Slashdot Mirror
The World of Virus Writers
No_Weak_Heart writes "Looking for a little weekend reading? You might try the cover story from this week's NY Times Magazine. It's titled The Virus Underground, and it takes a look at the world of malware scripters, virus writers and worm designers."
Some one should write a virus that will allow us to read NY Times without a suscribtion.
Cheers,
RoadkillBunny
"The Virus Underground" sounds like a bad nightclub.
Du-uh -- everyone knows worms live underground !
it takes a look at the world of malware scripters, virus writers and worm designers.
I guess my initial reaction was fsck 'em. Fsck 'em all. However, it could be suggested that they have made corporations and governments aware of many intrinsic insecurities in certain popular operating systems which may have prevented some larger potential catastrophe. The problem for these guys, is that we will never know and they will continue to be reviled and hated as losers. (That is unless they are talented enough to score a job with Symantec, the NSA or some other organization dealing with comp. security.)
Visit Jonesblog and say hello.
Whenever I read of a new virus or hear of one on the radio, I wish they'd start to hammer home the fact that 99.99% (wild number I pulled from my arse) of these affect Windows machines only. The ignorant masses just assume that viruses and worms are a way of life, they don't know that it's a way of life only if you use a certain OS.
Trolling is a art,
my theory that the most dangerous people are people who are bored.
Are for the time being usually kids just looking for a little attention. They're the computer geek version of the guys who soup up cars, or join the varsity team. They believe that is the way for them to make their mark. The real worry is when you start having government funded virus writers. When someone from china or russia or the middle east are writing virus to shut down systems or create havok for the intent to kill, or bring down defenses for an invasion or terrorist act. Think about what could happen if there's a standoff in taiwan or such and the chinese figure out a way to infect the navy systems with a virus, leaving our fleet defenseless off chinese shores, etc.
Like a lot of virus writers, this guy is a bored teenager ... 50 years ago he would have been out vandalising his school. In somewhere between 20 and 50 years he'll have access to nanotechnology.
Format C: ? Overwrite every file? How about rebuild your washing machine so it suddenly appreciates the taste of "cat" and has the capability of acting out it's amorous feelings for your central heating.
The Virus Underground
By CLIVE THOMPSON
Published: February 8, 2004
his is how easy it has become.
Mario stubs out his cigarette and sits down at the desk in his bedroom. He pops into his laptop the CD of Iron Maiden's ''Number of the Beast,'' his latest favorite album. ''I really like it,'' he says. ''My girlfriend bought it for me.'' He gestures to the 15-year-old girl with straight dark hair lounging on his neatly made bed, and she throws back a shy smile. Mario, 16, is a secondary-school student in a small town in the foothills of southern Austria. (He didn't want me to use his last name.) His shiny shoulder-length hair covers half his face and his sleepy green eyes, making him look like a very young, languid Mick Jagger. On his wall he has an enormous poster of Anna Kournikova -- which, he admits sheepishly, his girlfriend is not thrilled about. Downstairs, his mother is cleaning up after dinner. She isn't thrilled these days, either. But what bothers her isn't Mario's poster. It's his hobby.
When Mario is bored -- and out here in the countryside, surrounded by soaring snowcapped mountains and little else, he's bored a lot -- he likes to sit at his laptop and create computer viruses and worms. Online, he goes by the name Second Part to Hell, and he has written more than 150 examples of what computer experts call ''malware'': tiny programs that exist solely to self-replicate, infecting computers hooked up to the Internet. Sometimes these programs cause damage, and sometimes they don't. Mario says he prefers to create viruses that don't intentionally wreck data, because simple destruction is too easy. ''Anyone can rewrite a hard drive with one or two lines of code,'' he says. ''It makes no sense. It's really lame.'' Besides which, it's mean, he says, and he likes to be friendly.
