at all. Instead, they ''publish'' them, posting their code on Web sites, often with detailed descriptions of how the program works."
And, while there exists this "loophole" now, I find this disturbing. Now don't get me wrong. I grew up with Sneakers and I've always been a proponent of computer education and making the security flaws known.
However, at some point if you're leaving material (whether tangible or electronic) out in public whose main purpose is crime and destruction I do think those people should be liable. I'll call it "hacking, in the 2nd degree" or "involuntary hacking".
Let's take guns for example. Let's say a gun seller illegally sold guns to 12 year old children and also sold them bullets. Now let's say that the kids accidently shot each other up. Shouldn't the gun seller be liable? Maybe not liable for first-degree murder, but maybe second degree.
I think that if the hackers want to educate others should perhaps do it in a more educational, and in a way that doesn't make it easy for script kids to copy and paste. Perhaps they can put out white papers with snipets of code... but, for the love of God, don't give the programs away. By doing that you have only yourself to blame with the script kiddies start spreading viruses like there's no tomorrow.
To tell yourself that you're completely innocent would be denial.
"Injustice anywhere is a threat to justice everywhere." - Martin Luther King, Jr.
I agree! I was thinking about this a few weeks ago actually. All the "viruses" now don't have to solve the hard problems. There's no sophistication to them anymore. And again, not to say "we need more sophisticated computer viruses out there," but come on, skr1pt k1dd1ez - don't pat yourselves on the back for being able to do something so ridiculously simple!
.COM or .EXE files, updating file-dates to indicate that it was present, but in a way that users wouldn't typically observe. It even twiddled with the interrupts on the system so that it could tell if it was being single-step debugged - and it would switch the debug interrupt off and go on its merry way. It had a number of other hooks to keep itself hidden from the user. And it had a program that it would drop onto boot sectors periodically, saying "FRODO LIVES".
When I was younger I studied computer viruses - they were a "real-world" form of artificial life that had to exist in a hostile environment, and successful ones had a bag full of tricks they could use to be insanely successful at spreading. This was before the Internet was really popular too - the only way a virus could spread was hitching a ride on a floppy disk or some file on a BBS.
I actually got to work on reverse-engineering computer viruses for an antivirus effort, and I remember this one computer virus - the Frodo virus. It was one of the most sophisticated stealth viruses I ever saw, and employed a variety of techniques to keep itself hidden. It would run as a TSR, but obscure the fact that it had allocated any memory to itself. It would infect
It was an unbelievable program to read and understand. It boggled my mind that someone could create something that sophisticated and complex. The viruses today are absolutely ridiculous in comparison.
If these "virus"-writers want to really do something challenging and mentally engaging, they should look into Core Wars. That's a great environment to scratch these kinds of itches - keeps you thinking, and it doesn't screw up other people's lives.
Ok, I'm done reminiscing about the good old days...
Anyone else curious how many of the kids interviewed in this article are members of the slashdot community?
==================
Why computer virus writers are useful and we should thank them.
The title is obviously a provocation. I am considered a balanced personality but sometimes, I like to stretch things to the extreme and to provoke reactions. This article is one of my rare attempts to provoke you... or not? Today, after the alarm caused by the fast diffusion of the Sobig virus, we are all talking about the reasons why virus writers are coding more and more viruses.
"They should stop, somebody stop them!" I hear all the time but... is this right?
We try to answer to this question with an interview with Professor Samuel D. Forrester, one of the most famous immunologists in the world. Dr. Forrester is on the run this year to get the Nobel Prize for his recent discovery of the mechanisms of aggression of over-reacting immune cells and antibodies. He teaches at the Immunology faculty at the Konigsberg University since 1986.
Zone-H: ZH
Professor Samuel D. Forrester: SDF
ZH: Thanks for having accepted to release an interview to Zone-H
SDF: Thank you, even if it is quite unusual to be interviewed by a computer security website.
ZH: Dr. Forrester, can you tell us what is the branch of the immunology?
SDF: Immunology is the study of the complex and sophisticated immune system. The immune system is a network of cells and organs that work together to defend the body against attacks by "foreign" invaders or germs. The body provides an excellent environment for germs. When they do break into a system, it is the immune system's job to keep them out or to seek and destroy them.
ZH: What is the job of the immunologist?
