Slashdot Mirror

← Back to Stories (view on slashdot.org)

The World of Virus Writers

Posted by michael on from the underachiever dept.

No_Weak_Heart writes "Looking for a little weekend reading? You might try the cover story from this week's NY Times Magazine. It's titled The Virus Underground, and it takes a look at the world of malware scripters, virus writers and worm designers."

26 of 505 comments (clear)

  1. Idea for a virus by RoadkillBunny · · Score: 5, Funny

    Some one should write a virus that will allow us to read NY Times without a suscribtion.

    --
    Cheers,
    RoadkillBunny
    1. Re:Idea for a virus by tvh2k · · Score: 5, Interesting

      Actually, this was previously posted on /.:
      Random NYTimes.com Registration Generator

      You'll have to block referer or save the page locally, however, because NYT blocked all registrations originating from that domain.

  2. Re:Why underground? by Anonymous Coward · · Score: 5, Funny

    Du-uh -- everyone knows worms live underground !

  3. Losers by BWJones · · Score: 5, Insightful

    it takes a look at the world of malware scripters, virus writers and worm designers.

    I guess my initial reaction was fsck 'em. Fsck 'em all. However, it could be suggested that they have made corporations and governments aware of many intrinsic insecurities in certain popular operating systems which may have prevented some larger potential catastrophe. The problem for these guys, is that we will never know and they will continue to be reviled and hated as losers. (That is unless they are talented enough to score a job with Symantec, the NSA or some other organization dealing with comp. security.)

    --
    Visit Jonesblog and say hello.
    1. Re:Losers by Rand+Al'Thor · · Score: 5, Insightful

      That may be a side effect in very few cases, but for the most part I think it's safe to say there is no redeeming factor to any virus or its author.

    2. Re:Losers by Dukael_Mikakis · · Score: 5, Insightful

      It's true that virus writers are malevalent and don't have pure intentions when hacking their scripts and all, but in a general sense, where would our security be without virus writers?

      If you consider computer security like the human immune system, then perhaps it may be seen that these people (while malicious) allow security to keep up with that hacks that can be done. If you kept a person in a bubble for twenty years and then promptly released him into the dirty, disease-ridden world he'd likely get sick and potentially die pretty quickly, as his body has no capacity to survive the world. However, with immunizations (i.e. intentional delivery of malicious agents in small doses, possibly on some schedule) and just general exposure to the germs in the world, most people have no problem surviving this world. Yes, MyDoom, and Trojans, and all the other viruses are more than nuisances and they cost people time, money, data, and other things, but these are in relatively small doses. If we had been in a bubble free of viruses for all this time, then whenever we're released into the "real world", anybody could take advantage of all these exploits (open sockets, DDoS, back doors, etc.) at once and perhaps bring the whole infrastructure down.

      It's the fact that virus writers are always developing viruses and releasing them that allows us to fix these problems individually, on a manageable time-scale. If they wanted to do some damage, maybe they should withhold all their viruses and unleash them all at once to cripple everything so much more.

    3. Re:Losers by BWJones · · Score: 5, Insightful

      If you consider computer security like the human immune system, then perhaps it may be seen that these people (while malicious) allow security to keep up with that hacks that can be done.

      If you make the biological systems analogy, you will also have to acknowledge that a diverse operating system ecosystem is critical to the health and well being of things, especially as the Internet becomes more widely available. We need Linux, IRIX, Solaris, Windows, OS X and embedded OS's to maintain the health of things.

      --
      Visit Jonesblog and say hello.
    4. Re:Losers by GoodNicsTken · · Score: 5, Insightful

      That's where I think your completely wrong. I'm actually surprised more of the /. crowd doesn't agree with the following viewpoint:

      Software flaws exist PERIOD. They always have and always will. What would you rather have:

      1. A small group of 100 or so people (Govenrment, individuals, organized crime, etc) with the ability to log into your machine, do whatever they want to with it (Set up a kiddie porn ring, steal your identity, etc.)

      2. A virus that exploits the flaw, disrupts computer networks forcing people to patch the flaw. (Many still don't, as Code Red is alive and well)

      I'm all for #2. The flaws exist. Without viruses, then people would NOT patch there systems. When somebody relases a virus, they are saying, hey there's a problem here that needs immediate attention or just about anyone can take over your computer. These guys should be rewarded not punished. IMO they are performing a service letting everyone know of a flaw they discovered, and providing incentive to correct the flaw.

      As computers become a bigger part of our everyday life, they are trusted more and more. I would be a lot more concerned in a world with no viruses, and computers that are generally considered "Secure." That puts the power to ruin someones life in the hands of a few.

  4. Reporters.. by grub · · Score: 5, Insightful


    Whenever I read of a new virus or hear of one on the radio, I wish they'd start to hammer home the fact that 99.99% (wild number I pulled from my arse) of these affect Windows machines only. The ignorant masses just assume that viruses and worms are a way of life, they don't know that it's a way of life only if you use a certain OS.

    --
    Trolling is a art,
    1. Re:Reporters.. by chef_raekwon · · Score: 5, Informative

      im a bit of a zealot myself - but in fairness to other OS', not particularly MS--if one was used as much as Windows is, I could be sure there would be many more viruses than currently exist, for say, Linux, currently.

      Not the extent that exist for Windows, however.

      --
      We're like rats, in some experiment! -- George Costanza
    2. Re:Reporters.. by Strudelkugel · · Score: 5, Interesting

      affect Windows machines only

      Well, MyDoom should be an eye-opener for you then. It proved (not that there should have been any doubt) that the problem of viruses is truly OS independent. Think about it: The virus shows up as a zip file which the user has to open. Then the user has to execute the payload. In other words, the social engineering was the key, not the OS. What's to prevent a Linux user running as *cough*Lindows*cough* root from being affected the same way? An Apple user? Nothing. Don't say they wouldn't be root, because a Windows box properly configured wouldn't have this problem, either. Now we are back to social engineering.

      Guess what, Linux has a reputation of being secure, so users will probably be given a false sense of security as well. Who knows, this might make home Linux desktops more vulnerable.

      --
      Imagine how much harder physics would be if electrons had feelings! -Feynman, maybe
  5. this helps prove... by tsunamifirestorm · · Score: 5, Insightful

    my theory that the most dangerous people are people who are bored.

  6. Virus writers... by NightWulf · · Score: 5, Interesting

    Are for the time being usually kids just looking for a little attention. They're the computer geek version of the guys who soup up cars, or join the varsity team. They believe that is the way for them to make their mark. The real worry is when you start having government funded virus writers. When someone from china or russia or the middle east are writing virus to shut down systems or create havok for the intent to kill, or bring down defenses for an invasion or terrorist act. Think about what could happen if there's a standoff in taiwan or such and the chinese figure out a way to infect the navy systems with a virus, leaving our fleet defenseless off chinese shores, etc.

  7. What happens when... by jfdawes · · Score: 5, Funny

    Like a lot of virus writers, this guy is a bored teenager ... 50 years ago he would have been out vandalising his school. In somewhere between 20 and 50 years he'll have access to nanotechnology.

    Format C: ? Overwrite every file? How about rebuild your washing machine so it suddenly appreciates the taste of "cat" and has the capability of acting out it's amorous feelings for your central heating.

  8. Best Quote by JohnGrahamCumming · · Score: 5, Funny

    (Philet0ast3r is an online handle; he didn't want me to use his name.)

    Really? I mean I could have sworn that Philet0ast3r was a real name. Are you sure he isn't the son of the l33t3st parents in Europe: C4ptainKaos and S3xyH3xy?

    John.

  9. It's not underground... by Dave21212 · · Score: 5, Interesting


    I mean, seriously, once it hits the NYT magazine, it's not so much an underground item. I'm sure the article is interesting but it's the nature of underground "sports" that you can never really know exactly who and what is going on.

