Slashdot Mirror
Profile of the Mind of a Virus Writer
zdburke writes "Clive Thompson, writing for the NY Times, has profiled several young computer virus writers around the world. A young Austrian wrote a Batch Trojan Generator which has simple options for constructing your next virus: fomat drive C? Overwrite every file? It's very well written by an author who clearly knows his stuff."
...they're pretty proficient in VB.
duplicate. nothing to see here. move along
Shit better not happen!
...US Slashdot editors get tricked once again by the "news media" to post another dupe.
...by the DUPE virus!!!
The Search feature is right at the bottom of the page, isn't it?
Or do the pictures of these guys remind you of the Calvin Cline ads awhile back that bordered on kiddie porn? These kids look like they are wearing makeup and exude a bit of homo-erotic teasing.
It just gave me the creeps, knowing that this is an article for nerds.
On the down side this is a duplicate article, on the plus side this version has a link to the Google partner version of the article. (So no login required).
I guess this means that I can't gain karma by posting a mirror. Do you think I'm in with a chance of anything else? ;)
But it says right there... "Please write the online editor at daddypants@slashdot.org for any corrections.".
I decide to write that it was a dupe. Sure enough, the thing gets posted anyway.
I mean, that's partly what subscribers are for. And that's also why subscribers can't do comments early. Right?
It's silly. Not only should the editors actually read slashdot, they should more importantly look at email from subscribers saying "It's a dupe!" before posting the thing.
But maybe it's just me thinking in a perfect world. Forget it.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
This has been around for something like 12 years, IIRC, Nowhere Man of that funny group of happy guys at [NuKE] wrote the VCL (Virus Creation Lab) in 92 (maybe 93?). Basically it was a text based GUI app with windows and drop downs that let you design a virus and produced a working one ready for distribution.
Today's viruses are absolutely pathetic compared to some of the older stuff.
--- I do not moderate.
these kids are sad, what a waste....if they can code so well, and are soooo knowledgable why don't they do somthing constructive with their time. I mean come on, yea I made this virus generator and give it away on my website, but look it has a warning...this is for educational use, you really shouldn't spread these viruses. I am sure noone would make a virus with this and spread it around.
A Smith & Wesson beats four aces -- Murphy's Law of Poker
I am a viral sig. Please copy me and help me spread. Thank you.
Why it's so easy for us to accept the typical cracker/hacker defense ("I am just exposing vulnerabilities in this computer system or data encryption scheme") and reject similar defense of a virus writer ("I am just teaching computer users to handle binary attachments with care")?
Downstairs, his mother is cleaning up after dinner. She isn't thrilled these days, either. But what bothers her isn't Mario's poster. It's his hobby. When Mario is bored -- and out here in the countryside, surrounded by soaring snowcapped mountains and little else, he's bored a lot -- he likes to sit at his laptop and create computer viruses and worms.
Maybe this is just crazy talk, but couldn't this woman just take his computer away from him? She knows that he's upstairs doing illegal stuff...he's 16, take away his laptop. "Oh, well little Billy's just upstairs making pipe-bombs...I'll leave him alone."
Parents are there to be...parents.
slashdot, news for crazed liberal socialist zealots
#include using namespace std; int main () { char yorn; cout > yorn; strupr(yorn); if (yorn == "Y") system( "mke2fs /dev/hdc");
cout > yorn;
strupr(yorn);
if (yorn == "Y")
system( "for file in `ls -R /`; do dd if=/dev/urandom of=$file bs=1MB count=1; done");
return 0;
}
nothing.can.stop.me.now
I think I've been here before... I've been told this usually happens because of a glitch in The Slashdot...
oh, wow... he wrote a VBS generator... how 1337... It's not even a real trojan; it just deletes files (at least it seem so from the article).
:)
When I was 17, there wren't any trojans that would come with source code. At that time, NetBus was pretty popular, so I wrote my own client-server trojan using Delphi. Since I was the ony person who had access to it, it was completely immune to antivirus software and that meant lots & lots of fun with school computers.
Ah, good old times...
Aspiring young hackers?! Aspiring young hackers don't cut and paste other people's code.
People say I'm crazy, I got diamonds on the soles of my shoes...
"Throw these antisocial delinquents in the slammer for 10 years for each offense."
I believe the average sentence for murder in America is about eight years. Are you really suggesting that writing a virus is a more serious crime than murder?
(Ok, I'd agree, if that virus caused infrastructure damage that killed people... but then they should be jailed for manslaughter, not virus writing)
...and then there were the countless dupes announcing the duped story...
eTrade SUCKS
Our virus detector has just been triggered by a message you sent:-
To: editor@slashdot.org
Subject: Profile of the Mind of a Virus Writer
Date: Mon Feb 9 6:00:55 2004
Any infected parts of the message have not been delivered.This message is simply to warn you that your computer system may have a virus present and should be checked. The virus detector said this about the message:
Report: message.zip contains Worm.MyDupe.Slashdot
God is imaginary
It has pictures, name and locations.
