Slashdot Mirror
Virus Author Motives Changing
Tragamor writes "BBC News is reporting that, with the suspected authors behind the zotob virus recently arrested, they are giving insights into the motivation of modern hackers. With the availability of virus sourcecode, authors are spreading to countries which had previously no history of virus origins." From the article: "What the pair were probably taken aback by was the response that the worm generated. Few virus writers now want to hit the front pages, said Mr Hypponen, most prefer to have their creations sneak under the radar, rack up a few thousand unwitting victims who are then milked for money or saleable data. It appears that Mr Essebar was intending to make money several different ways from the people caught out by the Mytob and Zotob viruses he is alleged to have created. "
Back in the 90s, virus writing was a hobby, if a black-hat one. The most famous viruses--Melissa, ILOVEYOU, were all done for fun, not for profit. But as the internet went mainstream in the late 90s, the motivation changed--viruses are now merely a tool for a goal: criminal profit.
``With the availability of virus sourcecode, authors are spreading to countries which had previously no history of virus origins.''
Finally! The year of open-source on the desktop has come!
Please correct me if I got my facts wrong.
Sure as there's imagination there'll be more tactics to come.
A feeling of having made the same mistake before: Deja Foobar
The governments of the world went after the hobbyist virus writers and marginalized them.
Now you have the malicious crowd filling that vacuum.
Rather than fixing insecure software and educating the public, they chose the heavy handed route.
Quite frankly most virus writers in the nineties had no intent to steal or destroy data.
Seems like everytime a "war" is declared on a concept, it fails.
Before: Fame.
Now: Fortune.
'Nuff said.
I mean: with OSes being so vulnerable now and then, why won't any virus writer release hell on every Windows (l)user?
;-)). But are not there psychos outther? Or terrorists? Or whatever lives on Bush's delusional mind as a generic and computer literate 'evil doer'?
Why won't a big impact virus just destroy thousands of files, trash hard disks, or some other destructive action?
Some people here argue that people write viruses (or virii) for profit, for fun or just because they have too much free time (and no sexual partner
It used to be about ego and saying "look what I can do" or "I was the first to do this", now it's more about 0-day exploits, scripting, and financial gain sometimes through extortion ..which is why they should go to jail!
See The Register's story.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
The virus vector stays consistently the same
I for one, think they need to make an example of every virus writer/distrubter and put them up in a federal pound-you-in-the-ass prison.
Oh, I dunno... I think "look what I can do!" first-posters deserve jail time too.
and with it, the profile of the typical investor.
That's an interesting question. I'm not sure it's worth their time. A virus like that would probably affect mostly average joes. The government (hopefully) has measures in place to prevent critical infrastructure from falling victim to a virus attack. Big businesses (hopefully) make regular backups of critical data. Our communication capabilities rely on a big chain of computers across the country. What would attacking this really accomplish? Most likely nobody would die as a result (hospital respirators not withstanding). It would obviously be a huge financial burden, and cause a huge headache for the guys responsible for the systems. But I don't think it would be catastrophic enough to be worth pursuing. Or maybe they haven't been able to recruit people with the necessary skills.
I've had people argue furiously that this is not true. Yet, it does not make sense tactically; if your enemy knows your weakness, it is not benificial to them to let you know about it -- else they loose the ability to exploit the weakness.
As such, do not attempt to secure what you do not control. Secure the hell out of what you do control. Treat everything else as potentially hostile.
Do the right thing and spend time to make things as simple as possible on the design level. Eventually, this will pay you back in reduced 'emergencies', though initially it is a real PITA. There's no other way to get a handle on these things -- it's just too complex already.
Ripper was on of the first Virii I have seen in the weirld, and that was back of 8086's :)
It killed the MBR & BIOS and fucking up data been writen to the disc at random....
Unlike all these pussy WinBlowz & Macro Virus that are going around...
Even earlier, however, you get "proof of concept" laboratory projects that escaped. The Internet Worm and the DEC Mail Worm were examples of this, where science fact and science fiction horror collided.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
It's spreading to other countries that have never had a history of it before because there are now ways to make money with it. Most viruses these days are not put in to the wild without some kind of profit motive. Now, take in to consideration the fact that a few of these places where viruses are coming from are low-income countries, even a small amount of money made with it can equate to 'time well spent' to them.
