Slashdot Mirror
The World of Virus Writers
No_Weak_Heart writes "Looking for a little weekend reading? You might try the cover story from this week's NY Times Magazine. It's titled The Virus Underground, and it takes a look at the world of malware scripters, virus writers and worm designers."
Some one should write a virus that will allow us to read NY Times without a suscribtion.
Cheers,
RoadkillBunny
Why do they have to be underground? Would it be so bad if they could have their own magazine and perhaps some clubs/organizations?
Life is the leading cause of death in America.
"The Virus Underground" sounds like a bad nightclub.
it takes a look at the world of malware scripters, virus writers and worm designers.
I guess my initial reaction was fsck 'em. Fsck 'em all. However, it could be suggested that they have made corporations and governments aware of many intrinsic insecurities in certain popular operating systems which may have prevented some larger potential catastrophe. The problem for these guys, is that we will never know and they will continue to be reviled and hated as losers. (That is unless they are talented enough to score a job with Symantec, the NSA or some other organization dealing with comp. security.)
Visit Jonesblog and say hello.
As this is slashdot, I haven't read the article, however, I find it very hard to believe that a mainstream news outlet would really describe this accurately. I mean, look at how bad the press tends to botch up tech stories on things that aren't "underground". Why would I trust that they know about things that aren't common knowledge, when they can't even get stories on simple tech issues correct?
Whenever I read of a new virus or hear of one on the radio, I wish they'd start to hammer home the fact that 99.99% (wild number I pulled from my arse) of these affect Windows machines only. The ignorant masses just assume that viruses and worms are a way of life, they don't know that it's a way of life only if you use a certain OS.
Trolling is a art,
my theory that the most dangerous people are people who are bored.
I wonder if more code contests would stop the number of virus writers. How many virus writers are just people who can program, but want it know they are good. Maybe some other outlet of demonstrating their talent would prevent them from "needing" to demonstrate it another way, such as a virus.
Are for the time being usually kids just looking for a little attention. They're the computer geek version of the guys who soup up cars, or join the varsity team. They believe that is the way for them to make their mark. The real worry is when you start having government funded virus writers. When someone from china or russia or the middle east are writing virus to shut down systems or create havok for the intent to kill, or bring down defenses for an invasion or terrorist act. Think about what could happen if there's a standoff in taiwan or such and the chinese figure out a way to infect the navy systems with a virus, leaving our fleet defenseless off chinese shores, etc.
Like a lot of virus writers, this guy is a bored teenager ... 50 years ago he would have been out vandalising his school. In somewhere between 20 and 50 years he'll have access to nanotechnology.
Format C: ? Overwrite every file? How about rebuild your washing machine so it suddenly appreciates the taste of "cat" and has the capability of acting out it's amorous feelings for your central heating.
NYT Random Login Generator
http://www.majcher.com/nytview.html
The Virus Underground
By CLIVE THOMPSON
Published: February 8, 2004
his is how easy it has become.
Mario stubs out his cigarette and sits down at the desk in his bedroom. He pops into his laptop the CD of Iron Maiden's ''Number of the Beast,'' his latest favorite album. ''I really like it,'' he says. ''My girlfriend bought it for me.'' He gestures to the 15-year-old girl with straight dark hair lounging on his neatly made bed, and she throws back a shy smile. Mario, 16, is a secondary-school student in a small town in the foothills of southern Austria. (He didn't want me to use his last name.) His shiny shoulder-length hair covers half his face and his sleepy green eyes, making him look like a very young, languid Mick Jagger. On his wall he has an enormous poster of Anna Kournikova -- which, he admits sheepishly, his girlfriend is not thrilled about. Downstairs, his mother is cleaning up after dinner. She isn't thrilled these days, either. But what bothers her isn't Mario's poster. It's his hobby.