SDF: Clinical immunologists research new tests and treatments involving allergic and immunologic disorders of the immune system. They work with physicians in general practice and in hospital-based specialties to treat diseases using complex and sophisticated clinical techniques. The science of clinical immunology is a fast developing area of the medical profession. The role of the immunologist is increasingly important, both in laboratory work and in patient care.
ZH: Have you heard about the recent Sobig-F virus deployment?
SDF: Yes, I read something on the newspapers. Even if computer science is not my science, the topic of the computer viruses is obviously of my interest. See, many aspects of the traditional immunology and the computer viruses are in common.
ZH: And this is the reason why Zone-H wanted this interview.... Dr. Forrester, what do you think about computer viruses, what do you know about them?
SDF: Computer viruses are exactly like the normal viruses. They can kill you if your immune system doesn't work, but at the same time, your body should thank them if your immune system is today capable to protect you from deadly illnesses.
ZH: Can you please develop the concept?
SDF: It's simple: every time you get a cold, you sneeze. But you could die, actually. The only reason why you don't die is because your immune system has been programmed to react to the "threat" posed by a germ. It's a paradox, but it's the same germ that could kill you that trained your immune system to react when invaded.
ZH: And what makes the difference? How is it possible that a germ can kill you and the same germ can train your immune system making you stronger?
SDF: It's just a matter of doses. Like with wine, one glass every day makes your heart stronger and lowers your blood pressure, one bottle every day can kill you. This is the concept on which vaccines are based.
ZH: We understand that. Can we stretch the concept saying that a constant flow of germs, if received in the proper dose, makes the body actually stronger?
SDF: Absolutely. If hypothetically we could take two n
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
You got it.
Really, what satisfaction would there be? The fun of it, and the only challenging part is making the sucker spread... making it do something like erase a disk or what is too easy.
Now.. some old dos viruses did more creative things, like watch the keyboard buffer for "ronald reagan" and immediately sieze the buffer and add "is an arsehole"... very funny when you are working in wordpefect or whatever
And under a reasonably secured Linux install, these attachments would not be able to be run in the first place. First of all, the attachment must be manually given execute priveledges. If your home directory is a separate partition and mounted with the "noexec" option (as it SHOULD be), it still would not be able to execute. The only place where a user should have write access is their own home directory, and anywhere a user has write access, there should not be execute priveledges.
This is the way my home system is configured, and is the way any self-respecting distro should be set up as well.
Someone also created a website to avoid the registration process(for any website). http://bugmenot.com/ From their site, here are couple of logins for nyt.... Account #1 myinfo isnotfree Account #2 genericacct genericacct Account #3 freeuserid password Account #4 bunbury7 bunbury Account #5 bunbury7 bunbury
The real worry is when you start having government funded virus writers. When someone from china or russia or the middle east are writing virus to shut down systems or create havok for the intent to kill, or bring down defenses for an invasion or terrorist act.
They already exist. (The China army's information warfare department, among others, has already been the subject of slashdot articles.)
Interestingly, Microsoft gave these guys access to their source code. They were trying to head off the move by various governments to mandate open-source software. One of the arguments was the security of the code against malware. So MS made the code available to various governments on request, inviting the governments' security experts to examine it to see for them selves how secure it was. (China, and a number of the other usual suspect govenments, took them up on the offer.)
Now what department do you think government software security experts, specializing in malware vulnerabilities, work in when they're not examining a software vendor's code for exploitable holes WITH the permission and assistance of the vendor? B-)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
These days I think the virus writers are just people who assemble a virus by collecting scripts and code from the Internet. Also the viruses they come up with do very little or no actual damage to the host system, instead they just "Propagate". If you are infected, delete a few files, remove a couple of registry entries and thats it. It has been a long time since I saw a virus with some real payload.
Virus writers used to be much more creative back in the DOS days. If you are somewhat older you might remember Stoned, Die-Hard, Natas, One-half, etc. Each had its nasty little payload, stealth techniques and difficult to disinfect.
affect Windows machines only
Well, MyDoom should be an eye-opener for you then. It proved (not that there should have been any doubt) that the problem of viruses is truly OS independent. Think about it: The virus shows up as a zip file which the user has to open. Then the user has to execute the payload. In other words, the social engineering was the key, not the OS. What's to prevent a Linux user running as *cough*Lindows*cough* root from being affected the same way? An Apple user? Nothing. Don't say they wouldn't be root, because a Windows box properly configured wouldn't have this problem, either. Now we are back to social engineering.