But still -- just to see if he could do it -- a year ago he created a rather dangerous tool: a program that autogenerates viruses. It's called a Batch Trojan Generator, and anyone can download it freely from Mario's Web site. With a few simple mouse clicks, you can use the tool to create your own malicious ''Trojan horse.'' Like its ancient namesake, a Trojan virus arrives in someone's e-mail looking like a gift, a JPEG picture or a video, for example, but actually bearing dangerous cargo.
Mario starts up the tool to show me how it works. A little box appears on his laptop screen, politely asking me to name my Trojan. I call it the ''Clive'' virus. Then it asks me what I'd like the virus to do. Shall the Trojan Horse format drive C:? Yes, I click. Shall the Trojan Horse overwrite every file? Yes. It asks me if I'd like to have the virus activate the next time the computer is restarted, and I say yes again.
Then it's done. The generator spits out the virus onto Mario's hard drive, a tiny 3k file. Mario's generator also displays a stern notice warning that spreading your creation is illegal. The generator, he says, is just for educational purposes, a way to help curious programmers learn how Trojans work.
But of course I could ignore that advice. I could give this virus an enticing name, like ''britney--spears--wedding--clip.mpeg,'' to fool people into thinking it's a video. If I were to e-mail it to a victim, and if he clicked on it -- and didn't have up-to-date antivirus software, which many people don't -- then disaster would strike his computer. The virus would activate. It would quietly reach into the victim's Microsoft Windows operating system and insert new commands telling the computer to erase its own hard drive. The next time the victim started up his computer, the machine would find those new commands, assume they were part of the normal Windows operating system and guilelessly follow them. Poof: everything on his hard drive would vanish -- e-mail, pictures, documents, games.
I've never contemplated writing a virus before. Even if I had, I wouldn't have known how to do it. But thanks to a teenager in Austria, it took me less than a minute to master the art.
Mario drags the virus over to the trash bin on his computer's desktop and discards it. ''I don't think we should touch that,'' he says hastily.
(Philet0ast3r is an online handle; he didn't want me to use his name.)
Really? I mean I could have sworn that Philet0ast3r was a real name. Are you sure he isn't the son of the l33t3st parents in Europe: C4ptainKaos and S3xyH3xy?
John.
I mean, seriously, once it hits the NYT magazine, it's not so much an underground item. I'm sure the article is interesting but it's the nature of underground "sports" that you can never really know exactly who and what is going on.
One of my favorite phrases is, "There are no Famous Hackers" meaning simply, that the famous "super-genuius-crackers" in the news who get caught aren't really all that smart are they ?
(I read it anyway, surprised to hear that one of my favorite bands is still popular
"Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."--Benjamin Franklin
I won't say where or whom, but there are some virus writers that work for major software corporations - not for writing AV software, but rather to put out viruses to punish software pirates. If Joe Blow stops worrying about viruses, after all, there's going to be a lot more 'liberated' software floating around.
I would also recommend the title by the same author, "The Troll Underground", which highlights the life of the Slashdot troll
Here's the kiddies website: http://www.geocities.com/spth666/main.htm
mix_master_mike
vafrous
Then it asks me what I'd like the virus to do. Shall the Trojan Horse format drive C:? Yes, I click. Shall the Trojan Horse overwrite every file? Yes. It asks me if I'd like to have the virus activate the next time the computer is restarted, and I say yes again.
Umm, once you answer yes to the first question, are the rest not redundant?
I don't need no instructions to know how to rock!!!!
The author's obviously as clueless as any nontechie trying to explain or master anything technical. Such a trojan creator could be created in an hour by any competent programmer. The existing virus underground would fall over laughing if anyone dared claiming knowledge or skill after using or creating this tool.
The next great MMORPG.
This kid would make a great poster boy for birth control.
Best Buy can have you arrested
(Older Examples: Mistfall Engine, ZMist virus.)
When we start seeing more of these, AV companies will have a hard time keeping up.
"''This is a revenge worm,'' he explained -- for ''not hiring me, and hiring some loser that is not even half the programmer I am.''"
Perhaps someone should tell him that personality counts.