When Mario is bored -- and out here in the countryside, surrounded by soaring snowcapped mountains and little else, he's bored a lot -- he likes to sit at his laptop and create computer viruses and worms. Online, he goes by the name Second Part to Hell, and he has written more than 150 examples of what computer experts call ''malware'': tiny programs that exist solely to self-replicate, infecting computers hooked up to the Internet. Sometimes these programs cause damage, and sometimes they don't. Mario says he prefers to create viruses that don't intentionally wreck data, because simple destruction is too easy. ''Anyone can rewrite a hard drive with one or two lines of code,'' he says. ''It makes no sense. It's really lame.'' Besides which, it's mean, he says, and he likes to be friendly.
But still -- just to see if he could do it -- a year ago he created a rather dangerous tool: a program that autogenerates viruses. It's called a Batch Trojan Generator, and anyone can download it freely from Mario's Web site. With a few simple mouse clicks, you can use the tool to create your own malicious ''Trojan horse.'' Like its ancient namesake, a Trojan virus arrives in someone's e-mail looking like a gift, a JPEG picture or a video, for example, but actually bearing dangerous cargo.
Mario starts up the tool to show me how it works. A little box appears on his laptop screen, politely asking me to name my Trojan. I call it the ''Clive'' virus. Then it asks me what I'd like the virus to do. Shall the Trojan Horse format drive C:? Yes, I click. Shall the Trojan Horse overwrite every file? Yes. It asks me if I'd like to have the virus activate the next time the computer is restarted, and I say yes again.
Then it's done. The generator spits out the virus onto Mario's hard drive, a tiny 3k file. Mario's generator also displays a stern notice warning that spreading your creation is illegal. The generator, he says, is just for educational purposes, a way to help curious programmers learn how Trojans work.
But of course I could ignore that advice. I could give this virus an enticing name, like ''britney--spears--wedding--clip.mpeg,'' to fool people into thinking it's a video. If I were to e-mail it to a victim, and if he clicked on it -- and didn't have up-to-date antivirus software, which many people don't -- then disaster would strike his computer. The virus would activate. It would quietly reach into the victim's Microsoft Windows operating system and insert new commands telling the computer to erase its own hard drive. The next time the victim started up his computer, the machine would find those new commands, assume they were part of the normal Windows operating system and guilelessly follow them. Poof: everything on his hard drive would vanish -- e-mail, pictures, documents, games.
I've never contemplated writing a virus before. Even if I had, I wouldn't have known how to do it. But thanks to a teenager in Austria, it took me less than a minute to master the art.
Mario drags the virus over to the trash bin on his computer's desktop and discards it. ''I don't think we should touch that,'' he says hastily.
(Philet0ast3r is an online handle; he didn't want me to use his name.)
Really? I mean I could have sworn that Philet0ast3r was a real name. Are you sure he isn't the son of the l33t3st parents in Europe: C4ptainKaos and S3xyH3xy?
John.
I mean, seriously, once it hits the NYT magazine, it's not so much an underground item. I'm sure the article is interesting but it's the nature of underground "sports" that you can never really know exactly who and what is going on.
One of my favorite phrases is, "There are no Famous Hackers" meaning simply, that the famous "super-genuius-crackers" in the news who get caught aren't really all that smart are they ?
(I read it anyway, surprised to hear that one of my favorite bands is still popular
"Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."--Benjamin Franklin
I won't say where or whom, but there are some virus writers that work for major software corporations - not for writing AV software, but rather to put out viruses to punish software pirates. If Joe Blow stops worrying about viruses, after all, there's going to be a lot more 'liberated' software floating around.
I would also recommend the title by the same author, "The Troll Underground", which highlights the life of the Slashdot troll
Someone infected my computer with a virus that deleted any file that I updated in the last twenty-four hours.
Slashdot? Nope, haven't heard of it. 3000 hits in the last week? The virus did it.
After the IBM superbowl commercials? Id say several million.
no
Here's the kiddies website: http://www.geocities.com/spth666/main.htm
mix_master_mike
vafrous
Then it asks me what I'd like the virus to do. Shall the Trojan Horse format drive C:? Yes, I click. Shall the Trojan Horse overwrite every file? Yes. It asks me if I'd like to have the virus activate the next time the computer is restarted, and I say yes again.