    One of my favorite phrases is, "There are no Famous Hackers" meaning simply, that the famous "super-genuius-crackers" in the news who get caught aren't really all that smart are they ?

    (I read it anyway, surprised to hear that one of my favorite bands is still popular ;)

    --
    "Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."--Benjamin Franklin
  10. It goes both sides by Geoffd1 · · Score: 5, Informative

    I won't say where or whom, but there are some virus writers that work for major software corporations - not for writing AV software, but rather to put out viruses to punish software pirates. If Joe Blow stops worrying about viruses, after all, there's going to be a lot more 'liberated' software floating around.

  11. indeed by mix_master_mike · · Score: 5, Informative

    Here's the kiddies website: http://www.geocities.com/spth666/main.htm

    --

    mix_master_mike
    vafrous

  12. Umnm by stratjakt · · Score: 5, Funny

    Then it asks me what I'd like the virus to do. Shall the Trojan Horse format drive C:? Yes, I click. Shall the Trojan Horse overwrite every file? Yes. It asks me if I'd like to have the virus activate the next time the computer is restarted, and I say yes again.

    Umm, once you answer yes to the first question, are the rest not redundant?

    --
    I don't need no instructions to know how to rock!!!!
  13. Master? by sperling · · Score: 5, Insightful
    But thanks to a teenager in Austria, it took me less than a minute to master the art.

    The author's obviously as clueless as any nontechie trying to explain or master anything technical. Such a trojan creator could be created in an hour by any competent programmer. The existing virus underground would fall over laughing if anyone dared claiming knowledge or skill after using or creating this tool.

    --
    The next great MMORPG.
  14. Metamorphic Viruses by robyn217 · · Score: 5, Interesting
    What scares me most are metamorphic viruses -- a virus that modifies itself each time it infects a new host always attempting to avoid maintaining a constant signature. The modifications may take any or all of the following forms:
    1. Modification of the encryption/decryption algorithm (including multiple layers of encryption) - the decryption algorithm changes from infection-to-infection by basing itself on values that change from computer-to-computer (examples: size of HOSTS file, current time in milliseconds, etc.)
    2. Insertion of "junk code" into virus body or decryptor body - This is a common strategy by polymorphic viruses. It's usually accomplished by a "junk code engine" which has the ability to generate arbitrary amounts of meaningless blocks of code
      1. Noop or meaningless loops added to body of virus
      2. Entry-Point Obscuring (EPO) junk code - this is a special kind of "junk code" that specifically tries to hide the entry-point of the virus by insert loads of junk code at the beginning of an infected file.
      3. Code block permutations - random shifts of code blocks, sequential order is maintained by JMP and CALL commands.
      4. Register/Stack Variations - Use of varying registers, or even the ability to vary between register usage and storing data on the stack.

    (Older Examples: Mistfall Engine, ZMist virus.)

    When we start seeing more of these, AV companies will have a hard time keeping up.

  15. All been said before by lambent · · Score: 5, Insightful

    I managed to read the first of 10(?!) pages before I decided it was just another alarmist (altho slitely journalistically poetic) piece of trash.

    They're trojans, not viruses. I haven't seen a respectable virus in like 5 years. Viruses are self replicating. Trojans require lusers to activate. (britney--spears--wedding--clip.mpeg, indeed). What pisses me off is this reporter's beliefe that all this terminology is synonymous (virus, trojan, worm).

    After reading the next few pages, i was surprised that the author bothered to extrapolate on the terminology "script-kiddie". (Nice job, Clive) But then he goes on about dreadlocks being the hairstyle of choice .... buh.

    After that it degenerates into political commentary.

    What the hell ever happened to ASM viruses? What happened to TINY?

    My favourite quote: "This guy is the best at Visual Basic". That's not a compliment, dude. That's like being the best at tying your shoelace.

