Slashdot Mirror

← Back to Stories (view on slashdot.org)

Virus Author Motives Changing

Posted by Zonk on from the step-five-profit dept.

Tragamor writes "BBC News is reporting that, with the suspected authors behind the zotob virus recently arrested, they are giving insights into the motivation of modern hackers. With the availability of virus sourcecode, authors are spreading to countries which had previously no history of virus origins." From the article: "What the pair were probably taken aback by was the response that the worm generated. Few virus writers now want to hit the front pages, said Mr Hypponen, most prefer to have their creations sneak under the radar, rack up a few thousand unwitting victims who are then milked for money or saleable data. It appears that Mr Essebar was intending to make money several different ways from the people caught out by the Mytob and Zotob viruses he is alleged to have created. "

9 of 126 comments (clear)

  1. What's more.. by ackthpt · · Score: 5, Interesting
    What's more is they didn't even want you to know that sneaking under the radar without being caught was their goal. Seems they failed on that account miserably. So what's the lesson here? Have a virus/worm with a limited life span? After the first n machines have been infected cease spreading?

    Sure as there's imagination there'll be more tactics to come.

    --

    A feeling of having made the same mistake before: Deja Foobar
    1. Re:What's more.. by cataclyst · · Score: 3, Interesting

      So what's the lesson here? Have a virus/worm with a limited life span? After the first n machines have been infected cease spreading?

      Interesting... I'm wondering if anyone could do this w/o the virus having to communicate with some sort of server. If there was a pointer that got changed when the virus hit a new target, it would have to go in a linear form (eg: not a hydra-type... one person infects only one other person) if it wanted to keep track (accurately!) of how many ppl got infected.

      Curious idea, but I dunno if it would work w/o requiring a server with the potential to get shut down and end the virus' lifetime.

      --
      E = m * c^(Hammer)
    2. Re:What's more.. by Amouth · · Score: 4, Interesting

      Set a ttl and have it relay messages back through its parent host..

      I infect A to infect B+C to infect D+E+F+G and so on.. the messages are passed backwards Have A send random messages to a nother host.. pic up your messages somewere in the stream

      they can't detect it by watching an irc server for inbound connections.. sure they can see who is infected but only one computer each way.. and if you have fun with it by fliping the address around (10.20.30.40 infects 40.30.20.11 infects 11.20.30.41 ....) just keep them guessing..

      use normal transport sockets.. make it look like valid traffic .. i sware the writers are getting lazy.. make something creative.. i have seen spyware that is harder to remove than most viruses these days..

      just some ideas for the people willing to write them.. :)

      --
      '...if only "Jumping to a Conclusion" was an event in the Olympics.'
  2. fault the doj by Anonymous Coward · · Score: 1, Interesting

    The governments of the world went after the hobbyist virus writers and marginalized them.

    Now you have the malicious crowd filling that vacuum.

    Rather than fixing insecure software and educating the public, they chose the heavy handed route.

    Quite frankly most virus writers in the nineties had no intent to steal or destroy data.

    Seems like everytime a "war" is declared on a concept, it fails.

  3. Why do not psycho virus writers exist? by Anonymous Coward · · Score: 1, Interesting

    I mean: with OSes being so vulnerable now and then, why won't any virus writer release hell on every Windows (l)user?

    Why won't a big impact virus just destroy thousands of files, trash hard disks, or some other destructive action?

    Some people here argue that people write viruses (or virii) for profit, for fun or just because they have too much free time (and no sexual partner ;-)). But are not there psychos outther? Or terrorists? Or whatever lives on Bush's delusional mind as a generic and computer literate 'evil doer'?

  4. Or maybe they don't want you to look at porn! by antdude · · Score: 4, Interesting

    See The Register's story.

    --
    Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  5. Re:Oh, the good old days. by CDMA_Demo · · Score: 2, Interesting

    The Mutation engine it was called. It was big for a virus in its time. And there was Joshi from India, which asked the user to type "happy birthday Joshi", and the Cookie virus which asked you to type "Cookie" in order to proceed. The raindrop virus which made characters fall like raindrops on the screen, the Friday the 13th virus that attacked on (as you guessed) Friday the 13th, and many more. That was the golden period of virus writing it seems, as people came up with innovative ways of hacking the systems, instead of "breaking in" like these days.

  6. Re:Repeat after me... by HermanAB · · Score: 2, Interesting

    I know what you mean - signature based detection is always after the fact. However, it is possible to identify viruses using generic rules and a combination of these and signature detection creates a filter that is very strong and protects against known and future viruses. For example, see this: http://www.impsec.org/email-tools/procmail-securit y.html

    --
    Oh well, what the hell...
  7. Another parallel to bio viruses by Red+Flayer · · Score: 2, Interesting

    Very interesting, that the author sees that modern-day computer viruses are perhaps less virulent, while they do whatever it is they were designed to do.

    Reminds me of syphilus -- when first discoverd in Europe, syphilus was a virulent disease that ravaged the body, killing victims off relatively quickly. Natural selection dictated that syphilus strains that avoided early detection were more successful at passing along their DNA to new hosts. Virulent, crippling strains died off. [1]

    Today, syphilus is rarely fatal, the symptoms are often just a little annoying for a long time. Plenty of time for new partners to be infected.

    Computer virues are very similar -- viruses that avoid detection and quietly do their work of replication, transfer, and whatever else they are designed for, end up surviving. Emergency patches don't happen unless the virus (or worm, whatever) disrupts enough computers.

    [1] Evolution? I'd say so...

    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai