Slashdot Mirror
Inside the Mind of a Virus Writer
sebFlyte writes "news.com.com is running a very interesting interview with 'Benny' (AKA Marek Strihavka), a former member of the famed 29A russian virus-writing group, about what drove the group among other things. He's now one of several ex-virus writers working for security companies."
Nope, I got second!!!!!
He's got a point there, but still, that stinks of "create a problem, then sell the solution".
quidquid latine dictum sit altum videtur.
1. Write viruses
2. Work for antivirus company selling solutions to the viruses that you write
3. Profit!
In Soviet Russia, Chuck Norris will still kick your ass.
"Inside the Mind of a Virus Writer"
Will I get infected reading the article?
Translation : WOW! I'm a moron!
Q: How many viruses have you written?
A: A lot
Q: Why did you write them?
A: To learn and innovate, not to harm.
Q: Should virus writers like you work for AV companies?
A: Yes, of course. We know security the best.
Why is this an "interesting interview"? There is little to no content here. It's the same crap we've heard every virus writer say to every person who interviews them. While I agree that the best security people are probably the ones who used to break the system (aka virus writers and crackers) why does this need to be considered interesting news? I was more interested in the (FALSE) story about the fish from the tsunami.
It amazed me the way some people think. It sounds to me like he thinks he should be free to write virii because it's expression and protected under the first amendment? So by that analogy, someone who burns down a building shouoldn't be prosecuted because they are just expresssing themselves. Come on, him saying that he didn't distribute his "code" is complete crap. He wrote it and it got distributed. Anyone who thinks differently can buy some swampland from me at a steep price.
My sig of choice is Marlboro
While I can understand 'Benny's' intentions with regard to wanting to innovate, and to help to create a more secure PC, many other virus writers seem to just want to cause mayhem, or to get credit. Therefore, I think it makes a great deal of sense for AntiVirus firms to employ people who've had a great deal of experience with the issue, like Benny. Only by employing similar minded people, can we help to prevent new and devastating new virii from appearing.
I'm not stressed. I'm just terribly, terribly alert.
I foud this tidbit a bit interesting...
Some antivirus firms say that I have no moral right to do it, but...almost all ex-members and current members of 29A are employed in the antivirus and information technology security industry.
Does this strike anybody else as a "wolf guarding the henhouse" scenario?
Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
There are very vew (good!) books about writing viruses. One of them is "The Shellcoder Handbook" by Koziol et. al.
Any other suggestions?
cpghost at Cordula's Web.
Viri-writing on his resume is a problem. But to antivirus software companies, a former virus writer should be a asset, since they have firsthand experience on how the viruses work.
What a well-rehearsed spiel. Thank you CNet for contributing to the spread of pure 100% grade-A manure. I'm sure I'm not the only who can think of a of at least a million other ways to find challenges in "logical and abstract thinking." What a liar. He's a vandal and a thug, and anyone who hires this amoral twit deserves whatever he does to them.
we will end no whine before its time
"It's like saying that banks shouldn't pay Frank Abignail millions of dollars to help them stop check fraud because he at one time stole millions of dollars the same way. When you get someone with that much inside perspective, the good they do can far outweigh their perceived shortcomings."
Well that explains the revolving door between government, and the military/industrial complex.
There is something to be said for learning techniques for mitigation through hands-on practice. For example, I routinely attempt to crack my own web servers in an attempt to discover potential weaknesses. You can read white papers on XSS and privledge escalation and proper filesystem permissions all day, but you don't really ever learn the application until you try it for yourself.
If I were to hire another administrator to be in charge for securing my systems, I would want them to have that same internal drive and desire to explore the system, rather than having a checklist-mentality. Go down the list and assume the server is secure.
That said, I would _not_ hire someone who was actively involved in breaking into other people's systems. It's the mindset. They did it once, they can't do it appreciably any better than if they had probed their own systems, and they're likely to do it again. Part of being a professional means a mature respect for other people's beings.
So if this guy actually wrote viruses that were released, I would consider him probably a bad canidate. Otherwise, yeah, go for it. Good choice.
Make that a logical result of virus writing:-)
The guy never distributed the viruses, he never even wrote code designed to self-replicate. He is just some guy with an interest in computer security and finding exploits and you are calling him "the virus writer". The man is not a criminal.
