The World of Virus Writers

No_Weak_Heart writes "Looking for a little weekend reading? You might try the cover story from this week's NY Times Magazine. It's titled The Virus Underground, and it takes a look at the world of malware scripters, virus writers and worm designers."

Idea for a virus

[RoadkillBunny]

Some one should write a virus that will allow us to read NY Times without a suscribtion.

Re:Idea for a virus

[thebatlab]

Someone did. It masquerades around the web and is known as "Google" :)

http://www.google.com/search?q=http%3A%2F%2Fwww. ny times.com%2F2004%2F02%2F08%2Fmagazine%2F08WORMS.ht ml&sourceid=mozilla-search&start=0&start=0&ie=utf- 8&oe=utf-8

Now click the url it instructs you to.

Re:Idea for a virus

[greechneb]

It's already been done Just type in the URL like this and then click on the link.

Re:Idea for a virus

[Dreadlord]

even better, a virus that DDoS's NY Times, so we never end up again with their articles on the main page.

Re:Idea for a virus

[jrockway]

You can't read the second page of the article like that, though. How can I RTFA?

Re:Idea for a virus

[tlhIngan]

Actually, what we need is a virus that, in the email headers, adds:

X-Idiot-Who-Sent-This: <real_email>

(and variations thereof) to all the emails it sends. Fake the From: address, sure. But I'd like to know who the person is that I should LART for the 100,000 copies of MyDoom that I keep getting. Especially to addresses that I've given out or never even used.

Re:Idea for a virus

[thebatlab]

Well I'm used to using tools which take care of that for you so sometimes I don't think about it.

Besides, it's safer to copy and paste........ ;)

Re:Idea for a virus

[Dreadlord]

Some one should write a virus...

It's already been done...

you mean that Google is a virus, right?
So I shouldn't go there anymore :(

Re:Idea for a virus

[thebatlab]

Take the url for the second page, search it in google, click the link and so on ad naeseum since it looks to be one hella long article.

Re:Idea for a virus

[tvh2k]

Actually, this was previously posted on /.:
Random NYTimes.com Registration Generator

You'll have to block referer or save the page locally, however, because NYT blocked all registrations originating from that domain.

Re:Idea for a virus

[qat]

Google hacked nytimes?!

Re:Idea for a virus

[IthnkImParanoid]

That was a great way to duplicate the link in the story submission....you know, without the google referrer.

A real service you did us there :)

Re:Idea for a virus

[devilspgd]

This is /. -- You don't need to read the article.

Re:Idea for a virus

[CompressedAir]

They could call it the "Karma Whore" virus.

Re:Idea for a virus

[jaal]

Someone also created a website to avoid the registration process(for any website). http://bugmenot.com/ From their site, here are couple of logins for nyt.... Account #1 myinfo isnotfree Account #2 genericacct genericacct Account #3 freeuserid password Account #4 bunbury7 bunbury Account #5 bunbury7 bunbury

Re:Idea for a virus

[maxwell+demon]

Actually, you have the moral duty not to read the article, in order to prevent helping in taking the site down through the slashdot effect.

Re:Idea for a virus

[ElliotLee]

Copying and pasting the address in the parent post results in a broken search because a space got added between ht and ml.

Here's a clickable link that does work.

From there, click the link that says "try visiting that web page by clicking on the following link".

Re:Idea for a virus

[doodleboy]

Link says

Adam Funk writes:

I found out how to block referrer information in Mozilla too; it's just a bit more trouble than in Opera. Put this line:

user_pref("network.http.sendRefererHeader", 0);

in the user.js file (create the file if necessary).

Too much work. Just type "about:config" in the url bar, type "refer" in the search bar, and change the ReferrerHeader preference to 0. You can change hundreds of moz settings the same way.

Re:Idea for a virus

Meh. Think that's bad? It also spoofs senders. We've been getting shitloads of bounce messages from misconfigured mailservers that O DeliveryMode=background. I had to hack the inbound filter to check the bounces for the headers we're tacking on outbound mail.

Re:Idea for a virus

[Insipid+Trunculance]

I fail to understand why everybody waites for a subscription free link to NY times.Come on if we can register and login at Slashdot why cant we have nonsensical false name logins at NY times?

Re:Idea for a virus

[MrWa]

Someone did. It masquerades around the web and is known as "Google" :)

http://www.google.com/search?q=http%3A%2F%2Fwww.ny times.com%2F2004%2F02%2F08%2Fmagazine%2F08WORMS.ht ml&sourceid=mozilla-search&start=0&start=0&ie=utf- 8&oe=utf-8

But I'm at work using IE and typing that URL in is HARD...

Re:Idea for a virus

[faitaccompli]

Thank God for the M$ IE update, now I don't have to type that url....

Re:Idea for a virus

[Typhon100]

I seriously doubt www.nytimes.com would get taken down by the /. effect. It probably gets 5 times the hits /. does anyway.

Re:Idea for a virus

[lpret]

And again, another reason to use Opera. Simply press F12 and unselect "Enable referrer logging" and you're good to go.

Re:Idea for a virus

[Beg4Mercy]

LOL

Seems like nobody realized that you're making a reference to Microsoft's recent recommendation.

Re:Idea for a virus

[Beg4Mercy]

Since the Slashdot effect exists, someone must RTFA.

Re:Idea for a virus

[rixstep]

I am a registered NY Times reader, but I refuse to go through the hassle anymore. They're just downright silly is what.

Re:Idea for a virus

[Guido+von+Guido]

Oh for God's sake. Let me give you a hint: the New York Times doesn't require a valid email address.

Here, I just registered as user "anonoputz" with a password of "anonoputz" so that you can go crazy.

Re:Idea for a virus

[F452]

What is the recommendation?

Re:Idea for a virus

[Beg4Mercy]

Microsoft Advises to Type in URLs Rather than Click"

Re:Idea for a virus

[ElliotLee]

Yes, there is an extension for Mozilla that allows you to fake the referrer.

MultiZilla appears to also have this feature. http://multizilla.mozdev.org/

Why underground?

[swordboy]

Why do they have to be underground? Would it be so bad if they could have their own magazine and perhaps some clubs/organizations?

Re:Why underground?

Du-uh -- everyone knows worms live underground !

Re:Why underground?

[clnelson]

underground=cool

and of ocurse they do have a magazine/club/organization. It's just "underground" ie. hidden from the view of those who don't use computers or google.

It just isn't any fun if you can't have the pretense of an elite insiders club.

Re:Why underground?

[pantycrickets]

Why do they have to be underground? Would it be so bad if they could have their own magazine and perhaps some clubs/organizations?

There have been tons of virus groups and magazines.

The google cache, in case that link doesn't go.

Re:Why underground?

[t0ny]

And maybe if their virus does real damage, they have to sit in the corner and wear a funny hat.

Sheesh

[apoplectic]

"The Virus Underground" sounds like a bad nightclub.

Re:Sheesh

[pheared]

Well he _is_ listening to Iron Maiden.

Re:Sheesh

[Lord+Kano]

"The Virus Underground" sounds like a bad nightclub.

I bet that they sell condoms EVERYWHERE inside of that joint.

LK

Re:Sheesh

[TheScogg]

Or a nihlistic indie band straight from the late 60's Warhol scene

Losers

[BWJones]

it takes a look at the world of malware scripters, virus writers and worm designers.

I guess my initial reaction was fsck 'em. Fsck 'em all. However, it could be suggested that they have made corporations and governments aware of many intrinsic insecurities in certain popular operating systems which may have prevented some larger potential catastrophe. The problem for these guys, is that we will never know and they will continue to be reviled and hated as losers. (That is unless they are talented enough to score a job with Symantec, the NSA or some other organization dealing with comp. security.)

Re:Losers

[Rand+Al'Thor]

That may be a side effect in very few cases, but for the most part I think it's safe to say there is no redeeming factor to any virus or its author.

Re:Losers

[Tango42]

We wouldn't need people to point out the security issues, if those same people weren't trying to exploit them, so it's a moot point really, isn't it?

Re:Losers

[JaredOfEuropa]

However, it could be suggested that they have made corporations and governments aware of many intrinsic insecurities in certain popular operating systems which may have prevented some larger potential catastrophe.

Sure sure, and I need punks who sneak into my house and raid the fridge, to remind me to lock the doors against thieves who will take stuff of more value. Your initial reaction was the right one.

Re:Losers

[pinkfalcon]

That's kind of like saying "it's o.k. to kidnap kids whose parents aren't watching to teach parents to watch their kids" or anything like that.

Re:Losers

[Dukael_Mikakis]

It's true that virus writers are malevalent and don't have pure intentions when hacking their scripts and all, but in a general sense, where would our security be without virus writers?

If you consider computer security like the human immune system, then perhaps it may be seen that these people (while malicious) allow security to keep up with that hacks that can be done. If you kept a person in a bubble for twenty years and then promptly released him into the dirty, disease-ridden world he'd likely get sick and potentially die pretty quickly, as his body has no capacity to survive the world. However, with immunizations (i.e. intentional delivery of malicious agents in small doses, possibly on some schedule) and just general exposure to the germs in the world, most people have no problem surviving this world. Yes, MyDoom, and Trojans, and all the other viruses are more than nuisances and they cost people time, money, data, and other things, but these are in relatively small doses. If we had been in a bubble free of viruses for all this time, then whenever we're released into the "real world", anybody could take advantage of all these exploits (open sockets, DDoS, back doors, etc.) at once and perhaps bring the whole infrastructure down.

It's the fact that virus writers are always developing viruses and releasing them that allows us to fix these problems individually, on a manageable time-scale. If they wanted to do some damage, maybe they should withhold all their viruses and unleash them all at once to cripple everything so much more.

Re:Losers

[Ruzty]

That entirely depends on if the virus or worm is released into the wild or not. I know I have written some down right nasty malicious code in my time but none of it was ever released into the wild. Bad intent and bad actions definitely segregate the authors you group together.

-Rusty

Re:Losers

[nautical9]

What confounds me is that there hasn't been a major virus with a real nasty payload, say a virus that spreads like MyDoom, but after sending itself out to all the email contacts found, it proceeds to nuke the drive by writing random junk through it all (preventing any way of recovering the data).

All the major email-bourne worms we've seen to date have had very benign (IMO) payloads, typically a minor DDoS and/or backdoor. These have caused extra load on the Net, and could cause more spam or the harvesting of CC's, but their damage could be far, far worse.

Of course, a lot of script-kiddies use these viruses as bragging-rights (I 0wn 6421 zombie machines), so it's perhaps against their interests to do true damage, but it won't be long until someone does. And then the typical media figure of $X billions just may be legit, as I suspect the people who get infected are the same ones who never backup their systems.

Re:Losers

[BWJones]

If you consider computer security like the human immune system, then perhaps it may be seen that these people (while malicious) allow security to keep up with that hacks that can be done.

If you make the biological systems analogy, you will also have to acknowledge that a diverse operating system ecosystem is critical to the health and well being of things, especially as the Internet becomes more widely available. We need Linux, IRIX, Solaris, Windows, OS X and embedded OS's to maintain the health of things.

Re:Losers

[BWJones]

What confounds me is that there hasn't been a major virus with a real nasty payload, say a virus that spreads like MyDoom, but after sending itself out to all the email contacts found, it proceeds to nuke the drive by writing random junk through it all (preventing any way of recovering the data).

Like really virulent biological virii, computer virii that work this way will limit the extent to which they can spread......unless of course.......they work out slightly more sophisticated methods of damage, or they delay the damage for a period of time before "expressing" themselves.

Re:Losers

[SoSueMe]

From the article:
I've never contemplated writing a virus before. Even if I had, I wouldn't have known how to do it. But thanks to a teenager in Austria, it took me less than a minute to master the art .

He's got to be joking, right?
Where's the art, the creativity?
Is this "VisualVirus.Net"?

Re:Losers

[__past__]

it may be seen that these people (while malicious) allow security to keep up with that hacks that can be done.

Excuse me, but if these people would not exist, there would be no need to keep up. Unlike natural viruses, malicious code doesn't just evolve, it takes a malevolent human to create an distribute it.

Re:Losers

Well, if you consider the analogy of disease/immunity, you could try to make the argument that humans would be much better off if diseases didn't exist. And perhaps you'd be correct. However, our immune systems would also not exist; which would leave completely vulnerable to infection.

My point is, that maybe having a few minor (depending on your definition of minor) viruses floating around causes us to increase our security awareness (our immune sytem) so that we are less vulnerable to a really big nasty attack.

Re:Losers

[mi]

Ha! "If"... They do exist. And I'm glad the modern infrastructure is being hardened in response to this punks instead of remaining soft and collapsing from sudden hits by a truely hostile party (al'Qaeda, China, whatever).

They are like a vaccine, which causes the organism to develop anti-bodies, that will help fight real deceases.

Re:Losers

[GoodNicsTken]

That's where I think your completely wrong. I'm actually surprised more of the /. crowd doesn't agree with the following viewpoint:

Software flaws exist PERIOD. They always have and always will. What would you rather have:

1. A small group of 100 or so people (Govenrment, individuals, organized crime, etc) with the ability to log into your machine, do whatever they want to with it (Set up a kiddie porn ring, steal your identity, etc.)

2. A virus that exploits the flaw, disrupts computer networks forcing people to patch the flaw. (Many still don't, as Code Red is alive and well)

I'm all for #2. The flaws exist. Without viruses, then people would NOT patch there systems. When somebody relases a virus, they are saying, hey there's a problem here that needs immediate attention or just about anyone can take over your computer. These guys should be rewarded not punished. IMO they are performing a service letting everyone know of a flaw they discovered, and providing incentive to correct the flaw.

As computers become a bigger part of our everyday life, they are trusted more and more. I would be a lot more concerned in a world with no viruses, and computers that are generally considered "Secure." That puts the power to ruin someones life in the hands of a few.

Re:Losers

[rjelks]

That sounds a lot like Bill Gates argument on why Windows is the most secure operating system available. Not that I agree with Bill about windows, but you make a pretty good point. I don't see how something can be very secure without some real-world testing. Now if I could just get my coworkers to stop opening up every attatchment in their inboxes. :) -

Re:Losers

[jlechem]

Come on! How else are we going to keep all those anti-virus software companies in business? They have families and hookers to pay for!

Re:Losers

[subtillus]

virii are something else involving wierd little things... don't ask. the plural of virus is viruses. http://www.perl.com/language/misc/virus.html

Re:Losers

[AvitarX]

These people?

The typical Virus writer is not the typical malicious hacker.

Viirus writers let us say dumbasses when the Half Life 2 source code was stolen, and also let Valve have fair warning that they were being retards and should use a more secure system.

Virus writers let me know to avoid outlook like the plague and protect myself from someone malicious who may want to install a keystroke recorder on my computer to steal my credit card and social security number.

Crime for proffit will exist even if the crime for fun group did not. I am not defending virus writers though. We new about email worms for a while, we don't need to be pelted by them. Social engineering viruses are old hat too.

But the people who write the first widly propogating virus to exploit a particular thing to alert a lot of people to it that just would not care otherwise. And it probably does protect a lot of bad administrators from far worse.

Re:Losers

[IthnkImParanoid]

If the virus nukes the drive, the DDoS and/or backdoor is suddenly no longer effective. Computer viruses, unlike the biological kind, have a goal in mind in addition to mindless reproduction. If the point is to open a backdoor to allow spammers to use it, why kill off your host?

Re:Losers

[AshtangiMan]

The theme that viruses (virii?) ultimately improve computer security is flawed given the assumption that there is always a security hole somewhere. Just because you are aware of some holes and able to patch them doesn't mean that you are secure. With or without virii the situation is basically the same . . . there is always a hole ready to be exploited. On that note I think I'll unplug (&*@%(&* NO CARRIER

Re:Losers

[mindstrm]

You got it.

Really, what satisfaction would there be? The fun of it, and the only challenging part is making the sucker spread... making it do something like erase a disk or what is too easy.

Now.. some old dos viruses did more creative things, like watch the keyboard buffer for "ronald reagan" and immediately sieze the buffer and add "is an arsehole"... very funny when you are working in wordpefect or whatever

Re:Losers

[Woy]

I guess my initial reaction was fsck 'em. Fsck 'em all.

Yes, maybe fsck could unformat their drives.

Re:Losers

[nautical9]

That was my point in the original post - after it's resent itself to all the email addresses it has found, and basically has no other way to spread, it proceeds to nuke the system it's on.

In the case of service-exploit worms, then a time delay would be necessary. But I imagine something as short as 4 hours would still cause unheard of damage. CodeRed spread rather quickly: 250,000 in 9 hours, and that's only for machines running MS's SQL Server. If the exploit was in the OS, the spread could be a hundred or a thousand times that.

And it'd be tough for most people, especially laymen to react quickly enough - by the time they heard about it on the evening news, it'd likely be too late.

Re:Losers

[UserGoogol]

Well, you're looking at it from the wrong angle. Because they are so many weiners writing viruses, it makes it harder for a real jerk to make a really bad worm.

Re:Losers

[maxwell+demon]

conspiracy theory

Hmmm... that would give incentives for anti-virus software companies to write viruses, wouldn't it?

end conspiracy theory

Re:Losers

[Ironica]

I guess my initial reaction was fsck 'em. Fsck 'em all. However, it could be suggested that they have made corporations and governments aware of many intrinsic insecurities in certain popular operating systems which may have prevented some larger potential catastrophe.

