Slashdot Mirror


The World of Virus Writers

No_Weak_Heart writes "Looking for a little weekend reading? You might try the cover story from this week's NY Times Magazine. It's titled The Virus Underground, and it takes a look at the world of malware scripters, virus writers and worm designers."

5 of 505 comments (clear)

  1. Virus writers... by NightWulf · · Score: 5, Interesting

    Are for the time being usually kids just looking for a little attention. They're the computer geek version of the guys who soup up cars, or join the varsity team. They believe that is the way for them to make their mark. The real worry is when you start having government funded virus writers. When someone from china or russia or the middle east are writing virus to shut down systems or create havok for the intent to kill, or bring down defenses for an invasion or terrorist act. Think about what could happen if there's a standoff in taiwan or such and the chinese figure out a way to infect the navy systems with a virus, leaving our fleet defenseless off chinese shores, etc.

  2. It's not underground... by Dave21212 · · Score: 5, Interesting


    I mean, seriously, once it hits the NYT magazine, it's not so much an underground item. I'm sure the article is interesting but it's the nature of underground "sports" that you can never really know exactly who and what is going on.

    One of my favorite phrases is, "There are no Famous Hackers" meaning simply, that the famous "super-genuius-crackers" in the news who get caught aren't really all that smart are they ?

    (I read it anyway, surprised to hear that one of my favorite bands is still popular ;)

    --
    "Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."--Benjamin Franklin
  3. Metamorphic Viruses by robyn217 · · Score: 5, Interesting
    What scares me most are metamorphic viruses -- a virus that modifies itself each time it infects a new host always attempting to avoid maintaining a constant signature. The modifications may take any or all of the following forms:
    1. Modification of the encryption/decryption algorithm (including multiple layers of encryption) - the decryption algorithm changes from infection-to-infection by basing itself on values that change from computer-to-computer (examples: size of HOSTS file, current time in milliseconds, etc.)
    2. Insertion of "junk code" into virus body or decryptor body - This is a common strategy by polymorphic viruses. It's usually accomplished by a "junk code engine" which has the ability to generate arbitrary amounts of meaningless blocks of code
      1. Noop or meaningless loops added to body of virus
      2. Entry-Point Obscuring (EPO) junk code - this is a special kind of "junk code" that specifically tries to hide the entry-point of the virus by insert loads of junk code at the beginning of an infected file.
      3. Code block permutations - random shifts of code blocks, sequential order is maintained by JMP and CALL commands.
      4. Register/Stack Variations - Use of varying registers, or even the ability to vary between register usage and storing data on the stack.

    (Older Examples: Mistfall Engine, ZMist virus.)

    When we start seeing more of these, AV companies will have a hard time keeping up.

  4. Re:Idea for a virus by tvh2k · · Score: 5, Interesting

    Actually, this was previously posted on /.:
    Random NYTimes.com Registration Generator

    You'll have to block referer or save the page locally, however, because NYT blocked all registrations originating from that domain.

  5. Re:Reporters.. by Strudelkugel · · Score: 5, Interesting

    affect Windows machines only

    Well, MyDoom should be an eye-opener for you then. It proved (not that there should have been any doubt) that the problem of viruses is truly OS independent. Think about it: The virus shows up as a zip file which the user has to open. Then the user has to execute the payload. In other words, the social engineering was the key, not the OS. What's to prevent a Linux user running as *cough*Lindows*cough* root from being affected the same way? An Apple user? Nothing. Don't say they wouldn't be root, because a Windows box properly configured wouldn't have this problem, either. Now we are back to social engineering.

    Guess what, Linux has a reputation of being secure, so users will probably be given a false sense of security as well. Who knows, this might make home Linux desktops more vulnerable.

    --
    Imagine how much harder physics would be if electrons had feelings! -Feynman, maybe