Slashdot Mirror


The World of Virus Writers

No_Weak_Heart writes "Looking for a little weekend reading? You might try the cover story from this week's NY Times Magazine. It's titled The Virus Underground, and it takes a look at the world of malware scripters, virus writers and worm designers."

9 of 505 comments (clear)

  1. Virus writers... by NightWulf · · Score: 5, Interesting

    Are for the time being usually kids just looking for a little attention. They're the computer geek version of the guys who soup up cars, or join the varsity team. They believe that is the way for them to make their mark. The real worry is when you start having government funded virus writers. When someone from china or russia or the middle east are writing virus to shut down systems or create havok for the intent to kill, or bring down defenses for an invasion or terrorist act. Think about what could happen if there's a standoff in taiwan or such and the chinese figure out a way to infect the navy systems with a virus, leaving our fleet defenseless off chinese shores, etc.

  2. It's not underground... by Dave21212 · · Score: 5, Interesting


    I mean, seriously, once it hits the NYT magazine, it's not so much an underground item. I'm sure the article is interesting but it's the nature of underground "sports" that you can never really know exactly who and what is going on.

    One of my favorite phrases is, "There are no Famous Hackers" meaning simply, that the famous "super-genuius-crackers" in the news who get caught aren't really all that smart are they ?

    (I read it anyway, surprised to hear that one of my favorite bands is still popular ;)

    --
    "Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."--Benjamin Franklin
  3. Metamorphic Viruses by robyn217 · · Score: 5, Interesting
    What scares me most are metamorphic viruses -- a virus that modifies itself each time it infects a new host always attempting to avoid maintaining a constant signature. The modifications may take any or all of the following forms:
    1. Modification of the encryption/decryption algorithm (including multiple layers of encryption) - the decryption algorithm changes from infection-to-infection by basing itself on values that change from computer-to-computer (examples: size of HOSTS file, current time in milliseconds, etc.)
    2. Insertion of "junk code" into virus body or decryptor body - This is a common strategy by polymorphic viruses. It's usually accomplished by a "junk code engine" which has the ability to generate arbitrary amounts of meaningless blocks of code
      1. Noop or meaningless loops added to body of virus
      2. Entry-Point Obscuring (EPO) junk code - this is a special kind of "junk code" that specifically tries to hide the entry-point of the virus by insert loads of junk code at the beginning of an infected file.
      3. Code block permutations - random shifts of code blocks, sequential order is maintained by JMP and CALL commands.
      4. Register/Stack Variations - Use of varying registers, or even the ability to vary between register usage and storing data on the stack.

    (Older Examples: Mistfall Engine, ZMist virus.)

    When we start seeing more of these, AV companies will have a hard time keeping up.

  4. Re:Losers by nautical9 · · Score: 4, Interesting
    What confounds me is that there hasn't been a major virus with a real nasty payload, say a virus that spreads like MyDoom, but after sending itself out to all the email contacts found, it proceeds to nuke the drive by writing random junk through it all (preventing any way of recovering the data).

    All the major email-bourne worms we've seen to date have had very benign (IMO) payloads, typically a minor DDoS and/or backdoor. These have caused extra load on the Net, and could cause more spam or the harvesting of CC's, but their damage could be far, far worse.

    Of course, a lot of script-kiddies use these viruses as bragging-rights (I 0wn 6421 zombie machines), so it's perhaps against their interests to do true damage, but it won't be long until someone does. And then the typical media figure of $X billions just may be legit, as I suspect the people who get infected are the same ones who never backup their systems.

  5. Re:Idea for a virus by tvh2k · · Score: 5, Interesting

    Actually, this was previously posted on /.:
    Random NYTimes.com Registration Generator

    You'll have to block referer or save the page locally, however, because NYT blocked all registrations originating from that domain.

  6. Re:Losers by rjelks · · Score: 4, Interesting

    That sounds a lot like Bill Gates argument on why Windows is the most secure operating system available. Not that I agree with Bill about windows, but you make a pretty good point. I don't see how something can be very secure without some real-world testing. Now if I could just get my coworkers to stop opening up every attatchment in their inboxes. :) -

  7. Hacking in the 2nd Degree by FreshFunk510 · · Score: 4, Interesting

    The method by which the virus is delivered is interesting. Quote:

    "These days, many elite writers do not spread their works at all. Instead, they ''publish'' them, posting their code on Web sites, often with detailed descriptions of how the program works."

    And, while there exists this "loophole" now, I find this disturbing. Now don't get me wrong. I grew up with Sneakers and I've always been a proponent of computer education and making the security flaws known.

    However, at some point if you're leaving material (whether tangible or electronic) out in public whose main purpose is crime and destruction I do think those people should be liable. I'll call it "hacking, in the 2nd degree" or "involuntary hacking".

    Let's take guns for example. Let's say a gun seller illegally sold guns to 12 year old children and also sold them bullets. Now let's say that the kids accidently shot each other up. Shouldn't the gun seller be liable? Maybe not liable for first-degree murder, but maybe second degree.

    I think that if the hackers want to educate others should perhaps do it in a more educational, and in a way that doesn't make it easy for script kids to copy and paste. Perhaps they can put out white papers with snipets of code... but, for the love of God, don't give the programs away. By doing that you have only yourself to blame with the script kiddies start spreading viruses like there's no tomorrow.

    To tell yourself that you're completely innocent would be denial.

    --


    "Injustice anywhere is a threat to justice everywhere." - Martin Luther King, Jr.
  8. New viruses and virus writers by zeekiorage · · Score: 4, Interesting

    These days I think the virus writers are just people who assemble a virus by collecting scripts and code from the Internet. Also the viruses they come up with do very little or no actual damage to the host system, instead they just "Propagate". If you are infected, delete a few files, remove a couple of registry entries and thats it. It has been a long time since I saw a virus with some real payload.

    Virus writers used to be much more creative back in the DOS days. If you are somewhat older you might remember Stoned, Die-Hard, Natas, One-half, etc. Each had its nasty little payload, stealth techniques and difficult to disinfect.

  9. Re:Reporters.. by Strudelkugel · · Score: 5, Interesting

    affect Windows machines only

    Well, MyDoom should be an eye-opener for you then. It proved (not that there should have been any doubt) that the problem of viruses is truly OS independent. Think about it: The virus shows up as a zip file which the user has to open. Then the user has to execute the payload. In other words, the social engineering was the key, not the OS. What's to prevent a Linux user running as *cough*Lindows*cough* root from being affected the same way? An Apple user? Nothing. Don't say they wouldn't be root, because a Windows box properly configured wouldn't have this problem, either. Now we are back to social engineering.

    Guess what, Linux has a reputation of being secure, so users will probably be given a false sense of security as well. Who knows, this might make home Linux desktops more vulnerable.

    --
    Imagine how much harder physics would be if electrons had feelings! -Feynman, maybe