Umm, once you answer yes to the first question, are the rest not redundant?
I don't need no instructions to know how to rock!!!!
The author's obviously as clueless as any nontechie trying to explain or master anything technical. Such a trojan creator could be created in an hour by any competent programmer. The existing virus underground would fall over laughing if anyone dared claiming knowledge or skill after using or creating this tool.
The next great MMORPG.
This kid would make a great poster boy for birth control.
Best Buy can have you arrested
(Older Examples: Mistfall Engine, ZMist virus.)
When we start seeing more of these, AV companies will have a hard time keeping up.
Well that would do you absolutely NO good what-so-ever. It's amazing the amount of people that think they know about a subject, when they are really very ignorant... Believe it or not there are "white hat" virus writters just like hackers.. YAM (Youth Against Macafee) was one of the biggest back in the day.. Here's why your wrong: "I have written a how-to about using Mozilla Mail to avoid Windows viruses." Well, it might help protect against an OUTLOOK virus, but how the hell does it prevent "Windows" type virus? If I stick an infected floppy into your computer does Mozilla block it?? lol..
Mod +5 Drunk
"Most of the virus writers I visited live in Europe; there have been very few active in the United States since 9/11, because of fears of prosecution." Hunt them down and throw them in jail.
"''This is a revenge worm,'' he explained -- for ''not hiring me, and hiring some loser that is not even half the programmer I am.''"
Perhaps someone should tell him that personality counts.
G
I've always been surprised that I have *never* found a virus or a backdoor in a crack or a keygen I downloaded off one of those sites. If there someone their trying to punish isn't it more likely freeware users? Anyone remember Whack-a-Mole?
Quack, quack.
I managed to read the first of 10(?!) pages before I decided it was just another alarmist (altho slitely journalistically poetic) piece of trash.
.... buh.
They're trojans, not viruses. I haven't seen a respectable virus in like 5 years. Viruses are self replicating. Trojans require lusers to activate. (britney--spears--wedding--clip.mpeg, indeed). What pisses me off is this reporter's beliefe that all this terminology is synonymous (virus, trojan, worm).
After reading the next few pages, i was surprised that the author bothered to extrapolate on the terminology "script-kiddie". (Nice job, Clive) But then he goes on about dreadlocks being the hairstyle of choice
After that it degenerates into political commentary.
What the hell ever happened to ASM viruses? What happened to TINY?
My favourite quote: "This guy is the best at Visual Basic". That's not a compliment, dude. That's like being the best at tying your shoelace.
from the article: I've never contemplated writing a virus before. Even if I had, I wouldn't have known how to do it. But thanks to a teenager in Austria, it took me less than a minute to master the art.
Now obviously, if he's a master of the art of computer viruses, there's a reason he chose to overwrite every file after formatting drive C:, right?
That guys just a lamer. All the major viruses released of late do nothing but spam or ddos evil coporations. What happened to the good ole day's when they really did format your hard drive? On a serious note, I doubt "underground" groups like this are responsible for today's major viruses. I would point the finger at dirty spammers for 99% of profilic recent virii.
--Gentoo Baby!
I posted this article months ago, but no one seemed to care. Just wait til they start putting viruses into v-cards.
Why is "Second Part to Hell" naked in the picture in the article?
"Looking for a little weekend reading? You might try the cover story from this week's NY Times Magazine. It's titled The Virus Underground, and it takes a look at the world of malware scripters, virus writers and worm designers."
It's not a "world". It's something someone does when they sit down at a desk. I really wish the things some geeks do would quit being portrayed with such silly words.
Over-dramatized, to portray an image that is very rarely accurate. It's, most often, some boring person with a bone to pick with the system or a company. Yeah, so they used code instead of throwing a brick through a window. That doesn't make them any more interesting than a teenager bashing a mailbox.
This is a popular comment to make and I'm sure the MS marketing dpeartment is doing everything it can to keep it alive. Unfortunately, it is utterly, totally and completely wrong.