In fact, in the article, it mentions that the guys interviewed normally send off the code to their latest creation to a batch of antivirus companies, so that new definitions can include it before some script-kiddie gets a hold of it.

Since we know there are virus writers out there who are *not* part of this community, and are writing viruses for far more nefarious purposes (see SoBig), sounds like these kids are doing us a big favor really. Maybe they'll find the vulnerability before the spammers and scammers do.

Re:Losers

[lonesome+phreak]

As of January 2nd, 2004 MS dropped support for Win 98. Write worms that exploit holes that will NEVER BE PATCHED BY MS.

bwahahahahaha.

It would seem that as of September 2002 (yeah, it's now 2004) around 77% of the planet uses Win 9X. Yes, you can still d/l old patches, but I don't think any new ones are being made.

Re:Losers

[transient]

By your own admission, we have neither. "Code Red is alive and well." So we have a virus that exploits the flaw, disrupts computer networks but evidently does not force people to patch the flaw.

Re:Losers

This "nothing is perfectly secure so it doesn't matter" idea is one of the most foolish concepts I see spouted on Slashdot. It's like saying "any house can be eventually be broken into, so there no point in locking your doors or having police". Just because it may still be possible, doesn't mean we should make it easy, and for all their sliminess, viruses do force vendors to close many of the more gaping security holes.

Otherwise hey, why not post all your personal passwords here on Slashdot - none of them are perfectly secure anyway right?

Re:Losers

[PsychoSlashDot]

If you consider computer security like the human immune system, then perhaps it may be seen that these people (while malicious) allow security to keep up with that hacks that can be done. If you kept a person in a bubble for twenty years and then promptly released him into the dirty, disease-ridden world he'd likely get sick and potentially die pretty quickly, as his body has no capacity to survive the world. However, with immunizations (i.e. intentional delivery of malicious agents in small doses, possibly on some schedule) and just general exposure to the germs in the world, most people have no problem surviving this world.

There's a simple problem with your viewpoint. Without the security-challenging input of these malware creators, there would be a corresponding reduction of the need for security efforts.

What you're really suggesting is that biochemists should be to some degree appreciated, because significant numbers of new, previously non-existing diseases and sicknesses will force us to spend more money and effort on immunology and cure-finding efforts. Um. Sorry, but I have to disagree with the wisdom of this.

Further, the assumption that good virus-prevention and reaction policies have significant impact on intrusion-detection and hijacking counter-efforts is... overzealous.

I do understand that many virii exploit one security flaw or another and that a good whack of MSBlaster has a decent likelihood of encouraging CompanyCo to patch their SQL server. What I don't understand is the suggestion that more relatively non-destructive virii result in less real-life data-compromising acts.

Final thought. With these worms and virii, a "hacker" doesn't have to do anything special to find a list of vulnerable sites/services. Log accesses to a web server of your choice... instant list of vulnerable web servers, each trying to hack YOU. With a simple firewall, it's EASY to find victims and exploit them. Without a virus out there, a port/IP scan would be required, which would leave traces.

Re:Losers

[Zeinfeld]

1. A small group of 100 or so people (Govenrment, individuals, organized crime, etc) with the ability to log into your machine, do whatever they want to with it (Set up a kiddie porn ring, steal your identity, etc.)

That is the sort of thing that black hat hackers tend to do anyway.

If you read the article you will see that the major source of exploits is the full disclosure type security forums. I am not saying full disclosure is entirely bad, just that the people writing viruses and worms are not telling the world it did not know anyway.

The guys (and they were mostly guys) in the article were describing using Visual Basic as the cutting edge of programming. One became recognized as elite because he worked out how to use multithreading. Like don't over-estimate the skills of these guys here.

The point about monoculture is made, but it is a crock. The original Moriss worm attacked multiple host types. There have been several cross platform worms. Microsoft is 90% of the machines out there, so if you write for any other platform you guarantee that your attacks will be an order of magnitude likely to succeed at each link.

x^y tends to infinity with increasing y if x>1 and to zero if x1.

Re:Losers

[YoJ]

Hey, these are kids learning about programming and computers! How can everyone be so hard on them? I think the analogy of graffiti is the most appropriate. Yes, it is illegal and bad, but it can be cool sometimes, and kids caught doing it should be reprimanded, not thrown in jail for 10 years.

Re:Losers

[ClosedSource]

Of course you're creating a hypothetical scenario without evidence to support your position. One could just as easily speculate that the existence of the clumsy virus has no effect whatsoever on protecting against the more subtle one.

So the choice could be between having just the subtle viruses or having both the clumsy and the subtle. I'd prefer the former to the latter.

Re:Losers

[SideShow_BLOB]

If I could break into my next door neighbor's house - on the premise that a flaw exists within his home security - should I be rewarded for it? Do not be so quick to glorify criminal behavior. Software flaws exist, yes. But to reveal them by breaching network security, unleashing mass-mailing worms, and exploiting buffer overflows in target systems is NOT a service to the community. On the other hand, creating and releasing the virus in a lab environment for the purpose of failure analysis is a worthy endeavor. But to cripple public systems? And implore that the writers of such crippling software be rewarded? Please, don't be such a dolt.

Re:Losers

[amorpheous]

Hmm, by the same token you should be walking around wearing a suit of armor while toting a fully automatic firearm because someone may run up to you with a knife and/or a baseball bat and show you how defective your skeleton or skin is. Bottom line is, if there were no virii there would be no need for those security patches.

Re:Losers

[radish]

They did, back in the old days. I'm thinking of the bootsector viruses, and exe-infectors. These frequently had payloads to format c: on Davinci's birthday or some such thing. The thing is, now most "infections" aren't from true viruses, but trojans or worms. They also usually have a purpose, which is often backdooring a box to use it as a spamrelay or something. So kill the box, you kill the reason for writing the worm in the first place. In fact, not only that, but if you do anything which looks interesting, you increase your chances of getting discovered, and removed. The best worms get in, stay quiet, and attempt to spread. I like to think of them less as viruses and more as parasites - organisms which depend on their host for their own existence, and so have it in their best interest to preserve it not kill it.

Re:Losers

[amorpheous]

Ok, I take that back, the absence of virii does not negate the need for security patches.

Re:Losers

[Josuah]

If you make the biological systems analogy, you will also have to acknowledge that a diverse operating system ecosystem is critical to the health and well being of things, especially as the Internet becomes more widely available. We need Linux, IRIX, Solaris, Windows, OS X and embedded OS's to maintain the health of things.

What we really need is for Linux, IRIX, Solaris, Windows, OS X, and embedded OS's to start fornicating with each other like crazy, "go forth and multiply", and let the best children survive, while leaving the weak to die. So, open up all your ports, send massive amounts of data between the systems, and fire your sysadmins.

Re:Losers

[GigsVT]

Would you be happy knowing you were the one that causes MS to have record sales of their Windows du jour, because all the Win9X people were suddenly forced to upgrade?

Re:Losers

[zangdesign]

When somebody relases a virus, they are saying, hey there's a problem here that needs immediate attention or just about anyone can take over your computer.

I disagree - instead of trying to fix the problem, they are exploiting it to cause damage, if not directly, then indirectly by releasing it to other with potentially lower or no ethics whatsoever.

It's kind of a double-edged sword. One the one hand, the work they do has admittedly beneficial side effects.

On the other hand, do you point out the flawed wiring in a theatre and hope that someone fixes it, or do you just wait until 100 people have died screaming in a burning building and then point it out as something to watch out for in the future?

My final thought is - these guys walk a very fine line, usually on the wrong side, and should be punished for wilfull damage to other's property. Preferably very harshly, because they certainly knew what they were doing.

Re:Losers

[barks]

I'm not sure I totally agree that they should be rewarded. Although I found your point suggesting to the laws of supply and demand applicable to virus writers.

The whole "security industry" is created b/c of virus writers (of and hackers, crackers, white hats, black hats, 3l33t g33ks, script kiddies, etc, etc.) just as that whole Y2K scare created a short and profittable industry for some. As long as there's terrorists and virsus writers out there someone is making money providing the warm blanket.

Re:Losers

[CitizenJohnJohn]

What muppet modded this insightful? If diseases didn't exist, then we wouldn't need immune systems, so we wouldn't be vulnerable to infection because there would be nothing to infect us.

The argument is destroyed by its own premise.

Learn to think, FFS.

Re:Losers

[jcuervo]

And then the typical media figure of $X billions just may be legit

If damages from something like that reach $X billion, the media will then begin to report it as $Y trillion.

Re:Losers

[foidulus]

There are also un-intended consequences of people who write viruses/worms whatever, even if they don't have a purposely malicious payload they can still cause some real havoc. Note in the article it mentioned something about 911 services having to resort to manual methods of tracking calls, a slower and error prone. What if the phone system were to have suffered? So a totally innocent person could have died as a result, not something that I would advocate.

Re:Losers

[rnelsonee]

I'll agree with you on your post, but there are still ways to cause widespread damage -- have the worm spread, and then attack on a certain date. As more and more of these stupid worms spread, virus writers will get an idea as to how long it takes for virus-detection people to get their hands on a good analysis of the source code once the virus hits the mainstream networks. Christ, most /. readers knew about MyDoom at least a day or two before it started to hit their inboxes, yet it took 5 days before news reports found the source and started saying it'll slow down Feb 12th. Virus writes can write a program that'll act like a worm for say, 10 days, and then start formatting drives. Heck, an idea I've always liked is to have worm poll news sites (CNN, BBC, MSN, etc.) for stories that mention the virus' own name, and then dynamically change the "doomsday" date based on number of instances.

Re:Losers

[BalaClavaChord]

These guys should be rewarded not punished. IMO they are performing a service letting everyone know of a flaw they discovered, and providing incentive to correct the flaw.

Please explain to me how they are providing a service when they create a virus that destroys all picture files on a graphic designer's computer and puts them out of work?

You are sadly naive. If these people were what you think they are, more virus' payloads would merely patch up the flaws they found rather than open ports for spammers and opportunists.

Re:Losers

[cyranoVR]

The guys (and they were mostly guys) in the article were describing using Visual Basic as the cutting edge of programming. One became recognized as elite because he worked out how to use multithreading. Like don't over-estimate the skills of these guys here.

I agree with your point that these guys are all losers etc. with amateur programming skillz - but keep in mind that it's a lot easier/funner to code - say - Outlook automation using Visual Basic than from, say C++.

Unlike other languages, VB was written specifically for Windows. So, if your goal is to mess with a Windows system, it's arguably your best choice.

Plus Microsoft provides all those great "Objects" that makes controlling somebody else's computer that much easier. Considering what you're doing (COM programming - blah) using C++ or whatever doesn't really give you that much of an advantage. Might as well just use VB

Also, VB let's you code "system hooks" that can do all sorts or tricky stuff via the Win32 API. So you can do key-logging, etc. too.

Re:Losers

[88Seconds]

Your logic is seriously flawed if you think virus writers are providing a service. More often than not they are exploiting a flaw someone else discovered, but has been prevented from making the general public aware of until the software provider has a fix available. This makes the software company look good, because they can say "Oh a problem was found with our product, but a fix is available from here (link to appropriate URL)."

In reality what they should be telling us is "Yeah we stuffed up and anyone could have used your computer for whatever purpose they wanted. We
were told about it months ago by these guys link to appropriate URL), but made them sign an NDA forbidding them from telling anyone else."

Re:Losers

[CodeBuster]

The goal of mnay virus writers these days is not simply to destroy your machine, but to transform it into a remote relay upon which they can execute arbitrary programs, monitor your activities, launch new attacks on third parties, and send spam. The benefits of a compromised machine that is fully functional far outweigh any desire on the part of the virus author to simply "nuke" your machine.

Re:Losers

[Talence]

Obviously, he assumed that a situation without diseases could turn into one with them. That is why it's better to have a trained (or existing) immune system than none at all. He then makes the analogy to the computer world where he says that having security threatened "a little bit" from time to time will result in better security by the time some real attackers start wanting to do damage.

I don't see the problem with understanding his point...?

Re:Losers

[judicar]

To take the analogy one more step to far.. In biology a virus or any other parasite that destroys it's host is considered a failure of the evolutionary process. So the analogy doesn't hold water.

Re:Losers

[lonesome+phreak]

I personally had nothing to do with it. I personally have never written anything that has infected a win 9x box in the wild.

And yes, if I was an anarchist, I would be happy. People upgrade to XP. XP Home edition supports (or at least did) full raw sockets. DDos'ing will be much more painful if and when these are fully utilized, since there is no longer any need to write your trojan to hack the OS itself to spoof the originating IP.

Re:Losers

[elemental23]

What would you rather have:

1. A small group of 100 or so people (Govenrment, individuals, organized crime, etc) with the ability to log into your machine, do whatever they want to with it (Set up a kiddie porn ring, steal your identity, etc.)

2. A virus that exploits the flaw, disrupts computer networks forcing people to patch the flaw. (Many still don't, as Code Red is alive and well)

False dichotomy. I'd prefer not to have either of your offered scenarios, but rather responsible disclosure (ala Bugtraq) which makes the flaws known (hopefully) without crackers and script kiddies exploiting them first. This method works every day; how many vulnerabilities are patched before worms come along to exploit them? How many vulnerabilities never have worms/exploits written for them because the patches become widely available in a timely fashion?

Re:Losers

[zangdesign]

If you should be accountable for your posts, shouldn't you be accountable for your moderation?

Yep.

NYTimes?

[selfabuse]

As this is slashdot, I haven't read the article, however, I find it very hard to believe that a mainstream news outlet would really describe this accurately. I mean, look at how bad the press tends to botch up tech stories on things that aren't "underground". Why would I trust that they know about things that aren't common knowledge, when they can't even get stories on simple tech issues correct?

Re:NYTimes?

[dekashizl]

Well if you RTFPOTA (Read The First Page Of The Article), as I just did, you can see that it appears to be more of a profile of some arbitrary individuals than an actual survey of the underground or anything grand and sweeping like that.

Re:NYTimes?

[selfabuse]

but why read the article when I could just read the post that you made that explains it all to me ;)

Re:NYTimes?

[elbarrio]

Actually, for the most part I was pretty impressed with how much they didn't screw up. Although, my expectations were prett low. I was expecting it to be like the screenplay of "Hackers" rewritten for the New York Times. Other than the use of the word "elite" (ugggh!) and maybe not quite 100% accurate on the definition of script kiddies, it was a fairly good read. That said, I can't say I learned all that much from it, but I think I and the rest of the slashdot crowd is a bit more knowledgeable on the topic.

Re:NYTimes?

[SoSueMe]

..becuse the post doesn't explain it all?
You're basing your opinion on someone else's opinion?
The article is 10 pages, you can comprehend that in a few lines?

Re:NYTimes?

[selfabuse]

Eh. It was an attempt at humor. Apparently it was unsuccessful.

Re:NYTimes?

[dekashizl]

I can write your name on a grain of rice, so don't you think I can boil the article down to a few lines?

Reporters..

[grub]

Whenever I read of a new virus or hear of one on the radio, I wish they'd start to hammer home the fact that 99.99% (wild number I pulled from my arse) of these affect Windows machines only. The ignorant masses just assume that viruses and worms are a way of life, they don't know that it's a way of life only if you use a certain OS.

Re:Reporters..

[chef_raekwon]

im a bit of a zealot myself - but in fairness to other OS', not particularly MS--if one was used as much as Windows is, I could be sure there would be many more viruses than currently exist, for say, Linux, currently.

Not the extent that exist for Windows, however.

Re:Reporters..

[1gkn1ght]

The problem is, how many people actually know that there is something out there other than a Mac and Windows? Once that word gets out, and more and more programs run on Linux, BSD, or another platform, people will start to notice that they can get away from the malware and the BSOD.

Re:Reporters..

[DR+SoB]

Do you realize that computer the computer virus was born much earlier then the invention known as WINDOWS? In fact the only reason that Windows is such a huge target is because of how many users there are, nothing more. There are PLENTY of Unix/Linux/BSD/DOS, etc. virus out there. The only OS I know of that doesn't have virus problems would be s/390, and z/OS (ibm mainframe). -=DR=-

Re:Reporters..

[GirTheRobot]

It's not so much the OS as the email client: *cough* Outbreak *cough*

Re:Reporters..

[grub]

but do not go believing that if no one ran windows the days of viruses would be finished.

Nowhere did I say that, nor did I say that all this malware runs only on Windows.

Re:Reporters..

[shamilton]

I have two Windows XP boxes which I use near continuously, and neither have ever had any sort of virus, trojan, worm, etc. One of those is completely without a firewall.

Not that I'm any sort of Windows zealot -- my two windows boxes are eclipsed by a dozen or so BSDs between home, work, and server room, which seem to require far more frequent security maintainence.

Re:Reporters..

[metlin]

You're right, most of these are kids who have just learnt programming on Windows. I'll quote from the article --


''This guy,'' he proclaimed, ''is the best at Visual Basic.''

In the virus underground, that's love. Visual Basic is a computer language popular among malware authors for its simplicity; Philet0ast3r has used it to create several of the two dozen viruses he's written.


This is the problem - back when I was a kid, I used to mess around with things like TSRs and assembly code to create things that had virus like behaviour to scare the crap out of my teachers in school.

These days, these kids just pick up an odd scripting language or two, or some easy language like VB and just do malicious code simply because its easy.

This is not programming or 'crazy skills' - its sheer adoloscence being shown in another way.

Instead, if they spent their time tinkering with the internals of a Linux Kernel or coding other cool stuff (like, Scene graphics programs, for instance!) it would be a much better use of their time and enthusiasm.

Re:Reporters..

[dubdays]

Yeah, and even then it's only a way of life if they click on all of these stupid attachments from "jim@aol.com". You know, the same people who enter their name in every email form known to man and wonder why they get spammed with all that penis enlargement crap.

Re:Reporters..

[JoeBaldwin]

Yes, but then if more people move to Linux/BSD/$PLATFORM, surely the virus writers will follow? I don't know how easy it would be to get KMail to install a KPart that kills random processes or something, but I'm sure that even the least inclined of kiddies could hack together something, and frankly I don't much care, but once the Linux desktop reaches critical mass there will be virus writers following.

Re:Reporters..

[freshman_a]

"...the fact that 99.99% (wild number I pulled from my arse) of these affect Windows machines only."

I agree and I think this point is nicely illustrated by the lines in the article "This guy,'' he proclaimed, ''is the best at Visual Basic" and "Visual Basic is a computer language popular among malware authors..."

Can't remember the last time VB code ran on my Linux box... :-)

Re:Reporters..

[The+Evil+Couch]

yes and no. I think the vast majority of the issues we run into with windows users is that the bulk of them are careless.

these kinds of people won't recompile their kernel, will run everything as root, and will click the hell out of Britney_Spears_Naked_Rootkit.AVI.RPM

the only thing that switching them from windows to linux is going to do is increase the stability of the DDoS zombies.

Re:Reporters..

[DR+SoB]

"or are you just being another Microsoft apologist?" I'd say no, considering I was actually backing up IBM's OS's (and they support Linux btw..) "Care to back that up with some links" Sure if you don't know how to use a search engine on your own: Unix Links: http://antivirus.about.com/cs/unixthreats/ http://www.viruslist.com/eng/viruslist.html?id=303 3 This one is the best: http://www.users.qwest.net/~eballen1/virefs.html BSD Links: http://vil.nai.com/vil/content/v_99539.htm And I'm not even going to bother with DOS links, if you don't think DOS had it's share, you know absolutely nothing. "Worms, as in the ones that ravage the net, are almost an entirely Microsoft phenomena" LOL, That's only because most of the computers on the net run windows.. Back in the day your statement would have been true if you replaced the word WIndows with "DNS" (or BIND). But hey, I guess since you use Linux you must know everything right? Get a mainframe or get the f$@ out of here. Who's the moron now?? :p =\DR/=

Re:Reporters..

[DR+SoB]

Mod - I realize you probably hate windows and all, I was just pointing out some facts. Notice that I stuck up for IBM - That has to count for something! lol..

Re:Reporters..

[elbarrio]

And I quote: "(By relying so exclusively on Microsoft products, virus authors say, we have created a digital monoculture, a dangerous thinning of the Internet's gene pool.)" Page 4 of the article. I think you can imagine your own RTF... acronmym without me writing it.

Re:Reporters..

[0WaitState]

Ok, then where are the 4% of viruses for Apple?

Re:Reporters..

apache is 2/3s of the webservers last i heard, and according to port 80 requests, i would guess code red and nimda each have more machines still then any linux virus i've heard of peak at.

could you explain how that fits into the MS is the major OS, MS is the major desktop OS, but even in the OS server arena it still has more viruses.

Re:Reporters..

[zhevek]

This is absolutely true. For example, back in the late 80's and early 90's when apple did have a significant amount of marketshare, I would get viruses sometimes on my Mac 512 and Mac SE. They were no where near as destructive as they are now to others, but they could do nasty things to the computer that they infected.

Btw, I always seemed to get them through shared disks of games, etc.

Re:Reporters..

[DR+SoB]

Your post speaks a lot of truth! "Instead, if they spent their time tinkering with the internals of a Linux Kernel or coding other cool stuff (like, Scene graphics programs, for instance!) it would be a much better use of their time and enthusiasm." The reason is simple, they can get the information more readily on VB then the linux kernal. The information needs to be out there, easy to find, and there have to be people willing to learn. One thing that seperates these "kids" from us "adults" is the way they share information with each other, and don't give a crap about money.

Re:Reporters..

[costas]

OTOH, Windows doesn't have that many remote root exploits either... when you cannot get a shell prompt on a remote Windows machine, installing a bot to do your bidding is the only possible alternative. Linux machines are much more useful targets themselves; thankfully distros have fixed a lot of issues with default installs in the past few years.

Re:Reporters..

[MikeMo]

This is bull$hit. I'm so tired of hearing it.

Here are a couple links you may want to look into if you really want to understand this.

http://www.baltimoresun.com/technology/custom/pl ug gedin/bal-mac082803,0,1353478.column

and

http://www.nytimes.com/2003/09/18/technology/cir cu its/18POGUE-EMAIL.html?ex=1076216400&en=0e19cf89d7 cd31bc&ei=5070

Re:Reporters..

[Deitheres]

I think what it ultimately comes down to is lack of knowledge-- this mainly affects windows users at this point, although the more "user friendly" and mainstream alternative OSes (which may soon become a misnomer) become they too will have to deal with incompetent users. I am over at my uncles house bare minimum once a month wiping a virus from his system. Runs WinXP and has Norton AV... BUT he does not keep things updated. His virus defs are always old and god-forbid if he installed a windows update every now and then.

Tell someone to disable a windows service, and they will look at you cross-eyed. I will admit, I run WinXP on my PC because of my wife, and I am pretty adept at system maintenance (not quite so much with Linux anymore unfortunately) but I would feel insecure (pardon the wording) about securing a Linux box at this point. Can you imagine Joe User trying to disable services on a Linux PC? With the GUIs, it's about as easy now as it is for XP, but that is exactly my point-- your average user is completely clueless even with Windows.

The problem of the OS being used is a secondary problem, the main problem lies (or sits in this case) between the chair and the keyboard.

Re:Reporters..

[DR+SoB]

Well I guess that makes you sub-moron.. You need to indent new paragraphs. And as for using proper grammer and spelling, can you point me to the dictionary definition of "sub-moron".. Also, maybe you'd be so kind as to highlight my spelling errors? And for that matter any grammer errors? Just looking at my post the only thing I noticed was not creating proper paragraphs, which seems to be your issue as well... At least I don't double-space everything..

Re:Reporters..

[Strudelkugel]

affect Windows machines only

Well, MyDoom should be an eye-opener for you then. It proved (not that there should have been any doubt) that the problem of viruses is truly OS independent. Think about it: The virus shows up as a zip file which the user has to open. Then the user has to execute the payload. In other words, the social engineering was the key, not the OS. What's to prevent a Linux user running as *cough*Lindows*cough* root from being affected the same way? An Apple user? Nothing. Don't say they wouldn't be root, because a Windows box properly configured wouldn't have this problem, either. Now we are back to social engineering.

Guess what, Linux has a reputation of being secure, so users will probably be given a false sense of security as well. Who knows, this might make home Linux desktops more vulnerable.

Re:Reporters..

[!3ren]

...until you got Mono

Re:Reporters..

Sure, if Linux had the market share that Windows has, there'd be more viruses for it. But they wouldn't be as prevelant or destructive.

Why? Because nearly everyone reading their mail on a Windows box is doing it with the equiv of root permission.

Click on a linux virus attachment (one, it won't execute since that an Outlook feature) and the worst you can do is delete your home directory.

Re:Reporters..

[scifience]

An Apple computer can't execute Windows code unless you are using VirtualPC, which is essentially Windows anyway. On a Mac, it would not be as simple as just clicking on the file, and on many (most?) Macs, there is no VirtualPC, so while the .zip file could be opened, the malicious contents would do nothing.

Re:Reporters..

[Jzanu]

Perhaps necessary to clear away useless arguments to provide path to resolution of issue. Supposition alone on either view, that popularity with secure or insecure OS will result in equal or proportional viruses or that viruses of one when popular will be replaced with those of equal effect, is useless. Requirement is of information, not supposition or statements of 'this is as reality provides by example of one' applied to other. Lacking statistics on relation of vulnerability of systems, popularity of systems, and proficiency of users of systems, again not supposition but, despite damned lies of nature, statistics of a given specific area and population. Provided this, solution is possible finally; though, again, only in that specific area and with that population. This is valid only insofar as others recognize that a general statement is by nature inaccurate to a degree and a specific statement is limited in scope and application in this area of exploits resulting from a combination of user and production errors.

Re:Reporters..

[Kenja]

"I have two Windows XP boxes which I use near continuously, and neither have ever had any sort of virus, trojan, worm, etc. One of those is completely without a firewall."

Correction. They have no virus, trojan, worm, etc that you know of. And of course you would have no way of knowing because you dont run a firewall or antivirus. For all you know your sending out tons of email and infecting other systems. Do us all a favor, turn on the freakin firewall. It came free with the OS if your too cheap to buy a hardware solution.

Re:Reporters..

[letdownjournals]

Instead, if they spent their time tinkering with the internals of a Linux Kernel or coding other cool stuff (like, Scene graphics programs, for instance!) it would be a much better use of their time and enthusiasm.

So would enrolling them in midnight basketball leagues.

If there's one thing that's ingrained in the hard coding of teenagers, particularly boys with antisocial leanings, it's that they don't and won't use whatever skills they have in their own best interests. Writing malicious code is the equivalent of throwing a cherry bomb in the toilet or keying random cars in the parking lot. Luckily, most of us grow out of this phase...

Re:Reporters..

[Tim+C]

He meant that the attack vector, of persuading the user to save the zip file, open it, and execute the contents, would work regardless of OS, because it's not exploiting a hole or bug in the OS.

Obviously *this exact one* wouldn't work - but you could easily write a Linux or OSX (or BSD, AmigaOS, etc) one using the same vector, and people would run it.

Re:Reporters..

[npsimons]

if one was used as much as Windows is, I could be sure there would be many more viruses than currently exist, for say, Linux, currently.

That, sir, is a fallacy. There is no hard evidence to support that claim, and there probably never will be. As a counterpoint, however, consider how many web servers run Linux and Apache versus how many run Windows and IIS. Then consider how many worms and security holes there are for those respective platforms.

Re:Reporters..

[Reziac]

Kids who feel like "outsiders" don't WANT to tinker with useful stuff like the linux kernel. Their goal is more like a gradeschooler shouting "I'll show you!!" at a bigger kid who just gave them a shove. That usually means "I'll hurt you", not "I'll do something better than you can".

I agree it's a sad waste of talent, but once someone goes down that path, I'm not sure I *want* their talent, as I can no longer trust them not to use it maliciously if they feel wronged.

Re:Reporters..

What's to prevent a Linux user running as *cough*Lindows*cough* root from being affected the same way?

Easy. There are no Linux email clients that I know of that allow you to execute a binary or script directly from the client. You have to save it, then set the executable bit, then run it. In Windows, there's no separation because an executable and a document. You interact with both the same way (double-click), there is no executable bit, and even a Word document can contain a macro virus.

a Windows box properly configured wouldn't have this problem, either

Really? How easy is it to disallow running an arbitrary executable on a Windows box? If it's so easy to configure a Windows machine to give immunity to any such virus, how come more admins haven't done so? It's impossible to lock down a Windows machine enough to prevent a virus like this while still allowing users enough admin rights to do daily work.

In short, yes, it is a social-engineering problem, but good computer-engineering can and does reduce vulnerability to user behavior.

Re:Reporters..

[Mad_Rain]

Dude. Why don't you just scream out "Sum1 plz h4x0r m3!!!1!" if you want that kind of attention? ;)

Re:Reporters..

[shamilton]

"And of course you would have no way of knowing because you dont run a firewall or antivirus."

It is fairly evident when somebody is "sending out tons of email and infecting other systems." See, the conversation goes something like this:

"Gee, the T1 is saturated. Have a look at the traffic on the router."
"Strange. A box appears to be sending out tons of email and infecting other systems."

or perhaps

"I was watching the traffic on the router for unrelated reasons, and happened to notice your IP address was sending out tons of email and infecting other systems."

or maybe even

"My computer seems to be running unexplained processes, threads, or services. Perhaps the purpose of those services is to send out tons of email and infect other systems."

As for a firewall, what would it accomplish? I've disabled all services I am not using, and I wouldn't want to firewall out the services which I am. Why firewall out packets which my OS throws away anyways?

Just because you can't administrate Windows competently (as indicated by your "have no way of knowing" line) doesn't mean that I can't.

clue->get();

Re:Reporters..

[CAIMLAS]

Er, lindows? As root?

Try Debian, Mandrake, Solaris, MacOS X, RedHat, or *BSD, as a normal user.

You don't need root privileges to check for email.

MyDoom is simply a result of way too many people using computers that should not be.

Re:Reporters..

[Chris_Jefferson]

Where exactly does he say he doesn't run anti-virus software? I am in the same situation. One windows XP machine, one windows 2000. I install all the automatically downloaded patches, run the free AVG virus checker, and have never seen a virus except as attachments to emails I would never run.

Re:Reporters..

[myg]

Honestly, I don't see why e-mail has files in it. Sorry, but I grew up in the days of e-mail being a message transfer service, not a file transfer service.

If the people who write e-mail clients would simply not allow file attachments and certainly not allow them to be executed we'd be fine -- reguardless of OS.

Reall, what we need though is a compartmentalization feature. Where an execution environment can control another and so on -- each time stripping (but never adding) priviledges.

So an e-mail client can give up lots of rights and then, if it is so desired that something in the e-mail be executed it can be executed under a more restrictive environment. Programmers can't seem to get this right though.

Think of something like the Java sandbox but even more anal. Thats the only thing that should ever do anything with a file from an e-mail.

Or you can do what I do: read e-mail with PINE and keep up to date with patches and turn off HTML support and anything automatic. There is simply no way for a virus to infect my system; even if you know my OS and specifically try to target me.

Re:Reporters..

[Chester+K]

As a counterpoint, however, consider how many web servers run Linux and Apache versus how many run Windows and IIS. Then consider how many worms and security holes there are for those respective platforms.

That's comparing apples and oranges. Consider how much IIS does compared to how much Apache does:

Apache is a web server. That's all.

IIS is a web server, an FTP server, a name server, a network printer server, a document sharing server, and many, many other things.

If you were to take Apache, wuftpd, BIND, and all the other most popular open source software packages to build a comparable set of services, you'd find just as many, if not more security vulnerabilities compared to IIS.

In fact, very few IIS security vulnerabilities have had to do with it's standard web server functionality -- the most notable that did was a ".." directory escaping vulnerability, and Apache's had its own share of those too.

Re:Reporters..

[JamesP]

"'This guy,'' he proclaimed, ''is the best at Visual Basic.''

WHAT?!WHAT?!WHAT?!WHAT?!WHAT?!WHAT?!

I thought he just offended the guy...

C'Mon Visual Basic virus??? How lame can that BE!

Re:Reporters..

[Mistshadow2k4]

Um, excuse me, everyone seems to be forgetting that the entire internet was based on, and is still dominated by, 'nix systems, including Unix, Linux, and BSD. If Unix, and similar OSes, were even half as vulnerable to viruses as even a Windows server the internet would have been pretty much unusable, and would probably still be today. Unix was the only internet server for a long time, so why weren't there hundreds or thoudands of Unix viruses? Because it was coded better, just the same as Linux and BSD are now.

Re:Reporters..

[metlin]

Thats why I said time and enthusiasm -- not intellect! :)

Re:Reporters..

[jred]

Depending on the version (most NT based systems can), you can currently lock down a MS Windows system that securely. If you want, you can make it so a user can only run specific apps. You can even restrict them from running Explorer (not IE), and making their only allowed program the shell.

It's a bitch, and you have to really work on it, but it can be done. It's just that no one does it, it's too much of a pain in the ass most of the time.

Re:Reporters..

[LittleBigLui]

evil feature creep. makes poor IIS so vulnerable. bad, bad feature creep.

this helps prove...

[tsunamifirestorm]

my theory that the most dangerous people are people who are bored.

Re:this helps prove...

[grasshoppa]

Not your theory...

"Idle hands are the devil's playground" or something like that.

Re:this helps prove...

[Dracolytch]

Idle hands are the devil's workshop is a very old saying which proves (religious conotations aside) that you are not alone in this belief.

~D

Re:this helps prove...

[dekashizl]

my theory that the most dangerous people are people who are bored.

Yes, how else could the Slashdot effect be so devastating, if not for millions of bored nerds looking for something to click on?

Re:this helps prove...

[El]

No, the most dangerous people in the world are the ones that have nothing to lose. These people are just delusional -- they think they are not going to lose anything because they are too smart to get caught, but in fact they are merely self-destructive.

Re:this helps prove...

[nickh01uk]

Does anyone else think that viruses and worms will take on a more 'political' slant? Or at least more focused in their intent. The original WANK worm claimed an anti nuclear motivation, then came Bugbear and its list of banks, MyDoom brought payback for SCO and Microsoft... I'm quite surprised we have not yet seen a 'Jihad', 'anti globalisation' or 'green' worm or virus attack so far. Any group that sometimes takes direct action perhaps.

I've been working on a presentation discussing this here (warning 500Kb powerpoint!).

My money is on the anti-global guys stepping up first.

Re:this helps prove...

[ThomK]

Don't you mean: 'idle hands are the devil's playground?'

Interesting quote from the article

We questioned them why they decided to write malicious software. "I don't know," one of them responded, "the best reason I have is that it actually got me laid once or twice."

Re:Interesting quote from the article

And there was me thinking they don't live in a fantasy world.

Re:Interesting quote from the article

[xankar]

We questioned them why they decided to write malicious software. "I don't know," one of them responded, "the best reason I have is that it actually got me laid once or twice."


More proof that girls like assholes.

Re:Interesting quote from the article

[xankar]

That's positive thinking for you!

Don't you mean HIV positive thinking?

Virus

[SirChris]

I wonder if more code contests would stop the number of virus writers. How many virus writers are just people who can program, but want it know they are good. Maybe some other outlet of demonstrating their talent would prevent them from "needing" to demonstrate it another way, such as a virus.

Re:Virus

[dtfinch]

It doesn't take much skill to write an email virus.

Re:Virus

[cj79]

This wouldn't help. They'd enter contests, undoubtedly lose (not win), and then feel the need to justify their coding 'talents' in another way. And we're right back at virus-writing.

Re:Virus

[Lifewish]

You're missing the point. They're after a feeling of power. Hell, I don't know many decent programmers who couldn't poison an ARP cache or at least try the most basic SQL injection techniques. The difference is: we build; they break. Where we get our kicks from having the power available if we wanted, they don't stop there and don't worry about the consequences. Geeks tend to be more self-controlled.

Re:Virus

[Tin+Foil+Hat]

It's also an interesting way for a company to get some high quality code very quickly for relatively little money. You get *all* of the code, but only have to pay one developer a moderate cash prize. A few weeks more of polishing in the code shop and you could have a nice program for practically nothing.

Virus writers...

[NightWulf]

Are for the time being usually kids just looking for a little attention. They're the computer geek version of the guys who soup up cars, or join the varsity team. They believe that is the way for them to make their mark. The real worry is when you start having government funded virus writers. When someone from china or russia or the middle east are writing virus to shut down systems or create havok for the intent to kill, or bring down defenses for an invasion or terrorist act. Think about what could happen if there's a standoff in taiwan or such and the chinese figure out a way to infect the navy systems with a virus, leaving our fleet defenseless off chinese shores, etc.

Re:Virus writers...

[Uber+Banker]

The real worry is when you start having government funded virus writers.

Don't worry, the US is years ahead in terms of 'electronic counter measures'.

Re:Virus writers...

[Westech]

This gives credibility to the earlier post that stated that virus writers were actually helping by exposing vulnerabilities in code.

Re:Virus writers...

[pangian]

The real worry is when you start having government funded virus writers.

Or even worse: virus writers who are funded by spammers write worms that harvest email addresses or turn innocent computers into spam proxy servers...

...oh wait. That's already happening. And its likely a boom market.

Re:Virus writers...

[rampant+mac]

"They're the computer geek version of the guys who soup up cars, or join the varsity team."

Yeah, except those guys guys get laid for their heroics / infamy.

Re:Virus writers...

[qtp]

Are for the time being usually kids just looking for a little attention.

The ones who get interviewed for the annual "virus underground" stories certainly are, but the rest are usually kids (and adults) who like seeing if something will work. We probably never even notice thweir work, as it usually is designed to not draw attention to itself, and has no payload other than for tracking its progress.

They're the computer geek version of the guys who soup up cars,

No, the computer geek version of the motorheads are the overclockers.

or join the varsity team.

msce.

the rest of your post is just alarmist BS, much like the crap being spread shortly after the AT&T crash of 1990. Keep spreading that shit and the same folk who brought us the patriot act will be collecting fees for your CS license and checking your background for your clearance to use a compiler.

What happens when...

[jfdawes]

Like a lot of virus writers, this guy is a bored teenager ... 50 years ago he would have been out vandalising his school. In somewhere between 20 and 50 years he'll have access to nanotechnology.

Format C: ? Overwrite every file? How about rebuild your washing machine so it suddenly appreciates the taste of "cat" and has the capability of acting out it's amorous feelings for your central heating.

Re:What happens when...

[Grrr]

Sure, it's funny when it's somebody else's cat.

Wow. Nanotech script kiddies. I never thought of that... and I'm glad you posted it. Good one.

<grrr>

NYT Random Login Generator

NYT Random Login Generator

http://www.majcher.com/nytview.html

Re:NYT Random Login Generator

[Charles+Dart]

This no longer works, from the site;
It looks like the New York Times has gotten somewhat wise to the shenanigans going on here

the NYT Dark Overlords prevail again.

Article Text

The Virus Underground
By CLIVE THOMPSON

Published: February 8, 2004

his is how easy it has become.

Mario stubs out his cigarette and sits down at the desk in his bedroom. He pops into his laptop the CD of Iron Maiden's ''Number of the Beast,'' his latest favorite album. ''I really like it,'' he says. ''My girlfriend bought it for me.'' He gestures to the 15-year-old girl with straight dark hair lounging on his neatly made bed, and she throws back a shy smile. Mario, 16, is a secondary-school student in a small town in the foothills of southern Austria. (He didn't want me to use his last name.) His shiny shoulder-length hair covers half his face and his sleepy green eyes, making him look like a very young, languid Mick Jagger. On his wall he has an enormous poster of Anna Kournikova -- which, he admits sheepishly, his girlfriend is not thrilled about. Downstairs, his mother is cleaning up after dinner. She isn't thrilled these days, either. But what bothers her isn't Mario's poster. It's his hobby.

When Mario is bored -- and out here in the countryside, surrounded by soaring snowcapped mountains and little else, he's bored a lot -- he likes to sit at his laptop and create computer viruses and worms. Online, he goes by the name Second Part to Hell, and he has written more than 150 examples of what computer experts call ''malware'': tiny programs that exist solely to self-replicate, infecting computers hooked up to the Internet. Sometimes these programs cause damage, and sometimes they don't. Mario says he prefers to create viruses that don't intentionally wreck data, because simple destruction is too easy. ''Anyone can rewrite a hard drive with one or two lines of code,'' he says. ''It makes no sense. It's really lame.'' Besides which, it's mean, he says, and he likes to be friendly.

But still -- just to see if he could do it -- a year ago he created a rather dangerous tool: a program that autogenerates viruses. It's called a Batch Trojan Generator, and anyone can download it freely from Mario's Web site. With a few simple mouse clicks, you can use the tool to create your own malicious ''Trojan horse.'' Like its ancient namesake, a Trojan virus arrives in someone's e-mail looking like a gift, a JPEG picture or a video, for example, but actually bearing dangerous cargo.

Mario starts up the tool to show me how it works. A little box appears on his laptop screen, politely asking me to name my Trojan. I call it the ''Clive'' virus. Then it asks me what I'd like the virus to do. Shall the Trojan Horse format drive C:? Yes, I click. Shall the Trojan Horse overwrite every file? Yes. It asks me if I'd like to have the virus activate the next time the computer is restarted, and I say yes again.

Then it's done. The generator spits out the virus onto Mario's hard drive, a tiny 3k file. Mario's generator also displays a stern notice warning that spreading your creation is illegal. The generator, he says, is just for educational purposes, a way to help curious programmers learn how Trojans work.

But of course I could ignore that advice. I could give this virus an enticing name, like ''britney--spears--wedding--clip.mpeg,'' to fool people into thinking it's a video. If I were to e-mail it to a victim, and if he clicked on it -- and didn't have up-to-date antivirus software, which many people don't -- then disaster would strike his computer. The virus would activate. It would quietly reach into the victim's Microsoft Windows operating system and insert new commands telling the computer to erase its own hard drive. The next time the victim started up his computer, the machine would find those new commands, assume they were part of the normal Windows operating system and guilelessly follow them. Poof: everything on his hard drive would vanish -- e-mail, pictures, documents, games.

I've never contemplated writing a virus before. Even if I had, I wouldn't have known how to do it. But thanks to a teenager in Austria, it took me less than a minute to master the art.

Mario drags the virus over to the trash bin on his computer's desktop and discards it. ''I don't think we should touch that,'' he says hastily.

Re:Article Text

[DR+SoB]

Thanks for posting the full article! So it's a BATCH FILE generator they are getting worked up about? LOL! Try running a search for "Virus Creation Laboratories" or "VCL", and you will see a tool that has been around since the EARLY 1990's that does a MUCH better job then a batch file creator. You can actually pick from a variety of languages and it will auto-generate the code. (is it really good to post this stuff on /. anyways? I shudder thinking of how many script kiddies are probably reading this!). A batch file Trojan, btw, is NOT a computer virus.

Re:Article Text

[madpierre]

Iron Maiden fan has neatly made bed *and* a girlfriend.

Am I the only one who finds this hard to believe?

Re:Article Text

[pclminion]

This is insightful?

It doesn't say "Batch File Virus," it says "Batch Trojan Generator." You are aware that the term "batch" is far, far older than its usage in the Microsoft world, right?

In general, the term "batch" refers to a scriptable process which runs over a large data set without operator intervention. On DOS, it refers to a "batch" of commands to be run automatically. In this case, it clearly refers to the mass-production of viruses with different characteristics "in batches." It doesn't mean the output is a .BAT file, for crissake!

Re:Article Text

[maxwell+demon]

He pops into his laptop the CD of Iron Maiden's ''Number of the Beast,'' his latest favorite album. ''I really like it,'' he says. ''My girlfriend bought it for me.''

Ah, now we know: People who listen to legally purchased music are those people who damage the net through virii, worms and trojans! :-)

Re:Article Text

[Ironica]

Thanks for posting the full article! So it's a BATCH FILE generator they are getting worked up about?

Uh, he didn't post the full article, he posted the first page (1 of 10).

It's a pretty interesting article. They talk about a lot of different aspects of this particular community of virus writers. It's not what you might think of... these guys actually send their code off to antivirus companies (in addition to publishing it on their websites, but anyway).

Best Quote

[JohnGrahamCumming]

(Philet0ast3r is an online handle; he didn't want me to use his name.)

Really? I mean I could have sworn that Philet0ast3r was a real name. Are you sure he isn't the son of the l33t3st parents in Europe: C4ptainKaos and S3xyH3xy?

John.

Re:Best Quote

[bangular]

Even better quote...

''This guy,'' he proclaimed, ''is the best at Visual Basic.'

The funny thing is, in some circles this is considered a good thing.

It's not underground...

[Dave21212]

I mean, seriously, once it hits the NYT magazine, it's not so much an underground item. I'm sure the article is interesting but it's the nature of underground "sports" that you can never really know exactly who and what is going on.

One of my favorite phrases is, "There are no Famous Hackers" meaning simply, that the famous "super-genuius-crackers" in the news who get caught aren't really all that smart are they ?

(I read it anyway, surprised to hear that one of my favorite bands is still popular ;)

It goes both sides

[Geoffd1]

I won't say where or whom, but there are some virus writers that work for major software corporations - not for writing AV software, but rather to put out viruses to punish software pirates. If Joe Blow stops worrying about viruses, after all, there's going to be a lot more 'liberated' software floating around.

We have enough problems with street crimes

[MonkeysKickAss]

I just cant see why people need hurt others using computers we alreadyt have enough drime on the streets, and we can't even deal with all of it. So why do people just destroy other people's computers with viruses and things of that sorce in the future we are going to need internet police that just track where viruses started out and charge these people with malicious destruction of property, or that crackers should be charged with breaking and entering. I just cant see why they have to hurt people and why they cant create things to hack into or have a hacking pparty where they can have people build up secure networks and see who can hack into it first and things like that.

While they were there...

[l0ungeb0y]

"...It's titled The Virus Underground, and it takes a look at the world of malware scripters, virus writers and worm designers."

I'm wondering if they bothered to take down the scripters home addresses, email address and phone number so we know where to send our tribulations of eternal gratitude?

Re:While they were there...

[The+Evil+Couch]

nah. they left it as "an exercise for the reader":

Mario, a k a Second Part to Hell, Austrian virus writer.
Benny, Czech Republic. 21-year-old master of malware and member of the international virus-writing group 29A.
Stephen Mathieson, Detroit. The 16-year-old virus writer is dismissive of hackers who release other people's viruses: "The kids just cut and paste."

Recommended Reading

[nil5]

I would also recommend the title by the same author, "The Troll Underground", which highlights the life of the Slashdot troll

Re:Recommended Reading

[m0rph3us0]

Why cant i have mod points today?

A Virus ate my day's work.

Someone infected my computer with a virus that deleted any file that I updated in the last twenty-four hours.
Slashdot? Nope, haven't heard of it. 3000 hits in the last week? The virus did it.

Re:A Virus ate my day's work.

[Thud457]

My friend told his wife that 3vil h2xx0rz must have put all that pr0n on his machine.

She beleived him.

Lots.

[bludstone]

After the IBM superbowl commercials? Id say several million.

Re:Lots.

[garcia]

while we thought that the IBM commercials were cool my non-geek friends just said "what the fuck was that?"

They aren't into 2001: and they certainly aren't into watching someone watch TV while a near braindead boxer says 5 words. Perhaps if they used Rupert or one of the whores from the Bachelorette to promote Linux they would have had their attention.

Re:Lots.

[back_pages]

Yeah, true, but the IBM commercials are for enterprise products, not home user desktop computing products. People are still largely ignorant of that side of linux.

I once let some kids into the CS lab when I was an undergrad and they ran over to the login screen. When the realized that their Windows names/passwords didn't work, one of them got a very superior tone and said, "Oh yeah, these computers SUCK! The CS department does everything in DOS!" The login screen said, "Welcome to Redhat Linux 7.0". Totally ignorant.

Re:Lots.

[bludstone]

Thats brilliant.

How about some models that hold a tux plush between their breasts and say "linux, coming soon to a desktop near you."

What do you say IBM? That'll get people's attention.

Re:Lots.

[sulli]

No doubt. I mean, Muhammad Ali is The Greatest and all, but he is a terrible spokesman. (Remember when Gil Amelio rolled him out at Macworld, just before he was fired?) Get someone who is intelligible and we might have something.

Re:Lots.

[OglinTatas]

I don't see how an autistic linux child is much of a sales pitch.

Re:Lots.

[rynthetyn]

After the IBM superbowl commercials? Id say several million.

Yeah, but millions of people also saw the OS2 commercials, and we all know how well that's done. The problem is that IBM's commercials are too artsy and esoteric, and joe sixpack isn't going to buy artsy and esoteric.

indeed

[mix_master_mike]

Here's the kiddies website: http://www.geocities.com/spth666/main.htm

Re:indeed

[tvh2k]

The web site you are trying to access has exceeded its allocated data transfer...

Google Cache

Anyone with an actual mirror?

Re:indeed

[imbaczek]

Scary. Slashdotted already.

Re:indeed

[fbform]

This is what happened when I visited that Geocities page:

VirusScan Message: Virus Alert!
Date and Time: blah blah blah
Pathname: blah blah blah
Detected As: Bt.ow/btg
State: Deleted

These two lines in the HTML source are responsible:

<script>var d='spth.de.vu';</script>
<script src="http://68698685.statistiq.com/68698685.js"></ script>

Anyway, just a friendly warning to those on Windows machines without any antivirus program: Don't visit the site!

Re:indeed

[Danga]

Watch out! That webpage has a trojan, bt.ow/btg. Thats pretty funny, glad I had my AV software running though!

Re:indeed

[mix_master_mike]

Son of a bitch - I clicked my own link on my windows computer to see the traffic allocation error that geocites gives and went to the site -- Norton AV didn't see any virii... is there something bad on the site??

Umnm

[stratjakt]

Then it asks me what I'd like the virus to do. Shall the Trojan Horse format drive C:? Yes, I click. Shall the Trojan Horse overwrite every file? Yes. It asks me if I'd like to have the virus activate the next time the computer is restarted, and I say yes again.

Umm, once you answer yes to the first question, are the rest not redundant?

Re:Umnm

[Deathlok's+Bear]

High-level formatting a drive doesn't actually overwrite the information on the drive, just makes it inaccessible (and sets up the basic file structures, etc). In theory it is possible to recover data from the drive.

If you overwrote every file (with random data or 0's) it'd make recovering the drive impossible.

Master?

[sperling]

But thanks to a teenager in Austria, it took me less than a minute to master the art.

The author's obviously as clueless as any nontechie trying to explain or master anything technical. Such a trojan creator could be created in an hour by any competent programmer. The existing virus underground would fall over laughing if anyone dared claiming knowledge or skill after using or creating this tool.

Re:Master?

[bangular]

I agree. Viruses are not hard to write. Espically the ones discussed in the article. It's really amauter hour. A virus (the type discussed in the article anyway) is just a program. The ones talking about in the article run just like any other legit program and require less skill to make one than a real program.

The REAL masters are those who find _new_ things. The MIT student who broke the xbox encryption with a belt sander. The ones whom run a program hundreds of times through gdb to find exploits. The ones who write a backdoor that can evade port scanners. Those are the real masters of the art. These are bored kids. They can come back to me when they've got the craftsmanship of a group like tcniso.

Any of them named "Andy"?

[El]

I hear finding the right one could be worth up to $500,000 now...

Heh..