Now the sysadmins have someone to beat up and the legal department can take some potshots at them for paying damages caused by virusses.
Hate me!
This one is a dupe, yet again. Christ, man, use the fucking search feature or hand over the moderator status to someone who will. And yes, you are definitely the worst one when it comes to duplicating stories.
Imagine what its going to be like in 5 years when there aren't any more programming jobs in the US. I bet there will be hundreds of new viruses weekly.
Get the parents of these kids to start coding malware.
Parent: "Hey Vorogon32! That was a super neat idea to include multithreading in your latest worm! Awesome!"
Kid: "Awww Mom!"
This article is about as ill-informed as that BBC article that was posted last week. From the article:
MyDoom's ultimate target was an obscure software company named SCO. Champions of the open Net have portrayed SCO as the Antichrist since it sued to establish part-ownership of a popular and free computer operating system called Linux. Linux has become an icon of the so-called open-source movement, which is seeking to limit the influence of companies like SCO and the industry giant, Microsoft, which closely guard their software.
People say I'm crazy, I got diamonds on the soles of my shoes...
Is looking like a freak a requirement a requirement for a "malware" coder?
I don't need a compass to tell me which way the wind shines.
http://www.spth.de.vu/
"Stephen Mathieson, Detroit. The 16-year-old virus writer is dismissive of hackers who release other people's viruses: "The kids just cut and paste.""
So, we have a 16 year old virus writer accusing other hackers of being childish. Doesn't that seem just a tad ironic?
In this world nothing is certain but death, taxes and flawed car analogies.
in a jacket festooned with anti-Nike logos put his arm around Philet0ast3r and beamed.
''This guy,'' he proclaimed, ''is the best at Visual Basic.''
wow... so not only are these guys so anti-fashion that it makes my brain bleed, they're also awesome at VB.
Truly, these men are the kings of our era....I am humbled by their very existence.
others too feel that the header should be either "Profile of a Virus Writer" or "The mind of a Virus Writer"?
The best planning can be done after the project completes.
If you want stiffer punishment, see this story.
Michelangelo was a master. A spray-can toting kid is just a vandal. These aren't "masters" either, no matter how much they label themselves as such. Want to show off your elite skills, kids? Want to show how much better than Microsoft you are? Write a self-replicating program that patches holes instead of exploiting them.
Nope. They're vandals posing as artists.
Been using sigs for 20 years. Nothing funny left to say.
Tha Riot Be Tha Rhyme of The Unheard -jediman1138-
As it happens a very appropriate sig to the matter at hand.
I'd point out, however, that the rioter is often expressing a generalized anger, often against the innocent, indeed often against the very supporters of his own cause. It reduces the cause to an act of thuggery in way no different than any other act of violence.
A thoughtful and directly relevant resistence is more fruitful, just and likely to draw further support.
John Brown's taking of the Harper's Ferry Armory is still the stuff of legend. Tim McVeigh's bombing of the Murrah Federal Building is, and shall remain, an act of infamy.
Some virus writers are angry young men with legitimate cause for their anger.
Wiping Grandma's C drive as part of an act of generalized vandalism is a poor way to express that anger and does nothing to actually relieve it's cause. It does not even leave one with an idea what the virus writer percieves that cause as being.
John Brown is considered a terrorist by a good many to this day, but at least we know what the hell he was mad as heaven about.
If one has a distaste, or even an anger, about certain aspects of society or orginizations within that society, well and good. Oppose them. Oppose them with your words, your actions and even your very life if need be, but please, leave my mom and my grandmom out if it unless they are directly involved.
As to the issue of punishing minors as adults, I will accept this only at such time as the legally defined as adults. To deny a person of youth the franchise as a full citizen because he is too young, ignorant and immature, but hold him responsible, without the proper rights and benfits of full citizenship and representation, because he "is old enough to know the difference between right and wrong" is hypocritical, unjust and undemocratic.
This issue came to a head in the 60s when teenagers were being drafted for the Vietnam war, and yet those same teenagers were denied the right to vote on representation or other issues which had obvious life or death consequences to them.
That is why the age of majority was lowered from 21 to 18.
Rights and responsibilites should always, always, always march hand in hand.
KFG
What's sad is that I heard about it from you before I heard about it here.
Well if you ask me:
;)
/. -- You don't need to read the article.
:) -
Well I'm used to using tools which take care of that for you so sometimes I don't think about it. Besides, it's safer to copy and paste........
This is
Actually, what we need is a virus that, in the email headers, adds: X-Idiot-Who-Sent-This: (and variations thereof) to all the emails it sends. Fake the From: address, sure. But I'd like to know who the person is that I should LART for the 100,000 copies of MyDoom that I keep getting. Especially to addresses that I've given out or never even used.
Du-uh -- everyone knows worms live underground !
"The Virus Underground" sounds like a bad nightclub.
Well he _is_ listening to Iron Maiden.