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
By his logic, I could demonstrate how easily say, my splitting maul could compromise, say, his skull. Wouldn't I be doing him a favor?
Then I could exclaim, "see you aren't ready for this! you can be exploited."
I'm always amazed at bright coders that cannot wield simple logic in meat-space...
STOP. You're being farmed.
Technocrat is quite good.
Wikileaks, no DNS
I can understand the problem with virus writers that spread their creations, but this guys wasn't part of a group that did?
Or am I missing something here...
However, from the Cnet guy's questions, it certainly seemed like he had written his questions in advance while thinking he was a dirty hacker trying supporting "cyberterrorism".
Beware: In C++, your friends can see your privates!
somesuch thing about a passionate young code mangler:
"Frank Abignail did steal millions of dollars. He was a criminal. This kid didn't do anything of the sort -- he simply wrote programs that exposed insecurities in operating systems."
And spam writers simply write spam that exposes weaknesses in baysian filters.
"I am of the mind that we absolutely need people like Benny -- someone MUST check the locks to ensure that we are indeed safe. If no-one is checking the locks, then we're just fooling ourselves that what we hold near and dear is safe."
I'll be over to check your locks. DON'T CALL THE POLICE!
Correct me if I'm wrong, but isn't the whole idea that a virus writer assists in securing computers just a bunch of crap? I mean, please, let's drop the facade for a minute, and think this through:
01: A virus writer releases a virus or worm,
02: A virus writer gets accused of damaging millions of computers
03: A virus writer says he did it to bring attention to X bug that could be potentially used to write a virus or worm for
04: GOTO 01
I realize that some companies are stubborn and have persued legal action against people who publish bugs in software, so a virus or worm can sometimes be the only effective way to bring public attention to a problem. However, this usually is in turned converted to bad press for the writer, and just backfires. The way I see it, this is a better argument than others for switching to OSS - no morbid fear that publishing a bug will result in a lawsuit (no matter how unfound half the time), and thus any virus/worm exploits on an open platform can be considered generally malicious, and the writer persued fully.
Create a virus
:-D
Then sell the cure
Wasn't that a movie?
That's one heck of an unethical business plan. That violates so many ethics principles it's amazing.
I'd chop his hands off then give him a frontal lobotomy - ' I only wrote them, honest...'
The guy isn't Russian. He's Czech!
The article doesn't mention what the turning point in his life was. I think that would fill in a big gap.
Writing source code and burning down a building the same? Yeah, and the WTC fell because of some GPL flight simulator activists?
Following your analogy, i believe idiocy is just a special kind of intelligence.
"Take away our PlayStations
And we're a third-world nation"
A.D.
Thanks. You can now email me at i.wasted.your.invite@gmail.com
I just RTFA, and there wasn't one mention of bone saws, power drills, or plastic explosives. How else would one get into the mind of a virus writer?
The only acceptable process for getting into the mind of a virus writer should be both irreversable and serve as a warning to others.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
When you get down to it, who you employ is up to you. If you think that your customers would be best served by a former virus writer, then do it. If you think they are too dangerous then don't. It comes down to your economic choice.
This is another way of starting a sig with this and ending it with that.
What about selling an OS full of holes, then selling the software to cure infections?
If you can get to sell the malwares themselves, you've got the perfect business plan.
"Take away our PlayStations
And we're a third-world nation"
A.D.
To witness similar "amoral thinking", read this interview of Bram Cohen.
If you have a very pure abstract mind, all challenges are equal. "Thinking through the moral implications" is only relevant if you have ill intent. If you don't, you'll naturally pick the first sufficiently interesting challenge that comes along.
Wikileaks, no DNS
Most viruses are designed to be friendly to the anti-virus industry.
There's always been an implicit synergy between the virus and anti-virus companies. They need each other. But now we know there's more than that.
This article at InformIT.com is another interview with a 29A member (Ratter). Much of the same content and statements.
Looks pretty darn empty in there.
If ex-virus writers are employed in writing anti-virus software, how should the consumer of anti-virus software know that the guy writing his software isn't the same guy writing his viruses?
Sheeeeeesh!!!