[stratjakt]

It also carried a nasty payload: it reprogrammed victim computers to attack the Web site of SCO, a software firm vilified by geeks in the ''open source'' software community

In one sentence the blame for malware an everything bad on the internet is layed squarely at the feet of your grandiose "movement".

Avoiding Windows email viruses with Mozilla Mail

[paj1234]

I have written a how-to about using Mozilla Mail to avoid Windows viruses. I hope it's useful, please have a look. I'd appreciate any feedback.

http://www.pjls16812.pwp.blueyonder.co.uk/mozill a/

This freak...

[callipygian-showsyst]

This kid would make a great poster boy for birth control.

Re:This freak...

[callipygian-showsyst]

You made me spit out my coffee! Thanks for the funniest posting in a long time. (I wonder why the NYT photographer told that boy to take his shirt off. Makes ya wonder, doesn't it?)

Metamorphic Viruses

[robyn217]

What scares me most are metamorphic viruses -- a virus that modifies itself each time it infects a new host always attempting to avoid maintaining a constant signature. The modifications may take any or all of the following forms:

1. Modification of the encryption/decryption algorithm (including multiple layers of encryption) - the decryption algorithm changes from infection-to-infection by basing itself on values that change from computer-to-computer (examples: size of HOSTS file, current time in milliseconds, etc.)
2. Insertion of "junk code" into virus body or decryptor body - This is a common strategy by polymorphic viruses. It's usually accomplished by a "junk code engine" which has the ability to generate arbitrary amounts of meaningless blocks of code
   1. Noop or meaningless loops added to body of virus
   2. Entry-Point Obscuring (EPO) junk code - this is a special kind of "junk code" that specifically tries to hide the entry-point of the virus by insert loads of junk code at the beginning of an infected file.
   3. Code block permutations - random shifts of code blocks, sequential order is maintained by JMP and CALL commands.
   4. Register/Stack Variations - Use of varying registers, or even the ability to vary between register usage and storing data on the stack.

(Older Examples: Mistfall Engine, ZMist virus.)

When we start seeing more of these, AV companies will have a hard time keeping up.

Re:Metamorphic Viruses

[DR+SoB]

This type of virus is at least a decade old, why worry about it now? In fact the older virus creation lab (Search for that if you want proof, you'll find it) automattically created self-morphing virii using the assembler 8086 code set. The sky isn't falling, and any virus detector can pick up morphing virii.

Re:Metamorphic Viruses

[m0rph3us0]

Umm... there are only so many ways to encrypt / decrypt. The code for encryption / decryption cannot be encrypted. So, since no other executables have the need for encrypting / decrypting the executable itself any program employing this engine can safely be marked as a virus and removed. Secondly, both Linux and OpenBSD now support W^X memory meaning this kind of situation can be avoided because there would be no way to change the executable once loaded. Not opening email as root goes a long way to preventing viruses.

Re:Metamorphic Viruses

A big big problem with 'virus evolution' is that nobody does anything original anymore. All these lamers copy other peoples work. Nobody actually tries to find new ways of hiding virus's to evade IDS/antivirus software, make advances in polymorphism, or data storage. Virus writers have given many government, and private security researchers tons and tons of idea's based off of these types of technologies for monitoring software. For the last 5 or 6 years this has slown down. When virus writers start implementing IDS evasion, HID evasion, and data integrity evasion methods into newer viruses THEN we are in deep shit.

One thing that has yet to be tapped is java and .net virtual machines. Perfect place to hide a virus, infect other running applications (unseen by virus software), etc... I have a feeling these will start creeping up very very soon.
-z

Re:Metamorphic Viruses

[hobbespatch]

Great points about the morphing virii - just for kicks I googled the kids Hax0r name and came up with a metamorphic virus that he has written -- check out this comment in his design notes.

26.01.2004: Added the second version of JS.Cassandra, which is definitivly my last script-virus. Well, JS.Cassandra.b is a 5-times polymorph, sometimes encrypt and very complex JS-virus. I wish the AVs much fun with detecting this virus! :-)

I'm no virus writer, does that mean the script makes not 1 but 5 generations? Not sure if it is tin-foil-hat time, but i've already updated my virus software cause of this thread.

Re:Metamorphic Viruses

[selderrr]

When we start seeing more of these, AV companies will have a hard time keeping up. the fact that we do not see them, tells something about the relation between virus-witers and anti-virus writers...

Re:Metamorphic Viruses

[OECD]

When we start seeing more of these, AV companies will have a hard time keeping up.

Er, they're keeping up now?

Re:Metamorphic Viruses

[DR+SoB]

Good point! I retract my statement.

Re:Metamorphic Viruses

[Vellmont]

Typical journalist with a little bit of knowledge gone too far. (If you truly do work for PC Magazine).

Polymorphic/Metamorphic viruses have been around for 10 years at least, and the dumb journalists were just as scared then. I'm still waiting for the dire predictions to come true "when we start seeing more of these". As others have pointed out there's always part of the code that you can't mask, so there's always something to identify the virus with. I'm sure it takes a bit more work to identify the viruses, but the sky hasn't fallen yet.

You should know better if your bio is true, being a grad student of computer science.. but then again grad student quality has dipped pretty low in recent years in CSCI. There's also the journalist taint factor to consider. I'm guessing the magazines/newspapers/TV networks must put lead in the watercooler.

Re:Metamorphic Viruses

[Reziac]

From what I've read, Word macro viruses already self-mutate in unexpected ways; that's why there got to be so many of them so fast.

(I remember when there was just one, then two. I feel old. :)

Re:virus haiku

[Sick+Boy]

My sweet Linux box
It feels no pain from your lame
Microsoft Virii

Re:Avoiding Windows email viruses with Mozilla Mai

[DR+SoB]

Well that would do you absolutely NO good what-so-ever. It's amazing the amount of people that think they know about a subject, when they are really very ignorant... Believe it or not there are "white hat" virus writters just like hackers.. YAM (Youth Against Macafee) was one of the biggest back in the day.. Here's why your wrong: "I have written a how-to about using Mozilla Mail to avoid Windows viruses." Well, it might help protect against an OUTLOOK virus, but how the hell does it prevent "Windows" type virus? If I stick an infected floppy into your computer does Mozilla block it?? lol..

First section misleading...

[consolidatedbord]

I mistakingly thought I was reading an accidental posting of a porno story what with the girl sitting on the bed smiling and all. :)

fsck 'em?

[sulli]

don't you mean rm -rfP 'em?

Re:fsck 'em?

[RobertB-DC]

Foo: I guess my initial reaction was fsck 'em. Fsck 'em all.
Bar: don't you mean rm -rfP 'em?

No, he doesn't think they should be deleted... they've just been corrupted. Or perhaps he thinks they're inconsistent.

wouldn't get them all...

[mekkab]

When someone talks about trying to reform people of a certain sub-culture and help them put their powers to good work, I am reminded of CAP from Stylewars.


CAP had one mission in life: to spraypaint the word CAP ontop of whatever you spray painted previously. All he wanted to do was piss people off. His tags weren't beautiful art; they were cheap white spray paint ontop of your piece. He was the script-kiddie of the tagging world.

There will always exist some social misfit who only wants to be destructive.

Fast forward to page 6, where it gets silly

[utahjazz]

Page 6 is where they start tackling to oh-so-difficult question of wheather writing and publishing viruses is wrong...!!! ...in the United States some legal scholars argue that it is protected as free speech. ...if a visitor downloads a virus to spread, the responsibility is entirely the visitor's.

"I'm not responsible for people who do silly things and distribute them among their friends"

Can we just kill these kids now?

Re:Fast forward to page 6, where it gets silly

[Quill_28]

>if a visitor downloads a virus to spread, the responsibility is entirely the visitor's

So I poison some candy that I give out at halloween(they came to my house and asked for it) then it's the kids fault?

Can we smack around the legal scholars also?

Re:Fast forward to page 6, where it gets silly

[theghost]

A better analogy might be if you leave a bottle labelled "POISON" sitting on your front porch. Are you liable if someone takes it and pours it into the punchbowl at a party? Partly, yes, but you can't remove the responsibility from the pourer either.

Here's the Key....

[BlueEyes_Austin]

"Most of the virus writers I visited live in Europe; there have been very few active in the United States since 9/11, because of fears of prosecution." Hunt them down and throw them in jail.

Re:Here's the Key....

[hyperstation]

typical american "our law is the world's law" mentality. there is no jurisdiction.

and yes, i live here.

Re:Here's the Key....

[stratjakt]

Perhaps you havent noticed the emerging global economy.

If I attack your computer, in the US from my bedroom in Japan, who has jurisdiction? The crime took place in the US, even though it was initiated elsewhere. Now, perchance I take out a life support system or something. Someone dies, and I was directly responsible for it. You dont think local prosecuters would get an arrest warrant, and do their damndest to have me extradited for trial?

This was never really an issue before, but what if I stood on the Canadian side of the border, and hurled a brick at you on the American side, which smashed in the side of your head. Now, say for the sake of argument, it's totally legal to throw bricks in Canada. Yet I injure or kill an American on American soil.

The worlds political climate is changing. Deal with it.

Re:Here's the Key....

[BlueEyes_Austin]

The US solution to virus writers is clearly working better than the European solution. This is arrogance, simply a fact.

Re:Here's the Key....

[BlueEyes_Austin]

What on Earth are you talking about? The article (you DID read the article, didn't you) clearly points out that the lack of effective prosecution of virus writers in Europe and elsewhere has led to them being far more active outside the US. Do you really think the Indianapolis DA is going to be able to have a virus writer in the Czech Republic extradited because the writer posted on a website? We may be a global economy, but criminality is often quite well shielded by national borders.

Best Quote

[glpierce]

"''This is a revenge worm,'' he explained -- for ''not hiring me, and hiring some loser that is not even half the programmer I am.''"

Perhaps someone should tell him that personality counts.

Really...how? where?

[msimm]

I've always been surprised that I have *never* found a virus or a backdoor in a crack or a keygen I downloaded off one of those sites. If there someone their trying to punish isn't it more likely freeware users? Anyone remember Whack-a-Mole?

Re:slashdot2004 / slashdot2004

thanx. i just changed the password. bye.

All been said before

[lambent]

I managed to read the first of 10(?!) pages before I decided it was just another alarmist (altho slitely journalistically poetic) piece of trash.

They're trojans, not viruses. I haven't seen a respectable virus in like 5 years. Viruses are self replicating. Trojans require lusers to activate. (britney--spears--wedding--clip.mpeg, indeed). What pisses me off is this reporter's beliefe that all this terminology is synonymous (virus, trojan, worm).

After reading the next few pages, i was surprised that the author bothered to extrapolate on the terminology "script-kiddie". (Nice job, Clive) But then he goes on about dreadlocks being the hairstyle of choice .... buh.

After that it degenerates into political commentary.

What the hell ever happened to ASM viruses? What happened to TINY?

My favourite quote: "This guy is the best at Visual Basic". That's not a compliment, dude. That's like being the best at tying your shoelace.

Re:All been said before

Agreed. No decent virus has been created in a very long time. Almost all virus's are email based and as the article points out written in VB. The last decent virus released was CIH which prompted fucked your bios. Not that I want more talented virus writers to create more deadly virus's, but I wish for once people had some originality. The only thing close to 'skill' are some of the unix virus writers creating binary infectors, and binary encryption tools.

Re:Avoiding Windows email viruses with Mozilla Mai

[paj1234]

Good point. It's about avoiding Windows viruses that come by email. No defence against the Blaster worm, floppy disk infectors, etc.

don't argue with the master!

[donutz]

from the article: I've never contemplated writing a virus before. Even if I had, I wouldn't have known how to do it. But thanks to a teenager in Austria, it took me less than a minute to master the art.

Now obviously, if he's a master of the art of computer viruses, there's a reason he chose to overwrite every file after formatting drive C:, right?

Re:don't argue with the master!

[maxwell+demon]

Of course: After formatting, overwriting every file is particularly easy. No code to read out directories, no code code to recursively treat subdirectories, etc. You know exactly what files exist (i.e. none), and you'll not even need to use the file access API (the DLL implementing it is already vaporized anyway) to overwrite all those files.

Re:don't argue with the master!

[Bullet-Dodger]

Dammit, now I'm gonna have to do that. And I had plans.

The Full Article?

[cynicalmoose]

When I checked, the full article ran to 10 pages, but the google workround only got you the first one. If you want to karma-whore, please do it effectively.

Re:The Full Article?

[davincile0]

1 2 3 4 5 6 7 8 9 10

What gives.

[dasMeanYogurt]

That guys just a lamer. All the major viruses released of late do nothing but spam or ddos evil coporations. What happened to the good ole day's when they really did format your hard drive? On a serious note, I doubt "underground" groups like this are responsible for today's major viruses. I would point the finger at dirty spammers for 99% of profilic recent virii.

Re:What gives.

[WhiteDeath]

Here's an interesting thought, brought on by thoughts of MyDoom and some spam that made it through my "fry it if it looks funny" mail filters.

What if someone wrote a virus that targeted spammers web sites for DDoS?

Harness the awesome power of a bazillion spare CPU cycles to bring down any web server associated with spam...

Of course you would have to have the virus download spam site updates every few days, and you would need a real person vetting the sites to hit, but if this were the case, how long would it be before ISP's decided spam was just not worth the risk?

(gee, I just had all my web servers taken out because somebody sent out a spam referring to a page hosted by me..... that's not making my paying customers very happy)

But...

[theghost]

But how would you respond to the quote:

Gigabyte told me in an online chat room that if the authorities wanted to arrest her and other virus writers, then "they should arrest the creators of guns as well."

Has she got a point, even if it is a weak one?

Re:But...

[utahjazz]

A much better analogy is, what if someone created smallpox in a laboratory, then made it freely available to anyone who wanted it.

Re:But...

[gbjbaanb]

the analogy is a bit wonky - its not the creators of guns that are like virus writers, but the *users* of guns (those who use them in a public area instead of their private grounds).

To keep the correct analogy, a virus writer who lets his virus out into the internet, to cause harm to innocent computer users, is like a gunman walking the streets blasting rounds off at random. ("oh, but the user should be wearing body armour, its not my fault")

If you let a gun off in public, I think you'll be arrested pretty damn quick. The same should happen to virus writers.

Re:But...

[Ironica]

the analogy is a bit wonky - its not the creators of guns that are like virus writers, but the *users* of guns (those who use them in a public area instead of their private grounds).

For those who didn't RTFA, the kids interviewed for this article specifically don't release their viruses. They publish the code, and also send it off to antivirus companies.

It is quite analogous to manufacturing guns and making no effort to vet the buyers first. If gun manufacturers made an effort to only put their products in the hands of trained law enforcement or other folks with a really good reason to have a gun, it would be the same as these guys writing their code but only sending it to AV companies. The only barrier to distribution for firearms (that the producers put in place) is cost, which hasn't so far been terribly effective at preventing the "wrong" people from getting them.

But the right-to-bear-arms-in-a-poorly-organized-non- militia crowd will tell you that, in a world where criminals have guns, people are safer if they have easy access to guns. The virus writers interviewed make the same argument: *someone* is going to write viruses, regardless. They are simply making their own strides in this work and then making the information public, so that people can protect themselves (or buy software that incorporates protections).

I'm not sure I agree with either argument, but I'd say that the virus writers probably are less likely to lead to anyone's death.

Those are some Fancy Photos

The photographer, Ryan Mcguinley, made a splash last year with his show at the whitney

he is famous for his pictures of the east village gay-grafiti scene.

I hate it when people copy my ideas

[Supp0rtLinux]

I posted this article months ago, but no one seemed to care. Just wait til they start putting viruses into v-cards.

Re:slashdot2004 / slashdot2004

[tvh2k]

Ooo...you're so 1337...you can change NY Times's passwords given the current login credentials. Why don't you just stop being a dick and let people use that account.

Oh, please

[bonch]

Oh, please. Bullshit. If Linux were the 98%-used desktop OS, it'd be the one hit with all the viruses.

All these viruses, including MyDoom, are user-ran executable attachments. Nothing to do with Windows other than it's the dominant operating system the dumb users are using.

Re:Oh, please

[theCoder]

I agree in part, but disagree in part as well. Certainly, if Linux had 98% of the market, there would be more worms (especially stupid user worms like MyDoom) targetting Linux. However, there is a substantial design difference between Linux (and other UNIX variants) and Windows. Linux only executes files whose execute bit is set. Windows only executes files with the right extension. Basically, what this means is that it is harder on Linux to accidently execute a file sent to you. And any mail client that automatically set the execute bit would be considered insecure. Thus it would be harder, especially for stupid users, to propogate these worms.

At least this would force worm writers to exploit actual vulerabilities in software, which can be fixed. It's much harder to fix stupid (or careless) users.

Re:Oh, please

[WhiteDeath]

user saves .tar file from email
user extracts tar file
execute......

any archiver not maintaining the permissions of files in the archive would be considered buggy.

s/tar/zip/ and linux is no different to windows, except the file that executes will hopefully not find it's way to running as root.

Re:Avoiding Windows email viruses with Mozilla Mai

[DR+SoB]

Sorry if I was hard on you. I read your website and it looks good, but I would put more of a point on saying "Outlook" or "Email" born virus as opposed to "Windows" virus, as really, it offers no protection against Windows virus. If you really want more info let me know, I consider myself to know a little bit *giggle* about this subject.. :D

Missing an angle

[Eyston]

Generally a good article, although it is funny to see 'script kiddie' and 'lamer' used in NYTimes.

