Security Researcher Chases Virus Maker Off the Net

An anonymous reader writes "There is a great writeup over on CNET covering the pursuit of a virus writer who created a fake Grand Theft Auto game, crippling PCs by causing them to endlessly reboot. Despite the police apparently not being very interested, a security researcher pursued his man anyway, culminating in a teary eyed 'I'm leaving the internet' post from the virus writer himself. Awesome stuff, and one in the eye for the bad guys (for once)."

I prefer Apple's approach

[soft_guy]

They just send someone to do the hit on the virus writer.

Re:I prefer Apple's approach

[JudgeFurious]

I'd prefer Apple's approach even more if they really did it.

I'm serious. I think the act of writing a virus or piece of malware should result in the aquisition of a .45 caliber sized hole in the forehead. There's nothing wrong with these people that I couldn't fix in about 10 minutes with a roofing hammer.

Re:I prefer Apple's approach

[drinkypoo]

I'm serious. I think the act of writing a virus or piece of malware should result in the aquisition of a .45 caliber sized hole in the forehead. There's nothing wrong with these people that I couldn't fix in about 10 minutes with a roofing hammer.

Why not let the punishment fit the crime? They give you a data-scrambling virus, dose them up with mercury. They give you a virus that infects others, we give them herpes. Etc, etc...

Re:I prefer Apple's approach

[sumdumass]

Do you really think giving him a virus that could infect innocent people he might come into contact with would really be a punishment that fits the crime?

I'm not apposed to death, life in prison, a small but brutal beating by everyone effected, a lawsuit from everyone ever infected for the downtime, expense and aggravation their virus cause And then making them work at something that pays enough to keep him alive while at the same time paying everyone he infected. I don't know how you could do something that fits the crime to someone like this unless you punish him for everyone effected.

Re:I prefer Apple's approach

1/5th of the population already has herpes; 80% are asymptomatic. Males are more likely to be asymptomatic than females. The difference between type 1 and type 2 are also largely academic.. either *can* exist at, or around, most orifices. Despite the FUD surrounding the fact that there's no *cure*, treatment can manage symptoms quite effectively. Ethics aside, the flu would likely be a worse punishment.

Of course the idea that it's at all appropriate to intentionally infect someone with a biological virus in response to a computer virus is absurd. Speaking from experience, a couple of weeks in the poke is enough to get all but the most hardened individuals to re-evaluate their life choices, and I highly doubt most virus writers would fall into the category of hardened criminals.

Re:I prefer Apple's approach

[JContad]

...Except that I would like to be in a position where there's a risk of getting Herpes.

For once.

Please.

Re:I prefer Apple's approach

[orkysoft]

I think if there hadn't been any computer viruses, that software companies wouldn't bother much with security. And then, there would be someone who would write a virus, and the damage would be much more severe. Besides, right now, we actually have a choice between a secure and an insecure operating system. Why all those people choose the insecure system? Probably because they don't know any better, and the vendor claims that it is secure, which it obviously isn't.

Re:I prefer Apple's approach

[Dahamma]

They give you a virus that infects others, we give them herpes.

You are volunteering to give him herpes? That's a brave admission, man.

Re:I prefer Apple's approach

[Das+Modell]

Since this was modded troll, does that mean Slashdot supports viruses and malware?

Re:I prefer Apple's approach

[Hucko]

mercury would work then, or lead does at about 60+ ppm

Re:I prefer Apple's approach

[lordSaurontheGreat]

Make the punishment fit the crime. Put Herpes spores on their keyboard every morning and take away their gloves! After a few days without WoW or whatever they use as a fix, they'll be at YOUR beck and call!

Re:I prefer Apple's approach

[level_headed_midwest]

Herpes is a virus, it does not have spores. And unless they put their hands in their mouths right after touching a keyboard that was very freshly seeded with herpes virus, it would die and they would not get it. However, a toxic mold would do the trick with the spores.

Re:I prefer Apple's approach

[lordSaurontheGreat]

lol I was being funny but you get the idea. Don't kill them. Besides, their idle minds could be put to use... You just gotta think more sinister, that's all. 'course there's probably a few issues with some of the first few amendments, but we can work around those, can't we?

Re:I prefer Apple's approach

[Goldberg's+Pants]

Perfect solution: Everyone who suffered from that virus gets to punch him in the face, one time. Just one time. No more. The more widespread and damaging the virus, the more time they get punched. It nicely scales the punishment.

Re:I prefer Apple's approach

[giminy]

If you think a computer virus author will actually get the chance to spread herpes, you haven't met very many computer virus authors. Unless, y'know, transferring herpes from his genitals to his hands counts as "spreading."

(Just doing my part to eliminate "Hackers are cool" from the dumbest ideas list...).

Re:I prefer Apple's approach

[Torvaun]

There is something to be borrowed from the Middle East here. A thief loses a hand. A virus writer should lose their fingers.

Re:I prefer Apple's approach

[Antique+Geekmeister]

No, no. You have to make them full professors at MIT and make sure they never serve a day in jail. At least, if their daddy is head of the NSA ( http://en.wikipedia.org/wiki/Robert_Tappan_Morris and http://en.wikipedia.org/wiki/Robert_Morris_(crypto grapher) ).

That'll teach them not to do it!

Re:I prefer Apple's approach

[The+Angry+Mick]

Do you really think giving him a virus that could infect innocent people he might come into contact with would really be a punishment that fits the crime?

How about flesh eating bacteria? They could be put under isolation . . .

;-)

"i'm leaving the internet" Yeah, right.

Who believes that for a second?

What a whiner!

[oskay]

Seriously though, I can't imagine just "leaving the internet," for any reason whatsoever.

Re:What a whiner!

Seriously though, I can't imagine just "leaving the internet," for any reason whatsoever. Does that make you more or less pathetic?

Re:What a whiner!

I just can't believe the person will 'leave' the internet. His virus-maker persona might completely die off, but the same guy will still be out there, developing similar identities later.

Re:What a whiner!

[UbuntuDupe]

Well, based on the tone, it probably just means he's leaving AOL. So I believe it ;-)

Re:What a whiner!

[wvmarle]

No matter wat I'm sure it makes him more or less pathetic.

