Slashdot Mirror
Profile of the Mind of a Virus Writer
zdburke writes "Clive Thompson, writing for the NY Times, has profiled several young computer virus writers around the world. A young Austrian wrote a Batch Trojan Generator which has simple options for constructing your next virus: fomat drive C? Overwrite every file? It's very well written by an author who clearly knows his stuff."
Imagine what its going to be like in 5 years when there aren't any more programming jobs in the US. I bet there will be hundreds of new viruses weekly.
Yeah, and now all monitors have overfrequency protection (if they even use a tube) so you can't write a program that could conceivably start a fire.
People say I'm crazy, I got diamonds on the soles of my shoes...
Michelangelo was a master. A spray-can toting kid is just a vandal. These aren't "masters" either, no matter how much they label themselves as such. Want to show off your elite skills, kids? Want to show how much better than Microsoft you are? Write a self-replicating program that patches holes instead of exploiting them.
Nope. They're vandals posing as artists.
Been using sigs for 20 years. Nothing funny left to say.
Call me cynical but I think this story is a well-constructed lie.
First, the accurate but uncheckable details: name of some guy in Austria, his 15-year old girlfriend.
Secondly, as has been remarked, the photos. They are just too well shot, and I can't for a second believe that a virus author would sit still while the makeup girls did their thing, lighting got the shadows right... no frigging way!
Thirdly, the technical details are obviously wrong. Formatting hard drives? Deleting files? That is so 1980's. Today's virus writers are obsessed with the social interface: how to confuse people into clicking the attachment.
Forthly, the timing. A long, detailed investigation into youthful virus writers just as the worst ever virus hits the Internet, with no mention of mafia connections, of zombie spam engines, of "sorry, andy, but this was just my job",...? WTF?
Conclusion: it's a set-up. These young dudes don't exist as described, the shots are of actors, and the story was invented behind a desk. Someone wants to create a convincing enemy for new legislation which will paint uncontrolled hacker youthdom as the enemy of all that is right and proper. Long prison sentences for simply creating the wrong kind of software ("because it could be released and do harm"). Rapid implementation across the globe ("cause these guys are in, like, Austra!").
Now, allow me to get really cynical and ask this question: why is no-one bothering with profiles of the organized criminals behind most of the damage done to people's computers? Could it be because misdirecting the blame at youth hackerdom means the problem will not be solved, and so the hand of oppressive government can become stronger and stronger...
Of course, I could be wrong, and really viruses like mydoom could just be the work of guys like this.
Ceci n'est pas une signature
And its not really causing damage that can't be reversed, it is just slowing down the computer a lot :-))
I'm still trying to figure out what people mean by 'social skills' here.
Visual Basic is a computer language popular among malware authors for its simplicity; Philet0ast3r has used it to create several of the two dozen viruses he's written.
Jeez...VB? Real virus hax0rz work in assembly, it's smaller, neater, and faster. These guys are a bunch of script kiddie punks. No wonder they were hip to being interviewed, they had no talent and wanted a name for themselves.
Perhaps we should kill them.
What's worse is, that under certain circumstances, premeditated murder carries a *maximum* penalty of 2 years in jail (basically for environmental crimes. I studied several cases in detail)
Food for thought.
So rise up, all ye lost ones, as one, we'll claw the clouds.
Another good feature would be to include the code for the generator itself with each copy of the generated viruses that would intermittently pop up a dialog box saying: "The virus you have been infected with needs to evolve, please answer a few questions to help it spawn."
The best virus would use genetic programming to write it's own code. The beasties would 'mate' with other infected programs and use the vast computing power of the infected masses to select for mutations that could spread in new and unexpected ways to stay ahead of the antivirus makers. The mechanism for breeding itself would have to be subject to evolutionary change or it would be vulnerable to erradication by virus checkers though.
Eat at Joe's.