Think about it - say your income in a country is measured in tens or hundreds of dollars per month rather than thousands, which is more common in 1st world countries. Even something that makes you $50 - $100 USD per month is a big deal. How do you think they react when they learn they can make thousands with it? For some people, that's pretty much like winning the lottery. In order to stop the problem we need to either a) fix all vulnerabilities in all current (and future) operating systems (unlikely) or b) somehow find a way to make it not profitable for people to do it in the first place (also not likely). Otherwise, people are going to keep abusing it to make money.
BeauHD. Worst editor since kdawson.
Nah, it didn't touch the BIOS just inserted itself into the MBR so it would boot up when the machine did.
Thanks for yet another bastardization of the term "hackers." Virus writers are not hackers, and hackers get offended when you associate them with such cretins.
"The best laid plans of mice and men gang oft agley..." - ROBERT BURNS
Correct me if I'm wrong, but the source codes of viri have been available for ages. Outside of the fact that a virus written in Assembler is essentially its own source code, anyway, there've always been virus writing diskmags etc. where commented versions with explanations were published - this is nothing new.
The only thing that seems to have changed is that it's being done for money now, but that's not exactly a 2005 development, either, I'd say.
quidquid latine dictum sit altum videtur.
The reason many modern 'viruses' (worms mostly) don't all have high-payload attacks like MS-Blaster did is due to the nature of parasitic predators needing their prey.
Ebola has a much larger payload than AIDS, but nobody's as worried about it because Ebola quickly kills its victim(s) and has trouble spreading to a greater community. AIDS, on the other hand, won't manifest symptoms for years and therefore can travel across great spaces and through community barriers with ease.
If they want to infect the largest number of computers, they should choose something sneaky with a deliberately small and hidden payload to accomplish what they want.
World Changing - News for Humans, Stuff about our planet
Of course, it was hardly inventive considering there was no real security to bypass, no logs to alter, no other processes to try to terminate in order to make sure the worm did it's job, and you didn't have to find any holes to exploit - the system was already wide open. The most you had to worry about was getting the user to run it, or to stick it in the drive and boot it.
I'd say writing virii today is a whole lot more challenging; especially if you're trying to exploit something you've found, and it hasn't already been published with proof-of-concept code somewhere. Granted, you're going to have a subset of people who will attempt to reuse and/or improve existing code to rerelease, but this isn't really any different from the DOS days.
Now, you've got an entire industry which exists to combat your efforts to successfully release a virus, and a whole lot more variables to deal with than any DOS system.
All your comment says to me (especially the last comment, which shows exceptional ignorance) is that while people were learning how to do these things, you were sitting in the back saying 'wow! that's cool!' without any clear understanding of how to do it yourself.
BeauHD. Worst editor since kdawson.
NBAD systems in enterprises are rapidly making hydra-like virus spreading a thing of the past, because the sudden surge in traffic coming from an infected host is so easily identifiable and quarentined automatically.
What you need to worry about are viruses that spread very very slowly, are very well hidden, and only activate after some preset condition.
"... giving insights into the motivation of modern hackers..."
No. Insight into the motivation of virus programers. I hack daily, not for money, for fun. I would be ashamed to share the 'title' of 'hacker' with these idiots.
Post scripts: For all you who didn't know, hacking isn't 'evil'. Hacking is especaily exploration.
``AIDS, on the other hand, won't manifest symptoms for years and therefore can travel across great spaces and through community barriers with ease.''
Err? Does that mean that scores of people in various places and communities are having sex with ease? Why can't I have that!
Please correct me if I got my facts wrong.
Virus writers are now trying to harvest data for monetary gain; one would assume that this would create a traceable path back to the virus creator.
In the past, virus writers just wanted notoriety among other virus writers - not much of a trail left behind to follow.
Now, hopefully, law enforcement will start catching some of these people.