Re:What a whiner!

[tehcyder]

Seriously though, I can't imagine just "leaving the internet," for any reason whatsoever.

Dying?

Re:"i'm leaving the internet" Yeah, right.

[eln]

As any long-time denizen of BBSes or MUDs can tell you, every time someone posts that they are leaving it is always legit, and they never, ever come back.

I, for one, welcome our...

[Will+the+Chill]

makin-the-bad-guy-cry Chuck-D-luvin sooper-security overlords!

-WtC

Re:I, for one, welcome our...

[ChromeAeonium]

I'm tired of hearing that meme. I'm leaving the internet forever!

Re:I, for one, welcome our...

[edraven]

Just don't cry about it.

Re:I, for one, welcome our...

[pimpimpim]

I promise, next time there will be news on the iPhone, I'm leaving the internets forever as well!!

LAME?

[windside]

TURN ON UR PC.
PRESS F8 AND GOTO SAFE MODE.

NOW GO TO: c:\\PROGRAM FILES\GTA HOODLIFE AND CLICK THE UNINS000 FILE AND IT SOULD DELETE THE VIRUS.

His virus has an uninstall command? Seriously?

Re:LAME?

[penp]

Well, it was designed as a fake Grand Theft Auto game... It doesn't sound all that creative, though. I think a better "virus" would be making you actually drink coffee with your girlfriend(s) in GTA.

Re:LAME?

[HoosierPeschke]

Is this really a computer virus? Malware sure, virus, no. It's like that program that would show you the drink holder (I think coke, sorry can't find a link) and open your cdrom drive. Only this adds a reg entry or puts something in the startup folder that and does a ExitWindowsEx call.

I guess that's all it takes to be "l33t" these days...

Re:LAME?

[LiquidFire_HK]

It's disguised as a game and is this installed with InstallShield (or something of the kind), that's why it has an uninstaller. (Of course, InstallShield may have an option to not include one, but judging by the quality of his virus...)

Re:LAME?

[LiquidFire_HK]

Agrh, I meant to click Preview, not Submit! s/this/thus/

Re:LAME?

[roman_mir]

I guess that's all it takes to be "l33t" these days... - no, you also have to have this extension installed ;)

Re:LAME?

[syousef]

It might be lame but a lot of computer users would have no fucking idea what to do if this were to hit their system. They'd have to go find and quite likely pay a techy to fix it.

It's like breaking into someone's car and pouring superglue into their ignition lock. It may be lame, stupid and easy to do, but just the same the owner will come back and be unable to start his car...and unless he's a mechanic he'll have to get it towed, examined and fixed for a handsome fee. In the meantime he can't use his car.

Re:LAME?

[QuantumG]

Or like putting sugar in someone's gas tank? Or like putting a banana in their tail pipe? You mean like harmless fun?

Kids have been doing this forever.. we don't put them in jail.

Re:LAME?

[Xiph1980]

sugar in a gastank does crap all...
http://auto.howstuffworks.com/what-if-sugar-gas.ht m
A banana might block the exhaust, but most likely the starter is powerfull enough to create such an overpressure to send the banana flying.

Re:LAME?

[MrNaz]

The difference in the modern world is that while a silly prank could cause a single person minor inconvenience (that's being nice about the harm that sugar in a gas tank can cause), "modern pranks" such as a virus or worm has the ability to affect so many people that the harm actually causes widespread social and economic disruption.

This raises the social difficulty that on one hand you have a culprit, who may be quite innocuous and otherwise innocent of malicious thought, and on the other you have quite a large amount of harm being caused to a large number of people. In other words, a huge amount of harm can be caused by just a kid, and the law struggles with the need to address the gravity of the harm caused while recognizing the need to be compassionate to a kid who really had no malicious thought or any idea that he could cause harm. I am not referring to the hardened malware authors who spam for a living, but the 15 year olds who are just playing with the new computer they got for Christmas, not realizing the harm they could cause by sending that stupid little hack virus to a friend.

The problem I see here is a fundamental failure of society to teach children social awareness from an early age. Social conscience is taught by eastern cultures pretty much from birth, yet it is possible and common for kids in the western world to get through college with only a dim awareness that there is a whole planet that they are a part of and responsible for participating in. Oh wait, I'm talking socialism again. *Waits for the anti-terrorist police to pick him up*

Re:LAME?

[QuantumG]

Yawn. The problem with society today is that they classify "mild inconvenience" as "harm". No-one got killed. Anyone who lost money should have known better than to install random games from the Internet on their work machine.

It's a prank. Not a terribly amusing one, but they can't all be gold.

Re:LAME?

[HoosierPeschke]

Just because regular users don't know the difference doesn't mean we should allow regular users or even misguided techies to misuse the terms of our trade. I take pride in my skills and my knowledge level of my skills. I don't appreciate when half-knowing twits spout off stuff that they've read once somewhere or was told by someone this one time at band camp.

Say what you mean and mean what you say. If you don't know, just say, "I don't know, but I can find out". These two phrases have helped me immensely over the years. I may not be that smart but I'll gain a lot more trust when I do have something to say.

By the by, two more of my favorite sayings: "You have two ears and one mouth so you can listen twice as much as you speak" and "It is better to remain silent and be thought of as a fool then to open your mouth and remove all doubt"... some sayings may vary...

Re:LAME?

[Kadin2048]

Or like putting sugar in someone's gas tank? Or like putting a banana in their tail pipe? You mean like harmless fun?

If someone put sugar in my gas tank and it froze my car's engine, you're damn right I'd press charges. Sounds like vandalism and destruction of property to me. That kind of antisocial shit isn't acceptable regardless of the age of the people it's coming from.

Re:LAME?

[QuantumG]

Yep, and you'd probably push charges against a kid who breaks your window with a baseball too. Maybe even sue the family for pain and suffering. Was a time, not too long ago, when people could sort out their own problems without flooding the courts and filling up the jails.

Re:LAME?

[Original+Replica]

You mean like harmless fun?