When talking about how some of the more upscale virus writers post their exploits or e-mail them to virus companies, it would have rang more true if they made some mention of OSS. The NYtimes presented the case of how really they are just trying to trick someone else into running the malicious code (which I'm sure is true a lot of the times). This is the conclusion anyone would come to when only thinking about propreitary code where the situation is they would rather you NOT find the vulnerabilities in their software. They want to keep living with their head under the sand. In OSS, finding the vulnerabilities and being responsible about it is encouraged behavior. So the same act from two different points of view have vastly different reactions.

Of course this has little impact on e-mail attachment type 'exploits'.

-Eyston

The real question is....

[FrancisR]

Why is "Second Part to Hell" naked in the picture in the article?

Re:The real question is....

[maxwell+demon]

Clothes would burn in hell.

I hate the press...

[Awptimus+Prime]

"Looking for a little weekend reading? You might try the cover story from this week's NY Times Magazine. It's titled The Virus Underground, and it takes a look at the world of malware scripters, virus writers and worm designers."

It's not a "world". It's something someone does when they sit down at a desk. I really wish the things some geeks do would quit being portrayed with such silly words.

Over-dramatized, to portray an image that is very rarely accurate. It's, most often, some boring person with a bone to pick with the system or a company. Yeah, so they used code instead of throwing a brick through a window. That doesn't make them any more interesting than a teenager bashing a mailbox.

Re:I hate the press...

[justinb1]

Why would this still not be a "world?" For those involved, I'd imagine it is sufficiently time/passion-consuming to be considered such.

Ignorant little kids playing with nukes...

[nweaver]

You know, I've never been interested much in the psychology behind malcode authors (I'd settle for just whipping them), but this paints a scary picture.

We've got ignorant little kids, hammering away on electronic nuckes. Scary little amoral idiots.

Re:Ignorant little kids playing with nukes...

[DR+SoB]

The future, professor, the future. Be aware that many of today's finest IT professions/programming created DOS viruses as kids. Of course that sounds crazy, but one of the ways to get kids interested in computers, is to tell them it's wrong, just like sex, drugs, and rock & roll. Maybe it's time to try something different other then "burn them at the stake", as this will just want them to "give the finger to man" even more.

Re:Reporters..WRONG!!!

[sfjoe]

This is a popular comment to make and I'm sure the MS marketing dpeartment is doing everything it can to keep it alive. Unfortunately, it is utterly, totally and completely wrong.
You assume that the number of viruses is directly proportional to the percentage market penetration of a given OS. You have absolutely no data to support this. Conversely, the claim that the number of viruses in the wild is proportional to the number of security flaws in a given OS is much more supportable and defensible.

Hacking in the 2nd Degree

[FreshFunk510]

The method by which the virus is delivered is interesting. Quote:

"These days, many elite writers do not spread their works at all. Instead, they ''publish'' them, posting their code on Web sites, often with detailed descriptions of how the program works."

And, while there exists this "loophole" now, I find this disturbing. Now don't get me wrong. I grew up with Sneakers and I've always been a proponent of computer education and making the security flaws known.

However, at some point if you're leaving material (whether tangible or electronic) out in public whose main purpose is crime and destruction I do think those people should be liable. I'll call it "hacking, in the 2nd degree" or "involuntary hacking".

Let's take guns for example. Let's say a gun seller illegally sold guns to 12 year old children and also sold them bullets. Now let's say that the kids accidently shot each other up. Shouldn't the gun seller be liable? Maybe not liable for first-degree murder, but maybe second degree.

I think that if the hackers want to educate others should perhaps do it in a more educational, and in a way that doesn't make it easy for script kids to copy and paste. Perhaps they can put out white papers with snipets of code... but, for the love of God, don't give the programs away. By doing that you have only yourself to blame with the script kiddies start spreading viruses like there's no tomorrow.

To tell yourself that you're completely innocent would be denial.

Amen!

I agree! I was thinking about this a few weeks ago actually. All the "viruses" now don't have to solve the hard problems. There's no sophistication to them anymore. And again, not to say "we need more sophisticated computer viruses out there," but come on, skr1pt k1dd1ez - don't pat yourselves on the back for being able to do something so ridiculously simple!

When I was younger I studied computer viruses - they were a "real-world" form of artificial life that had to exist in a hostile environment, and successful ones had a bag full of tricks they could use to be insanely successful at spreading. This was before the Internet was really popular too - the only way a virus could spread was hitching a ride on a floppy disk or some file on a BBS.

I actually got to work on reverse-engineering computer viruses for an antivirus effort, and I remember this one computer virus - the Frodo virus. It was one of the most sophisticated stealth viruses I ever saw, and employed a variety of techniques to keep itself hidden. It would run as a TSR, but obscure the fact that it had allocated any memory to itself. It would infect .COM or .EXE files, updating file-dates to indicate that it was present, but in a way that users wouldn't typically observe. It even twiddled with the interrupts on the system so that it could tell if it was being single-step debugged - and it would switch the debug interrupt off and go on its merry way. It had a number of other hooks to keep itself hidden from the user. And it had a program that it would drop onto boot sectors periodically, saying "FRODO LIVES".

It was an unbelievable program to read and understand. It boggled my mind that someone could create something that sophisticated and complex. The viruses today are absolutely ridiculous in comparison.

If these "virus"-writers want to really do something challenging and mentally engaging, they should look into Core Wars. That's a great environment to scratch these kinds of itches - keeps you thinking, and it doesn't screw up other people's lives.

Ok, I'm done reminiscing about the good old days...

Re:Amen!

[lambent]

right on, brother. I bet you, if you go up to these coders, and ask, 'what hooks did you use?' or 'what interrupts do you bind to?' they'd have no idea what you're talking about.

Ah, the good old days ... never to be recaptured *sniff*

Re:Amen!

[qtp]

I actually got to work on reverse-engineering computer viruses for an antivirus effort, and I remember this one computer virus - the Frodo virus.

Have you ever found an example of this virus that wrote the boot sector correctly? As far as I know, all documented versions of the virus write the boot sector incorrectly and cause a hang before the message is displayed.

Clive Thompson knows his stuff...

[nweaver]

You can quibble a little bit about details and terms, but Clive Thompson is a pretty good technical reporter, and he did a very through job on this story (as do the NYTimes magazine fact-checkers).

Re:Clive Thompson knows his stuff...

[stop14]

he's also keeps a pretty good blog.

The "Scene"?

[officepotato]

I have to wonder, when reading articles like this, how closely does the "scene" the article's author has discovered relate to the larger population in general. I've read a few articles that seem to be essentially interviews of some random, anonymous, highschooler, that supposedly represents the general population of computer-savvy evildoers.

Are there actual, functioning, hacker groups, of a scale larger than Joe and his friends? It seems that the social attitude that accompanies black-hats (at least from the article that I'm questioning) doesn't lend itself to large organizations or control structures.

On the other hand, it is kinda cool to imagine that there's a huge organized computer-crime secretly flourishing across the country. You could make a movie about that sorta thing, maybe call it "Hackers". Oh, wait...

Slashdot members?

[elbarrio]

Anyone else curious how many of the kids interviewed in this article are members of the slashdot community?

Computer virus writers are useful...?

[JRHelgeson]

This was a very poignant article - a pseudo interview that offers a unique commentary on the whole virus debate.
==================
Why computer virus writers are useful and we should thank them.

The title is obviously a provocation. I am considered a balanced personality but sometimes, I like to stretch things to the extreme and to provoke reactions. This article is one of my rare attempts to provoke you... or not? Today, after the alarm caused by the fast diffusion of the Sobig virus, we are all talking about the reasons why virus writers are coding more and more viruses.

"They should stop, somebody stop them!" I hear all the time but... is this right?

We try to answer to this question with an interview with Professor Samuel D. Forrester, one of the most famous immunologists in the world. Dr. Forrester is on the run this year to get the Nobel Prize for his recent discovery of the mechanisms of aggression of over-reacting immune cells and antibodies. He teaches at the Immunology faculty at the Konigsberg University since 1986.

Zone-H: ZH

Professor Samuel D. Forrester: SDF

ZH: Thanks for having accepted to release an interview to Zone-H

SDF: Thank you, even if it is quite unusual to be interviewed by a computer security website.

ZH: Dr. Forrester, can you tell us what is the branch of the immunology?

SDF: Immunology is the study of the complex and sophisticated immune system. The immune system is a network of cells and organs that work together to defend the body against attacks by "foreign" invaders or germs. The body provides an excellent environment for germs. When they do break into a system, it is the immune system's job to keep them out or to seek and destroy them.

ZH: What is the job of the immunologist?

SDF: Clinical immunologists research new tests and treatments involving allergic and immunologic disorders of the immune system. They work with physicians in general practice and in hospital-based specialties to treat diseases using complex and sophisticated clinical techniques. The science of clinical immunology is a fast developing area of the medical profession. The role of the immunologist is increasingly important, both in laboratory work and in patient care.

ZH: Have you heard about the recent Sobig-F virus deployment?

SDF: Yes, I read something on the newspapers. Even if computer science is not my science, the topic of the computer viruses is obviously of my interest. See, many aspects of the traditional immunology and the computer viruses are in common.

ZH: And this is the reason why Zone-H wanted this interview.... Dr. Forrester, what do you think about computer viruses, what do you know about them?

SDF: Computer viruses are exactly like the normal viruses. They can kill you if your immune system doesn't work, but at the same time, your body should thank them if your immune system is today capable to protect you from deadly illnesses.

ZH: Can you please develop the concept?

SDF: It's simple: every time you get a cold, you sneeze. But you could die, actually. The only reason why you don't die is because your immune system has been programmed to react to the "threat" posed by a germ. It's a paradox, but it's the same germ that could kill you that trained your immune system to react when invaded.

ZH: And what makes the difference? How is it possible that a germ can kill you and the same germ can train your immune system making you stronger?

SDF: It's just a matter of doses. Like with wine, one glass every day makes your heart stronger and lowers your blood pressure, one bottle every day can kill you. This is the concept on which vaccines are based.

ZH: We understand that. Can we stretch the concept saying that a constant flow of germs, if received in the proper dose, makes the body actually stronger?

SDF: Absolutely. If hypothetically we could take two n

Re:what moron...

[strike2867]

The same moron that posts 10 minutes after the rest of the article was posted: what moron mods this +5 informative when it is only 1 of 10 pages?

Boredom

[shubert1966]

Yeah, I'd have to agree. Alot of those in the article were teenagers; a demographic with a lot of social angst. The good stuff was the guy who finds weaknesses and writes the virus then mails a copy to Symantec. He should be getting paid for that stuff. When he learns to make money instead of impressing his girlfriend then he'll have more money to be less bored. She don't want no stinking virus!

Of course, I'm no Phd in psychology, I just play one whenever you're foolish enough to read my post.

Re:Visual Basic???

[stratjakt]

You never seen a .vbs attachment on an email?

Hey, viruses have feelings too

[Moderation+abuser]

Those virus writers are poor misunderstood scientists. They are really just researchers into artificial life forms. Occasionally one or two are bound to escape into the wild. If you come across one in the wild you should leave it be, don't feed it or take it home as a pet.

Thank you NYT

[SoSueMe]

A tall blond friend in a jacket festooned with anti-Nike logos put his arm around Philet0ast3r and beamed.
''This guy,'' he proclaimed, ''is the best at Visual Basic.''

That's the first time the New York Times made beer come out of my nose!

Worms via email on Linux, damn near impossible

[GirTheRobot]

And under a reasonably secured Linux install, these attachments would not be able to be run in the first place. First of all, the attachment must be manually given execute priveledges. If your home directory is a separate partition and mounted with the "noexec" option (as it SHOULD be), it still would not be able to execute. The only place where a user should have write access is their own home directory, and anywhere a user has write access, there should not be execute priveledges.

This is the way my home system is configured, and is the way any self-respecting distro should be set up as well.

Re:Worms via email on Linux, damn near impossible

[GirTheRobot]

...you miss the point. there should be NO REASON AT ALL to execute a file in an email attachment.

In any case, sadly, it is either security or convenience. Metal detectors in airports are a hassle too.

Re:Worms via email on Linux, damn near impossible

[Frizzle+Fry]

The only place where a user should have write access is their own home directory, and anywhere a user has write access, there should not be execute priveledges.

So users shouldn't be able to run any programs that they download or compile? This sounds like a pretty crippling "solution".

I like taquitos. The supermarket by me has frozen chicken-style, beef-style and bean vegetarian taquitos. I've been eating a lot of them. They make a great snack (or a mediocre snack, if I'm lazy and microwave them rather than putting them in the oven).

Re:Worms via email on Linux, damn near impossible

[FxChiP]

I would fear the former a hell of a lot more than the latter -- Windows programs launched in Wine are "sandboxed" in a way. They're somewhat born chrooted, and any change they make to the "Windows OS" won't stick because it's not a real Windows OS :)

Meanwhile, you have Perl scripts, which are interpreted directly, and have a hell of a lot more impact because they (can) directly access the OS, rather than going through a fake one.

At least, that's my understanding of it...

Re:Worms via email on Linux, damn near impossible

[WhiteDragon]

The only place where a user should have write access is their own home directory, and anywhere a user has write access, there should not be execute priveledges.

I am trying to imagine a context where this would even make sense... What are users doing even logging into your system then? What benefit is there of giving them shell accounts? Since the shell is a scripting language, and any script can be entered on standard input and executed, it seems rather arbitrary to me. Of course you can't run binary executable files, but any shell script could still do rm -rf / (which would only affect the files the user has permission to delete obviously).

It would die too quickly.

[khasim]

Once it destroyed the hard drive, it wouldn't be able to replicate itself any more.

What a REALLY malicious virus/worm would do would be to change a few random numbers in any .xls files it found and keep mailing itself to other machines.

Re:Reporters..WRONG!!!

[stratjakt]

Whats being discussed in the articles, though, are stupid little trojans that rely on an idiot user clicking them.

Those idiots run windows. There's no big differnce between a clueless windows user running with full admin priveledges clicking HotNakedChick.vbs or a clueless linux user running as root clicking HotNakedChick.pl.

There are few viruses out there that actually exploit anything. Slammer was, SoBig was, but most are just "10 print "I AM L337"".

They already exist.

[Ungrounded+Lightning]

The real worry is when you start having government funded virus writers. When someone from china or russia or the middle east are writing virus to shut down systems or create havok for the intent to kill, or bring down defenses for an invasion or terrorist act.

They already exist. (The China army's information warfare department, among others, has already been the subject of slashdot articles.)

Interestingly, Microsoft gave these guys access to their source code. They were trying to head off the move by various governments to mandate open-source software. One of the arguments was the security of the code against malware. So MS made the code available to various governments on request, inviting the governments' security experts to examine it to see for them selves how secure it was. (China, and a number of the other usual suspect govenments, took them up on the offer.)

Now what department do you think government software security experts, specializing in malware vulnerabilities, work in when they're not examining a software vendor's code for exploitable holes WITH the permission and assistance of the vendor? B-)

Weekend??

[belgar]

Looking for a little weekend reading?

Why waste my weekend, when I can get paid to read it now?

Re:Reporters..WRONG!!!

[sfjoe]

There are few viruses out there that actually exploit anything. Slammer was, SoBig was,...

and which OS did these run on?
Clueless user action will be a constant across all OS's. Exploitable security holes are NOT a constant across all OS's.

NAMBLA poster boy == hax0r

[geekpuppySEA]

Why was Clive (author) allowed to post these soft-core headshots anyway?? Eyeliner? Removed shirt? WTF, NYT Magazine...

I agree

[dsci]

For the sheer intellectual challenge, Philet0ast3r replied, the fun of producing something ''really cool.'' For the top worm writers, the goal is to make something that's brand-new, never seen before. Replicating an existing virus is ''lame,'' the worst of all possible insults.

and

Philet0ast3r said he isn't interested in producing a network worm, but he said it wouldn't be hard if he wanted to do it. He would scour the Web sites where computer-security professionals report any new software vulnerabilities they discover. Often, these security white papers will explain the flaw in such detail that they practically provide a road map on how to write a worm that exploits it. ''Then I would use it,'' he concluded. ''It's that simple.''

So these *expert* programmers (of Visual Basic) read of security vulnerabilities that describe the exploit, then code it, and call *that* new and creative.

This NYT article completely overrated the skill of these 'worms.'

Re:I agree

[jcuervo]

Replicating an existing virus is ''lame,'' the worst of all possible insults.

Heh. I can come up with better insults than that.

New viruses and virus writers

[zeekiorage]

These days I think the virus writers are just people who assemble a virus by collecting scripts and code from the Internet. Also the viruses they come up with do very little or no actual damage to the host system, instead they just "Propagate". If you are infected, delete a few files, remove a couple of registry entries and thats it. It has been a long time since I saw a virus with some real payload.

Virus writers used to be much more creative back in the DOS days. If you are somewhat older you might remember Stoned, Die-Hard, Natas, One-half, etc. Each had its nasty little payload, stealth techniques and difficult to disinfect.

It'll keep happening...

[Mandomania]

Until someone loses some real big money because of a virus or trojan.

Yeah, yeah, there are "estimated" costs of every virus that comes out. And they're not small potatoes.