Something that very many of you seem to be missing is the fact that the world needs hackers. While I don't condone the release of a virus (that is actually executing it in the wild) I think that it's absolutely necessary for them to exist. The guys who do this sort of coding set the standards for the industry. If nobody ever pointed out the flaws in microsoft's code, then it would never be fixed. If you all are going to sit here and point fingers at people who write exploits, I'd hope you stop and think first about the contributions that hackers have made to the infosec industry. RainForestPuppy, K2, Solar Designer, and these kinds of people are there on some middle ground doing things that we need to have done. These kids writing exploit code for the windows flaws are just doing their part. While there is a fine ethical line that need not be crossed when writing viruses (that line being somewhere around the 'releasing them into the wild' step) the flaws and exploits serve a very real purpose that people (whiners) need to acknowledge. A good example of hackers for the benefit of society: the honeynet project. Just because it can be dangerous to flirt with the dark side of computing, doesn't mean we ought not to ever go there. The virus writers and code exploiters do very similar things that our so-called 'real world' medical doctors do -- after all, wouldn't it be really easy for genetic engineers to design a killer bacterium that could wipe out half of the planet? Do you contend that we cease all research in the field because it could possibly be put to some malicious use? That's like saying that we shouldn't work on AI becuase you may end up with 'the Matrix,' and come on, that's really immature.
Speak for yourself.
I don't think we should punish virus writers at all.
Try to see it this way. If not for virus writers todays systems would be far less secure. In the long run viruses improve the security. Hell, let them expoid every hole they find, so we know about it.
And what is all this fuss about the costs of a virus. If a virus can cost millions than this is not the fault of the writer. In the real world you would not hide millions in a trashcan in front of your house and not expect it to be stolen by someone.
Ciao
----
FB
I'm sorry these pictures are arousing previously unearthed feelings for you. I can sympathize with your feelings of uneasiness as the facade of homophobia slowly melts away to reveal your true inner self.
On a more serious note, get a grip. If the sight of some bare shoulders on a guy is having you squirm like a pre-pubescent girl, you've got some serious growing up to do.
As for whatever brain donors modded his whining "Insightful," quit trying to rival the goatsecx guy and pull your heads out of own asses already.
I think you've got the focus in the wrong place.
Finding and fixing security holes is the responsibility of the OS creators - you can say "oh, if nobody hacked into your OS here then how would we fix the security holes? The responsible OSs have people working on them that would STILL look for security holes, would STILL fix them, even if there wasn't a threat.
If a cracker wants to do good things, crack into a box and then tell the company in charge how you did it. Just being a cracker makes you no boon to the tech industry, just as being a virus writer makes you nothing but a nuisance.
In summary: If you are truly concerned about program security, go write code to make it more secure.
These are hacks.
I [may] disapprove of what you say, but I will defend to the death your right to say it.
There ought not be a draft at all. If the cause is so unpopular you can't get a volunteer militia, you really shouldn't be fighting it at all. Besides, conscripts make terrible warriors.
Give me Classic Slashdot or give me death!
The author of the article seems to have no idea what he is writing about. And the interviewed "virus writer" is as much a hacker as a kindergartener is an Olympic runner. They will both tell you that they excel at what they do, but neither really has a clue.
/y" Then I send it to all my loser friends and tell them to "click the attachment for my badass screensaver!"
;) That was fun. Unfortunately, it also ate all the CPU (VB, is it any wonder?). That is not what I would consider skill.
"malware", "trojans", "worms" and "viruses" are NOT the same thing! Hell, I could "write a trojan" in 10 seconds: just create a PIF linked to "deltree c:
Neither trojans nor malware is capable of propegation. (BTW, malware is a form of trojan) Viruses and worms are. (worms being a form of virus) I would hope that anyone intellegent enough to write a malicious virus would be intellegent enough to keep his mouth shut!
Oh, and non-malicious "trojans"? I wrote one a while back in VB (yes, VB! the language blows, but it happened to be handy and I wasn't going for complexity, reliability, or speed) I installed it on a friend's laptop. It very slowly changed the windows colors (border, desktop, titlebar, etc.) from their default colors into a hideous pink-and-green scheme.
So, in short, the NYT is trying to tailor a story to fit public opinion and fear, while neglecting to do any serious research into the subject.
With journalism like this, who needs fiction?
-CyberVenom