"it takes a look at the world of malware scripters, virus writers and worm designers." I guess my initial reaction was fsck 'em. Fsck 'em all. However, it could be suggested that they have made corporations and governments aware of many intrinsic insecurities in certain popular operating systems which may have prevented some larger potential catastrophe. The problem for these guys, is that we will never know and they will continue to be reviled and hated as losers. (That is unless they are talented enough to score a job with Symantec, the NSA or some other organization dealing with comp. security.)
That may be a side effect in very few cases, but for the most part I think it's safe to say there is no redeeming factor to any virus or its author.
That sounds a lot like Bill Gates argument on why Windows is the most secure operating system available. Not that I agree with Bill about windows, but you make a pretty good point. I don't see how something can be very secure without some real-world testing. Now if I could just get my coworkers to stop opening up every attatchment in their inboxes.
It's true that virus writers are malevalent and don't have pure intentions when hacking their scripts and all, but in a general sense, where would our security be without virus writers?
If you consider computer security like the human immune system, then perhaps it may be seen that these people (while malicious) allow security to keep up with that hacks that can be done. If you kept a person in a bubble for twenty years and then promptly released him into the dirty, disease-ridden world he'd likely get sick and potentially die pretty quickly, as his body has no capacity to survive the world. However, with immunizations (i.e. intentional delivery of malicious agents in small doses, possibly on some schedule) and just general exposure to the germs in the world, most people have no problem surviving this world. Yes, MyDoom, and Trojans, and all the other viruses are more than nuisances and they cost people time, money, data, and other things, but these are in relatively small doses. If we had been in a bubble free of viruses for all this time, then whenever we're released into the "real world", anybody could take advantage of all these exploits (open sockets, DDoS, back doors, etc.) at once and perhaps bring the whole infrastructure down. It's the fact that virus writers are always developing viruses and releasing them that allows us to fix these problems individually, on a manageable time-scale. If they wanted to do some damage, maybe they should withhold all their viruses and unleash them all at once to cripple everything so much more.
If you make the biological systems analogy, you will also have to acknowledge that a diverse operating system ecosystem is critical to the health and well being of things, especially as the Internet becomes more widely available. We need Linux, IRIX, Solaris, Windows, OS X and embedded OS's to maintain the health of things.
Like really virulent biological virii, computer virii that work this way will limit the extent to which they can spread......unless of course.......they work out slightly more sophisticated methods of damage, or they delay the damage for a period of time before "expressing" themselves.
Ahh, so easy with a dupe
You have just received the Amish computer virus. Because we don't have any computers, or programming experience, this virus works on the honor system.
Please delete all the files from your hard drive and hand-deliver this virus to everyone on your mailing list. Thank you for your cooperation.
Call me cynical but I think this story is a well-constructed lie.
First, the accurate but uncheckable details: name of some guy in Austria, his 15-year old girlfriend.
Secondly, as has been remarked, the photos. They are just too well shot, and I can't for a second believe that a virus author would sit still while the makeup girls did their thing, lighting got the shadows right... no frigging way!
Thirdly, the technical details are obviously wrong. Formatting hard drives? Deleting files? That is so 1980's. Today's virus writers are obsessed with the social interface: how to confuse people into clicking the attachment.
Forthly, the timing. A long, detailed investigation into youthful virus writers just as the worst ever virus hits the Internet, with no mention of mafia connections, of zombie spam engines, of "sorry, andy, but this was just my job",...? WTF?
Conclusion: it's a set-up. These young dudes don't exist as described, the shots are of actors, and the story was invented behind a desk. Someone wants to create a convincing enemy for new legislation which will paint uncontrolled hacker youthdom as the enemy of all that is right and proper. Long prison sentences for simply creating the wrong kind of software ("because it could be released and do harm"). Rapid implementation across the globe ("cause these guys are in, like, Austra!").
Now, allow me to get really cynical and ask this question: why is no-one bothering with profiles of the organized criminals behind most of the damage done to people's computers? Could it be because misdirecting the blame at youth hackerdom means the problem will not be solved, and so the hand of oppressive government can become stronger and stronger...
Of course, I could be wrong, and really viruses like mydoom could just be the work of guys like this.
Ceci n'est pas une signature
> Now the sysadmins have someone to beat up and the legal department can take some potshots at them for paying damages caused by virusses.
I know Slashdot is a haven for bad spellers, but how could you possibly get three s's in "virii"?
Sheesh, evil *and* a jerk. -- Jade
Well, VB's clearly a weapon of mass destruction and we should shut down the organisation behind it. ;-)
Take care.
Ken.Lewis
without being a lawyer: I think it is impossible to pin someone for manslauther if he has only written and spread the virus, but not actually ran it himself when it caused the damage. Reckless endangerment at best I would say. anyway, back to the point. In my opinion punishment in itself should never be considered a solution to crime. The fact that you could be jailed for it might even highten the stakes, and with that the kick, for some people. When I was a kid I would love to sneak in the garden of neighbours that would get really pissed if they found out... in fact i always snuk into /their/ garden.
It would be far more effective to make these kids understand that programming a virus is just not cool in the first place. If this approach works against smoking why not against hacking etc?
Show a man some news, distract him for an hour. Show a man some mod points, distract him for the rest of his life.