But just wait until a virus comes out that silently infects machines, travels slowly enough to be barely noticed and only does one thing: randomly change values in an Excel spreadsheet. Or randomly delete one column from a randomly picked sheet.

It'll be Armageddon: dogs and cats living together, Detroit winning the World Series AND the Super Bowl, etc.

--
Mando

Re:It'll keep happening...

[pipingguy]

It'll be Armageddon: dogs and cats living together, Detroit winning the World Series AND the Super Bowl, etc.

Hey, football is over (MTV pop-up video of pop-out titties notwithstanding), wake up! Shouldn't that be a reference to the Bambino Curse?? I mean, if a Canadian team can win the World Series twice in a row, surely the Sox can go all the way this year. Time to refocus the vicarious sports energy, gang.

If a Virus writer want to be a real pain...

[Ghengis]

And get some script kiddies in trouble, he'd just post the executable, and not tell anyone that it also emails authorities around the world information about the computer you run it from. While this may "brown-out" some servers as the article says, it would leave a nice trail to the luser who started the whole mess.

Re:If a Virus writer want to be a real pain...

[FreshFunk510]

Yeah, the problem is that kids are immature and don't knwo what they are doing. That's why kids continue to find their parents' gun and shoot and accidently kill their siblings. The key is to not make objects of easy destruction so available.

Warnings

[sparklingfruit]

Yeah, just like the "The doument you are opening contains macros or
customizations. Some macros may contain viruses that could harm your
computer. [...]" warnings prevented Word macro viruses...

A user naive enough to click on such a link does, in some important
sense, _want_ to visit that page. Your suggested warning is just
another thing that such users see as "getting in the way of doing what
I want to do". Therefore, if implemented it would become more part of
the problem than the solution (as users will become ever more familiar
with ignoring "warnings" and clicking through them). If you understand
users, you will know that in helping them to not shoot themselves in
the feet, the only useful appraoch is to remove everything capable of
firing the bullets (and quite a few things beside!)...

On the Word macro virus front, things got notably better _NOT_ when MS
implemented the above warning (that the users could blithely ignore and
even _disable_ right there on the warning dialog -- what a travesty of
mis-design that was!) but when it released a version of Word that
defaulted to not running macros unless they were signed with an
acceptable (as configured by the user/admin) key (there are legion
flaws in the design of this feature, but it was strong enough to
significantly impact the Word macro virus problem). In IE, removing
support for this mis-feature (read RFC 2616) will have a much greater
impact than trying to "direct" users who don't want to be directed with
"warnings" and other stuff that "gets in their way".

No, she does not.

[khasim]

First off, guns do have legal uses.

Second, no one would arrest you for writing all the viruses you could, in you home, if you didn't release them or enable others to release viruses.

If I buy a gun and then leave it on my lawn with a big sign saying "unattended gun here", the authorities would be interested in me.

If I have a gun, in my house, and I never use it except at shooting ranges and so on, then the authorities would NOT be interested in me.

Apple Viruses?

[freakmn]

Everybody knows apples don't get viruses, they get worms!

Maybe...

[dfj225]

Maybe Mario is just pissed because he has to live in the mountains of Austria without a shirt.

Re:Reporters..WRONG!!!

[ProtonMotiveForce]

"You have no data.". Umm, good argument there Sophocles. I've shit better arguments than that.

Facts are facts. Windows is the most popular OS and people target it precisely because it is the most popular OS. Go look at all the Linux security holes that _still_ exist and are open to exploitation. Yet nobody does because:

1. Linux is too fractured - you wouldn't be guaranteed that your virus would work on one or another release.
2. Nobody gives a shit about the 2 people (relative to Windows) running Linux.

Naive

[hackrobat]

The Slammer worm would find an unprotected SQL server, then would fire bursts of information at it, flooding the server's data ''buffer,'' like a cup filled to the brim with water. Once its buffer was full, the server could be tricked into sending out thousands of new copies of the worm to other servers. Normally, a server should not allow an outside agent to control it that way, but Microsoft had neglected to defend against such an attack. [emphasis added]

It's funny. Which software company will deliberately, knowingly leave out holes in its software? "Microsoft had neglected..." Look, every program, small and big, has bugs. When you're talking of one of the leading database products in the market, you're talking of a very complex piece of software that's bound to have holes here and there. That statement is naive.

Even Microsoft admits that there are flaws the company doesn't yet know about.

Really? Which company knows of all the flaws in its software?

Re:Naive

[Slashamatic]

Yes, buffer runs happen, but did SQL server have to default to allowing remote connections? One of the reasons that Microsoft is loathed is that they economise by reducing their QA to a minimum.

It is just a matter of time before companies become liable for consequential damages This will be an interesting time for all, especially the uninsurable Microsoft.

Instant Worms.

[temojen]

What scares me most is This Article. Even understanding that one of the assumptions was that any two pairs of hosts communicate at the same rate, It's frightening.

Theoretically wiping out 40 million hosts in under a minute....
I'm guessing that a real-world implementation would probably take closer to 20 minutes, but still it's mighty frightening.

Just about the only way I could see to stop it's spread would be to make smart routers, switches, and even hubs that quickly seal off any services on which there is a sudden surge of SYNs from random hosts.

Re:Instant Worms.

[foidulus]

Actually there is some research(a paper I read at work, don't have it in front of me) that atempts something like this, basically a worm/virus/whatever that tries to send itself out very quickly will make requests to a HUGE number of "invalid" IP addresses(they had some evidence from slammer) and thus the router may be able to detect this and attemtp to contain the virus. However the authors do admit there is a problem with speed, and thus it isn't currently feasible.

Welcome to 1990.

[ProtonMotiveForce]

Population: You.

This is old news, and they don't work. You still need to decrypt the data into working code and those decryption headers are easily scannable.

It's a cheesy idea that sounds fancy pantsy.

from article

[neko9]

Microsoft, the perennial whipping boy of the geek world

so true :-)

Your sig

[Imperator]

Lyrics are from Same Thing, from Born On A Pirate Ship. They don't appear on Stunt.

Enlighten me on JPEG trojans, please...

[Embedded+Geek]

(Apologies in advance if I'm long winded)

In the first part of the article, the author talks to the author of "Batch Trojan Generator" and creates an infected JPEG file, one that "would quietly reach into the victim's Microsoft Windows operating system and insert new commands telling the computer to erase its own hard drive" when clicked.

To me, this implies that the JPEG is actually executable code. On the face of it, this is patently ridiculous. I started thinking about it, though, and relaized that the actual mechanism might simply be an exploit of a buffer overflow in the code that interprets the JPEG (not the JPEG itself, which is not executing). By having the JPEG reference something outside of the boudaries of the actual JPEG file, it might go out and stick malicious machine code in some piece of RAM where it later gets executed.

Am I correct in this assumption about JPEG trojans, or does (unpatched) Windows go out and somehow execute a file ending in .JPG as if it were ending in .EXE? For that matter, if one embedded the JPG in an HTML mail message (or just stuck it on a web page) instead of attaching it, would it execute in the same manner and infect or is there a different JPEG engine at work (i.e. the one in IE or Outlook isn't vulnerable but the one in Microsoft Photo Editor, assigned by default to file type .JPG, is)?

Thanks in advance...

Re:Enlighten me on JPEG trojans, please...

[Spaceman40]

I'm pretty sure, from the way others have posted on this article, and from the tech skills of the reporter, that it was a double-extension trojan, i.e. "file.jpg" was actually "file.jpg.bat" or whatever.

Although this is most likely the virus that is created by this program, it is also possible to write a program thus that pretends to be a JPEG, with the way Windows handles extensions.

Re:Enlighten me on JPEG trojans, please...

[Ugmo]

If Windows is hiding extensions (as I believe is the default config) then you just name the file

Iamavirus.jpg.exe

The user would only see

Iamavirus.jpg

It would have a exe icon but the user (and the reporter) would probably not notice or care.

It could be as you say also, but that would be more complicated. The generated file was only 4k I believe, this would lend itself to a buffer overflow, possibly execute a shell that would append a line to an autoexec.bat file. Does Windows XP still execute those at startup for backwards compatibility?

The idea that it would wipe the hard drive at next boot does seem to make it a simple shell command being put somewhere.

Re:Enlighten me on JPEG trojans, please...

[radish]

I think what they are referring to is the common trick of fooling a mail client (often outlook) into displaying an exe as something less dangerous. It used to be as simple as naming your file janets_boob.mpeg.exe, but you have to get a bit more creative now.

Re:Enlighten me on JPEG trojans, please...

[sryx]

Windows (or any operating system) needs more than an extension to execute a file. In order for a program to self execute it needs it needs to be compiled for your operating environment. If you rename Something.exe to Something.jpg Windows will first look at the extension then send your jpg file to the associated viewer to be interpreted as jpg data (which it is not, and thus cause the jpg viewer to produce an error (if it is well written), or crash (if it is not). Now if you take a jpg file and rename it to an exe and double click on it. Windows will assume that the program is executable, and it will load the boot header (collection of bytes at the start of any executable that is produced when the program is compiled) and grant all requests that the boot header asks for (things like memory, address space, etc). If this process fails in any way (like, say, the boot header is complete garbage because it's really jpg data) then the operating system (if it is good) will produce an error, or (if it is bad) crash. So JPG's cannot double as executables nor the other way around. BUT...
It is possible that embedded in the meta data of the JPG file (usually used for embedding the date the file was created and the camera used to take it) is some compiled machine code (it would have to be small and simple otherwise the size of the JPG file would disproportionate to the actual image) and IF the JPG viewer that some unlucky user had, contained some buffer overflow error, then it might be possible to load a simple program into RAM, then by virtue of the buffer overflow get it to execute and thus enabling a larger more complex program to run.
However this error would only exist in that specific version of that specific software, so it's ability to spread would be limited. The danger is if the program that interprets that JPG file is system wide or part of Windows standard suite of applications. Then your audience is huge. This is what makes Windows such a dangerous platform for script viruses. Because they have chosen to make their IE engine the central rendering engine of all of their applications (and they have made it easy and powerful enough to entice just about every other application developer to use it as well). Further more they have given their IE engine so many abilities, like the ability to arbitrarily execute machine code (this is how by visiting Apple.com you can install QuickTime, because the web site can download a program on your computer and execute itself, true you need to approve it, but once you say yes every subsequent visit is automatic, they REALLY need to add a "Never trust This source" checkbox) This means if there is a single flaw in the IE engine then that flaw is exploitable across every windows workstation and every application that uses IE as a rendering engine. Now why Mozilla doesn't make an ActiveX Gekko engine with the same function names as the IE ActiveX module so users have a choice which rendering engine they want, is a mystery to me yeah it would be hard, but it's not like Microsoft could pull the rug out from under them, Microsoft is very invested in their API, any change they made to it would break all the 3rd party apps.

-Jason

Re:Enlighten me on JPEG trojans, please...

[TrancePhreak]

autoexec.bat is ignored as far as I can tell. At least on my system, it seems to only be executed when a DOS program/prompt is brought up. Note that this is not the default prompt you get, but running actual command.com

Re:Enlighten me on JPEG trojans, please...

[jeduthun]

As I understand it, most of the "infected" JPEG files are really files with additional extensions that are hidden by mail clients that are trying to do their users a favor by determining the file type for them.

For instance:

funny-sign.jpg.pif

It's not really a jpg file, but if emailed or even displayed by Windows Explorer with some settings, it may appear with a ".jpg" extension, leading a user to believe that it's a JPEG file. But when a user clicks on it, the PIF file (or EXE, etc) runs.

Re:Enlighten me on JPEG trojans, please...

[Reziac]

I don't know about JPG trojans, but way back in the olden days of file infectors and boot sector viruses, there was discussion of a potential exploit using the comment field in GIF files to hold malicious code. IIRC, it was essentially a buffer overflow that would get the GIF-viewing software to execute whatever was in the comment field. While this is indeed theoretically possible, it was never seen in the wild -- if only because there was no software that paid any attention to a GIF's comment field.

Another problem with that sort of virus is that it depends on everyone having the same software installed, so the virus can count on being executed. Not the best assumption back then!

We have something similar with WinXP now, tho -- since merely hovering your mouse pointer over the file causes Explorer to extract certain info from the file, and do certain predictable things with it. There is already a known exploit involving the potential for malware riding in (IIRC) the ID3v2 tags of MP3 files, and possibly other filetypes. However, AFAIK no such virus is loose in the wild.

Re:Enlighten me on JPEG trojans, please...

[WhiteDeath]

There is always the possibility of a double-extension trojan with embeded image....

eg funnypic.jpg.exe would be an executable self extracting program, which unpacked the virus code, and an image. It then tells your default image viewer to display the image, while it goes and installs the virus.

No dodgy buffer overflows required. Guaranteed to run on every windos machine and "look right" - and hard for your virus scanner to detect unless it recognizes the packed executable (which the virus could re-pack with some extra random data using a custom format so it looked different when it arrived on each machine.
Basically the only thing that could be detected would be the unpacking code - but if you used for example a fairly common LZW algorithm with some modified rules, most archivers might trigger the virus scanner.

I suppose someone will go out and write it now.... but those kiddies don't seem to have the skill...

white hat virus

[sleepingsquirrel]

How come we don't have more white-hat viruses? You know, the kind that once it infects a machine, it applies a patch and installs a firewall. In fact it almost seems like MS should be writing these viruses as soon as a vunerability is discovered.

Re:white hat virus

[TrancePhreak]

Probably because the last virus that did this caused more damage than the virus it was getting rid of.

Re:white hat virus

[facelessnumber]

...MS should be writing these viruses as soon as a vunerability is discovered.

You mean something like Windows Update?

monoculture

[neko9]

By relying so exclusively on Microsoft products, virus authors say, we have created a digital monoculture, a dangerous thinning of the Internet's gene pool.

monoculture is bad! why those "one and only standard" fanboys don't understand that? that's why zillion linux distributions, WMs and hardware platforms is Good Thing(TM).

If you can't get a job..

[Peter+Cooper]

Vorgon is still angry about life. His next worm, he wrote, will try to specifically target the people who wouldn't hire him. It will have a ''spidering'' engine that crawls Web-page links, trying to find likely e-mail addresses for human-resource managers, ''like careers@microsoft.com, for example.'' Then it will send them a fake resume infected with the worm. (He hasn't yet decided on a payload, and he hasn't ruled out a destructive one.) ''This is a revenge worm,'' he explained -- for ''not hiring me, and hiring some loser that is not even half the programmer I am.''

So if you can't get a job.. then send them a ton of viruses so that you'll never get a job there, and possibly some time in jail? Great strategy!

1. Get turned down for jobs
2. Send virus to HR managers in revenge
3. ??
4. Profit!

Re:Best Quote; Didn't anyone tell you...

[T3((-)5(_)pp0rt]

That's what happens when you apply for a job at MS ;)

Start up a virus collection

[Orion+Blastar]

just download popular software off of any file sharing network. Do not run or open any of them, and use your Antivirus software to scan them. Notice all the viruses, trojans, spyware, adware, etc that it finds. File sharing networks are quickly becoming the best place to get infected from. People are even putting MP3 files inside of self extracting EXE file that contain malware.

Don't let your greed get you infected. If you are going to use file sharing, do the rest of us a favor and scan those files before you run or open them. Thank you.

Benny's...

[neko9]

...main virus-writing computer at home has no Internet connection at all; he has walled it off like an airlocked biological-weapons lab, so that nothing can escape, even by accident.

cool! he even airlocked his room. h4rdc0r3 d00d3! those viruses are one nasty creatures.

actually why so drastic measures? just disconnecting RJ45 or RJ11 cable would do the job :-)

It is easy to defeat a VB based virus

[Orion+Blastar]

just remove the VB runtime libraries from your system and it will no longer work. :)

The expert virus writers use C/C++ and Assembly language. They can get a virus as small as 30K in size and you'd never know it was a virus. It also has remote control abilities to give them access to your system and bypass your firewall.

Experts write viruses that are hard to detect, kiddies write viruses that pop-up warning messages and do stupid stuff to the system to get them noticed. Still I wouldn't want either type of virus on my system no matter who wrote it.

Re:It is easy to defeat a VB based virus

[Foogle]

30k? Jesus Christ, you think that's small? ...I'm only 23, and I feel really, really old right now.

Why does '&partner=GOOGLE" not work?

[DroopyStonx]

It works when other people link to it, but when you type in &partner=GOOGLE, it doesn't work. How come?

blaster

[clarkie.mg]

The most nasty virus/worm in the recent years was blaster which would reboot a winXP after a minute of connecting the net. That needed action.

Most other virus, besides propagating, doesn't do anything so the infected victims doesn't need to erase it from their windows.

Considering the speed of mydoom propagation, the next time we'll have a nasty virus/worm, we'll have some fun !

Re:Metamorphic Viruses (caught by VMs)

[Amoeba+Protozoa]

When we start seeing more of these, AV companies will have a hard time keeping up.

At a recent developers conference, I had the pleasure of having a few technical conversations with an engineer that worked for a big AV software company, he gave me a demo of AV software that actually runs suspect code (even VB scripts and apps such as word and outlook) in a virtual machine environment.

The net effect is that they observe what the net effect is on the VM if signature checks fail. The whole thing looked pretty impressive.

-AP

Re:Reporters..WRONG!!!