-ted
New virus is circulating the masses. It replaces windows
with an open source OS. It makes the transition seamless so that user does not notice any difference. Windows GUI
on top of UNIX kernel. Enjoy!
--skyhigh
If I were a virus writer, and wanted to infect only a small number of machines, I'd do this following:
(1) Find some seldom used web page somewhere with a hits-counter on it.
(2) Store the address of that web page in my virus, along with a limit count (say, 20,000.)
(3) When the virus infects a new host, it visits the web page. If the hit counter is greater than the limit count (or the page is unavailable), the virus does not attempt to spread further.
Because the hits-counter was not set up by me, this can't be used to trace back to me. I have to be careful when finding such counters - server logs of who visited before the virus was released are a potential problem. I visit via anonymous proxies and/or using zombies to obscure my trail. Even better, if I find some site which automatically puts separate counters on many pages (e.g. blogs) I can assume the existence of a counter at a given URL without ever having visited the page.
Quattuor res in hoc mundo sanctae sunt: libri, liberi, libertas et liberalitas.
You people will be the death of me.
WOW is one of the best planned out MMORPG I have ever seen. They have earned every subscription they have through great design, great art, and investing the time to make the game better than competitors. Making better games will never hurt the gaming industry- it will only hurt those who what to make profit but don't care about the quality of games they create. Adding production time and money to a project is only bad for investors looking at the short term. Building an identity of top notch games is much better for the company as well as the investors in the long term. Looking at how well Bilzzards titles sell is proof enough. Raising the bar adds jobs for developers (and longer development times = more stable jobs.), better games for the consumer, and filter out the crap games that dominate the shelves. I listened to a presentation by someone who works at blizzard and the attitude towards making games is really how it should be. The quote from his talk that stuck in my head is this: "It can only be late once, but it could suck forever." That's the attitude I want from the people making my games.
but ther is no reason a hacker can not also be a virus writer. Then tradition definition of hacker implies skill, not moral conduct.
The Kruger Dunning explains most post on
If ebola could spread around the world in a day, it wouldn't matter would it?
The first time ebola that effects humens is spread via the air, you will see how worried people get.
1 person in an airport would spread it aroung the world before the first sympton began showing you.
In short, you are only right if the spead to find the next vistum is slower then the time it takes to kill the victim.
The Kruger Dunning explains most post on
Very interesting, that the author sees that modern-day computer viruses are perhaps less virulent, while they do whatever it is they were designed to do.
Reminds me of syphilus -- when first discoverd in Europe, syphilus was a virulent disease that ravaged the body, killing victims off relatively quickly. Natural selection dictated that syphilus strains that avoided early detection were more successful at passing along their DNA to new hosts. Virulent, crippling strains died off. [1]
Today, syphilus is rarely fatal, the symptoms are often just a little annoying for a long time. Plenty of time for new partners to be infected.
Computer virues are very similar -- viruses that avoid detection and quietly do their work of replication, transfer, and whatever else they are designed for, end up surviving. Emergency patches don't happen unless the virus (or worm, whatever) disrupts enough computers.
[1] Evolution? I'd say so...
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
As more and more viruses are created and "contracted" by computer systems, more and more security fixes are released. It's evolution, baby.
Conveniently they have antivirus/antibackdoor software for sale.
Seriously, read their weblog, it's full of stuff avout mobile virus threats, none of which are real threats that would justify purchase of mobile decelerator software.
'Once scientists, even the dim-witted social scientists, get muzzled, the Western Civilization is finished.' - oldhack
We should take care about an "open source virus" initiative. ... and so on!
What could happen in the case someone started such a thing?
You publish your virus code, someone else tests and fixes it, later other vira spawn from that code
Sounds really terrific!
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
I'm wondering if anyone could do this w/o the virus having to communicate with some sort of server.
Easy. Just have a counter in the virus that it changes when it replicates to a new host.
Each virus is limited to sending out X copies of itself. It continues spreading like that until it reaches X then stops. Every time it spreads, the new version gets a counter incremented. It's hardcoded so that when the counter reaches Y, it stops that version from spreading at all.
Total infections = X * Y.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Stupid slashdot...
Total infections = X ^ Y. Power, not multiplication.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.