You assume that the number of viruses is directly proportional to the percentage market penetration of a given OS. You have absolutely no data to support this. Conversely, the claim that the number of viruses in the wild is proportional to the number of security flaws in a given OS is much more supportable and defensible.
It's simple: I demand prosecution for torture.
The method by which the virus is delivered is interesting. Quote:
"These days, many elite writers do not spread their works at all. Instead, they ''publish'' them, posting their code on Web sites, often with detailed descriptions of how the program works."
And, while there exists this "loophole" now, I find this disturbing. Now don't get me wrong. I grew up with Sneakers and I've always been a proponent of computer education and making the security flaws known.
However, at some point if you're leaving material (whether tangible or electronic) out in public whose main purpose is crime and destruction I do think those people should be liable. I'll call it "hacking, in the 2nd degree" or "involuntary hacking".
Let's take guns for example. Let's say a gun seller illegally sold guns to 12 year old children and also sold them bullets. Now let's say that the kids accidently shot each other up. Shouldn't the gun seller be liable? Maybe not liable for first-degree murder, but maybe second degree.
I think that if the hackers want to educate others should perhaps do it in a more educational, and in a way that doesn't make it easy for script kids to copy and paste. Perhaps they can put out white papers with snipets of code... but, for the love of God, don't give the programs away. By doing that you have only yourself to blame with the script kiddies start spreading viruses like there's no tomorrow.
To tell yourself that you're completely innocent would be denial.
"Injustice anywhere is a threat to justice everywhere." - Martin Luther King, Jr.
I agree! I was thinking about this a few weeks ago actually. All the "viruses" now don't have to solve the hard problems. There's no sophistication to them anymore. And again, not to say "we need more sophisticated computer viruses out there," but come on, skr1pt k1dd1ez - don't pat yourselves on the back for being able to do something so ridiculously simple!
.COM or .EXE files, updating file-dates to indicate that it was present, but in a way that users wouldn't typically observe. It even twiddled with the interrupts on the system so that it could tell if it was being single-step debugged - and it would switch the debug interrupt off and go on its merry way. It had a number of other hooks to keep itself hidden from the user. And it had a program that it would drop onto boot sectors periodically, saying "FRODO LIVES".
When I was younger I studied computer viruses - they were a "real-world" form of artificial life that had to exist in a hostile environment, and successful ones had a bag full of tricks they could use to be insanely successful at spreading. This was before the Internet was really popular too - the only way a virus could spread was hitching a ride on a floppy disk or some file on a BBS.
I actually got to work on reverse-engineering computer viruses for an antivirus effort, and I remember this one computer virus - the Frodo virus. It was one of the most sophisticated stealth viruses I ever saw, and employed a variety of techniques to keep itself hidden. It would run as a TSR, but obscure the fact that it had allocated any memory to itself. It would infect
It was an unbelievable program to read and understand. It boggled my mind that someone could create something that sophisticated and complex. The viruses today are absolutely ridiculous in comparison.
If these "virus"-writers want to really do something challenging and mentally engaging, they should look into Core Wars. That's a great environment to scratch these kinds of itches - keeps you thinking, and it doesn't screw up other people's lives.
Ok, I'm done reminiscing about the good old days...
You can quibble a little bit about details and terms, but Clive Thompson is a pretty good technical reporter, and he did a very through job on this story (as do the NYTimes magazine fact-checkers).
Test your net with Netalyzr
I have to wonder, when reading articles like this, how closely does the "scene" the article's author has discovered relate to the larger population in general. I've read a few articles that seem to be essentially interviews of some random, anonymous, highschooler, that supposedly represents the general population of computer-savvy evildoers.
Are there actual, functioning, hacker groups, of a scale larger than Joe and his friends? It seems that the social attitude that accompanies black-hats (at least from the article that I'm questioning) doesn't lend itself to large organizations or control structures.
On the other hand, it is kinda cool to imagine that there's a huge organized computer-crime secretly flourishing across the country. You could make a movie about that sorta thing, maybe call it "Hackers". Oh, wait...
