Slashdot Mirror
Virus Writers - The Enemy Within
Slob Nerd writes "An interesting read from todays Observer "He's 21, he's got dreadlocks, likes punk bands... and his hobby could wreck your computer in seconds. Clive Thompson infiltrates the secret world of the virus writers who see their work as art - while others fear that it is cyber-terrorism.""
End - Breeding
It's where the family tree doesn't spread out,
but the ends of the branches meet up.
Whenever I disassembled viruses or worms, I had to scream. Even in the good old DOS-times and even with bootsector viruses, where size was an important factor, they were simply horrible written. (i.e. unnecassary bloated)
While some may imply in their posts, that virus writers are technically skilled, I've yet to see a single example of beeing better than the avarage bad programmer...
It's not like I don't have appreciation for the fine arts, but this is taking it too far, it is almost to the extent of patronizing virus writers.
Ok fine, what if someday, a student doing research in microbiology decides, just for the sake or fine arts, I'll release a mutant plague bacteria...
I'm always skeptical of stories like this. Everytime there was a story where I knew the people and facts directly, the story was usually a mish-mash mixed or invented to sex up the story.
One line blog. I hear that they're called Twitters now.
Maybe if the government or anti virus companys made like an online virtual internet for young people to upload there virus into this "virtual internet" to watch it spread and make a game like point scheme or something along the lines there wouldnt be much havoc online , I think it is mostly boredom that virus creaters do this for!
I don't belive they are completelly skilled. I would pay to see one of these VB virus writers to build an application which can improve our OS's or Networks.
Like the elders say it takes 10 years to a three grow but only 10 minutos to take it down. It's the same with computer virus.
To play Devil's Advocate isn't there something good arising from virus writers? If there were no major viruses out there, I guarantee you most users wouldn't have anti-virus software and wouldn't know not to click on email attachments from unknown sources. Then, if someone really did want to cause major havoc, it would be even worse than it is now. I don't know if this is true, but I think it's possible. If no one ever expected a virus/worm, how long would it take to actually get the virus/worm off of every user's computer. It's rather quick now because most people have anti-virus software that can be updated really quickly.
Umm. Slight absence of any mention of virus writing for profit: there's enough evidence that a number of recent virii were mainly about installing SMTP Relays on infected machines to propogate spam, or leaving a backdoor open so that this could later be done.
4 23258&mode=nested
0 51056136
Or else installing DDOS software aimed at Spamhaus servers, or leaving backdoors open for same.
So. Art: Check. Vandalism: Check. Profit Motive: Check. Insubstantial "infiltration" by journalist: Check.
Ferinstance
http://yro.slashdot.org/article.pl?sid=03/12/03/1
- Oops. There goes Spamhaus
http://securityresponse.symantec.com/
- most of this week's crop install backdoors.
http://www.groklaw.net/article.php?story=20040221
- Your IP Addy for sale to a spam-merchant near you...
Well, actually terrorism is using threats and violence to force someone to think or behave as you want.
Common virus-writers are more like random violence, they do not use to pursue economical or political agendas, more usually want recognition inside their own community.
I, for one, am fed up with this ciber-terrorists media propaganda.
DON'T PANIC
That's usually the case with any subject! Every movie, documentary, or article that I've seen or read and have had personal experience with has been a load of bunk. I've been interviewed for numerous newspaper and magazine articles and they very rarely use any of my quotes in context. They'll usually intentionally remove the context to twist words to mean whatever agenda they're trying to push.
My personal experiences with the media have basically ruined my ability to enjoy anything anymore. Since I know for a fact that virtually every story I've contributed to has been embellished by the authors to increase its entertainment value, I assume that any story that's been done about a subject I'm not personally familiar with has been tainted as well. And, most of the time, I'm correct. A simple five minute Google or encyclopedic search on the subject gives me more accurate data than the story that I'm following up on.
PepperHacks - Hacking the Pepper Pad
It appears to me that overcoming human nature requires more than education.
Lets face it, without viruses alot of the flaws in our operating systems would still be open today, then hackers would have free reign into your system without your knowledge. More and more people wouldn't be using firewalls, more people wouldn't be using anti-virus software. Lets face it, the internet is still very fragile, remember way back in 1988 when one worm took down the internet, that can still happen today sad to say, but we are more knowledgible of how viruses use our software to do moreso now than anytime before. Microsoft is trying to change to that operating system where everything has to use their new .NET infrastructure so security will be tigher, not just in their operating system, but also in the applications third parties write. However, I know from past experience with Microsoft, they will end up trying to be backwards compatible and end up inheriting all those problems from before. But perhaps this time they will use their new purchase of Virtual PC to implement those backward compatibility environments totally away from their new operating system. But somehow I think Microsoft will end up even implementing that badly, because they want to give their users so much ease of use and cool features they end up shooting themselves in the foot, allowing people to use their own gullibility to weaking Microsoft's operating system. This same thing can be said about alot of operating systems out there trying to mimic them to some degree.
I mentioned the Peddlers story because it's the most egrarious example and it was clearly a demonstration of how the mentality at the paper had changed. I read this morning (and submitted to Slashdot) a story which seems to have similar regard to the truth - I don't know the specifics, but there was at least one detail that demonstrated that it was highly likely the entire article was a mis-representation. I haven't seen a damned thing in the last seven-eight years from them to believe they've changed.
FWIW, there was an error in my summary: The events took place in August '96, not '97. Google has various Usenet threads on the topic, next time I'll check first. ;)
Come on. They're still in the sophestry-for-headlines business. They never apologized about what has to be one of the most unbelievable libels in the history of journalism. Am I really over-reacting to recommending that people not take them seriously?You are not alone. This is not normal. None of this is normal.
Well... the act of creating a virus and storing it on a publicly accessible web server _is_ tantamount to distributing it, is it not? Would you take a bag of loaded hand guns and leave them on the floor in the middle of a daycare? Would you park your unlocked, running Ferrari next to a bar and ask a group of drunken patrons to "watch" it for you? In some ways, a computer virus is to software as hate literature is to the printed word. I don't see a solution to either problem. At best, I would hope virus writers would "share" their code in a more responsible -- ie more restrictive -- way. Open, unauthenticated access to destructive software should not be legal. "Free expression" -- even if it is a piece of software -- should not be permitted to harm millions of people. Perhaps legal virus writers should be regulated -- much like companies who produce and ship hazardous materials.
Is this sig nificant?
I don't read the Observer, as I agree with you that it embellishes stories to create better headlines. In contrast though, its sister paper, The Guardian, really does try to keep the record straight. They have a 'corrections and clarifications' column where they correct any wrong assertion that they print, however minor. They also have a reader's editor. His job is to investigate complaints and queries from the readers and publish his findings in a monthly column.
If you think teenage punks are the ones writing all the virus you're in for a surprise.
Someone needs to do some serious research and see how many came out of Norton Lab.
It's easy to blame some kid playing a guitar in his bedroom. It's another thing to hire a lawyer and blame virus scan companies.
Let look at a lot of these exploits, they generally are .scr, .vbs, .bat, etc files. By blocking these attachments by default you're going to avoid most attempts at compromising your machine.
.exe to zip it because your mailer doesn't support executable extensions. If you get a bounce back or a message saying "I didnt send you an .exe" then you can safely assume the file is no good and just delete it or set your mailer to auto-delete.
Sure, this is old hat to slashdotters, but I think it would behoove all email client writers to do this by default as MS does now. Now, that leaves us with macro word/excel viruses, other exploits, and the zip files themselves. The first two can be taken care of by a competent virus scanner or system patching and the latter forces the user to open the zip archive thus revealing the true extension (most compression utilities do this) and copies the file(s) to some location thus giving the virus scanner more of a chance to check the thing for viruses.
Its far from a perfect solution, but it will make people sensitive to file extensions and file types. It will also save disk space and bandwidth by compressing attachments (or even the message itself). Added functionality can be added like signed zip archives, AV hooks into zip programs, etc. Heck, the zip format already provides a cross-platform encryption scheme. Sure its not 3DES/RSA or anything, but it sure beats nothing (especially for those worried about sniffing).
This is essentially the setup many of the companies I work with have. You get your pdf, doc, xls, etc but anything executable is either deleted or quarantined. I don't see why email clients written for residential customers can't do the same.
Data loss isn't even an issue, the worst case scenario is asking the guy who sent you that
This can be done in three steps:
1. Implement auto-zipping. Geeks and security sensitive people will probably enable this by default. Or it should be default with newer version of mailers.
2. Once a significant amount of traffic is in the zip format set your mailer to reject all executables. It also could auto-remail the person sending you executables. (this may be exploited by spammers looking for live email addresses).
3. Watch zip vendors work closer with AV vendors to provide better protection from viruses in zip archives.
OK, in other virus news, slightly more up-to-date, female virus-writer Gigabyte has been arrested in Belgium.
a by te.html
http://www.sophos.com.au/virusinfo/articles/gig
Like many of the smarter vxers, she never released a virus into the ecosystem where it would thrive.
If it were the US, she'd
a) be 100% protected by the 1st amendment.
b) be banged up for being a terrorist instead.
My inbox has dozens of viruses dumped into it every day, which completely and totally pisses me off. However, I'd still shake the hand of the writers of some of the cleverer viruses, I bear them no grudge; they're simply filling a niche created by incompetant programmers at microsoft.
YAW.
Your head of state is a corrupt weasel, I hope you're happy.
Googling reveals that this trend in helping BillG cover up the fact that its his OS, not computers, that are virus laden is quite widespread. Search for "Computer Virus" and you'll get around 1.5 million hits; "Windows Virus", by contrast only turns up around 35 thousand hits.
We really do need to work to spread the meme that its not a computer virus, its a Windows virus. Make more people aware of the fact that its a Windows problem, not a computer problem, and it does two things: firstly it might make them consider alternatives to Windows, and secondly if they know its a Windows specific problem they might try and pressure MS into making Windows more secure.
"Mission Accomplished" -- George W. Bush May 1, 2003
How is the exploitation of incompetence in any way clever?
You don't become a hero by beating up on those weaker than yourself.
I fail to see how - no matter how much you tilt your head and squint your eyes - virii can be taken for a misspelling of viruses. Please explain. Everyone else admits that people who use 'virii' meant to spell it that way. Which means they meant to differentiate it from the accepted use of the word virus (that is, from a biological virus).
Yes, that would be true if it was nothing more than a common spelling mistake. However many people - myself included - happen to like it for one reason or another and intentionally don't use the word 'viruses'.
I am fully aware what hypocrisy is, and I also believe it would be hypocritical of you to rubbish neologisms that you don't like whilst giving the reason that they're badly spelled, all the while using words which are just as new to the English language without a second thought.
Regards,
ithika.
the layman's guide to computer science
IIRC posting, writing, or keeping copies of instructions for making bombs is illegal in the US. Why? Because bombs harm many people and do lots of damage. Viruses should fall under the same catagory.
Yes, virus writers are rather skilled compared to their counterparts script kiddies (and even worse click kiddies). I don't care how skilled they are, they can put their talent to other things.
The art behind virus writting is make it do good things in a few lines. Put that talent to work on opensource software. Imangine if some of these people got together and worked on the 2.6 kernel for linux. Maybe it would have been out 6 months earlier or it may have some more advanced features.
There are many things they can do, but the fact is they should not write viruses or even post the code/instructions/tools for making viruses anywhere.
IMHO
~ryan