So if I come fuck up your car, that's harmless fun. Right? A couple of hundred dollars of damage is no big deal as long as it's in fun... What if take you wallet in the name of fun? I don't do anything with you credit cards or ID, just burn the whole thing. But hey, it's just harmless fun. Every bully in every school yard uses the lie "I was just playing." and that is exactly what this kid is, a bully. He sees his advantage over others and exploits it for his own pleasure and bragging rights. We don't put those kids in jail, but older brothers of victims or sometimes victims themselves do beat the shit out them eventually. That sounds about right for this kid: John C. in Hartford Connecticut. Here's his picture:http://www.vitalsecurity.org/uploaded_imag es/bplanetgangsta-795477.jpg If any one reading this out there was effected by this malware, perhaps they should stop by his house and "express their appreciation" for this punk's contribution to society.

Re:LAME?

[syousef]

"Anyone who lost money should have known better than to install random games from the Internet on their work machine."

You're an idiot.

I would argue that a guy walking around in gold chains in a bad neighbourhood (or a woman walking around in a skimpy outfit) may contribute to being beaten up, raped, robbed or even killed but I'd never argue the murders, rapists, or robbers should therefore go free because they should have known better. That kind of logic makes slums and moves us towards the law of the jungle.

A prank that causes financial loss should be punished. Despite your cavallier attitude to it, kids have always been getting into trouble including going to jail when pranks go wrong...and so they should. We all need to be responsible for our own actions. We don't get a free pass because we were being mischeivious.

You wouldn't react to a "prank" where some teenage kids trashed your house because you left your door unlocked by saying "oh well it was my fault, kids will be kids".

By the way in case you haven't noticed by the way things have changed. Kids use to call in bomb scares all the time. Do that in this day and age and prison is a real possibility. Why? Because it diverts resources from real risks and because it does society a lot of financial and emmotional damage. (We may have gone overboard in recent years but the principle that you're responsible for the results of your actions is a sound one).

Re:LAME?

[QuantumG]

No, you're the idiot.

If you think kids, or anyone, should be jailed for causing a couple of idiots to lose a few hours work or have to pay to have someone fix their computer after doing something stupid.

Your society is fucked up not because people tolerate crime.. it's fucked up because you've made everything a crime, and you've made even a minor infraction of the law a black mark that follows people for the rest of their lives.

Re:LAME?

[Kadin2048]

No, I wouldn't press charges against a kid who put a baseball through my window (incidentally, I've actually had that happen). That's an accident. There's no shame in having an accident, particularly when you're a kid, as long as you take responsibility for it.

But going out and intentionally destroying other people's property is another thing entirely. That's not an accident, and I have very little tolerance for it.

Re:LAME?

[QuantumG]

Well, the kid can claim it's an accident.. wouldn't be the first kid to say "bet I can take out that window" and then claim later it was an accident.

Re:LAME?

[Kadin2048]

Well, the kid can claim it's an accident.. wouldn't be the first kid to say "bet I can take out that window" and then claim later it was an accident.

True. At least the first time around though, without any reason not to, I'm willing to give someone the benefit of the doubt. I can't find any plausible excuse for slashing someone's tires, putting sugar in their gas tank, or putting glue in their ignition, or some of the other things that were mentioned in this thread.

Re:LAME?

[TheLink]

Sure it should be punished. BUT jail is too harsh in most cases.

Politicians cause far more harm daily and get away with reelection. How many people have _died_ because of the lies/half-truths they spout? And Diebold practically "trashed" the elections IMO. Sure, maybe the results were legit, but they're now tainted because of Diebold and that makes the elections worth a lot less.

Best to work on fixing that properly first.

In my opinion in modern times, physical imprisonment should be _mainly_ for people who have proven themselves to be dangerous. e.g. From their actions would likely be dangerous to allow them in the same room with at least 1 in X people out there (pick your threshold of choice).

This guy? He should be banned from the internet for a while (or at least under probation). If he's caught violating the terms, then if there are currently no viable and practical means to prevent him from using the internet without imprisoning him for a while, then too bad, prison time for him.

Re:LAME?

[MMaestro]

Change sugar to several pounds of sand and banana to wet cement and you'd be closer to reality.

Once you go from minor annoyance to minor damage, "harmless fun" goes out the window. Spray painted graffiti on mailboxes is annoying, but smashing mailboxes with a baseball bat is damaging (there was actually a news report in my local newspaper about it a few years ago.) A virus that causes your startup screen to look like a BSOD but lets you into Windows/Linux/Mac OS X is annoying, a virus that prevents you from getting past the startup screen is damaging.

Re:LAME?

[MrNaz]

See, I think you missed the bit about me saying that innocent pranks now can cause a lot of harm to a lot of people. The Melissa virus is a good example, which wasn't written by a kid, but could easily have been.

As I said, it's a dilemma between the need to recognize that kids in the modern world have the capacity to cause huge economic harm, and the need to recognize that they need to be dealt with compassionately. How we go about solving this dilemma is something I don't know how to do, but I think that people like you have such a flippant attitude towards the damage don't help.

Re:LAME?

[Provocateur]

show you the drink holder (I think coke, sorry can't find a link)

You have to show us a link??? Just tell these guys to type 'eject' at the prompt, n00b!

Re:LAME?

[Jackmn]

If you think kids, or anyone, should be jailed for causing a couple of idiots to lose a few hours work or have to pay to have someone fix their computer after doing something stupid.

If an individual intentionally vandalizes something, then he should face penalties for it. 'I was just having some fun' is not an excuse. If someone gets their jollies off of making themselves a nuisance then they deserve a criminal record that makes it tough for them to find a job.

Re:LAME?

[QuantumG]

If an individual intentionally vandalizes something, then he should face penalties for it. Ok, my head is nodding, well done.

'I was just having some fun' is not an excuse. Damn, you're right!!

If someone gets their jollies off of making themselves a nuisance then they deserve a criminal record that makes it tough for them to find a job. WTF? Wow, you almost had me there. You should be a politician.

Make a real argument.

Re:LAME?

[Jackmn]

Make a real argument.

There is no 'argument' to be made. Punks who vandalize things should be punished, and they usually are. A permanent record is a perfect punishment (at least in lieu of breaking their fucking legs).

Re:LAME?

[QuantumG]

My mistake was thinking that you were interested in making any argument.

Go fuck yourself.

Re:LAME?

[Antique+Geekmeister]

Excuse me? Punks who vandalize things usually are punished? Right. And spammers are convicted under the CAN-SPAM act regularly, right. *Sure* they are.

The willingness of fools to engage in vandalism in the computer world is only matched by the utter incompetence and unwillingness of law enforcement to pursue them. Unless it's absolutely massive, there's simply no interest by law enforcement in investigating or convicting crackers and other computer vandals. If you don't believe me, I strongly recommend you read "The Cuckoo's Egg" by Clifford Stoll, or www.takedown.com on the pursuit and eventual conviction of Kevin Mitnick.

Re:LAME?

[MillionthMonkey]

|)ud3, 5hu7 7h3 fu(k up. 1 h4v3 4 (00| 7h1n6 601n6 0n h3r3.

Re:LAME?

[cyclomedia]

If the neighbor's kid put a baseball bat through one of your car windows for the fun of it (no doubt whilst in a group of dumb peers) my first suggestion would be to have a word with said neighbours and let them hand out the punishment (grounded, perhaps) whilst working off the cost of the repair bill.

That is, assuming you actually speak to your neighbours, ever.

Re:LAME?

[starakurva]

I have a fellow "geek" friend who thinks it's ok to tell me to go fuck myself when we're having a friendly argument about current events and the like...Not in a goofy exclaimatory way, but in a dismissive way, similar to the way yours came off, all on its lonesome, devoid of obvious tongue-in-cheekness..

It shifts the tone of the conversation from one of pleasant, engaging dialogue, to one of aggression and unfriendliness.

It also decreases the affinity severely, as I once regarded this friend warmly and fondly, he is merely an acquaintance now, and sinking in the polls.

Maybe you meant to say something else.

Re:LAME?

[QuantumG]

Yes, we've established that you're only interested in making emotional arguments and have nothing to contribute to this conversation.

Go away.

Re:LAME?

[starakurva]

You must r00l the chat window thingy on WoW or whatever game you heavily play...(Dunno the terminology cos I don't play any of em)...The 13-year old screaming German kid must worship you...

And no, I don't have anything at the moment to contribute to the conversation that hasn't already been well stated by another participant...except the observation that you're a rather rude person...

Re:LAME?

[Jackmn]

Excuse me? Punks who vandalize things usually are punished?

I was speaking more in regards to breaking windows, plugging car exhausts, and dumping sugar into fuel tanks. I doubt the majority of spammers and malware writers will ever have action taken against them.

Re:LAME?

[QuantumG]

I'm rude? You're the one who has butted into this conversation with nothing to say.

Stop wasting our time.

Re:LAME?

[Antique+Geekmeister]

OK, I don't knew where you grew up. But where I grew up, it depended a lot on the level of offense. Egging cars and throwing rocks off bridges, tipping cows, graffiti, running social enemy's underwear up flagpoles, putting a peanut butter sandwich in someone's schoolbook, etc. were all not that unusual. I didn't throw rocks off bridges, but certainly did all the others.

I'm not proud of most of them, but was never punished for those acts of vandalism. (The underwear up the flagpole was called for, trust me on this.)

Re:LAME?

[LordSnooty]

And there was also a time, not long ago, when the parents of a wayward child would be embarrassed by their child's actions, and would want to put things right with the victim before dishing out some effective punishment on the kid. Today, you're just as likely to get a torrent of abuse from the parents, never mind the child. "He says he didn't do it and I believe him. Stop harassing my kid"

Re:LAME?

[QuantumG]

Yes, true.

Re:LAME?

[starakurva]

My god....Did it ever occur to you that the "conversations" that you have on message boards ISN'T in real-time, therefore "butting in" doesn't exactly carry the same implications it does in a RL conversation. I mean, this isn't a problem for most people, but if that kinda thing actually throws your thought process for a loop, well, who am I to judge?

Besides, as a registered user, I believe I have an open inviation to comment any time I like.

You're just mad cos you acted a twat and I called you out on it. Go back to your really important conversation with randoms about stuff you have no control over...

Re:LAME?

[QuantumG]

You're just mad cos you acted a twat and I called you out on it. Is that how you get by? Just making up want you want to believe and declaring it to be so?

Re:LAME?

[disasm]

It's a kid and a prank. If any punishment happens it should be at the discretion of the child's parents. No real harm was done. It's not like this non-virus stole millions of peoples credit card informations and committed credit card fraud. Let kids be kids, they can grow up tomorrow.

Sam

Re:LAME?

[lessermilton]

A prank that causes financial loss should be punished. So... I saw these scary things that totally looked like bombs and it was so totally scary! I so totally can't believe that anyone would ever do such a naughty thing! I mean, how could those poor, defenseless people know any better? Someone should definitely be punished!

Re:LAME?

[syousef]

This is considered insightful?

You had a look at what some of the latest "pranks" have been. Ever heard of "happy slapping"? Where you video tape yourself walking up to a complete stranger and walloping them? Where I come from it's called assault. People have lost the ability to pull a harmless prank. Instead any fucking dangerous or stupid behaviour is being passed off as a childish prank. Even children have to act within the tolerances of society. They get a black mark against their name if they kill someone too. You suggesting we change that because "hey he's just a kid".

Writing a virus is not something you want to go unpunished. There are enough of the fucking things that an end user can end up in deep shit unless they very quickly learn what they're doing. That few hours work you're talking about isn't some optional extra overtime - it could be money that was meant to feed the man's family you.

Re:LAME?

[syousef]

In my opinion in modern times, physical imprisonment should be _mainly_ for people who have proven themselves to be dangerous.

Someone who writes virii and releases them into the wild is dangerous. If physical imprisonment is the only way to guarantee keeping them doing so is to physically jail them that's actually called for. If you can have a reasonable level of confidence that you can keep them from doing so, sure put them on probation and punish them financially

Re:LAME?

[syousef]

Hell if it was done intentionally yeah they should be punished.

If law enforcement can't tell an innocent package not intentionally planted to fool them from a bomb, there's nothing to punish.

Reductio ad absurdum is the idiot's straw man.

Re:LAME?

[syousef]

So if say Sony writes a root kit and you put their cd into your drive and it installs you're cool with that? Or if MS sends back detailed information about your surfing habits?

The fact that you installed software doesn't mean you've agreed to give the software writer unlimited access to your machine. Choosing the right software to trust isn't even straight forward these days.

You don't seem to realize any of this...and I'm the idiot? Have a nice day burying your head in the sand.

Re:LAME?

[syousef]

No real harm?

Bullshit. Anyone who's not a computing professional and is hit with this has to pay good money to get the damned thing fixed. Money that might otherwise go towards something worthwhile - anything from feeding your family to taking them on holiday.

Re:LAME?

[lessermilton]

Judging by the fact that it was repeated throughout the US, and rarely did anyone think it was anything dangerous... and the fact that they were placed in very public places, and well lit... Oh, and how about the part where they didn't call in and say "hey this is a bomb!"

Quit trying to excuse personal responsability! If you're too stupid to tell the difference between a light-brite and a bomb, or to tell the difference between a legitimate game and a "virus"... I'm sorry, you need to hand in a couple of bits of anatomy. We can't have your genes in the pool.

If either of these things, this "virus" or the lite-brite-looking-mooninites, had actually had the potential for damage, that's another story. But all this did was simply execute a reboot script, and the mooninites were glowing aliens giving people the finger. Neither of which did actual harm, unless you were dumb as a bag of rocks - no offense to the bag of rocks.

People should be a little smarter when it comes to these things. I, for one, am a suspicious son-of-a-gun and I wouldn't be installing some random programs. Every one of these people had a choice, whether or not to dl and install a rather suspicious program.

Oh, and you wanna see a cool secret game in windows? go to window>run>type "format c:" and click "yes", it's the coolest game ever!

Re:LAME?

[QuantumG]

Where you video tape yourself walking up to a complete stranger and walloping them? Where I come from it's called assault. Actually, it's called attempted assault. You have to cause actual harm for it to be assault.

Re:LAME?

[TheLink]

If you see my post, I do accept that physical imprisonment may be the only way given _current_ practical limitations and constraints.

To me someone who writes _computer_ viruses is not physically dangerous, but if physical imprisonment is the only way to stop that person, then sure.

Re:LAME?

[syousef]

If you're saying that stupid people should be afforded no protection in society you're a fucking fool. What you're proposing is the law of the jungle. Perhaps people like you should be left in the middle of a jungle to survive since you're so intelligent and superior. You make me sick.

For the umpteenth time, if you haven't got a lot of tech knowledge a reboot script is not a trivial thing to remove. Or are you proposing that to use a computer you should have to be a proficient coder.

Re:LAME?

[syousef]

Actually you're called a troll.

IANAL but...

It's not an attempted assault if you hit someone, it's assault. There's no set standard for the amount of damage you have to do before it's termed an assault. Attempted assault would be where you try to hit someone and miss.

You should be warned that trying to step beyond the boundaries of your knowledge and getting things wrong makes you look like a complete and utter twit to anyone with solid knowledge on the matter.

Re:LAME?

[lessermilton]

The internet is governed by the "Law of the Jungle". Specific domains, however, are governed by whoever owns and operates them.

People should be competent operators of whatever they use. If someone doesn't know how to use a knife, they'll cut themselves. If someone doesn't know how to use a car, they'll probably kill someone. If someone doesn't know how to use a gun they'll probably kill someone. But we don't let people who don't know how to use cars drive them around in public places, why do you believe there should be protection for those who do the same thing on their computers?

Mr. Straw-man, I not once claimed to be superior in any outdoor field, such as you seem to claim:

Perhaps people like you should be left in the middle of a jungle to survive since you're so intelligent and superior. You make me sick. However, I am in the middle of a type of jungle - the information jungle that's the world-wide-web. And like I would do in a real jungle, I avoid sites and places that I know would be bad for me and my computer. I rarely open attachments - even from people I know. I rarely go around posting personal information about myself. I know how to boot in safe mode and uninstall programs. I can run through a process of elimination.


1)My computer worked fine 30 minutes ago.

2)Between now and then the only change I made was to try and install this "game"

3)Hmmm, that game might have something to do with it. I can't boot normally, how about safe mode?

4)Ah, that works, let's see if I can uninstall this program. Yep, I sure can!

5)Oh good my computer works again. Wow, that guy sure was a dork.


Simple steps that everyone who uses a computer SHOULD know how to do. If my computer was still having problems, I'd just grab my knoppix CD and see if I couldn't at least recover my data.

People who can't drive cars aren't allowed to on public roadways. If they do, they're fined and possibly put in jail. People who can't use computers but still do, people call them victims. If they are victims, it's to their own willful ignorance.

Re:LAME?

[QuantumG]

Umm.. go look it up.

Fuckin' hell.

Re:LAME?

[syousef]

You mean like here:

http://en.wikipedia.org/wiki/Assault

"Assault is a crime of violence against another person. In some jurisdictions, including Australia and New Zealand assault refers to an act that causes another to apprehend immediate and personal violence, while in other jurisdictions, such as the United States, assault refers only to the threat of violence caused by an immediate show of force."

You are talking out of your backside.

Re:LAME?

[QuantumG]

Guess where I live fuckstick.

Re:LAME?

[syousef]

Do you always swear and name call at someone when you lose an argument?

You're looking more and more foolish by the second.

You were the one trying to correct my usage of the word, so why should I give a shit where you live?

Do you even know the meaning of the word apprehend?
http://dictionary.reference.com/browse/apprehend%2 0
3. to expect with anxiety, suspicion, or fear; anticipate: apprehending violence.

Note the words "anticipate", and "expect". You don't have to cause harm.

You can't simply admit you were wrong, you just have to keep digging your hole. Do you have any fucking idea how stupid and childish you just made yourself look?

Re:LAME?

[QuantumG]

Do you have any idea, at all, how little I care how "stupid and childish" I look to some random asshole on Slashdot?

Re:LAME?

[syousef]

So what you're saying is that you don't care that you're wrong and that therefore by definition you're a troll.

Thanks for clearing that up. Have a lovely day.

Re:LAME?