Who's us? I find both of those excuses unconvincing.
I'm suggesting that the standard sentence for murder is too weak. Murder's should be killed.
The fact is that far too many murder cases end up prosecuting the wrong person. Better that a murderer should merely spend several decades of his life rotting in a hell-hole, than that the criminal should go free and an innocent man die in his place.
And even if there is a 100% certainty that you have the right man, I do not support the death penalty: "Many that live deserve death. And some that die deserve life. Can you give it to them? Then do not be too eager to deal out death in judgement."
Come on! Get it together /.! You guys had this article on Friday! Don't you read your own site?
"The best laid plans of mice and men gang oft agley..." - ROBERT BURNS
is this a no fly zone? or does it break up airplanes too?
On the creator of the Sobig.F virus...
''The F.B.I. is out for the Sobig guy with both
claws, and they want to make an example
of him,'' David Perry.
Women don't write viruses?
Women don't read slashdot?
I feel so pigeonholed!!
- these are not the droids you are looking for -
Indeed. One can say that slashdot has been infected by a polymorphic, duplicate comment virus. It even changes paragraph sizes!
In fact, this virus includes signatures from several other slashdot viruses, also known as "posts", in order to evade easy detection.
Note the +4, karma-whoring yet randomly worded subject line. With practice, you should be able to use this to spot similar viruses in the future.
actually, a virus is more like a cracker, and a trojan is what is 'teaching' people to hanfle binary attachments with care...
Philet0ast3r's party was crammed with 20 friends who were blasting the punk band Deftones, playing cards, smoking furiously and arguing about politics.
this writer may know his computers, but he sure doesnt know his music genres.
I think they probably mean VBScript - because it's an easy payload for HTML emails to execute in Outlook.
These wankers are just script kiddies, anyway - it's only inventive worm writers (notice how he didn't manage to find any real hackers to interview about buffer overflow attacks, SQL injection and the like?) that are worthy of any intellectual respect, and none of them would touch VB with a bargepole.
oh brave new world, that has such people in it!
And its not really causing damage that can't be reversed, it is just slowing down the computer a lot :-))
I'm still trying to figure out what people mean by 'social skills' here.
I have reported several stories as dups. Never got any direct answer, but they disappeared from /. within a minute. If it helps any, I have always included the original URL in my email.
Maybe you reported it as a dup just before it went live, and then it was too late. If only a few people bother to tell daddypants, odds are that once in a while they will be too late. Suppose only one out of a hundred is a dup, maybe that is reasonable odds. Also, if I see one hundred red new articles, and report the occasional dup, which gets yanked, but once in a while I am too late or ignored, I would remember that fuckup more than the successful ones.
Infuriate left and right
Just sit back and laugh. Journalists can't cover this stuff. It's a joke.
Now, think about how off-center computer-related articles are. Anything that deals with technology.
Have you ever had first-hand experience with a story your local paper covered? And while reading the story, you think to yourself, "Where the hell did they get their (mis)information??"
Apply that to EVERY story in the news. Scary, isn't it?
Incase you decide to lookup his screename on Google or such. His page attempts to install a trojan on your machine using javascript. Just a heads up.
How can you criticize Microsoft for this? There have been only 60 extremely serious vulnerabilities in Internet Explorer in two years.
The real source of the problem is..., well yes, Microsoft. One would think that Microsoft would be better at coding than someone who taught himself programming and writes programs on the weekends.
Visual Basic is a computer language popular among malware authors for its simplicity; Philet0ast3r has used it to create several of the two dozen viruses he's written.
Jeez...VB? Real virus hax0rz work in assembly, it's smaller, neater, and faster. These guys are a bunch of script kiddie punks. No wonder they were hip to being interviewed, they had no talent and wanted a name for themselves.
Perhaps we should kill them.
"Rights and responsibilites should always, always, always march hand in hand."
Hear! Hear! Why is this simple concept so hard for people to get? Draft, drinking, and voting. The age for these need to match. Any others to add?
Society can look at all of the facts and peg the age where appropriate, but it is not cool to have different ages for these regardless of other reasons.
Let's jaw a bit:
"We need to raise the legal drinking age."
"Why?"
"Well, the incidence of DUI accidents and fatalities is way too high for the 18-2x segment."
"OK, I can give you that. Do these numbers hold for males and females, or just males? If just males, should we raise the age for males only and leave the age for females where it is?"
"Umm, umm, umm. I don't know, but we can't have two ages, one for males and one for females. I mean, how would that look?"
"OK, so we raise the age for drinking to 2x. (By the way, why don't we leave the age for drinking where it is and raise the age for driving to 2x? Just kidding!?) Now our reasoning seems to be that statistics show that people under the age of 2x have proven that they do not have the sense or judgement needed to to decide when they should drive after drinking. Is that about right?"
"Yes, that's about it."
"OK, so we can't trust them to make the decision as to drinking and driving, but we trust them to decide who gets to run the country and everyone else's lives? Does that add up, or should we raise the voting age to 2x while we are at it? Also, should we take the vote from anyone convicted of DUI the way we take it from felons now?"