[TheOnlyCoolTim]

Sir, if I write a program for Linux that DDoSes SCO and Microsoft, mail it to a crapload of people, and they all decide to execute it, is there a flaw in Linux?

Tim

The l33test of all writers

[Banjonardo]

Just to show how amazingly cool these guys are, here's an excerpt:

A tall blond friend in a jacket festooned with anti-Nike logos put his arm around Philet0ast3r and beamed.

''This guy,'' he proclaimed, ''is the best at Visual Basic.''

I.... am speechless.

Well, this is mildly terifying

[Embedded+Geek]

Thanks for the link. The comment "Internet Explorer handles certain files based on its content rather than the extension" shows just how out of touch my Windows knowledge is - I thought it was extensions exclusively. Also, the fact that IE does this puts a lot more concerns about just viewing web pages into my nightmares.

Thanks again.

Re:Well, this is mildly terifying

[GearheadX]

This is why you use a real web browser.

Re:Well, this is mildly terifying

[Embedded+Geek]

I'm writing this in Modzilla, but my family members still use IE. The problem is, of course, that I'm stuck as the tech support guy if they get infected.

Shudder...

from page 10

[neko9]

Artificial life can spin out of control -- and when it does, it can take real life with it.

nice sentence.

phew... i actually read whole fscking looong article by pasting links in google! how's that? now, give me a cookie!

Fun Learning Experiences

[serutan]

One thing Clive should have done after creating that hard-drive-formatting virus on Mario's computer was to double-click it to see what would happen. Other great learning experiences: drop Mario's computer out the window to see what would happen. Slam Mario's monitor down on top of his head and see if he can still type. I would love to try those things, because I'm smart and bored.

Hey Mario, can I come over?

If you can't get a job, it may be your own fault

[Reziac]

That quote illustrates exactly WHY such people get turned down for jobs which then go to an "inferior" programmer. Good HR people recognise the type, and know enough to avoid the trouble they can bring.

After all, would you rather hire the world's best programmer, but then have to worry about (or hire another coder to vet his work for) backdoors, or hire one pretty good but not brilliant programmer whose attitude doesn't make you question the integrity of his work?

(I've worked with the brilliant-but-untrustworthy type. Never, ever again.)

The more things change...

[mccrew]

...the more they stay the same. (Sorry about the double post, folks, I hit return instead of tab)

Back in the 1992 timeframe, there was a Dark Avenger virus toolkit that allowed Skr1p7 KidDi3z to create "encrypted, polymorphic viruses". Check out then-InfoWorld columnist Steve Gibson's alarmist article (scroll down to the part entitled "Article 2") It sounds kind of funny now:

• "It is clear that the game is forever changed; the sophistication of the Mutation Engine is amazing and staggering. Simple pattern-matching virus scanners will still reliably detect the several thousand well-known viruses; however, these scanners are completely incapable of detecting any of the growing number of viruses now being cloaked by the Dark Avenger Mutation Engine."

That was going to be the end of the world as we knew it. Now we have a VB script engine and the world is going to end. Or not.

So what's the judgment

[inkswamp]

I don't have time to read the article yet, but does the article explore the psyche of people who write viruses? I recently wrote to a well-known radio personality about some comments that he made concerning virus-writers being anti-MS and that being their primary drive. I wrote to explain that most profiles we've seen over the last couple years show that not to be the case (although I can't find any of the articles I've seen) and that most virus writers were just tinkering and seeing what could be done. He actually wrote back to argue the point with me and refuses to accept anything beside the anti-MS angle.

So does this article address that? Also, while on the topic, anyone have any links to sites that might support my case? Like I said, I can't find any of the articles profiling the virus writers that have made headlines in the last few years.

Bullsh*t!!!!...

[StressGuy]

That may have been true once upon a time. Nowadays however, things have taken a much darker turn. These people are being sponsored to gather information (passwords, e-mail addresses, whatever). Somewhere along the line, somebody saw a way to make money out of the deal and now we got pro's involved. Just today, my computer was slammed by an obscure port-sniffer virus that shut me down for the day so I could do a forensic analysis of what damage was done. I was running Norton Anti-virus that I had last updated the day before. As a matter of course, I delete all unknown e-mails with attachments, I run spy-blocking software, I have windows set to check for updates, and I scan all downloads regardless of where they come from. Yet, my computer was still hit. The only indication I had was that the hard drive suddenly started swapping away for no apparant reason.

These aren't your garden variety vandals, they are organized and far more sophisticated.

Just kids my a$$

Let's continue with this thought process...

[That's+Unpossible!]

So someone takes my code I have put on my webpage and described as capable of virus activity, and that person spreads it, and now I am guilty of 2nd-degree something or another.

So this means if I am a chemist, and I describe in detail how to create dynamite, and someone makes the dynamite and blows something up, I am 2nd-degree guilty for that as well?

I believe ultimately that information should not be restricted in any way whatsoever, so I disagree with this idea completely.

Re:Let's continue with this thought process...

[etoddie]

As the article addressed...the difference is that the code is directly capable of causing damage and is free to all. The proper analogy would be a chemist placing a box of dynamite on the sidewalk with a sign saying "Warning, may explode...only use for educational purposes"

Re:Let's continue with this thought process...

[FreshFunk510]

The other response was correct. The correct analogy would be placing a bomb out because once you've released code you've made it very easy for some to put it out there. Like I said, maybe they could put out a white paper with code samples and not make it so every script kiddie could let this stuff out.

Anyway, take this analogy in mind. What if it wasn't a formula for dynamite but the secrets, formulas, and exact specifications for a nuclear bomb? SHoudl we just release that to everyone and if someone gets nuked then tough luck?

In principle it's easy to say information should be free but to not look at the realistic consequences is just being blind.

I disagree

[Chicks_Hate_Me]

What's going to stop an idiot end user from opening nude_pix0rz.sh that contains 'rm -rf $HOME'?

Re:I disagree

[ultranova]

rm: cannot remove `/home/test': Permission denied

After all, the /home directory isn't writable by user Test Dummy.

Of course, if it would contain $HOME/* it would be a different story...

The Swiss...

[s-orbital]

Keep in mind the Swiss have mandatory gun ownership, and have more guns per capita than the US, however gun related crime is extremely rare in Switzerland.

Fact sheet about swiss gun regulations:

http://pages.prodigy.net/vanhooser/swiss_fact_sh ee t.htm
(/. breaks up the link a bit)

Re:The Swiss...

[nordicfrost]

the Swiss have mandatory gun

Funny, I couldn't read that from the page. I did, however, see that the Swiss have strict rules on buying, mental health and a clean rap sheet.

They also have a militia-based army, that keeps their guns at home. This is by no means unique as Norway and Sweden are among countries with the same system. And it causes problems, as the availability of guns increase the risk of misuse of guns. Not a good idea.

Re:Why the rag on VB?

[lambent]

Very true, and well stated.

My beef with VB comes from personal experience, as well as experience I have had with others who have used it.

Case 1) I knew this chick in college; she scored a cushy summer job as a VB 'developer'. Scored a major chunk of change, while I busted my hump in a coffeeshop for 3 months. When pressed for details, it turns out that all she really did was push buttons in the visual builder gui that did everything for her. She knew enough syntax to fitb, but couldn't program her own way out of a wet paper sack.

Case 2) A friend of mine developed an inventory control program in VB. Very powerful. Earned him a promotion to manager, and major moola. The only drawback? Slower than molasses. Since he had no other language in his repertoire, and basically cribbed the whole program from pre-existing examples, it continues to take several hours to update the data.

VB has its advantages, i do not dispute that. Chief among them is that it is easy to learn, implementation time is fast, and it is tightly integrated into the windows os.

But honestly, I would not use it to munge gigs of data at a time, implement real-time applications, or control my nuclear reactor.

Then again, I just might be slightly envious that my friends were in the right place at the right time.

Re:Jesus Christ

I'm all for a virus that seeks out and destroys grammar-bitches' computers.

It's bad

[bobbabemagnet]

These people are not doing us a service. When I bought a car, I knew that it had been tested for safety. I do NOT want some punk kid beating my car with a bat to prove to me that in a low speed collision the car has the potential to explode catastrophically. Stay away from my car and don't damage my property. If there's something wrong with my car I'll let the proper authorities tell me and fix it. Granted, corporations often don't feel that kind of responsibility, but as long as we're talking in terms of ideals, let's just keep pretending.

Re:virus haiku

[Sick+Boy]

We all know that's true,
Poets can take liberties.
You still get the point.

Anti-Virus-Writer Viral Virus Generator

[Atario]

I hadn't realized the bit about the smart writers who post and the dumb kids who spread, but it makes sense. In fact, it could be useful. Observe:

How about a virus generator that embeds identifying information of the person doing the generating in the virus it generates?

Dig up NIC MACs, IP addresses, email settings, what have you. Something the virus investigators can easily use to trace back to the generator. Then stick them in cleartext (or rot13) in the code generated. Maybe even have the virus generate a report email about it to CERT. (Maybe that would need some self-limiting so as not to flood them, but still.) That way, anyone dumb or malicious enough to generate virii would be setting themselves up (the bomb). Kind of a honeypot in reverse. Let 'em autodarwinate.

Re:Why the rag on VB?

[dsci]

Actually, I agree that VB *CAN* be used in very expert ways to accomplish useful tasks. As far as I am concerned, VB is a useful tool for generating small utilities very fast; you know, things that don't require a lot of horsepower (but there are ways to optimize VB to some good performance in some algorithms).

My main issue with the point made in this article is that it seemed *assumed* that because this kid was fairly proficient in VB, that de facto made him an expert programmer. You can be nearly low-level illiterate and still generate some useful stuff with VB. Truthfully, that is what I think of these particular kids from the tone of the article (and the fact that they don't FIND the vulnerabilities and engineer an exploit, they simply apply what is published in security bulletins).

I'd be willing to bet that if you ask them to write a driver for a custom one-off process control board, their eyes would glass over. There are probably virus writers out there who *ARE* expert programmers, even at the low level, but they were not the ones represented in this article. All of them were relatively young, and with the exception of one guy who was an unemployed dude with a CS degree, had no substantial credentials.

I got the impression the author of the article was trying to show these kids as geniuses or computer wiz kids....when you don't have to be a wiz to throw together some VB that opens a socket and listens on a port (for example).

WARNING: html virus in his website!

[Cornelius+Chesterfie]

McAffee detected a "bt.ow" or some such virus, in the html page of his website (twice). Just a heads-up for the people on unprotected computers.

Forgive me if I didn't use the proper nomenclature to describe what happened, I don't know the exact terms to use.

One could argue

That the NY Times is helping to spread viruses by writing a detailed article about them. For anyone who wants to get into the scene, they now have a list of names, handles, and things to go Googlin' or IRC'ing for...

Curious about what language to write it in? Well VB is named as being a good language (I'd prefer assembly myself, but I digress).

Should we now publicly flog the NYTimes for publishing some info?

Most people would have a problem with that... So why would they think it's OK to flog people who write viruses?

I enjoy challenges - I write viruses occasionally and never release them. I explore cryptographic algorithms purely for my own enlightenment. However if I decide to share my information with someone, I don't know what they're going to do with it. Unless they say "yo dude man, I want to TOOOOOTALLY fuck those dudes over with your rockin' codez", I don't care if they have a copy of it or not... It's not like they're not going to figure it out anyway or get a copy so why should I waste my time worrying about it... I'd rather be coding...

Think about it - every technological advance since time immemorial has had some "dark side" to it. Did that mean we prevented the development of the knife, fork, spoon, sword, car, wheel, gasoline, oil, insecticide, flour, water, rockets, TV, baseball bats, baseballs, basketballs, potatoes (potato launchers), and whatever else you can think of?

Trying to prohibit the sharing of information won't protect any of us from anything - quite the contrary in fact...

Awful

[skinney]

I read 4 of the 10 dreadful pages of this article. I finally had to stop reading after many times, stopping and thinking how much information in this article is totally false. It wasn't a totally loss, I really did get a good laugh out of the parts taht wern't 100% dreadful. Everything about the "life" or "lifestyle of a virus writer and his 9 yearold friends" is maybe true for 1% of script kids who could even come in range of being concidered a "virus writer". This artice is a sorry excuse for what you call "decent research about the subject". All of us are dumber even having read it. *AGHHH!*

So if you asked me, "In once sentance, what did you think of that article?" I'd reply, "A compete waste of bytes."

-mod6

Maybe not a virus - Bt.ow/btg info

[csk_1975]

The javascript looks pretty innocuous. You can use the samspade safe browser if you really want to look at the original page (and the javascript).

Some AV programs throw a warning about Bt.ow/btg when they see the pattern "Second Part to Hell" and the page includes the text "(c) 2002-2004 by Second Part To Hell" so it may be a false positive.

If you are concerned, more information about Bt.ow/btg is here and here

The tired meatspace analogy

[crucini]

But a virus is just information. Maybe a better analogy is a lie. Vic the virus writer tells you a lie calculated to appeal to your prejudices. You rush out and tell two friends, who tell two friends, etc. Now after adding up the "damage" to "the economy" we might be tempted to put Vic in prison. But really, everyone needs to be more skeptical.

A virus can only work because there is explicit program code on the target machine that makes the virus work. The virus is just information.

Re:The tired meatspace analogy

[SideShow_BLOB]

The virus doesn't think for itself. And the virus doesn't initially act on its own.

There is a prime mover behind the virus. We call it the virus author. The virus author creates and releases the virus into the world.

How the virus behaves once it enters the world is entirely irrelevant. The thought behind the creation of the virus, and the intent behind the release of the virus -- these are the grounds on which we condemn the author.

I'll put a homemade pipe bomb in your mailbox tomorrow. If you choose not to open it, does this invalidate the bomb?

Question the intent. Don't rationalize the results.

Re:The tired meatspace analogy

[crucini]

Of course, that same logic justifies prosecution of witches. Even if you don't believe in the efficacy of witchcraft, you must admit the sinister intent reflected in casting harmful spells.

Your pipebomb isn't information. A virus is. Let's say I deliberately, maliciously, with evil intent, mail an "All Your Base.." type joke to someone, knowing full well that he will "waste resources" sending that joke and variations thereof to others. Isn't that a pretty close analogy to a computer virus? It passes your test for bad intent.

Re:The tired meatspace analogy

[SideShow_BLOB]

No, that is a close analogy to spam. To liken a computer virus to spam is to trivialize its potential severity.

A virus can destroy data. A virus can corrupt data. A virus can unwittingly to the user of the infected system transmit personal data. A virus can execute resident programs. So on, so forth, ad nauseum...

At its most basic and innocuous level, you could argue that a virus is no different than spam. But once you cross the "information" boundary that you define a virus by, you can no longer justify its harmlessness.

To revisit the pipebomb example, by your logic the pipebomb is just a device. Harmless, at a minimum, if unactivated. But deadly otherwise.

So now there are two issues at play:

1. The severity of the thing, and
2. The intent behind the thing.

We've just established the first. Now you must consider the second in light of the first.

Re:Reporters..WRONG!!!

[Jedi+Alec]

actually, when installing XP, it'll create the admin account, ask for a password, and when booting for the first time, it'll pretty much force you to create a user account besides the admin one. So far so good, if the user account wasn't also at admin level...for some totally odd reason, XP forces you to have an admin account, a user account that is also an admin account, and does not provide any information on how to create yet another account that'll actually have normal user rights...

Starring...

[DigiShaman]

...the CLAP

Another fk'n journo!

[el_C]

Sorry for using this forum to do this...it's kinda on the topic... I work for SBS radio in Sydney on a program called Alchemy (www.sbs.com.au/alchemy). I'm putting together a radio feature looking at the use of viruses and worms for social justice/activist purposes. I know this is a huge issue and there's obviously lots of different opinions within the geek community about the effectiveness of using viruses/worms in this way. Personally I have no technical knowledge about it, but I'm interested in getting a range of perspectives about it. I'm also interested in getting in touch with someone who's made or been involved in making the kind of virus like eg. the Mawanella virus that described the burning down of 2 mosques and 100 Muslim-owned shops in Mawanella or the 2001 worm that called for a vote on whether the US should go to war. or, of course, the MyDooms. So...I guess this is a bit of a shout out (sorry for using this forum to do this) asking for people to contact me or leave a post if they've got something to say on the topic, or if they have had some personal experience. I can be emailed at epotaka@scmp.mq.edu.au or chemii@graffiti.net. Ta.

There are as many linux boxes now as DOS in 1980s

[yuri+benjamin]

Back in the 1980s I remember the DOS warez community was crawling with viruses.
If you believe the argument that virus infections corelate to number of installed bases, then you would expect to see as many viruses for linux today as there were for DOS in the 1980s.
Remember that back then they spread by boot sectors on floppies. With duh intarweb you'd likely expect to see even more.
I know my Mandrake boxen have vulnerabilities - that's why they're firewalled behind IPCop. I don't know why someone isn't making and selling mini-pcs with IPCop (or equiv) to place between family PC and Intarweb connection.

One thing my linux mail clients don't do with attachments is setuid root them, chmod a+x them and then autorun them.

Summary of parent

[munch117]

You owe a debt of gratitude to the people who throw rocks through your windows. If it weren't for them, you wouldn't bother to board over your windows, and then you'd REALLY be screwed when someone breaks your windows to pipe poison gas through.