Anyone else curious how many of the kids interviewed in this article are members of the slashdot community?
==================
Why computer virus writers are useful and we should thank them.
The title is obviously a provocation. I am considered a balanced personality but sometimes, I like to stretch things to the extreme and to provoke reactions. This article is one of my rare attempts to provoke you... or not? Today, after the alarm caused by the fast diffusion of the Sobig virus, we are all talking about the reasons why virus writers are coding more and more viruses.
"They should stop, somebody stop them!" I hear all the time but... is this right?
We try to answer to this question with an interview with Professor Samuel D. Forrester, one of the most famous immunologists in the world. Dr. Forrester is on the run this year to get the Nobel Prize for his recent discovery of the mechanisms of aggression of over-reacting immune cells and antibodies. He teaches at the Immunology faculty at the Konigsberg University since 1986.
Zone-H: ZH
Professor Samuel D. Forrester: SDF
ZH: Thanks for having accepted to release an interview to Zone-H
SDF: Thank you, even if it is quite unusual to be interviewed by a computer security website.
ZH: Dr. Forrester, can you tell us what is the branch of the immunology?
SDF: Immunology is the study of the complex and sophisticated immune system. The immune system is a network of cells and organs that work together to defend the body against attacks by "foreign" invaders or germs. The body provides an excellent environment for germs. When they do break into a system, it is the immune system's job to keep them out or to seek and destroy them.
ZH: What is the job of the immunologist?
SDF: Clinical immunologists research new tests and treatments involving allergic and immunologic disorders of the immune system. They work with physicians in general practice and in hospital-based specialties to treat diseases using complex and sophisticated clinical techniques. The science of clinical immunology is a fast developing area of the medical profession. The role of the immunologist is increasingly important, both in laboratory work and in patient care.
ZH: Have you heard about the recent Sobig-F virus deployment?
SDF: Yes, I read something on the newspapers. Even if computer science is not my science, the topic of the computer viruses is obviously of my interest. See, many aspects of the traditional immunology and the computer viruses are in common.
ZH: And this is the reason why Zone-H wanted this interview.... Dr. Forrester, what do you think about computer viruses, what do you know about them?
SDF: Computer viruses are exactly like the normal viruses. They can kill you if your immune system doesn't work, but at the same time, your body should thank them if your immune system is today capable to protect you from deadly illnesses.
ZH: Can you please develop the concept?
SDF: It's simple: every time you get a cold, you sneeze. But you could die, actually. The only reason why you don't die is because your immune system has been programmed to react to the "threat" posed by a germ. It's a paradox, but it's the same germ that could kill you that trained your immune system to react when invaded.
ZH: And what makes the difference? How is it possible that a germ can kill you and the same germ can train your immune system making you stronger?
SDF: It's just a matter of doses. Like with wine, one glass every day makes your heart stronger and lowers your blood pressure, one bottle every day can kill you. This is the concept on which vaccines are based.
ZH: We understand that. Can we stretch the concept saying that a constant flow of germs, if received in the proper dose, makes the body actually stronger?
SDF: Absolutely. If hypothetically we could take two n
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
A tall blond friend in a jacket festooned with anti-Nike logos put his arm around Philet0ast3r and beamed.
''This guy,'' he proclaimed, ''is the best at Visual Basic.''
That's the first time the New York Times made beer come out of my nose!
And under a reasonably secured Linux install, these attachments would not be able to be run in the first place. First of all, the attachment must be manually given execute priveledges. If your home directory is a separate partition and mounted with the "noexec" option (as it SHOULD be), it still would not be able to execute. The only place where a user should have write access is their own home directory, and anywhere a user has write access, there should not be execute priveledges.
This is the way my home system is configured, and is the way any self-respecting distro should be set up as well.
Whats being discussed in the articles, though, are stupid little trojans that rely on an idiot user clicking them.
Those idiots run windows. There's no big differnce between a clueless windows user running with full admin priveledges clicking HotNakedChick.vbs or a clueless linux user running as root clicking HotNakedChick.pl.