G
I've always been surprised that I have *never* found a virus or a backdoor in a crack or a keygen I downloaded off one of those sites. If there someone their trying to punish isn't it more likely freeware users? Anyone remember Whack-a-Mole?
Quack, quack.
I managed to read the first of 10(?!) pages before I decided it was just another alarmist (altho slitely journalistically poetic) piece of trash.
.... buh.
They're trojans, not viruses. I haven't seen a respectable virus in like 5 years. Viruses are self replicating. Trojans require lusers to activate. (britney--spears--wedding--clip.mpeg, indeed). What pisses me off is this reporter's beliefe that all this terminology is synonymous (virus, trojan, worm).
After reading the next few pages, i was surprised that the author bothered to extrapolate on the terminology "script-kiddie". (Nice job, Clive) But then he goes on about dreadlocks being the hairstyle of choice
After that it degenerates into political commentary.
What the hell ever happened to ASM viruses? What happened to TINY?
My favourite quote: "This guy is the best at Visual Basic". That's not a compliment, dude. That's like being the best at tying your shoelace.
Why is "Second Part to Hell" naked in the picture in the article?
"Looking for a little weekend reading? You might try the cover story from this week's NY Times Magazine. It's titled The Virus Underground, and it takes a look at the world of malware scripters, virus writers and worm designers."
It's not a "world". It's something someone does when they sit down at a desk. I really wish the things some geeks do would quit being portrayed with such silly words.
Over-dramatized, to portray an image that is very rarely accurate. It's, most often, some boring person with a bone to pick with the system or a company. Yeah, so they used code instead of throwing a brick through a window. That doesn't make them any more interesting than a teenager bashing a mailbox.
The method by which the virus is delivered is interesting. Quote:
"These days, many elite writers do not spread their works at all. Instead, they ''publish'' them, posting their code on Web sites, often with detailed descriptions of how the program works."
And, while there exists this "loophole" now, I find this disturbing. Now don't get me wrong. I grew up with Sneakers and I've always been a proponent of computer education and making the security flaws known.
However, at some point if you're leaving material (whether tangible or electronic) out in public whose main purpose is crime and destruction I do think those people should be liable. I'll call it "hacking, in the 2nd degree" or "involuntary hacking".
Let's take guns for example. Let's say a gun seller illegally sold guns to 12 year old children and also sold them bullets. Now let's say that the kids accidently shot each other up. Shouldn't the gun seller be liable? Maybe not liable for first-degree murder, but maybe second degree.
I think that if the hackers want to educate others should perhaps do it in a more educational, and in a way that doesn't make it easy for script kids to copy and paste. Perhaps they can put out white papers with snipets of code... but, for the love of God, don't give the programs away. By doing that you have only yourself to blame with the script kiddies start spreading viruses like there's no tomorrow.
To tell yourself that you're completely innocent would be denial.
"Injustice anywhere is a threat to justice everywhere." - Martin Luther King, Jr.
I have to wonder, when reading articles like this, how closely does the "scene" the article's author has discovered relate to the larger population in general. I've read a few articles that seem to be essentially interviews of some random, anonymous, highschooler, that supposedly represents the general population of computer-savvy evildoers.
Are there actual, functioning, hacker groups, of a scale larger than Joe and his friends? It seems that the social attitude that accompanies black-hats (at least from the article that I'm questioning) doesn't lend itself to large organizations or control structures.
On the other hand, it is kinda cool to imagine that there's a huge organized computer-crime secretly flourishing across the country. You could make a movie about that sorta thing, maybe call it "Hackers". Oh, wait...
A tall blond friend in a jacket festooned with anti-Nike logos put his arm around Philet0ast3r and beamed.
''This guy,'' he proclaimed, ''is the best at Visual Basic.''
That's the first time the New York Times made beer come out of my nose!
Looking for a little weekend reading?
Why waste my weekend, when I can get paid to read it now?
What does it mean to wake out of a dream
and be wearing someone else's shorts?
