Profile of the Mind of a Virus Writer
zdburke writes "Clive Thompson, writing for the NY Times, has profiled several young computer virus writers around the world. A young Austrian wrote a Batch Trojan Generator which has simple options for constructing your next virus: fomat drive C? Overwrite every file? It's very well written by an author who clearly knows his stuff."
I think it's about time we come up with steeper penalties for people who release viruses and trojans. And screw the under-18-you-get-off-easy nonsense. Throw these antisocial delinquents in the slammer for 10 years for each offense.
Or do the pictures of these guys remind you of the Calvin Cline ads awhile back that bordered on kiddie porn? These kids look like they are wearing makeup and exude a bit of homo-erotic teasing.
It just gave me the creeps, knowing that this is an article for nerds.
But it says right there... "Please write the online editor at daddypants@slashdot.org for any corrections.".
I decide to write that it was a dupe. Sure enough, the thing gets posted anyway.
I mean, that's partly what subscribers are for. And that's also why subscribers can't do comments early. Right?
It's silly. Not only should the editors actually read slashdot, they should more importantly look at email from subscribers saying "It's a dupe!" before posting the thing.
But maybe it's just me thinking in a perfect world. Forget it.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
Downstairs, his mother is cleaning up after dinner. She isn't thrilled these days, either. But what bothers her isn't Mario's poster. It's his hobby. When Mario is bored -- and out here in the countryside, surrounded by soaring snowcapped mountains and little else, he's bored a lot -- he likes to sit at his laptop and create computer viruses and worms.
Maybe this is just crazy talk, but couldn't this woman just take his computer away from him? She knows that he's upstairs doing illegal stuff...he's 16, take away his laptop. "Oh, well little Billy's just upstairs making pipe-bombs...I'll leave him alone."
Parents are there to be...parents.
slashdot, news for crazed liberal socialist zealots
Aspiring young hackers?! Aspiring young hackers don't cut and paste other people's code.
People say I'm crazy, I got diamonds on the soles of my shoes...
It has pictures, name and locations.
Now the sysadmins have someone to beat up and the legal department can take some potshots at them for paying damages caused by virusses.
Hate me!
This one is a dupe, yet again. Christ, man, use the fucking search feature or hand over the moderator status to someone who will. And yes, you are definitely the worst one when it comes to duplicating stories.
This article is about as ill-informed as that BBC article that was posted last week. From the article:
MyDoom's ultimate target was an obscure software company named SCO. Champions of the open Net have portrayed SCO as the Antichrist since it sued to establish part-ownership of a popular and free computer operating system called Linux. Linux has become an icon of the so-called open-source movement, which is seeking to limit the influence of companies like SCO and the industry giant, Microsoft, which closely guard their software.
Is looking like a freak a requirement a requirement for a "malware" coder?
I don't need a compass to tell me which way the wind shines.
Well if you ask me:
;)
/. -- You don't need to read the article.
:) -
Well I'm used to using tools which take care of that for you so sometimes I don't think about it. Besides, it's safer to copy and paste........
This is
Actually, what we need is a virus that, in the email headers, adds: X-Idiot-Who-Sent-This: (and variations thereof) to all the emails it sends. Fake the From: address, sure. But I'd like to know who the person is that I should LART for the 100,000 copies of MyDoom that I keep getting. Especially to addresses that I've given out or never even used.
Du-uh -- everyone knows worms live underground !
"The Virus Underground" sounds like a bad nightclub.
Well he _is_ listening to Iron Maiden.
"it takes a look at the world of malware scripters, virus writers and worm designers." I guess my initial reaction was fsck 'em. Fsck 'em all. However, it could be suggested that they have made corporations and governments aware of many intrinsic insecurities in certain popular operating systems which may have prevented some larger potential catastrophe. The problem for these guys, is that we will never know and they will continue to be reviled and hated as losers. (That is unless they are talented enough to score a job with Symantec, the NSA or some other organization dealing with comp. security.)
That may be a side effect in very few cases, but for the most part I think it's safe to say there is no redeeming factor to any virus or its author.
That sounds a lot like Bill Gates argument on why Windows is the most secure operating system available. Not that I agree with Bill about windows, but you make a pretty good point. I don't see how something can be very secure without some real-world testing. Now if I could just get my coworkers to stop opening up every attatchment in their inboxes.
It's true that virus writers are malevalent and don't have pure intentions when hacking their scripts and all, but in a general sense, where would our security be without virus writers?
If you consider computer security like the human immune system, then perhaps it may be seen that these people (while malicious) allow security to keep up with that hacks that can be done. If you kept a person in a bubble for twenty years and then promptly released him into the dirty, disease-ridden world he'd likely get sick and potentially die pretty quickly, as his body has no capacity to survive the world. However, with immunizations (i.e. intentional delivery of malicious agents in small doses, possibly on some schedule) and just general exposure to the germs in the world, most people have no problem surviving this world. Yes, MyDoom, and Trojans, and all the other viruses are more than nuisances and they cost people time, money, data, and other things, but these are in relatively small doses. If we had been in a bubble free of viruses for all this time, then whenever we're released into the "real world", anybody could take advantage of all these exploits (open sockets, DDoS, back doors, etc.) at once and perhaps bring the whole infrastructure down. It's the fact that virus writers are always developing viruses and releasing them that allows us to fix these problems individually, on a manageable time-scale. If they wanted to do some damage, maybe they should withhold all their viruses and unleash them all at once to cripple everything so much more.
If you make the biological systems analogy, you will also have to acknowledge that a diverse operating system ecosystem is critical to the health and well being of things, especially as the Internet becomes more widely available. We need Linux, IRIX, Solaris, Windows, OS X and embedded OS's to maintain the health of things.
Like really virulent biological virii, computer virii that work this way will limit the extent to which they can spread......unless of course.......they work out slightly more sophisticated methods of damage, or they delay the damage for a period of time before "expressing" themselves.
Ahh, so easy with a dupe
That doesn't really fall within IT training though, more like civics or ethics. These kids know exactly what they're doing, and they're doing it on purpose.
Come on! Get it together /.! You guys had this article on Friday! Don't you read your own site?
"The best laid plans of mice and men gang oft agley..." - ROBERT BURNS
On the creator of the Sobig.F virus...
''The F.B.I. is out for the Sobig guy with both
claws, and they want to make an example
of him,'' David Perry.
Women don't write viruses?
Women don't read slashdot?
I feel so pigeonholed!!
- these are not the droids you are looking for -
Just sit back and laugh. Journalists can't cover this stuff. It's a joke.
Now, think about how off-center computer-related articles are. Anything that deals with technology.
Have you ever had first-hand experience with a story your local paper covered? And while reading the story, you think to yourself, "Where the hell did they get their (mis)information??"
Apply that to EVERY story in the news. Scary, isn't it?
How can you criticize Microsoft for this? There have been only 60 extremely serious vulnerabilities in Internet Explorer in two years.
The real source of the problem is..., well yes, Microsoft. One would think that Microsoft would be better at coding than someone who taught himself programming and writes programs on the weekends.
I don't see what all the fuss is about. Most of these guys are just pranksters. I see some people here frothing at the mouth about how these guys should be locked into the slammer for months, even years. What a vicious and repellant sentiment. Ironically it seems to mirror the sad, mean outlook on life that drives the virus writers: I will make them pay for my misery!
Clearly some pranks are off-bounds. When the prank goes from mischief to outright malice, swift and appropriate punishment needs to be meted out. Viruses that spy on you, or turn your computer into a spam factory, or purposely destroy data, are completely unacceptable. But for the rest? Rule number one remains that people shouldn't open attachments that they don't trust. As responsible adults, we should know better.
First, that sort of thing is in numerous articles.. so it's a useless starting point.
Second, the photos aren't very good. It's easier to tell if you look at the pictures in the NYTimes magazine. One's blurry and grainy, another is heavily dodged (darkened) everywhere except where that "Benny" guy is, and the detroit kid does seem to have on makeup, but the picture is just slow shutter with soft focus and a light flare.
Third, when I read the article.. it talked about how formatting hard drives was old and boring. The writers were interested in odd, creative payloads like flashing images or stupid messages. The guy who wrote the virus generator added the "format harddrive" option to his program.. but that's the main mention of modern hdd formatting. To quote the article: "the prevalence of hard-drive-destroying viruses has steadily declined to almost zero."
Fourth, it is explicitly stated in the article that the main fear is from for-profit or organized virus writing (spammers, mafia, terrorists). It goes on to mention how Sobig is being tested and, so far, has been released six separate times with a built in expiration. They can't profile organized criminals because they don't want to be profiled or found.
anyway, so what's the deal? why troll get food from mods?
p
It's a sign of immaturity that you have to prove yourself and exercise your ability in every small way. For example, locksmiths don't go around opening people's doors and leaving strange notes just because they can. They have a job where these abilities are applied for a wage. Their capabilities are productive and non-intrusive.
Some hackers find problems with popular software, others create security schemes, some experiment with protocols, some reverse engineer drivers, etc. Some hackers are productive and non-intrusive.
I don't think you're cynical or paranoid for being suspicious or paranoid of this article, but...
Thirdly, the technical details are obviously wrong. Formatting hard drives? Deleting files? That is so 1980's. Today's virus writers are obsessed with the social interface: how to confuse people into clicking the attachment.
It's not uncommon for mainstream media writers to get the technical details wrong. However, your criticism suggests to me that you didn't read the article. The subjects of the story talk about how deleting files and formatting hard drives is no longer commonplace, and how they must become amateur psychologists to fool people into executing their code.
The bit about Visual Basic did make me laugh, though.
Forthly, the timing. A long, detailed investigation into youthful virus writers just as the worst ever virus hits the Internet, with no mention of mafia connections, of zombie spam engines, of "sorry, andy, but this was just my job",...? WTF?
Timeliness isn't coincidence in the world of journalism; it's almost always intentional. This story was probably written last year, when, as the story notes, a slew of email worms were in abundance, then held to be published (with some last-minute updating) after January's big email worm, when it would be timely.
Just my $0.02.