There are few viruses out there that actually exploit anything. Slammer was, SoBig was, but most are just "10 print "I AM L337"".
I don't need no instructions to know how to rock!!!!
The real worry is when you start having government funded virus writers. When someone from china or russia or the middle east are writing virus to shut down systems or create havok for the intent to kill, or bring down defenses for an invasion or terrorist act.
They already exist. (The China army's information warfare department, among others, has already been the subject of slashdot articles.)
Interestingly, Microsoft gave these guys access to their source code. They were trying to head off the move by various governments to mandate open-source software. One of the arguments was the security of the code against malware. So MS made the code available to various governments on request, inviting the governments' security experts to examine it to see for them selves how secure it was. (China, and a number of the other usual suspect govenments, took them up on the offer.)
Now what department do you think government software security experts, specializing in malware vulnerabilities, work in when they're not examining a software vendor's code for exploitable holes WITH the permission and assistance of the vendor? B-)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Looking for a little weekend reading?
Why waste my weekend, when I can get paid to read it now?
What does it mean to wake out of a dream
and be wearing someone else's shorts?
BNL, Born on a Pirate Ship (1998)
For the sheer intellectual challenge, Philet0ast3r replied, the fun of producing something ''really cool.'' For the top worm writers, the goal is to make something that's brand-new, never seen before. Replicating an existing virus is ''lame,'' the worst of all possible insults.
and
Philet0ast3r said he isn't interested in producing a network worm, but he said it wouldn't be hard if he wanted to do it. He would scour the Web sites where computer-security professionals report any new software vulnerabilities they discover. Often, these security white papers will explain the flaw in such detail that they practically provide a road map on how to write a worm that exploits it. ''Then I would use it,'' he concluded. ''It's that simple.''
So these *expert* programmers (of Visual Basic) read of security vulnerabilities that describe the exploit, then code it, and call *that* new and creative.
This NYT article completely overrated the skill of these 'worms.'
Computational Chemistry products and services.
These days I think the virus writers are just people who assemble a virus by collecting scripts and code from the Internet. Also the viruses they come up with do very little or no actual damage to the host system, instead they just "Propagate". If you are infected, delete a few files, remove a couple of registry entries and thats it. It has been a long time since I saw a virus with some real payload.
Virus writers used to be much more creative back in the DOS days. If you are somewhat older you might remember Stoned, Die-Hard, Natas, One-half, etc. Each had its nasty little payload, stealth techniques and difficult to disinfect.
Until someone loses some real big money because of a virus or trojan.
Yeah, yeah, there are "estimated" costs of every virus that comes out. And they're not small potatoes.
But just wait until a virus comes out that silently infects machines, travels slowly enough to be barely noticed and only does one thing: randomly change values in an Excel spreadsheet. Or randomly delete one column from a randomly picked sheet.
It'll be Armageddon: dogs and cats living together, Detroit winning the World Series AND the Super Bowl, etc.
--
Mando
And get some script kiddies in trouble, he'd just post the executable, and not tell anyone that it also emails authorities around the world information about the computer you run it from. While this may "brown-out" some servers as the article says, it would leave a nice trail to the luser who started the whole mess.
"The best laid plans of mice and men gang oft agley..." - ROBERT BURNS
Yeah, just like the "The doument you are opening contains macros or
customizations. Some macros may contain viruses that could harm your
computer. [...]" warnings prevented Word macro viruses...
A user naive enough to click on such a link does, in some important
sense, _want_ to visit that page. Your suggested warning is just
another thing that such users see as "getting in the way of doing what
I want to do". Therefore, if implemented it would become more part of
the problem than the solution (as users will become ever more familiar
with ignoring "warnings" and clicking through them). If you understand
users, you will know that in helping them to not shoot themselves in
the feet, the only useful appraoch is to remove everything capable of
firing the bullets (and quite a few things beside!)...