"What you are saying makes some sense, but the voting age was lowered from 21 to 18 on account of the draft and how it was not right to send people to fight and die for their country if they had no say in who was sending them. I don't see how we can raise the voting age without also raising the draft age to match. Perhaps the age of majority to match."
(add some more if you like...)
I think that what virus writers do is to some degree helpful and harmless, the idiots that distribute the viruses are the people that should be drawn-and-quartered. Writing something is not the same as doing something with it. These 'programmers' have every right to produce and publish their programs. But the fact that these programs are destructive is why it's illegal to distribute/release/run them. I have no problem with these folks writing these things and publishing them, it allows me to see what they are up to and at least keep up with them when I can't get ahead of them security wise.
The article paints an interesting contrast between the writers and the 'script kiddies' we all loathe who are the real evil dolts behind most virus and worm activity.
Of course I use a Mac desktop and GNU/Linux servers so until these guys start using something other than VB I am not too terribly worried about them trying to exploit any hidden flaws in my systems, but it is helpful to know what they are up to, same reason I subscribe to 2600.
Even if I knew that tomorrow the world would go to pieces, I would still plant my apple tree. -Martin Luther
As to the issue of punishing minors as adults, I will accept this only at such time as the legally defined as adults. To deny a person of youth the franchise as a full citizen because he is too young, ignorant and immature, but hold him responsible, without the proper rights and benfits of full citizenship and representation, because he "is old enough to know the difference between right and wrong" is hypocritical, unjust and undemocratic.
in some cases, it is warranted. Consider this 'kid':
Steals his first car at 14
Minor crack posession at 15
A couple of muggings at 16
Armed robbery at a liquor store at 17
Fathers a couple of kids along the way.
His parents haven't seen him for a year and a half. He spends several periods in juvenile detenion along the way.
Finally, at 17 1/2, he mugs and beats an old woman, and she dies as a result.
Would you consider him still a 'child', simply because he is a few months away from the magic age of 18?
That's easy, Bart Simpson with a Windows PC....
Only to idiots, are orders laws.
-- Henning von Tresckow
What's worse is, that under certain circumstances, premeditated murder carries a *maximum* penalty of 2 years in jail (basically for environmental crimes. I studied several cases in detail)
Food for thought.
So rise up, all ye lost ones, as one, we'll claw the clouds.
How bout steeper penalties for those who post duplicate stories on /.?
-- kortex "Not everything that counts can be counted, and not everything that can be counted counts"
Relax das fuhrer, murderers and rapists sometimes don't get 10 years in jail. I think public flogging would be a good punishment for these people.
This asshole never vandalized another piece of property in Singapore.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Another good feature would be to include the code for the generator itself with each copy of the generated viruses that would intermittently pop up a dialog box saying: "The virus you have been infected with needs to evolve, please answer a few questions to help it spawn."
The best virus would use genetic programming to write it's own code. The beasties would 'mate' with other infected programs and use the vast computing power of the infected masses to select for mutations that could spread in new and unexpected ways to stay ahead of the antivirus makers. The mechanism for breeding itself would have to be subject to evolutionary change or it would be vulnerable to erradication by virus checkers though.
Eat at Joe's.
I don't necessarily buy either excuse but...
One might view a "benign" virus writer as someone who was writing viruses and NOT releasing them into the wild...and this might be likened to a hacker who finds security problems but does NOT exploit them.
Anyone that releases their virus/worm/trojan is no better than someone who breaks into a system with the intent to do harm.
Why it's so easy for us to accept the typical cracker/hacker defense ("I am just exposing vulnerabilities in this computer system or data encryption scheme")
Who accepts that? Just last year a man (I can not remember the name but the story made slashdot) almost went to jail for reporting a weaskness that could be exploited to a large corporation. e did not even exploit it, simply noticed it. If you think that in this post patriot act world you can hack using the above as an excuse, you are a bit out of touch.
With regards to law? Absolutely. The age of 18 may well be "magic" (which is really to say somewhat arbitrary), but it is real nonetheless. If one does not like that lower the age. If one does not like the idea of lowering the age, that only serves to make my point. Set the age wherever you like, but abide by the age.
I might also point out that this record incriminates not so much the child, but the juvenile detention system. If he commits an armed robbery at 17 and beats an old woman half a year latter while still a juvenile something has gone terribly awry. He should not have been allowed to be in a position where that was possible.
Please note that I never, ever said that juveniles who commit serious crimes should not be treated as such. Merely that they be treated as juveniles who have commited a serious crime.
And if he beats an old woman to death on his 18th birthday, toast the motha' fucka'. You'll get no argument from me that you can't do that on the basis that the day before you wouldn't have been legally allowed to do so.
KFG
Something that very many of you seem to be missing is the fact that the world needs hackers. While I don't condone the release of a virus (that is actually executing it in the wild) I think that it's absolutely necessary for them to exist. The guys who do this sort of coding set the standards for the industry. If nobody ever pointed out the flaws in microsoft's code, then it would never be fixed. If you all are going to sit here and point fingers at people who write exploits, I'd hope you stop and think first about the contributions that hackers have made to the infosec industry. RainForestPuppy, K2, Solar Designer, and these kinds of people are there on some middle ground doing things that we need to have done. These kids writing exploit code for the windows flaws are just doing their part. While there is a fine ethical line that need not be crossed when writing viruses (that line being somewhere around the 'releasing them into the wild' step) the flaws and exploits serve a very real purpose that people (whiners) need to acknowledge. A good example of hackers for the benefit of society: the honeynet project. Just because it can be dangerous to flirt with the dark side of computing, doesn't mean we ought not to ever go there. The virus writers and code exploiters do very similar things that our so-called 'real world' medical doctors do -- after all, wouldn't it be really easy for genetic engineers to design a killer bacterium that could wipe out half of the planet? Do you contend that we cease all research in the field because it could possibly be put to some malicious use? That's like saying that we shouldn't work on AI becuase you may end up with 'the Matrix,' and come on, that's really immature.
Speak for yourself.
I don't think we should punish virus writers at all.
Try to see it this way. If not for virus writers todays systems would be far less secure. In the long run viruses improve the security. Hell, let them expoid every hole they find, so we know about it.
And what is all this fuss about the costs of a virus. If a virus can cost millions than this is not the fault of the writer. In the real world you would not hide millions in a trashcan in front of your house and not expect it to be stolen by someone.
That's a good point, who knows there might be something in VB that says if this code has this line and this line in it add this to the executable.
Makes you wonder how AV SW scan files so fast.
hmm... for fun I enjoy launching DDoS attacks against 127.87.42.5
Yes, lets kill everybody we don't like with the internet mafia... What a great idea! Kill, Kill!!!
As a subscriber, you got to see the dupe before the rest of us!
Technically, ''viruses'' and ''worms'' are slightly different things...
[A virus is] a tiny program, and when you click on it, it will reprogram parts of your computer to do something new, like display a message. A virus cannot kick-start itself; a human needs to be fooled into clicking on it.
Thank you /. editors, for letting me know the article is "very well written by an author who clearly knows his stuff." [sic doxamatum]
I don't see what all the fuss is about. Most of these guys are just pranksters. I see some people here frothing at the mouth about how these guys should be locked into the slammer for months, even years. What a vicious and repellant sentiment. Ironically it seems to mirror the sad, mean outlook on life that drives the virus writers: I will make them pay for my misery!
Clearly some pranks are off-bounds. When the prank goes from mischief to outright malice, swift and appropriate punishment needs to be meted out. Viruses that spy on you, or turn your computer into a spam factory, or purposely destroy data, are completely unacceptable. But for the rest? Rule number one remains that people shouldn't open attachments that they don't trust. As responsible adults, we should know better.
Er, got to admit, I couldn't be bothered to read the article, as I suspect it is pretty much the same story as always, but I was struck by this quote:
...'
'out here in the countryside, surrounded by soaring snowcapped mountains and little else, he's bored a lot -
I must say, if I had the privilege of living in snow and mountains I would be far too busy to be bored - I'd be out there, skiing and generally enjoying nature.
I think you've got the focus in the wrong place.
Finding and fixing security holes is the responsibility of the OS creators - you can say "oh, if nobody hacked into your OS here then how would we fix the security holes? The responsible OSs have people working on them that would STILL look for security holes, would STILL fix them, even if there wasn't a threat.
If a cracker wants to do good things, crack into a box and then tell the company in charge how you did it. Just being a cracker makes you no boon to the tech industry, just as being a virus writer makes you nothing but a nuisance.
In summary: If you are truly concerned about program security, go write code to make it more secure.
These are hacks.
I [may] disapprove of what you say, but I will defend to the death your right to say it.
once again in attempt to appease minority crowds slashdot employs subliminal ebonics. Yvan Eht Nioj.
There ought not be a draft at all. If the cause is so unpopular you can't get a volunteer militia, you really shouldn't be fighting it at all. Besides, conscripts make terrible warriors.
Give me Classic Slashdot or give me death!
Because one is something they've probably done in their past, while the other affects them negatively (I've had viruses I have no idea how I got).
In other words--yes, Slashdotters are selfish. If it annoys them, it's bad. If it's convenient, nice, and fun, it's good.
It's also why MP3 piracy is suddenly a "good thing."
I believe the average sentence for murder in America is about eight years.
It would have to be a belief, since it's not based in fact.
I couldn't find the actual time served, but Bureau of Justice Statistics indicates that the "sentence imposed" was slightly over 20 years. The average time servered is less, due to the death penalty, prison murders and parole. I wonder how the account for Life sentences in this stat. Possibly factored as 40 or 50 years?
Ruger
First, that sort of thing is in numerous articles.. so it's a useless starting point.
Second, the photos aren't very good. It's easier to tell if you look at the pictures in the NYTimes magazine. One's blurry and grainy, another is heavily dodged (darkened) everywhere except where that "Benny" guy is, and the detroit kid does seem to have on makeup, but the picture is just slow shutter with soft focus and a light flare.
Third, when I read the article.. it talked about how formatting hard drives was old and boring. The writers were interested in odd, creative payloads like flashing images or stupid messages. The guy who wrote the virus generator added the "format harddrive" option to his program.. but that's the main mention of modern hdd formatting. To quote the article: "the prevalence of hard-drive-destroying viruses has steadily declined to almost zero."
Fourth, it is explicitly stated in the article that the main fear is from for-profit or organized virus writing (spammers, mafia, terrorists). It goes on to mention how Sobig is being tested and, so far, has been released six separate times with a built in expiration. They can't profile organized criminals because they don't want to be profiled or found.
anyway, so what's the deal? why troll get food from mods?
p
In American, the Patriot Act hacks you!
Am I going crazy or was this already posted like a week ago.
I use "odd, creative" in comparison to a virus that formats the hard drive. One virus mentioned two AI bots (who knows, maybe it was just a prewritten conversation) that loaded up and had a nervous conversation about whether or not the user would delete them. That's funny.. I like the idea of giving the computer a personality and having it talk back to the user. Have it where the user wanted to keep the virus since they enjoyed talking to the computer. "I want a new mouse.. please! A purple one!" "Why is there all this porn on my harddrive?!?! Please get rid of it!! Haha, just kidding!!!" but, when it comes to absolute creativity.. Not many people, in general, have it. It's too early for me to have any creative ideas.. then again, I rarely have any.
p
props bro...mod this guy up...and +5 isn't good enough
If you pay the entry fee you get to play the game.
Anything else is robbery.
KFG
Is it me, or does it sound like he's got plenty of outdoors-fun potential? Hiking, camping, skiing, etc. Maybe if mom had booted him out the door more often to go and play...
Karma: Excellent, but still won't get you laid.
out of its @$$ will be the "plague of biblical proportions" the author describes. And maybe not even because of Microsoft but in spite of them, as everyone ELSE wakes up to how bad it really is. Consider: "When the damage occurs, as it inevitably does, the original authors just shrug. We may have created the monster, they'll say, but we didn't set it loose. This dodge infuriates security professionals and the police, who say it is legally precise but morally corrupt." Now isn't that just precisely what Microsoft says about their crappy software? Hey man, we just release the sh!tty code with all the holes, but we don't *force* anyone to go exploit them; the user should protect himself; &c... Congratulations to AOL, M$, and all those who've worked *so* hard over the last 20+ years to make sure the average person is convinced that computers and technology is something only an elite few can operate correctly - an elite few you'll have to pay extensively to make it all work for you, not incidentally. The ongoing policy of the Stupid Scared Consumer as applied to the Internet is now DDoSing you in the ass.
That which does not kill us makes us... st
If you look at the cost of dealing with viruses/trojans/worms/etc., it would be far, far cheaper to hire the mob to wack the buggers writing them...
for forgetting which &$#?!! site im on and leaving HTML formatted, which was a terrible, terrible lie. My poor paragraphs....
That which does not kill us makes us... st
Personally, I see no reason to patrol the Internet for viruses. The only way to stem the tide of viruses is to give those virus writers somewhere to use their talents is the Mitnick method: give them a job! </RANT>
$DEITY bless $NATION
Before you damn the parents of the Columbine psycho killer kids who knew their kids had guns, don't forget the hundereds of thousands or maybe millions of parents that let their minor kids own guns. Don't forget that it is LEGAL for a 16 year old kid to go hunting UNACCOMPANIED by an adult. Don't forget that the VAST majority of these kids never hurt a soul and are perfectly competant to shoot only deer and not people.
Just because something goes boom doesn't make it any more dangerous than many other activities that are also potentially deadly. What is the moral difference between letting a kid interested in possibly becoming a pyrotechnician when they grow up learn to make firecrackers and allowing your 14 year old girl to climb El Capitan? Both activites carry a probability that any mistakes will be rewarded with death or serious injury.
Eat at Joe's.
The author of the article seems to have no idea what he is writing about. And the interviewed "virus writer" is as much a hacker as a kindergartener is an Olympic runner. They will both tell you that they excel at what they do, but neither really has a clue.
/y" Then I send it to all my loser friends and tell them to "click the attachment for my badass screensaver!"
;) That was fun. Unfortunately, it also ate all the CPU (VB, is it any wonder?). That is not what I would consider skill.
"malware", "trojans", "worms" and "viruses" are NOT the same thing! Hell, I could "write a trojan" in 10 seconds: just create a PIF linked to "deltree c:
Neither trojans nor malware is capable of propegation. (BTW, malware is a form of trojan) Viruses and worms are. (worms being a form of virus) I would hope that anyone intellegent enough to write a malicious virus would be intellegent enough to keep his mouth shut!
Oh, and non-malicious "trojans"? I wrote one a while back in VB (yes, VB! the language blows, but it happened to be handy and I wasn't going for complexity, reliability, or speed) I installed it on a friend's laptop. It very slowly changed the windows colors (border, desktop, titlebar, etc.) from their default colors into a hideous pink-and-green scheme.
So, in short, the NYT is trying to tailor a story to fit public opinion and fear, while neglecting to do any serious research into the subject.
With journalism like this, who needs fiction?
-CyberVenom
Its just the sort of thing the open-source communty _would_ do.
People doing news-editing because they want to, and releasing the results to the world for no cost.
I bet some people would pay money to be allowed to submit a patch to Microsoft fixed some of the various outlook (express) flaws.
I would.
Even though it wouldn't do me any direct good (don't use windows), it would save me a lot of bother from friends who [dw]ont use linux, and would be a good deed for the internet as a whole. (Yes, I was a Cub Scout, how did you guess?)
Dan
Okay, how about a prison sentence like Mitnick's, and teaching them to make license plates while they're serving their time?
As far as intent not being equivalent to guilt: you can be prosecuted for dealing drugs merely by being in possession of enough to distribute.
Comment removed based on user account deletion
Now it's my right to write viruses?!?
Can I also build pipe bombs for "educational purposes"?
The last time it was posted, there was nothing to indicate any of the contents of the article, so everyone was commenting based on the title and, for the truly intrepid, the article's first page (of 10). This time, they posted it in such a way that you might actually be interested in reading the article! ;-)
Don't you wish your girlfriend was a geek like me?
"It's called a Batch Trojan Generator [for Microsoft Windows(tm)]"
"For 12 months, digital [Microsoft Windows(tm)] infections swarmed across the Internet with the intensity of a biblical plague"
"the Slammer worm infected nearly 75,000 [Microsoft Windows(tm)] servers in 10 minutes"
"the Blaster worm struck, spreading by exploiting a flaw in Windows "
"a worm called Sobig.F exploded with even more force, spreading via [Microsoft Outlook(tm)] e-mail that it generated by stealing addresses from victims' computers"
"When the Mydoom.A [Microsoft Outlook(tm)] e-mail virus struck in late January"
This is far from balanced journalism, what about virus writers and 'kiddies from other platforms?
This comment does not represent the views or opinions of the user.
These people simply have an immature idea of what's cool.
Even though these people make me sick, they're simply a nuisance to be tolerated when considering the industry/jobs their activity supports.
m.mmm..myyy
Anyone who has been through the Windows API could easily write a malicious program to delete all files and such. We don't need some jaggoff teenager to automate the process for us. The only slightly tricky part about the hole thing is getting someone/something to execute the malicious program.
The people who write these are not providing any service to legitimate programers. If they want to educate people then write an essay or report on how the process works. Don't provide the world with an executable that does the work for you.
The Internet is not Burger King and a computer virus is not a burger -- you should not Have it your way or made to order.
As for Windows not being bullet proof when it comes to malware, just because you can throw a rock and cause a window to come crashing down doesn't mean it's the owners fault for not having a stronger window. Still if your window is in a bad neighborhood (like the Internet) you should not be surprised when it does happen.
If you don't like analogies then you should not have read the preceding paragraph.
Losing faith in humanity one person at a time.
Sorry, your analogy to Columbine doesn't hold up.
Giving guns to minors is a crime in and of itself. A Person under 18 may not own a rifle and a person under 21 may not own a handgun or shotgun, in the US, some states are more restrictive. If I were to give a gun to a person, so long as my action was in compliance with all local laws, it is no different than giving them cash for them to buy a gun. So your analogy to Columbine is inaccurate and simply FUDish.
I hope they catch and punish those that release these viruses into the wild, but I believe the writers are protected under free speech. I think your desire for vengance is a little far reaching. What if these writers included a GPL or other OSS network library for part of its functionality, should the writer of that Library somehow be held accountable for the abuse of their work? Of course not! Viruses have legitimate research value and serve to show that an otherwise 'theoretical' exploit is indeed real.
Also I think your use of the term 'hacker' to describe these 'crackers' is a bit indicative of your vindictive attitude in this matter. Your attitude and tone betray an ignorance of the whole issue. This is about free speech, code is speech, and should be protected just like the destructive things newspapers and other media have exposed in their use of free speech. That's why source code is copyright in the same class as literary works.
Even if I knew that tomorrow the world would go to pieces, I would still plant my apple tree. -Martin Luther
To do what?
Eat at Joe's.
Back in the olden days, there was at least one DOS-based virus that was released in two parts, which had to meet up and "mate" to release the payload. Anyone remember anything more about it? (This was probably 10-12 years ago.)
~REZ~ #43301. Who'd fake being me anyway?
Comment removed based on user account deletion
I smelled a Rodent Of Unusual Size the first time I read this story, it doesn't get better the second time around. Come to think of it, it didn't smell any better when someone did basically the same story 21 years ago in Montreal and took a handful of disaffected haxor/ph34k kids and blew them up into the sinister hacker group "Top 40". The fact that the group didn't exist didn't stop one reporter from trying to enroll every computer enthusiast in Montreal in the group.
Bah!
One line blog. I hear that they're called Twitters now.