[disasm]

Okay, and next time little Johnny grabs a candy bar off the shelf and eats it in a store, lets cut off both his hands and make him write I will not steal candy bars... People's definition of harm is so whacked these days... If you computer dies, who cares, there is more to life than the computer... If you can't afford to get the thing fixed, you should be using linux like most sane people that can't afford to fix their computer every time a teenager decides to pull a prank on all the windows users.

Sam

Re:LAME?

[syousef]

Reductio ad absurdum is weak.

How about next time little Johnny steals a candy bar he's forced to apologise to the ower, pay him back in full and perhaps do some punishment like a few hours of community service learning that others aren't as fortunate as himself. Beats the hell out of just rustling his head and saying "off you go you young whipper snapper". Most crims start small.

As for your bullshit about using Linux, I simply wouldn't tell anyone to use Linux unless I first let them know what they could and couldn't run, and taught them some command line admin. You call me extreme for wanting to punish a kid who's doing the wrong thing but you're happy to abuse someone for using a mainstream OS unless they can afford expensive support. Your entire approach is out of whack. Good luck living in your deluded friendless reality.

Re:LAME?

[disasm]

Lets look at the facts of damage:
1. No data was damaged
2. No data was taken
3. The user chose to download what they thought was a game
4. It prevented the user from logging into the machine

I don't see any permanent damage here. This isn't a crime in the least. I never said THE PARENTS shouldn't make little Johnny do community service for stealing the candy bar. I just said the punishment doesn't fit the crime to chop off his hands and then ask him to write he won't steal candy bars.

My bullshit about using Linux is more accurate than your perception of it. 90% of home computer users need a word processor, a web browser, and possibly an e-mail client, and that's it. There is no expensive support with Linux. Last time I tried Ubuntu, I booted up, logged in, and clicked the little firefox logo on the top bar. Want to install something, add and remove programs and install it. Heck, my sister uses Linux and she's about as far from techy as you can get. Maybe you should try the latest linux distros before blabbing your mouth.

Sam

Sequel

[akkarin]

This would make a great sequel to 'Catch me If you Can'.

Stupid, I hate vigilante's

[stratjakt]

This isnt a virus, first off. It was a lame trojan. Like all others, cut-n-pasted by some 13 year old script kiddie, I mean just read the story and tell me it could be any other way.

So some blowhard self-important jackass "security researcher" harassed a little kid and made him cry.

What a fucking loser.

The REAL virus writers/blackhats, the ones infiltrating multi-billion dollar corps, are working for the russian mob.

Go after them, I double dog dare you.

Re:Stupid, I hate vigilante's

[jcgf]

Sometimes kids gotta learn the consequences of their actions. I'm glad this guy did what he did.

Re:Stupid, I hate vigilante's

[Farmer+Tim]

So some blowhard self-important jackass "security researcher" harassed a little kid and made him cry.

What a fucking loser.

Who, the researcher or the kid? Actions have consequences, and maybe this seems a bit harsh but the kid set himself up for it.

The simple moral is if you don't want people getting mad at you, don't be a jerk. Is that really so unreasonable?

The REAL virus writers/blackhats, the ones infiltrating multi-billion dollar corps, are working for the russian mob.

And how many of them would be doing it now if someone had tracked them down scared the shits out of them in their teens? I'm not saying that's the ideal approach to security, but then there is no single ideal approach; a spectrum of methods is necessary.

Go after them, I double dog dare you.

When the police start taking online fraud more seriously that might be an option. Going after the Russian mafia single handedly would be proof of utter stupidity.

Re:Stupid, I hate vigilante's

[UncleTogie]

I'd be pissed if some little douchebag created malware that deleted my data.
Translation: I'd be upset at other people if, by my own actions, I installed apparently pirated software of dubious origin.

Re:Stupid, I hate vigilante's

[Sensae]

Where does piracy come into this? This trojan was obviously trying to masquerade as an independent game (Though I agree of dubious origin).

Re:Stupid, I hate vigilante's

[MillionthMonkey]

I found this comment there:

Congratulations on making it to Slashdot's front page.

I'm glad you called it a lame batch file instead of a virus like Slashdot did. The guy who made it... I mean it's so lame... a GameMaker game plus a few registry entries and an uninstaller that breaks the "virus"... it doesn't deserve to be called a virus, even if it DID replicate itself (a necessary component of any virus). At least he could have deleted random registry keys or hard disk files or something. Or at least made the game WORK.

I figured all of this out from the other links from Slashdot, but this is amusing me enough I might install the "virus" inside of a VM just to check it out. I also have a GameMaker decompiler (it's old though) I can try running the EXE through to take a peek at the insides.
Dan | 07.19.07 - 11:05 pm | #

Re:Stupid, I hate vigilante's

[tehcyder]

The simple moral is if you don't want people getting mad at you, don't be a jerk. Is that really so unreasonable?

I think the GP's point was that this is little more than bullying. There's a difference between giving a thirteen year old kid a serious talking to for being stupid, and beating the crap out of him with a baseball bat for walking on your lawn.

Re:Stupid, I hate vigilante's

[MrSenile]

Well, I'm not sure...

Did he stop to take a dump on my lawn and throw feces at my wife while on my lawn or just walk through it?

Depending what was 'omitted' from 'just walking on the lawn', it's clobbering time :)

Unfortunately this is a lot of times what is 'omitted' in the news. A lot of them will just mention 'yea, the kid just walked on the lawn' but not mention what he did while ON the lawn.

Minimum of 3 sides to all stories, make sure to always get the other two ;)

Re:Stupid, I hate vigilante's

[Harry+Coin]

does the russian mob actually exist? ...and all of this corporate espionage crap?

Nyet!

Re:"i'm leaving the internet" Yeah, right.

[wamerocity]

actually, I am proud to say when I was 14, I made that declaration on the "BBN" a once-popular BBS in Salt Lake City, that I was going to leave forever and I did. I never logged onto another BBS again. Unfortunately, the benefits of it weren't as I intended (hoping for myself to go out and get a "real" life), as I made-out with WAY more girls I met online than I did offline in the immediate future after I left. Oh well.

Now I have slashdot and I'm right back where I started, except there aren't a lot of easy slashdot girls... hmmm...

Not a virus

[The+MAZZTer]

From the articles linked, it appears to be nothing more than a GameMaker "game" which adds registry entries which cause shutdown.exe and logoff.exe to be called when you log in.

In fact, if this was considered malware... perhaps marginally, although it has no serious effects... it isn't a virus because it doesn't replicate itself and spread. The guy who wrote it is obviously a wannabe hacker... you know, the kind who use pre-built tools without a clue how they work. Except this guy couldn't even find tools so he used a game creation system. Lame.

Re:Not a virus

[brunascle]

just a script kiddy? i wouldve expected more from someone who TYPES IN ALL CAPS

Re:Not a virus

[Frosty+Piss]

In fact, if this was considered malware... perhaps marginally, although it has no serious effects... it isn't a virus because it doesn't replicate itself and spread. The guy who wrote it is obviously a wannabe hacker... you know, the kind who use pre-built tools without a clue how they work. Except this guy couldn't even find tools so he used a game creation system. Lame.

Lame? Perhaps. But as much as you discount the toolz and skillz of this wanna-be "hacker", it was still an effective malware approach, was it not? Seemed to do exactly what the "hacker" intended...

Re:Not a virus

[sumdumass]

It was probably an attempt at a joke gone bad. I used to have a couple, they would exhibit BSOD screens as the screen saver and cause all your Icons to fall of your screen and lay in a pile on top of your task bar. One started after the windows login and said windows isn't sure you are who you say you are click here to verify, then it would repeat that click here in random placed until you right clicked and selected "enough".

Re:Not a virus

[Arcane_Rhino]

Yeah. Not only LOUD words, but bold words.

And if you believe this..

[nurb432]

You are as stupid as he.

"wahhh you are mean, im leaving" , ya right.

Re:"i'm leaving the internet" Yeah, right.

[Stanistani]

When he comes back he will be welcomed with open arms - and a rock in each hand.

Re:"i'm leaving the internet" Yeah, right.

dude; nailing BBS chicks is nothing to brag about...

Yeah...uh huh...what ever you say.

[davmoo]

I have a hard time believing that any "security researcher" would keep calling the application in question a "virus".

It sounds to me like the story is about *two* wannabes, not just one.

Re:Yeah...uh huh...what ever you say.

[cromar]

The security guy didn't strike me as professional or incredibly competent.

"Hmm... here's this 19 year old kid who made a laughable 'virus.' I need to track him down and email local authorities!!!111!!!!!11!"

It's like some lame episode of Scooby Doo or something.

Re:Yeah...uh huh...what ever you say.

[davmoo]

Nah. Scooby Doo at least had the redeeming feature of being funny :-)

Re:Yeah...uh huh...what ever you say.

"It sounds to me like the story is about *two* wannabes, not just one."

Indeed. From http://www.vitalsecurity.org/about.htm

"I am Christopher Boyd, Microsoft Security MVP...Originating from Liverpool, England with a [sic] Honours Degree in Fine Art...Nowadays, you can find me lurking in the darkest corners of the Internet - kicking ass and taking names. Kung-Fu style..."

Jesus Tap Dancing Christ. A Scouse fine arts grad fighting malware on teh intarwebs. What a douche.

Re:"i'm leaving the internet" Yeah, right.

Now I have slashdot and I'm right back where I started, except there aren't a lot of easy slashdot girls... hmmm...

The qualifier is completely superfluous in this context!

Re:"i'm leaving the internet" Yeah, right.

[GreyPoopon]

dude; nailing BBS chicks is nothing to brag about...

It depends. There was a BBS I used to use in the mid-80s in my area. Every once in a while, the sysop's sister would jump on while I was logged in and we'd talk for a few minutes. I was always really careful because I figured it might just be the sysop pretending to be his sister. At any rate, I figured that if it really _was_ his sister, she was probably a real dog (yes, a somewhat chauvinistic thought, but few girls back then had any interest whatsoever in computers, and those that did were almost guaranteed to be as homely as they come). Some months after I started using the BBS, I had a reason to go visit the sysop at his house (I forget why -- sharing pd software or something). While I was there, I met his sister, and I thought I was going to lose consciousness. She was drop-dead gorgeous -- one of the most attractive girls I've ever seen. Just going on a single date with her would have granted bragging rights, but there was absolutely no chance for me; I couldn't even form a complete sentence in her presence.

Never again

[Drunkulus]

Oh my head! I'll never drink again.

Holy crap I think I know that kid

[xrayspx]

He was in the same CS clan as me way back in Historical Times and used to call me up and ask me to tell him how to "hack stuff". I didn't tell him much of anything, sounds like he learned whatever he wanted to learn though :-) But yeah, John from Hartford, different nick at the time, but right age bracket, same interest in breaking things that aren't his to break. Nice. Hopefully this will straighten him out. At least he didn't get in any actual trouble.

Who Cares?

[aldheorte]

This story reads basically that some over zealous security researcher chased an incompetent malware script kiddie around for an app that compromised maybe 50 people. As far as accomplishment goes, this ranks up there with shooting fish in a barrel and apparently proves he can do Google searches.

I'm glad that there is a minimum damage level before law enforcement gets involved because this would be a tremendous waste of tax payer dollars to go after and then, given how totally out of whack the laws are in regards to this kind of thing because of Luddite terror of people with technical ability, we'd probably have to end up paying this moron's housing for five years and create another person with a criminal record who cannot get employed and thus gets even more benefits at our expense.

And at the end of the day, it proves nothing. From a technical standpoint, someone could easily create an false identity like this, even the sign off part. The whole investigation trail is based off string comparisons. Whether it is "John" in Philadelphia or a really smart dog in Detroit, who knows?

heh

[shivamib]

This must've been fun to watch. When I was in college I made a recursive batch file be called at boot on all PCs before a crappy class. Interestingly enough, most people couldn't fix it, despite being in 2nd year of Computer Science. Okay, that was lame. I'll be taking my leave now :)

Re:heh

[MMaestro]

I know schools that didn't require login/reimage on reboot until the past 5 years. I know at some universities, lab computers are automatically logged in with anonymous accounts upon booting so they routinely get "hacked" (officially, they're "broken", unofficially, 'don't know, don't care' in the words of a friend who works at the technical help desk) with the sysops never bothering to fix them so long as they remain few and far between. (On average out of every 10 computers, by the end of the semester, 3 will either be "hacked" or so overloaded with spyware/malware/adware that most students will avoid using them like the plague.)