On the Word macro virus front, things got notably better _NOT_ when MS
implemented the above warning (that the users could blithely ignore and
even _disable_ right there on the warning dialog -- what a travesty of
mis-design that was!) but when it released a version of Word that
defaulted to not running macros unless they were signed with an
acceptable (as configured by the user/admin) key (there are legion
flaws in the design of this feature, but it was strong enough to
significantly impact the Word macro virus problem). In IE, removing
support for this mis-feature (read RFC 2616) will have a much greater
impact than trying to "direct" users who don't want to be directed with
"warnings" and other stuff that "gets in their way".
Everybody knows apples don't get viruses, they get worms!
warning: This post is likely to contain gobs of dripping sarcasm. Consume at your own risk.
Maybe Mario is just pissed because he has to live in the mountains of Austria without a shirt.
SIGFAULT
It's funny. Which software company will deliberately, knowingly leave out holes in its software? "Microsoft had neglected..." Look, every program, small and big, has bugs. When you're talking of one of the leading database products in the market, you're talking of a very complex piece of software that's bound to have holes here and there. That statement is naive.
Really? Which company knows of all the flaws in its software?
What scares me most is This Article. Even understanding that one of the assumptions was that any two pairs of hosts communicate at the same rate, It's frightening.
Theoretically wiping out 40 million hosts in under a minute....
I'm guessing that a real-world implementation would probably take closer to 20 minutes, but still it's mighty frightening.
Just about the only way I could see to stop it's spread would be to make smart routers, switches, and even hubs that quickly seal off any services on which there is a sudden surge of SYNs from random hosts.
In the first part of the article, the author talks to the author of "Batch Trojan Generator" and creates an infected JPEG file, one that "would quietly reach into the victim's Microsoft Windows operating system and insert new commands telling the computer to erase its own hard drive" when clicked.
To me, this implies that the JPEG is actually executable code. On the face of it, this is patently ridiculous. I started thinking about it, though, and relaized that the actual mechanism might simply be an exploit of a buffer overflow in the code that interprets the JPEG (not the JPEG itself, which is not executing). By having the JPEG reference something outside of the boudaries of the actual JPEG file, it might go out and stick malicious machine code in some piece of RAM where it later gets executed.
Am I correct in this assumption about JPEG trojans, or does (unpatched) Windows go out and somehow execute a file ending in .JPG as if it were ending in .EXE? For that matter, if one embedded the JPG in an HTML mail message (or just stuck it on a web page) instead of attaching it, would it execute in the same manner and infect or is there a different JPEG engine at work (i.e. the one in IE or Outlook isn't vulnerable but the one in Microsoft Photo Editor, assigned by default to file type .JPG, is)?
Thanks in advance...
"Prepare for the worst - hope for the best."
The most nasty virus/worm in the recent years was blaster which would reboot a winXP after a minute of connecting the net. That needed action.
Most other virus, besides propagating, doesn't do anything so the infected victims doesn't need to erase it from their windows.
Considering the speed of mydoom propagation, the next time we'll have a nasty virus/worm, we'll have some fun !
Men are born ignorant, not stupid; they are made stupid by education. Bertrand Russel
A tall blond friend in a jacket festooned with anti-Nike logos put his arm around Philet0ast3r and beamed.
''This guy,'' he proclaimed, ''is the best at Visual Basic.''
I.... am speechless.
-----
Score 3? For what? Being wrong, at length? - smirkleton
That quote illustrates exactly WHY such people get turned down for jobs which then go to an "inferior" programmer. Good HR people recognise the type, and know enough to avoid the trouble they can bring.
After all, would you rather hire the world's best programmer, but then have to worry about (or hire another coder to vet his work for) backdoors, or hire one pretty good but not brilliant programmer whose attitude doesn't make you question the integrity of his work?
(I've worked with the brilliant-but-untrustworthy type. Never, ever again.)
~REZ~ #43301. Who'd fake being me anyway?
Back in the 1992 timeframe, there was a Dark Avenger virus toolkit that allowed Skr1p7 KidDi3z to create "encrypted, polymorphic viruses". Check out then-InfoWorld columnist Steve Gibson's alarmist article (scroll down to the part entitled "Article 2") It sounds kind of funny now:
That was going to be the end of the world as we knew it. Now we have a VB script engine and the world is going to end. Or not.
Hey, Windows users, there is no such thing as "forward" slash, there is only slash and backslash.
I agree in part, but disagree in part as well. Certainly, if Linux had 98% of the market, there would be more worms (especially stupid user worms like MyDoom) targetting Linux. However, there is a substantial design difference between Linux (and other UNIX variants) and Windows. Linux only executes files whose execute bit is set. Windows only executes files with the right extension. Basically, what this means is that it is harder on Linux to accidently execute a file sent to you. And any mail client that automatically set the execute bit would be considered insecure. Thus it would be harder, especially for stupid users, to propogate these worms.
At least this would force worm writers to exploit actual vulerabilities in software, which can be fixed. It's much harder to fix stupid (or careless) users.
"Save the whales, feed the hungry, free the mallocs" -- author unknown
So someone takes my code I have put on my webpage and described as capable of virus activity, and that person spreads it, and now I am guilty of 2nd-degree something or another.
So this means if I am a chemist, and I describe in detail how to create dynamite, and someone makes the dynamite and blows something up, I am 2nd-degree guilty for that as well?
I believe ultimately that information should not be restricted in any way whatsoever, so I disagree with this idea completely.
Ironically, the word ironically is often used incorrectly.
Keep in mind the Swiss have mandatory gun ownership, and have more guns per capita than the US, however gun related crime is extremely rare in Switzerland.
h ee t.htm
Fact sheet about swiss gun regulations:
http://pages.prodigy.net/vanhooser/swiss_fact_s
(/. breaks up the link a bit)
Patent: from Latin patere, to be open
These people are not doing us a service. When I bought a car, I knew that it had been tested for safety. I do NOT want some punk kid beating my car with a bat to prove to me that in a low speed collision the car has the potential to explode catastrophically. Stay away from my car and don't damage my property. If there's something wrong with my car I'll let the proper authorities tell me and fix it. Granted, corporations often don't feel that kind of responsibility, but as long as we're talking in terms of ideals, let's just keep pretending.
Actually, I agree that VB *CAN* be used in very expert ways to accomplish useful tasks. As far as I am concerned, VB is a useful tool for generating small utilities very fast; you know, things that don't require a lot of horsepower (but there are ways to optimize VB to some good performance in some algorithms).
My main issue with the point made in this article is that it seemed *assumed* that because this kid was fairly proficient in VB, that de facto made him an expert programmer. You can be nearly low-level illiterate and still generate some useful stuff with VB. Truthfully, that is what I think of these particular kids from the tone of the article (and the fact that they don't FIND the vulnerabilities and engineer an exploit, they simply apply what is published in security bulletins).
I'd be willing to bet that if you ask them to write a driver for a custom one-off process control board, their eyes would glass over. There are probably virus writers out there who *ARE* expert programmers, even at the low level, but they were not the ones represented in this article. All of them were relatively young, and with the exception of one guy who was an unemployed dude with a CS degree, had no substantial credentials.
I got the impression the author of the article was trying to show these kids as geniuses or computer wiz kids....when you don't have to be a wiz to throw together some VB that opens a socket and listens on a port (for example).
Computational Chemistry products and services.
I read 4 of the 10 dreadful pages of this article. I finally had to stop reading after many times, stopping and thinking how much information in this article is totally false. It wasn't a totally loss, I really did get a good laugh out of the parts taht wern't 100% dreadful. Everything about the "life" or "lifestyle of a virus writer and his 9 yearold friends" is maybe true for 1% of script kids who could even come in range of being concidered a "virus writer". This artice is a sorry excuse for what you call "decent research about the subject". All of us are dumber even having read it. *AGHHH!*
So if you asked me, "In once sentance, what did you think of that article?" I'd reply, "A compete waste of bytes."
-mod6