Guess what, Linux has a reputation of being secure, so users will probably be given a false sense of security as well. Who knows, this might make home Linux desktops more vulnerable.
Imagine how much harder physics would be if electrons had feelings! -Feynman, maybe
he's also keeps a pretty good blog.
What scares me most is This Article. Even understanding that one of the assumptions was that any two pairs of hosts communicate at the same rate, It's frightening.
Theoretically wiping out 40 million hosts in under a minute....
I'm guessing that a real-world implementation would probably take closer to 20 minutes, but still it's mighty frightening.
Just about the only way I could see to stop it's spread would be to make smart routers, switches, and even hubs that quickly seal off any services on which there is a sudden surge of SYNs from random hosts.
In the first part of the article, the author talks to the author of "Batch Trojan Generator" and creates an infected JPEG file, one that "would quietly reach into the victim's Microsoft Windows operating system and insert new commands telling the computer to erase its own hard drive" when clicked.
To me, this implies that the JPEG is actually executable code. On the face of it, this is patently ridiculous. I started thinking about it, though, and relaized that the actual mechanism might simply be an exploit of a buffer overflow in the code that interprets the JPEG (not the JPEG itself, which is not executing). By having the JPEG reference something outside of the boudaries of the actual JPEG file, it might go out and stick malicious machine code in some piece of RAM where it later gets executed.
Am I correct in this assumption about JPEG trojans, or does (unpatched) Windows go out and somehow execute a file ending in .JPG as if it were ending in .EXE? For that matter, if one embedded the JPG in an HTML mail message (or just stuck it on a web page) instead of attaching it, would it execute in the same manner and infect or is there a different JPEG engine at work (i.e. the one in IE or Outlook isn't vulnerable but the one in Microsoft Photo Editor, assigned by default to file type .JPG, is)?
Thanks in advance...
"Prepare for the worst - hope for the best."
The most nasty virus/worm in the recent years was blaster which would reboot a winXP after a minute of connecting the net. That needed action.
Most other virus, besides propagating, doesn't do anything so the infected victims doesn't need to erase it from their windows.
Considering the speed of mydoom propagation, the next time we'll have a nasty virus/worm, we'll have some fun !
Men are born ignorant, not stupid; they are made stupid by education. Bertrand Russel
Kids who feel like "outsiders" don't WANT to tinker with useful stuff like the linux kernel. Their goal is more like a gradeschooler shouting "I'll show you!!" at a bigger kid who just gave them a shove. That usually means "I'll hurt you", not "I'll do something better than you can".
I agree it's a sad waste of talent, but once someone goes down that path, I'm not sure I *want* their talent, as I can no longer trust them not to use it maliciously if they feel wronged.
~REZ~ #43301. Who'd fake being me anyway?
Back in the 1992 timeframe, there was a Dark Avenger virus toolkit that allowed Skr1p7 KidDi3z to create "encrypted, polymorphic viruses". Check out then-InfoWorld columnist Steve Gibson's alarmist article (scroll down to the part entitled "Article 2") It sounds kind of funny now:
That was going to be the end of the world as we knew it. Now we have a VB script engine and the world is going to end. Or not.
Hey, Windows users, there is no such thing as "forward" slash, there is only slash and backslash.
Meh. Think that's bad? It also spoofs senders. We've been getting shitloads of bounce messages from misconfigured mailservers that O DeliveryMode=background. I had to hack the inbound filter to check the bounces for the headers we're tacking on outbound mail.
These people are not doing us a service. When I bought a car, I knew that it had been tested for safety. I do NOT want some punk kid beating my car with a bat to prove to me that in a low speed collision the car has the potential to explode catastrophically. Stay away from my car and don't damage my property. If there's something wrong with my car I'll let the proper authorities tell me and fix it. Granted, corporations often don't feel that kind of responsibility, but as long as we're talking in terms of ideals, let's just keep pretending.
And again, another reason to use Opera. Simply press F12 and unselect "Enable referrer logging" and you're good to go.
This is my digital signature. 10011011001