Re:"i'm leaving the internet" Yeah, right.

[hasbeard]

Oh, ok. Thanks :)

Re:"i'm leaving the internet" Yeah, right.

[markov_chain]

As our God used to say, "you can check out any time you like, but you can never leave"

Re:"i'm leaving the internet" Yeah, right.

[Knara]

In my teenaged years I got randomly chatted by the sysop's daughter on a local C-64 BBS on a variety of occasions. Even began setting up "I'm gonna log in at midnight, so chat me then." Yeah, sounds like it belong in an alt.* newsgroup, etc.

I have to say...

[Ayanami+Rei]

it's pretty fucking lame that the dev lost the source code to buzzmachines.

Shoulda open-sourced it. Prick.

Re:I have to say...

[Kalriath]

Right. And when Ford stops making a model of car they should release the blueprints for free.

Drop the inflated sense of entitlement. He wrote it, it's his decision what he does with it. If he gives out the source code, it's his call. If he doesn't, it's ALSO his call.

He's less of a prick than you are.

Gibson is an idiot.

[Ayanami+Rei]

I doesn't take a genius to block an ICMP attack with a Cisco or anything else. Why quench wasn't already enabled on it is another WTF.

Then he goes on to bitch about raw sockets in Windows and why ISPs should be responsible for their user's actions. What fucking planet does this guy live on?

In short, eat a dick.

Re:Gibson is an idiot.

[VENONA]

"Gibson is an idiot"

No. Spinright was a lifesaver, the couple of times I needed it, back in FAT32 days. Supposedly it does NTFS, and some Linux filesystems now. At some point he seems to have gotten slammed in the head or something. Whatever went wrong, it's a shame. Although the raw sockets nonsense did at least provide us with some entertainment.

Re:"sharing pd software or something" Yeah, right.

[larpon]

Yeah, right.

What about Bill Gates?

[twitter]

Why not let the punishment fit the crime? They give you a data-scrambling virus, dose them up with mercury. They give you a virus that infects others, we give them herpes. Etc, etc...

So what does Bill Gates get? While some of his data scrambling has been accidental, much is intentional. The upgrade treadmill alone has cost more than any virus or trojan and it hits those who try hardest! Sabotage of other company's software has also cost millions of man hours. The problem with your method of punishment is that it must just suck to be Bill Gates. How can you get any crazier than to sit around dreaming of global software domination, smear campaigns and other strangeness M$ gets up to at his command?

Re:Police can't act like that

[Carlinya]

No, but they can start investigations based on the reports and information they received.

It would help if people knew whether they were able to lodge police reports against idiots (virus/malware/spyware etc creators). Most places I know don't have a system to handle such reports.

Wait ... THAT'S your story?

So let me get this straight. Guy takes a poke at computer nerds by suggesting that computer nerds only get ugly women. And your comeback is, in essence, "Dude no way, I totally saw a cute girl once when I was 16!" Not exactly what I call a biting rejoinder...

Re:Wait ... THAT'S your story?

[GreyPoopon]

Guy takes a poke at computer nerds by suggesting that computer nerds only get ugly women. And your comeback is, in essence, "Dude no way, I totally saw a cute girl once when I was 16!"

Not exactly. The guy said nailing BBS chicks was nothing to brag about. I was just responding that it _could_ be something to brag about, depending on the girl. What I _really_ don't understand is why my comment got modded up so high. It was supposed to be worth a chuckle, and instead people are dropping "Insightful" and "Interesting" mods on it. That's scary. At least somebody had sense enough to mod it -1 Overrated after it reached a 5.

Re:Wait ... THAT'S your story?

[tehcyder]

So let me get this straight. Guy takes a poke at computer nerds by suggesting that computer nerds only get ugly women. And your comeback is, in essence, "Dude no way, I totally saw a cute girl once when I was 16!" Not exactly what I call a biting rejoinder...

Be fair, for slashdot it's practically Wildean.

Re:"i'm leaving the internet" Yeah, right.

[ross.w]

you're making the assumption that they were girls...

Re:"i'm leaving the internet" Yeah, right.

[rickshaf]

Uh, actually, I'm old and a bit slow, so it took me about 2-seconds to come to the conclusion that this story "isn't even wrong"....

Lame Lame Lame

[Xabraxas]

This is just lame. The researcher narrowed it down to a black person in Hartford, Connecticut between the ages of 16-19. Oh yeah, he likes the Boondock Saints and his name may be John. Do you know how many people that could be? There are 125,000 people in Hartford and nearly 40% are black. That's 50,000 people. Let's say roughly 25,000 are male. So now you have to narrow that down to ages 16-19 which is probably at least a couple thousand. Now you're looking for someone among thousands who's name may be John and who likes the Boondock Saints. Considering people are getting shot and robbed on the street in Hartford I think the police have a little more to worry about than someone who made a piece of software that makes you computer reboot continuously.

Re:Lame Lame Lame

[kingsqueak]

"Boondock Saints" heh , are you 50 or something?

http://www.theboondockstv.com/

Re:Lame Lame Lame

[Xabraxas]

Woops. Slip of the tongue. I happen to love that movie.

Bad analogy

[ancientt]

This is exactly the right approach to dealing with nuisances. When someone behaves in a childish manner, the best way to change their behavior is to make them understand that their actions can cause them more grief than they are willing to accept. It isn't about the damage they do, it is about the nuisance they cause. That said, there seems to be some bad analogies being used here.

This isn't like a kid slashing tires, this is like a kid who convinced you to slash your own tires. Even if he hands you his pocket knife, even if he tells you it will make your car faster, if you slash your own tires then the kid causing the nuisance only shares the blame with you.

The distinction here is that the "virus" writers didn't actually damage anyone's machines directly, they just convinced people to do something stupid (downloading and installing software from an unknown source is stupid.) I have told people that Alt+F4 would fix their problems before, always as a joke, but if they were stupid enough to believe me then they should consider it a cheap education.

Still nags this lingering guilt, maybe I need to read BOFH again.