The Landscape of Virus Writers

Initially, the virus writers among the programmers and hackers were hobbyists – or those engaged in research (though perhaps misguided or misapplied). Sometimes – or perhaps all the time – viruses would escape from their hosts and get sent into the wild.

One of the oldest had to do with the original game of Adventure: so many people wanted to play it, that it was decided in the local environment to automatically replicate Adventure on the user’s local machine before running. It was so wildly successful that it was everywhere – and then the counter-virus was written that would delete a copy of Adventure if the user no longer wanted it. (I’ll be durned if I can actually back up that story…. my memory doesn’t go back that far…)

Now it has been reported by The Register (and noted by darknet.org.uk and TrendLabs Malware Blog) that the virus writing club 29A is disbanding. Most virus writing groups of the past have been the equivalent of spray painters painting a building – or those that try to see how many places they can go in a building (building hackers?). Money was not the objective – prestige, honor, and popularity were all part of it.

Now with the demise of 29A, and the newly reported fact that adware has surpassed viruses as the largest current threat, it is becoming clear that the typical virus writer is changing – becoming more interested in profit and extortion.

Is this a fact worth bemoaning? Before, virus writers just wanted to wipe out a system – or propogate the virus as widely as possible. Now writers want to put the system into a botnet or to extort money from the owner. Which is better?

The hacker ethic states that you do no damage to a system. The earliest virus writers did their best to follow this – but virus writers haven’t followed that rule for many years.

It doesn’t make one sleep any easier at night knowing viruses are now the domain of the extortionist and not the spraypainter….

All I know is, I’ll spend whatever time and effort I can to keep them out. A production system cannot go down due to a virus, no matter if it is malignant or not.

One thought on “The Landscape of Virus Writers”

  1. For years I was on the anti-spam team for Sprint Nextel’s production network. That is, we protected Sprint Nextel’s customers, not Sprint Nextel’s employees. During that time we trialed Microsoft’s Hosted Spam Protection, ala bigfish.com, but eventually went with Ironport appliances that also strip off virus ridden email. I only bring this up, because when I was in San Bruno meeting with Ironport’s senior IT guys, they described to me exactly the same thing you’re writing about.

    The environment has changed. We will some day look back to the early days of virus authoring and probably even spyware authoring as just a bunch of pranksters playing around. Kids flexing their IT muscles because their professors couldn’t challenge them with a lab big enough or a problem complex enough. I already tell stories of the early days when Cult of the Dead Cow were spoofing everyone with their Pave The Planet movement.

    The current threats are people who are working for organized crime syndicates around the world. Some of them run their own DNS servers, some of them own whole blocks of IP ranges and they are all just looking for straight out money.

    Unfortunately, until identity theft, online extortion and destruction of intellectual property is perceived by law enforcement as actual crimes, then we’re all stuck in a reactive mode. Yes, some of the spam kings are getting big sentences when they rarely find them, but law enforcement really needs to start taking these things seriously. As do insurance companies. If my computer was destroyed by a virus today, it would take around $500 worth of my time to get it back up and running. If my identity was stolen I could easily lose ten’s of thousands of dollars in real money, lower credit scores and problems with future employment. But if I filed a report with the FBI, I’m not very sure that they would take it seriously. And if I filed the report with my insurance I believe I’d have a very hard time justifying the amounts of legitimate damage to them.

    I must also concur with the ending to your article. While I am concerned about the security of my personal information I am much more concerned about my responsibility as a Systems Integrator. I have an obligation to the people within my organization and to the people my organization serves to protect their information with all the tools available to me. I can’t fix law enforcement or insurance problems but I can design correctly, publicly advocate better policies and protect my end users from these criminals.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: