Slashdot Mirror
Virus Writers - The Enemy Within
Slob Nerd writes "An interesting read from todays Observer "He's 21, he's got dreadlocks, likes punk bands... and his hobby could wreck your computer in seconds. Clive Thompson infiltrates the secret world of the virus writers who see their work as art - while others fear that it is cyber-terrorism.""
I think this is the third time this story has been posted.
Googled version to NY Times story
Of course, does it really count if the same story appears on a *different* page? Or a different website.
Maybe it's time that slashdot subscribers get a cached version of the story hosted on slashdot. That way, when an editor is about to submit a duplicate story, it'll check for similar articles cached on the site. That way this kind of thing doesn't keep happening. Hell... Slashdot editors won't even have to read slashdot anymore!
Thank you CmdrTaco for rejecting the story I just submitted in favor of this one. And I *know* the story I submitted wasn't a duplicate, or else my web server would have felt it. ;)
You really are my hero.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
Virus writers, while technically skilled, are complete dumb butts for using their skills in ways that are harmful to society and businesses, even if it's not their fault that it is easy to do thanks to Microsoft. They'd be better off using their skills for something more productive.
thisnukes4u.net
And the technical side of the article is a pile of shit as well. Virii don't "reprogram parts of your computer". Script kiddies generally don't download virii, but trojan clients.
Think that's code for "From the >/dev/null dept."?
Whenever I disassembled viruses or worms, I had to scream. Even in the good old DOS-times and even with bootsector viruses, where size was an important factor, they were simply horrible written. (i.e. unnecassary bloated)
While some may imply in their posts, that virus writers are technically skilled, I've yet to see a single example of beeing better than the avarage bad programmer...
It's not like I don't have appreciation for the fine arts, but this is taking it too far, it is almost to the extent of patronizing virus writers.
Ok fine, what if someday, a student doing research in microbiology decides, just for the sake or fine arts, I'll release a mutant plague bacteria...
With quotes like this: 'This guy,' he proclaimed, 'is the best at Visual Basic.' I really understand the level of these guys... Show me an 1 k, auto-replicating, ASM-written worm spreading like the lightening through an undocumented hole and I'll be impressed. These are nothing more than wannebe punks.
And here I was, with my coffee and breakfast all ready to read /. till lunch :(
Next story please!
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Maybe if the government or anti virus companys made like an online virtual internet for young people to upload there virus into this "virtual internet" to watch it spread and make a game like point scheme or something along the lines there wouldnt be much havoc online , I think it is mostly boredom that virus creaters do this for!
Yes, users bear some responsibility for viruses' spread. Yes, I'm all for education of users. I work in tech support, believe me I'd love more educated users. Usually, I'm the one giving the basic lessons in the difference between a hard disk and a CD-ROM drive.
But the lion's share of the blame has to rest on the virus writers' collective shoulders. The vast majority have no pretensions of "educating the masses," or "simple curiosity." No, most of them just want to either a) screw people over for the hell of it, or b) get their (hopefully anonymous) 15 minutes of fame. These are the same types of people who will eventually be hired to write adware, spyware, and spamming apps. They are not heros. They are not admirable. They are degenerates and sociopaths, and they gives nerds and hackers horrible images with the very same "stupid users" that we have to interact with (and often get paid by) every day of our lives.
Xbox reviews.. We think they're funny.
To play Devil's Advocate isn't there something good arising from virus writers? If there were no major viruses out there, I guarantee you most users wouldn't have anti-virus software and wouldn't know not to click on email attachments from unknown sources. Then, if someone really did want to cause major havoc, it would be even worse than it is now. I don't know if this is true, but I think it's possible. If no one ever expected a virus/worm, how long would it take to actually get the virus/worm off of every user's computer. It's rather quick now because most people have anti-virus software that can be updated really quickly.
First time from wired... it's a story.
Second time on NYT... it's a dupe.
Third time on the observer... it's a trupe?
-Colin
I guess it's the same joy some brainless, euh, "people" get from beating up weaker people or defenseless animals. Or vandalising someones car or something.
There's no risk in it and they get to feel so tough. Those people simply need a proverbial kick in the ass.
Boy, I'd love to be the author of that article. He just keeps making money selling it over and over again. In addition the paper's owners must take note of his name when it draws a metric herd of slashdotters.
::Walks off to write an article about virii::
-Colin
Sorry, no, all my computers run Linux, FreeBSD and Mac OS X.
I wish that, just for once, articles aimed at the public would be a little more accurate."
"He's 21, he's got dreadlocks, likes punk bands... and if you use Microsoft software, his hobby could wreck your computer in seconds"
Umm. Slight absence of any mention of virus writing for profit: there's enough evidence that a number of recent virii were mainly about installing SMTP Relays on infected machines to propogate spam, or leaving a backdoor open so that this could later be done.
4 23258&mode=nested
0 51056136
Or else installing DDOS software aimed at Spamhaus servers, or leaving backdoors open for same.
So. Art: Check. Vandalism: Check. Profit Motive: Check. Insubstantial "infiltration" by journalist: Check.
Ferinstance
http://yro.slashdot.org/article.pl?sid=03/12/03/1
- Oops. There goes Spamhaus
http://securityresponse.symantec.com/
- most of this week's crop install backdoors.
http://www.groklaw.net/article.php?story=20040221
- Your IP Addy for sale to a spam-merchant near you...
Well, actually terrorism is using threats and violence to force someone to think or behave as you want.
Common virus-writers are more like random violence, they do not use to pursue economical or political agendas, more usually want recognition inside their own community.
I, for one, am fed up with this ciber-terrorists media propaganda.
DON'T PANIC
Not to mention that people do not understand that they should not run arbitrary email attachments. Every few weeks we have a major worm outbreak because millions of people happily run every piece of malicious code they find.
As for "real" worms that don't require a collaborative user to spread, it can hardly get worse than it is now, with all the knowledge and awareness we have. The really ugly ones spread in minutes, faster than anyone can react. (Also, they never seem to die, Nimda for example is still active.)
Programming can be fun again. Film at 11.
Since when is Iron Maden considered punk? Geesh, pansy...
---- Booth was a patriot ----
Then come over and install your friendly little programs on my PC. You can do so for free! No more annoying "distribution" anymore, you just come here, install your friendly little program and leave*, that is all. Sounds like a deal? Tell me in advance, because I might need to buy some essentials** for your visit.
* Might or might not involve a hearse.
** Like a toe tag and body bag.
Hate me!
That's usually the case with any subject! Every movie, documentary, or article that I've seen or read and have had personal experience with has been a load of bunk. I've been interviewed for numerous newspaper and magazine articles and they very rarely use any of my quotes in context. They'll usually intentionally remove the context to twist words to mean whatever agenda they're trying to push.
My personal experiences with the media have basically ruined my ability to enjoy anything anymore. Since I know for a fact that virtually every story I've contributed to has been embellished by the authors to increase its entertainment value, I assume that any story that's been done about a subject I'm not personally familiar with has been tainted as well. And, most of the time, I'm correct. A simple five minute Google or encyclopedic search on the subject gives me more accurate data than the story that I'm following up on.
PepperHacks - Hacking the Pepper Pad
http://www.spth.de.vu/
- bram
It appears to me that overcoming human nature requires more than education.
Here's a link to the first paragraph.
Is this a copyright violation ?
-- You see, there would be these conclusions that you could jump to
Does everything include nothing?
When Mario is bored, he likes to sit at his laptop and create computer viruses and worms. Online, he goes by the name Second Part to Hell.
I suggest a new handle for Mario - Two Sandwiches Short of a Picnic
In this world nothing is certain but death, taxes and flawed car analogies.
Oh dear, this thread really exposes the state of the Slashdot community: Grand-grandparent can't use adverbs properly, grandparent makes a typo, while correcting someone's grammer and finally the parent:
:-)
I assume it's not a typographical error.
shows that he has little clue about the fact, that typography is about designing thing containg text in such a way, that makes them aesthetically pleasing.
The question now is, of course, what have I screwed up?
Cracks are not.
It's easier to destroy than to create.
Why did GEAR crush RDP?
1. Cooking*
2. Cars
3. Boats
4. Trains
5. Swords
6. Guns
Just because you do them, doesn't mean you test them out on innocent people. How are these virus writers any different?
*Applies to slashdot readers, only.
Actually, I think that's a terribly wrong-headed attitude. While we might *have* to encourage users to think, we *should* be encouraging developers to produce better code.
We should be striving to create systems that just do what the users needs them to do without requiring the user to jump through hoops or take a course entitled "Best Practices in Computer Security". I don't need to be a mechanic to drive a car, I don't need to be an astronomer or astrophysicist to look through a telescope, and I shouldn't have to be a network security expert just to surf the web and send & receive email.
It is very definitely Microsoft at fault here and not the 'less than expert computer users'. After all, if they made the product to suit those users instead of just to sell well to them, the rest of the world would have far fewer issues.
If you think teenage punks are the ones writing all the virus you're in for a surprise.
Someone needs to do some serious research and see how many came out of Norton Lab.
It's easy to blame some kid playing a guitar in his bedroom. It's another thing to hire a lawyer and blame virus scan companies.
Sholdn't be there Karma penalty for posting dup...triplicate article ? Isn't it amount to trolling ?
The New York Times Magazine a little while ago had a slightly more insightful article which also interviewed the dreadlocked guy and Phil3t0aster and stuff, additionally taking a peek into the culture of virus writers and script kiddies. I don't know if they put their magazine stuff online, but it was a good article.
"All it takes to fly is to hurl yourself at the ground... and miss." - Douglas Adams
Let look at a lot of these exploits, they generally are .scr, .vbs, .bat, etc files. By blocking these attachments by default you're going to avoid most attempts at compromising your machine.
.exe to zip it because your mailer doesn't support executable extensions. If you get a bounce back or a message saying "I didnt send you an .exe" then you can safely assume the file is no good and just delete it or set your mailer to auto-delete.
Sure, this is old hat to slashdotters, but I think it would behoove all email client writers to do this by default as MS does now. Now, that leaves us with macro word/excel viruses, other exploits, and the zip files themselves. The first two can be taken care of by a competent virus scanner or system patching and the latter forces the user to open the zip archive thus revealing the true extension (most compression utilities do this) and copies the file(s) to some location thus giving the virus scanner more of a chance to check the thing for viruses.
Its far from a perfect solution, but it will make people sensitive to file extensions and file types. It will also save disk space and bandwidth by compressing attachments (or even the message itself). Added functionality can be added like signed zip archives, AV hooks into zip programs, etc. Heck, the zip format already provides a cross-platform encryption scheme. Sure its not 3DES/RSA or anything, but it sure beats nothing (especially for those worried about sniffing).
This is essentially the setup many of the companies I work with have. You get your pdf, doc, xls, etc but anything executable is either deleted or quarantined. I don't see why email clients written for residential customers can't do the same.
Data loss isn't even an issue, the worst case scenario is asking the guy who sent you that
This can be done in three steps:
1. Implement auto-zipping. Geeks and security sensitive people will probably enable this by default. Or it should be default with newer version of mailers.
2. Once a significant amount of traffic is in the zip format set your mailer to reject all executables. It also could auto-remail the person sending you executables. (this may be exploited by spammers looking for live email addresses).
3. Watch zip vendors work closer with AV vendors to provide better protection from viruses in zip archives.
How many more times does that article have to appear in newspapers before it's considered a virus? ;)
He wasn't talking about mpegs infecting computers, he mentioned files that _appear to be mpegs_ infecting computers. Typically by renaming them and then attaching with a different mime type, or simply by appending a second extension to the end which "usefully" doesn't get displayed by the recipient's mail reader. It's been done a hundred times, and will be done a hundred times more.
It's your comprehension skills that are called into question the most here.
Because that wasn't your only mistake.
Nowhere does it call Iron Maiden a punk band. The young one who lived at home with his parents was listening to Maiden. The 21-year old VB-er was the one who was into punk.
Engage brain before posting, please.
YAW.
Your head of state is a corrupt weasel, I hope you're happy.
The PACS system (digital X-ray reading monitors) at the hospital where I work caught Code Red last year, and was down for a day or two. X-rays were being read on printed films just like the old days. Slowed everything down significantly. I don't know that it directly affected any patient's health, but it certainly could have.
-ccm
Too much Law; not enough Order.
Outlook Express automatically blocks any attachments which could potentially be viruses. But then the users get annoyed and uncheck it.
Crushing dreams at the speed of sarcasm
It should be 'great grandparent' rather than 'grand-grandparent'.
"This is crazy, you realise we could all go to jail for this?" - my manager, somewhere I used to work.
And Europeans, maybe eight percent of the world's population, consume at least another third, so get off your high horse. The fact is that anybody in the developed Western world uses resources at a far greater rate than a Third World peasant. Self-righteous moral preening about how your car gets five miles per gallon more than mine is of little meaning in the great scheme of things.
Much of that consumption is used in building things that end up in other countries anyway. If America builds a machine tool or sewage treatment plant or airplane that ends up in some third-world Ickystan, have we really taken anything away from the Ickystanian man, or have we actually done him a favor?
Plague of locusts indeed. If you subscribe to such idiocy, at least recognize that you are one too.
-ccm
Too much Law; not enough Order.
but what do i know, i'm just a model.
While this article is dated today (2/22/04) in the guardian, it appeared at least a couple of other places a couple of weeks earlier:
The Impact Lab Some place called "sofa. rites de passage"And in the NY Times 2/8/04 ($ required):
The Virus UndergroundMark
There are Indeed some Reasons why critical systems should be isolated.
Sounds like we now know who to send the mobs with torches and pickforks after.
I'm an American. I love this country and the freedoms that we used to have.
IIRC posting, writing, or keeping copies of instructions for making bombs is illegal in the US. Why? Because bombs harm many people and do lots of damage. Viruses should fall under the same catagory.
Yes, virus writers are rather skilled compared to their counterparts script kiddies (and even worse click kiddies). I don't care how skilled they are, they can put their talent to other things.
The art behind virus writting is make it do good things in a few lines. Put that talent to work on opensource software. Imangine if some of these people got together and worked on the 2.6 kernel for linux. Maybe it would have been out 6 months earlier or it may have some more advanced features.
There are many things they can do, but the fact is they should not write viruses or even post the code/instructions/tools for making viruses anywhere.
IMHO
~ryan
I can sympathize with anyone working in IT when a worm or email virus starts mass propagating. It's no doubt a pain in the ass to deal with when your network is getting hammered. In that sense, I can understand why someone would want to see the writers of these programs flogged, imprisoned, gangraped, and so forth.
Personally, I'd rather see just one vicious email virus rip through the mass of click-happy idiots that cause these epidemics. Every major case thus far has been, at most, a minor inconvenience at the enduser level.
After losing their entire system to one of these viruses, something tells me the number of people that go about clicking every attachment they receive would significantly decrease.
Before anyone bleats about the innocent suffering: too bad. Do children ever listen when they're told not to touch boiling water? No, they only learn it the hard way. But the one advantage is that it's a lesson not soon forgotten.
You really do have an interesting point. If sending a virus to my computer can be called art or intelligence or cleverness, then can kicking in the virus writer's knees be considered art or cleverness? After all, the kicker is just exploiting a the weakness of the kickee, in the same manner that the virus writer is exploiting a weakness of someone else. It would be artistic because it would be sending a message, & it would displaying the human body in a way that isn't usually done. It would certainly get the kickee to think.
testing out my trending skills
Blaming is more fun, of course.
Fixing the problem requires stepping back and noticing some root causes.
WHY do we have a situation where a quick double-click can destroy a software installation or transfer ownership of the computer to a spammer?
Imagine a comparable situation in meatspace. Imagine a chemical plant with a big red button on the main floor which would set the plant on fire and release poison gas in the nearby city.
Management might try educating the workers, putting up signs saying "don't push the big red button", disciplining workers who bump it accidentally, and so on. The fix is not to have the stupid button in the first place.
Our situation on computers is even worse. People have to double-click attachments all day to get their jobs done. It's as though the big red button were small, green, necessary, and only destroyed the plant one time out of a thousand.
The most solid fix is to run MUA's chrooted or under systrace jails. The next best is sensible defaults that don't allow executing candy from strangers.
>Windows is a security nightmare and it practically invites viruses in.
There are probably installations out there that still execute active content in the Preview pane, allowing things like Klez to spread without any user action other than looking at email. Trying to compensate for that with user education is, well, ambitious.