they must be a sad and twisted bunch really.
They’re typically young single punks with a desire for fame within their clique.
Like any group, there are the elite and the wanna-bes.
The brightest discover new holes and break them. The other 99% (called “Script Kiddies”) take tools written by others and run them without really knowing the technical details of what they’re doing.
There are little gangs of them, and in their attacks they generally flash virutal gang signs, with statements like “F— <hacker X>” and “Shoutz to <hacker Y>”
To date, there really haven’t been any serious theft-inclined viruses (at least not known). That surprises me and I’m sure we’ll see plenty of them sooner or later. For example, one could write a virus that doesn’t let you know you’re infected, doesn’t erase your hard disk, doesn’t give you a silly message about “shoutz to my peeps”, or other infantile stuff. Instead it sits quietly searching through text the user enters looking for credit card numbers, then sending them somewhere.
The other thing I think we’ll see soon is DOS as a form of social protest. Think of all the people who are willing to fly to a protest, and risk getting maced or go to jail just to protest say Nike. Now imagine if instead of that effort, all they had to do was run some app on their computer that would work in conjunction with a million other virtual protestors to bring down Nikes web site, online store and corporate connectivity. Scary stuff, I say.
A few predictions from your friendly paranoid.
Theft-inclined viruses aren’t really new. The VBS/LoveLetter vrius was written with the intent of stealing Internet accounts. Others are harder to determine the intent behind. If it logs every keystroke and sends it somewhere, you don’t know if they’re after credit card numbers, passwords, corporate secrets or what. The recent W32/Vote virus installs such a keylogger. So does W32/Badtrans. VBS/Funny steals UBS PIN numbers. W32/Leave was a money-making scam.
Please read this.
As far as viruses…nevermind.
Obviously the people who write viruses have never spent 30 hours straight cleaning them off of servers and workstations, restoring files from tape, etc. I think they must mostly be jobless punks who’ve never had a taste of the real world. You can vote on this issue at my poll at http://www.sexypcsuport.com
Mini biography of a virus writer.
I knew a guy who wrote several viruses, at least one well known one about 6 years ago. He was 28, worked at a restaraunt part time, and probably spent 40-50 hours a week on his computer.
His big computer hobby was operating system modification. He was constantly trying to write patches to make windows more efficent especially with regards to file handling. He was entirely self taught, no degree, no classes, lots of books. When I knew him he could write in 8-9 different computer languages.
He was a good looking guy. Tall, a little on the thin side, long curly hair, wore glasses. He started fiddling with virii because he was fascinated by the challenge. Writing a small, fast, sneaky virus is quite a feat.
AFAIK the original malicious use of one on his part was against a local BBS who the sysop kept “accidentally” deleting his accounts or failing to post payments, etc, etc because the sysops ex g/f was my friends current g/f. He wrote a flash bios virus that wrote copies of another separate virus to drives on the system and uploaded to that BBS it via a new account.
I have omitted names to protect the not so innocent.
Last I heard he was some kind of network admin for a university. I haven’t spoken to him in about 4 years.
A decent handful of virii were written by pissed-off programmers and originally aimed at one product or one distribution company that they believed had wronged them.
Another decent handful of virii were not intended to be malicious; they were intended to spread and then display some cute message or pull off a “harmless” trick at some future date. (However, many of these do minor damage to disk files or tie up network traffic even if they do little else).
Speaking for myself alone, I have often wondered what the employees of virus-cleaner-software manufacturers would do without viruses to clean/guard against.
Seems like the temptation to create new viruses would be way too hard to resist. Hmm?
Drachillex, I disagree with your statement that “Writing a small, fast, sneaky virus is quite a feat”. While it may be perceived that way by many, the truth is that any assembly language programmer had better be able to code a small sneaky virus, otherwise his/her skills are severely lacking. I personally have never coded a virus simply because of the opposite, that I would not find it to be much of an accomplishment when done (I also have a conscience that would prevent me from ever releasing a virus if I coded one, but the point is that I would never code one in the first place).