:/
The country is called "Czechia" or "Czech Republic". "Czech" alone is an adjective as in "Czech Beer" (which is pretty good, btw).
At least get the name right if you make bad jokes.
The only part of me I want inside a virus author is my boot in his ass.
While hiring these guys might help in the short term, long term it does nothing to discourage other authors. If they manage to avoid jail, they've got a big payday coming. To me, that's exactly the wrong message to send.
If viruses, worms, spyware, and spam disappeared tomorrow, I would probably be unemployed. And you know what, I'd be okay with that, because it'd mean that my customers don't need me to fix the problems these guys cause. There's lots of other things I could be doing.
Last time I checked, the First Amendment was in the US Constitution.
Article 17 of the Czech Republic's Constitution ("Charter of Fundamental Rights and Freedoms") states, in Section 4, "The freedom of expression and the right to seek and disseminate information may be limited by law in the case of measures essential in a democratic society for protecting the rights and freedoms of others, the security of the State, public security, public health, and morality." So here, limitations on these rights are more specifically spelled out. I'm not sure, but I would argue that writing virus code and releasing such code certainly is not protected "expression," at least as defined here. Such expression clearly may interfere with the rights of others and public security. Mr. Strihavka may not be as free as he thinks, and he's certainly not protected by the First Amendment.
In the US, First Amendment protections are not all they're cracked up to be, in any case. These rights are clearly spelled out in the US Constitution, but, in practice, that only means that they can be asserted and litigated. Thus, you have the presumption of such freedom, until some corporation or government entity wishes to deny or abridge your rights, armed with better lawyers. Unless, you're rich and can afford press coverage and good attorneys, you can be screwed by a simple letter.
But I'm not buying that people with Asperger's are morally bankrupt, or that this particular criminal has Asperger's. And how amazing that the first "challenge" he stumbled over was virus writing, and his first real friends were a group called 666. Wow, what are the odds.
"Who else (besides virus writers) should code antivirus programs? Who else has the experience and technical skills for fighting viruses?"
just because you can blow up a bridge doesn't mean you should be trusted to build one.
it takes a completely different skillset to defend against viruses than it does to write them.
doctors don't have to know how to create a disease in order to know how to cure it. i would trust a doctor to treat disease far more than a bioweapons engineer.
just like i don't trust a burglar to guard a bank vault, i don't trust a virus writer to write antivirus software.
First of all, RTFA. The group is Russian, but this guy was Czech. If you look at a map and the politics of the two countries, there's quite a large difference. Secondly, consider the history of Eastern Europe - dissidents who fought the communist system are still celebrated today. If you cast yourself as a dissident with a distinct, non-harmful goal, people like that.
...words like "russian" should be capitalized. Ho hum.
Gosh - all the guy has to point to is the US's current Bioterrorism research. You know, the large amounts of money that are put into "developing" various strains of germ warfare to better "prepare us" in case "someone else" uses them against us??
I was hoping they had a bunch of them with their skulls cracked open.....
...that stinks of "create a problem, then sell the solution".
Sounds like every consulting gig I've been involved with. Convince them they have a problem and that you, and only you, know how to fix it. Oh, and ummm, profit!
It's the number of the geek...
mefus
In Open Society, GPL Software frees YOU!
While I see the point that the companies have in not wanting to hire former virus writters on their payroll they really dont have any choice. The limitation is your average straight out of college IT person is trained to think a certain way. In a way they lack the imagination for lack of a better word that the writters have. So unless the formally trained people get some secondary shady education then they will probably never be as good or effective as the virus writters. On the other hand unless they keep their pulse on the vein of what is going on then they will become out of touch and loose that edge very quickly.
Actually, I would trust a bioweapons engineer to create a drug designed to block biological weapons far more than I would trust a doctor. What, you were going to put a surgeon or a pediatrician in charge of that team? I would also expect a talented safecracker to know things about safes that the original designers don't know -- and as someone else pointed out, who better to blow up the bridge than a guy who builds bridges?
A poorly thought out simile is like a fish riding a bicycle, for reasons you would do well to contemplate on.
In the meantime, the safecracker metaphor is actually kind of revealing: getting input from the safecracker on how to protect future safes is invaluable, *but* you would of course expect any changes to be thoroughly reviewed by trusted engineers before they were accepted. I wonder if the firms employing old virus writers apply similar precautions?
Perhaps, but I think anti-virus software itself is mostly a band-aid for the real problem; weaknesses in the operating system.
If people like Benny *really* want to be useful in helping prevent viruses - they need to become employed at corporations like Microsoft, on a team that works to improve the security of the OS itself.
That said, I also find it rather interesting that with very FEW exceptions (like AVG AntiVirus), almost all antivirus makers insist on their customers paying a fairly substantial amount of money for subscription renewals, after paying out $50-89 or so up-front for the product, in order to keep their PC "safe". If these people really weren't "self-serving" and truly had the interests of "creating a more secure PC" at the forefront, it'd only be logical to make sure this protection was available to the masses either for free, or very inexpensively.
There are a lot of people using the Internet nowdays on "hand me down" PCs that are worth little more than the price of a copy of Norton Anti-Virus 2005.....
You dont need power tools, a simple hammer will suffice. even a large rock could be pressed into service if nothing else was to hand. High tech problems almost always have a low-tech solution, if you just look hard enough.
THAT would tell you whether he was as good as he claimed.Yep. And until I see him releasing code to fix exploitable holes in Open Source, he's still just another kiddie. Again, from the article: Pattern matching is nothing. And that's all that anti-virus software is.
Rather than spending his massive talent on pattern matching viruses, why hasn't he come out with something to prevent viruses in the first place?
Anti-virus systems are all re-active, not pro-active.
Re-active is easy.
Pro-active is hard.
This story is junk. Some "journalist" saw that a "criminal" had been hired by a "security" company and decided that it would be a good story.
> And spam writers simply write spam that exposes
> weaknesses in baysian filters.
No, the spam writers actually enter my property. That is like the people who spread vira, people who break into houses, or people who set off bombs. Or make unauthorized copies of dvd's.
Those who write the code to defeat baysian filters are not spammers, but on the categogy with people who write vira or create universal keys, or write on the net how to create bombs from household chemicals. Or write decsc.
The later group may expect some protection as freedom of expression. The first group should have no such protection.
The question is, do we believe that we can improve society through ignorance? If not, we must protect the second group, even when they do something we dislike.
In the end, if he indeed did NOT spread the programs that he wrote, then they weren't viruses at all -- they were just programs that exposed the insecurities of operating systems.
I agree with you in principle. Flaws in computer software are the fault of the software author, not the exploiter.
However you are placing a lot of things in your pot that don't belong there. For instance, much of this spyware works as advertised without exploiting any holes. For instance if you download a P2P program, and it says in the terms that it installs a program that sends marketing information, what error have you exploited?
And if you find a security hole and exploit it *maliciously*, that's quite different than writing a small, well-commented exploit and posting it on a security list.
We need to make this distinction. What virus writers are doing is irresponsible and malicious, and not educational. This guys *intent* was not to improve security. This guy doesn't make my system any more secure (I already know how to do that: don't run windows, don't download crap, delete executable attachments, etc).
We don't need to thank these people, we need to put them in jail. (Likewise we don't need to treat them as "terrorists" either. They are just vandals.)
Actual audio:
"Hellloooo ooo ooo oo? Anybody here here here here?"
.
They will never know the simple pleasure of a monkey knife fight
So for several years I was an op on #virus the 'home base' of 29A and less popular/talented virus groups, i've never written a virus/worm myself, and because of that I was only mildly accepted however I did get an insite to them, and many of 'them' do it for the reasons Benny listed- and Benny is a perfect example of Proof of concept, he wrote the first xp virus, the first virus that would infect linux from windows if a computer dual booted/etc, while slashdot as a whole may have an unpopular opinion of them in general, I can say at least some of them are quite talented. Oh, and they hate the vbs/vba viruses just as much as anyone else.
You recognized it, you offered an alternative which you feel is legit, but you did recognize it, and that's all any word is good for. Therefore it's a good word, a real word. As Andrew Jackson said, it's a poor mind that can only think of one way to spell a word.
Infuriate left and right
what about 0xA28 =)
And you're seeing a problem with this because...?
It strikes me as being a Good Thing, whether or not it's true, that most viruses do little to no harm and can be easily removed by AV software. So pretty much exploits can be discovered and patch with little harm done to the system.
Another side (which is perhaps the point you were making but isn't what I read into it) is if there is explicit collusion happening whereby the AV companies are essentially _sponsoring_ the viruses so that people will need to buy their software.
Without the collusion, I truly don't see an issue here.
"Has anything you've done made your life better?" - American History X
how about writing a couple of them viruses for OS X. I feel like i got ripped off buying this AV software, it hasn't been used in 4 years!
I would guess that it can be done, but has something like this ever been seen in the wild? Don't think I ever read such a report.
All things considered, I wouldn't be very impressed by it: first scan the partition table, mount any ext2-3/reiserfs partition and look for the root fs and put a script/binary in some runlevel-dir. Given some code to access those filesystem from windows, there is really very little challenge.
I don't think that's intentionally "frendly to the anti-virus industry".
The challenge of virus/worm writing is having the thing spread, of manipulating systems and hiding.
The reason there is rarely a destructive payload is because there is absolutely no challenge in a destructive payload... any moron can write destructive code.
Contrary to what the movies, and thanks to them, the media like to make people think, the primary goal of most virus writers isn't to wreak havok on a global scale, it's simply to see their code spread around the world.
It's largely just very irresponsible behavior, not necessarly malicious.
Something tells me that the next big virus, written by a bored /. geek, will do some of the things you mentioned.
I hope I'm wrong, though.
Some asshole virus writer on the internet said it was true.
Some person who writes viruses just for the excitement. Just to make himself seem more important.
Would a person like that possibly lie and say he works with anti-virus companies too, to make himself look even more important?
Be careful about believing what you read on the internet.
Look, our application isn't a file cracker, it's a password recovery tool.
Look, our keylogger isn't a spying tool, it's a parental control application.
Look, our source code isn't a virus, it's a learning material.
You're a little off here. If not for SPAM, we wouldn't need antispam programs and bays-filters. The filter is a response to the annoyance of the spam. You might argue that the SPAM is due to the lacks in SMTP et al but in that case why make new SPAMs once it's pointed out
The programs written by the kid, however, are targetted at vulnerabilities that already exist. Had he not written the code to expose the weakness, the weakness would still exist. Therefore he is responding to the weakness (and the weakness is the problem) whereas bays-filters are responding to SPAM (and SPAM is the problem).
he's just a fucking child with no sense of responsibility.
I have discovered a truly remarkable proof which this margin is too small to contain.
One of my hobbies is psychology, and I would like to offer my opinion of Marek Strihavka's unstated underlying motives. Along with many criminals, including criminal computer crackers and virus coders, Strihavka shows signs of an antisocial personality type.
Contrived morality is a component of this personality style: He does not accept responsibility for the likelihood that other people will use his destructive source code to harm others; he does, though, realize he would be culpable for his actions if he did the spreading himself. He cares more about avoiding punishment than avoiding hurting others through his actions.
As with most people exhibiting an antisocial personality type, Strihavka craves novelty (writing new viruses) and excitement (the rush from testing his skill and dangling on the border of the law). Another common characteristic of people like Strihavka is opportunism: He plays both sides.
Certainly ego plays a large role in this. People with an antisocial personality type enjoy the small amount of fame they get from interviews like these, especially if they get to talk about their shady hobbies. Another aspect where ego is involved is in his justification for virus writing: Of course he doesn't spread the viruses himself; that'd be stupid; he'd get caught! He even says his lack of consideration is a way of doing something good for society: He's pointing out the insecurities in our technology (he could find a more responsible way to do thisby , for example, informing the software vendor/authors before releasing his code).
In summary, you'd learn more about the mind of a virus writer by reading psychological information about antisocial personality types than by reading this interview.
On vit, on code et puis on meurt.
But the vast bulk of viruses *don't* exploit any weaknesses in the OS. To the OS, most viruses are performing normal and expected tasks (opening and reading files, opening network connections, etc). It's only the context *to the end user* in which they are doing them that makes them "bad".
In a way they do us a favor and 'show' the weakness of systems in a flamboiant way. So people want these things fixed.
But rarely destructive? I have had to in the past 3 years spent several days (each time) just cleaning computers. The newest ones tend to turn off the AV software. They also tend to do things like crash the computer because they are monkeying with critical OS files.
Most have become fairly hard to uninstall. You have to performe a fairly large set of complex tasks to get rid of it. The programs also rarely check to see if there is more than one instance running. So you end up with dozens of the same program running and trying to infect things. So you can not even get into the computer to fix it.
Benign? Hardly.
Apparently you have not been exposed to some of the newer nastier variants.
These days most are trying to setup bot armies to spam people. That is the new thing. A few years ago it was about deleting jpgs and mp3s. A few years before that it was about the format c.
There was even a turf war last year where different worms would disable the other worms.
Also they are not REALLY doing us a favor. They are usually exploiting something that was fixed recently. They are going after 'low hanging fruit' as it were. They are going after the computers that people do not watch 24/7. These are the computers that get patched once a month. When someone remembers the computer. They are not going after things that MS doesnt know about. They are going after things that MS has already FIXED.
Why don't you go learning something about virus and antivirus and then come back to offer your then-well-founded opinions?
Generalizations seem easy (to you...)
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
http://shit.slashdot.org/article.pl?sid=05/01/15/1 538219
Hannibal, is that you?
If you could reason with religious people, there would be no religious people
We were happy the group 29a picked up our principles and stuck by them. There were other virus groups that didn't. I'm reminded of the short lived Immortal Riot. They didn't write very interesting viruses, but they wrote some nasty stuff and they encouraged people to spread their viruses and wrote destructive payloads. The result? No-one actually read their magazine, they just downloaded it to get a virus to infect their enemy's computer with. With no-one actually reading their magazine the virus authors got nothing out of it, so they all quit.
How we know is more important than what we know.
1. Make an antivirus company.
2. Hire virus writers to create your own market.
3. Profit!
That's true - up until the point he distributed the virus, and caused (probably) millions of dollars of real damage.
That's a crime.
-Looking for a job as a materials chemist or multivariat
Yeah, you gotta back up... just gotta. Sorta like you should back up your real (physical) pictures, which is something I am sure everyone does currently.
Well, I couldn't help but wonder what would happen if my baby girl's pictures were destroyed... what would I and my family do? What would we do if we were fabulously wealthy and decided to hire some investigators to track down the writers ourselves? Personally I am hoping this happens and some slit throats start showing the real threat and how it does not matter anymore if it is just software.
Computers are the centers of more people's lifestyles than ever and I just can't bring myself to feel remorse for any future casaulties against script kiddies. Don't throw them in jail and take their computer priveledges away... cut their testicles off, take the left ear, and burn a 4 inch wide scar on their forehead to mark them... then give them a brand new laptop and high speed access.
On the other hand, perhaps it would be best to just shit in their mouths and send the tape of that to CNN... call it the poo-jihad maybe.
I read another interview a while back and also read the ranting in 2600 magazine from various "virus writers". I love hearing them say that people should be protect there computers. If I was in a room with a known active virus writer, I would sucker punch he/she so quick they would be stunned. I would then inform them they should of been wearing a helmet, you know, protection against unseen things. Kudos does go out to the dude who did the first (IIRC) virus that announced some Apple thing, way back before internet. It was an amazing concept to come up with. Too bad it morphed into the nasty things that they are now. Charlie (they ain't rebels and certainly not heros) Monoxide
They almost never attack the users data in subtle ways. We don't seem to see viruses that, say, make small changes to numbers in spreadsheets.
If they do this, it very well could just be an unintentional side effect. For example, the FORM virus would fuck up the contents of Word documents, because it would insert a chunk of its code into the memory space of the document, usually in the body text part of the doc. Most of the time, deleting the ascii-equivalent of the code was enough to fix the doc, but not all of the time. Upon reading on the FORM virus, it was learned that this virus was only unintentionally bad.
The infamous "Morris Worm" also was unintentionally bad. Yes, it was supposed to spread, but at a much slower, easily tracked and defeated, rate. Morris still got in a shitload of trouble for it.
I know, I know...
Mission Impossible II
Am I right?
http://www.google.com/search?hl=en&lr=&q=+%2B%22W3 2.Winux%22&btnG=Search
W32.Winux
The only reason I am impressed with it, is because it hadn't been done before. Benny is quite good at that, and that was my point as to what makes him special.