  16. Thank you NYT by SoSueMe · · Score: 5, Funny

    A tall blond friend in a jacket festooned with anti-Nike logos put his arm around Philet0ast3r and beamed.
    ''This guy,'' he proclaimed, ''is the best at Visual Basic.''

    That's the first time the New York Times made beer come out of my nose!

  17. Weekend?? by belgar · · Score: 5, Funny

    Looking for a little weekend reading?

    Why waste my weekend, when I can get paid to read it now?

    --
    What does it mean to wake out of a dream
    and be wearing someone else's shorts?
    BNL, Born on a Pirate Ship (1998)
  18. Naive by hackrobat · · Score: 5, Insightful
    The Slammer worm would find an unprotected SQL server, then would fire bursts of information at it, flooding the server's data ''buffer,'' like a cup filled to the brim with water. Once its buffer was full, the server could be tricked into sending out thousands of new copies of the worm to other servers. Normally, a server should not allow an outside agent to control it that way, but Microsoft had neglected to defend against such an attack. [emphasis added]

    It's funny. Which software company will deliberately, knowingly leave out holes in its software? "Microsoft had neglected..." Look, every program, small and big, has bugs. When you're talking of one of the leading database products in the market, you're talking of a very complex piece of software that's bound to have holes here and there. That statement is naive.

    Even Microsoft admits that there are flaws the company doesn't yet know about.

    Really? Which company knows of all the flaws in its software?

  19. Re:Enlighten me on JPEG trojans, please... by sryx · · Score: 5, Informative

    Windows (or any operating system) needs more than an extension to execute a file. In order for a program to self execute it needs it needs to be compiled for your operating environment. If you rename Something.exe to Something.jpg Windows will first look at the extension then send your jpg file to the associated viewer to be interpreted as jpg data (which it is not, and thus cause the jpg viewer to produce an error (if it is well written), or crash (if it is not). Now if you take a jpg file and rename it to an exe and double click on it. Windows will assume that the program is executable, and it will load the boot header (collection of bytes at the start of any executable that is produced when the program is compiled) and grant all requests that the boot header asks for (things like memory, address space, etc). If this process fails in any way (like, say, the boot header is complete garbage because it's really jpg data) then the operating system (if it is good) will produce an error, or (if it is bad) crash. So JPG's cannot double as executables nor the other way around. BUT...
    It is possible that embedded in the meta data of the JPG file (usually used for embedding the date the file was created and the camera used to take it) is some compiled machine code (it would have to be small and simple otherwise the size of the JPG file would disproportionate to the actual image) and IF the JPG viewer that some unlucky user had, contained some buffer overflow error, then it might be possible to load a simple program into RAM, then by virtue of the buffer overflow get it to execute and thus enabling a larger more complex program to run.
    However this error would only exist in that specific version of that specific software, so it's ability to spread would be limited. The danger is if the program that interprets that JPG file is system wide or part of Windows standard suite of applications. Then your audience is huge. This is what makes Windows such a dangerous platform for script viruses. Because they have chosen to make their IE engine the central rendering engine of all of their applications (and they have made it easy and powerful enough to entice just about every other application developer to use it as well). Further more they have given their IE engine so many abilities, like the ability to arbitrarily execute machine code (this is how by visiting Apple.com you can install QuickTime, because the web site can download a program on your computer and execute itself, true you need to approve it, but once you say yes every subsequent visit is automatic, they REALLY need to add a "Never trust This source" checkbox) This means if there is a single flaw in the IE engine then that flaw is exploitable across every windows workstation and every application that uses IE as a rendering engine. Now why Mozilla doesn't make an ActiveX Gekko engine with the same function names as the IE ActiveX module so users have a choice which rendering engine they want, is a mystery to me yeah it would be hard, but it's not like Microsoft could pull the rug out from under them, Microsoft is very invested in their API, any change they made to it would break all the 3rd party apps.

    -Jason