A virus isn’t rocket science. All you need is to find some piece of code that is going to be executed, hack in your own stuff, then have your code jump back to the original code when you are done. Obvious targets (where you know code will be executed) are the boot sector and the program entry point for any executable. For example, all you need to do to make a virus is find the entry point of the program in the program header, change it to point to your code (which you’ve conveniently just tacked on to the end of the file so it can’t even corrupt the executable), then at the end of your code, jump back to what was previously the program entry point. If your code copies itself to other executables using this method, then voila, you’ve created a virus. Now you add something for the virus to actually do, and you can create a stupid silly virus or a harmful virus. It’s just that simple.
I think the reason that a virus is perceived to be such a technical feat is that most programmers these days are higher level language programmers (like C++) and to them assembly language is complex and mysterious and not well understood.
I have a theory that some viruses are created by software companies, to discourage piracy - if the only programs you install on your computer are ones you bought and paid for and never download an executable from anywhere but an official site, you will never get a virus. If you start trading warez with friends and people on the internet, you WILL be exposed to a virus sooner or later.
engineer_comp_geek wrote
It is true that the majority of the viruses out there are very easy to write. Most of them are just .EXEs with messages that entice someone to run them. There’s no brillience there, for certain.
But a lot of the evil stuff written, especially worms require some deep understanding and real persistant beatings on products to discover their shortfalls. I’m in the security business and I work daily with vulnerabilities. Some of the techniques used are extremely clever. What made code red work for example is a vulnerability that reasonably made it past QA; it was such a small weird thing. Which makes it all the more amazing, realizing that some clown has spent day and night for weeks or longer working on something, with his only reward of getting press of how much destruction he’s caused.
Quite sad, really.
I think they come in many forms. People who like to get even, but more so people that like to show off and do something naughty yet not evil.
I mean you are attacking a machine not a person. (well you are too but you get the idea) It’s like taking a grape from the A&P, sure it IS stealing but it kind of isn’t and it’s more naughty. See.
Plus did you notice there is an insane curiosity to open the viruses.
For example I spent 4 days cleaning off the nimda off our companies computers. It is STILL on one somewhere (i’m not an MIS person, I just am helping out as he is only there one day a week) as our public drive keeps getting infected.
Yet I got call after call from employees HELP THE BUGS GOT ME!!!
We have McAfee so if you open the envelope a picture of a hand grabbing a bug comes up.
So I’m like I told you not to open the envelope just delete them.
So I think it plays on a lot of different levels.
My suspected profile of these F^%king LOSERS!!! They…
Care about no one but themselves.
Seek attention because they fear (or damn well know) that they’ll never get laid, married, or have friends for that matter (asside from their Mom that they will live with forever).
Walk amoungst us on occasion, & do so with their pasty, little faces turned down to the ground because they’re social morons.
Thanks for this link, I sincerely dislike these creeps & have lost money do to my computer being down because of them. I say we track them & break their bony little fingers.
UUUUUGGHHHHHH!!!
Maybe I’m just tired…
I’m a humble Visual Basic programmer, but I have to agree with an earlier post that points out that it’s not that difficult to write a virus. When the Melissa virus came out a while ago, I was able to look at the source code and realized I could write it. The source code behind other viruses I’ve seen has had derogatory comments about holes in Microsoft’s security and about ignorance, sort of a “Nyah, nyah, I got you!” The thing is, computer savvy people aren’t opening viruses; they’re just deleting the messages containing them, in my case with a look of contempt and disgust.
I have seen a lot of arrogance and a feeling of superiority towards people who use Microsoft products. To me, this is like a competitor in an Iron Man competition compared to a more ordinary type like me. While I may have the innate ability to do such a thing, I have chosen to spend my time and my life doing others (including trying to beautiful, elegant, user-friendly mini-applications). No, I can’t run a marathon or code a virus in C (yet). Can you sing the alto line of a madrigal or knit an Aran sweater?
I’m sorry. To me, people who write viruses are people who are desparate to prove their superiority to someone, and they don’t care how much damage they do in the process. They are no more than bullies and instead of inspiring awe, from me, they inspire only contempt. They destroy; the ones who really know what they’re doing create.
CJ Howorth
“We could be standin’ at the top of the world
Instead of sinkin’ further down in the mud.”
Meatloaf