BNL, Born on a Pirate Ship (1998)
These days I think the virus writers are just people who assemble a virus by collecting scripts and code from the Internet. Also the viruses they come up with do very little or no actual damage to the host system, instead they just "Propagate". If you are infected, delete a few files, remove a couple of registry entries and thats it. It has been a long time since I saw a virus with some real payload.
Virus writers used to be much more creative back in the DOS days. If you are somewhat older you might remember Stoned, Die-Hard, Natas, One-half, etc. Each had its nasty little payload, stealth techniques and difficult to disinfect.
Until someone loses some real big money because of a virus or trojan.
Yeah, yeah, there are "estimated" costs of every virus that comes out. And they're not small potatoes.
But just wait until a virus comes out that silently infects machines, travels slowly enough to be barely noticed and only does one thing: randomly change values in an Excel spreadsheet. Or randomly delete one column from a randomly picked sheet.
It'll be Armageddon: dogs and cats living together, Detroit winning the World Series AND the Super Bowl, etc.
--
Mando
It's funny. Which software company will deliberately, knowingly leave out holes in its software? "Microsoft had neglected..." Look, every program, small and big, has bugs. When you're talking of one of the leading database products in the market, you're talking of a very complex piece of software that's bound to have holes here and there. That statement is naive.
Really? Which company knows of all the flaws in its software?
I'm pretty sure, from the way others have posted on this article, and from the tech skills of the reporter, that it was a double-extension trojan, i.e. "file.jpg" was actually "file.jpg.bat" or whatever.
Although this is most likely the virus that is created by this program, it is also possible to write a program thus that pretends to be a JPEG, with the way Windows handles extensions.
I [may] disapprove of what you say, but I will defend to the death your right to say it.
Windows (or any operating system) needs more than an extension to execute a file. In order for a program to self execute it needs it needs to be compiled for your operating environment. If you rename Something.exe to Something.jpg Windows will first look at the extension then send your jpg file to the associated viewer to be interpreted as jpg data (which it is not, and thus cause the jpg viewer to produce an error (if it is well written), or crash (if it is not). Now if you take a jpg file and rename it to an exe and double click on it. Windows will assume that the program is executable, and it will load the boot header (collection of bytes at the start of any executable that is produced when the program is compiled) and grant all requests that the boot header asks for (things like memory, address space, etc). If this process fails in any way (like, say, the boot header is complete garbage because it's really jpg data) then the operating system (if it is good) will produce an error, or (if it is bad) crash. So JPG's cannot double as executables nor the other way around. BUT...
It is possible that embedded in the meta data of the JPG file (usually used for embedding the date the file was created and the camera used to take it) is some compiled machine code (it would have to be small and simple otherwise the size of the JPG file would disproportionate to the actual image) and IF the JPG viewer that some unlucky user had, contained some buffer overflow error, then it might be possible to load a simple program into RAM, then by virtue of the buffer overflow get it to execute and thus enabling a larger more complex program to run.
However this error would only exist in that specific version of that specific software, so it's ability to spread would be limited. The danger is if the program that interprets that JPG file is system wide or part of Windows standard suite of applications. Then your audience is huge. This is what makes Windows such a dangerous platform for script viruses. Because they have chosen to make their IE engine the central rendering engine of all of their applications (and they have made it easy and powerful enough to entice just about every other application developer to use it as well). Further more they have given their IE engine so many abilities, like the ability to arbitrarily execute machine code (this is how by visiting Apple.com you can install QuickTime, because the web site can download a program on your computer and execute itself, true you need to approve it, but once you say yes every subsequent visit is automatic, they REALLY need to add a "Never trust This source" checkbox) This means if there is a single flaw in the IE engine then that flaw is exploitable across every windows workstation and every application that uses IE as a rendering engine. Now why Mozilla doesn't make an ActiveX Gekko engine with the same function names as the IE ActiveX module so users have a choice which rendering engine they want, is a mystery to me yeah it would be hard, but it's not like Microsoft could pull the rug out from under them, Microsoft is very invested in their API, any change they made to it would break all the 3rd party apps.
-Jason