[ISN] The Virus Underground

From: InfoSec News (isn@private)
Date: Tue Feb 10 2004 - 03:20:54 PST

  • Next message: InfoSec News: "Re: [ISN] .zip files putting the zap on antivirus products"

    Forwarded from: Brian Reilly <reillyb@private>
    
    http://www.nytimes.com/2004/02/08/magazine/08WORMS.html
    
    The New York Times Magazine
    February 8, 2004
    By CLIVE THOMPSON
    
    This is how easy it has become.
    
    Mario stubs out his cigarette and sits down at the desk in his
    bedroom. He pops into his laptop the CD of Iron Maiden's ''Number of
    the Beast,'' his latest favorite album. ''I really like it,'' he says.
    ''My girlfriend bought it for me.'' He gestures to the 15-year-old
    girl with straight dark hair lounging on his neatly made bed, and she
    throws back a shy smile. Mario, 16, is a secondary-school student in a
    small town in the foothills of southern Austria. (He didn't want me to
    use his last name.) His shiny shoulder-length hair covers half his
    face and his sleepy green eyes, making him look like a very young,
    languid Mick Jagger. On his wall he has an enormous poster of Anna
    Kournikova -- which, he admits sheepishly, his girlfriend is not
    thrilled about. Downstairs, his mother is cleaning up after dinner.
    She isn't thrilled these days, either. But what bothers her isn't
    Mario's poster. It's his hobby.
    
    When Mario is bored -- and out here in the countryside, surrounded by
    soaring snowcapped mountains and little else, he's bored a lot -- he
    likes to sit at his laptop and create computer viruses and worms.
    Online, he goes by the name Second Part to Hell, and he has written
    more than 150 examples of what computer experts call ''malware'': tiny
    programs that exist solely to self-replicate, infecting computers
    hooked up to the Internet. Sometimes these programs cause damage, and
    sometimes they don't. Mario says he prefers to create viruses that
    don't intentionally wreck data, because simple destruction is too
    easy. ''Anyone can rewrite a hard drive with one or two lines of
    code,'' he says. ''It makes no sense. It's really lame.'' Besides
    which, it's mean, he says, and he likes to be friendly.
    
    But still -- just to see if he could do it -- a year ago he created a
    rather dangerous tool: a program that autogenerates viruses. It's
    called a Batch Trojan Generator, and anyone can download it freely
    from Mario's Web site. With a few simple mouse clicks, you can use the
    tool to create your own malicious ''Trojan horse.'' Like its ancient
    namesake, a Trojan virus arrives in someone's e-mail looking like a
    gift, a JPEG picture or a video, for example, but actually bearing
    dangerous cargo.
    
    Mario starts up the tool to show me how it works. A little box appears
    on his laptop screen, politely asking me to name my Trojan. I call it
    the ''Clive'' virus. Then it asks me what I'd like the virus to do.
    Shall the Trojan Horse format drive C:? Yes, I click. Shall the Trojan
    Horse overwrite every file? Yes. It asks me if I'd like to have the
    virus activate the next time the computer is restarted, and I say yes
    again.
    
    Then it's done. The generator spits out the virus onto Mario's hard
    drive, a tiny 3k file. Mario's generator also displays a stern notice
    warning that spreading your creation is illegal. The generator, he
    says, is just for educational purposes, a way to help curious
    programmers learn how Trojans work.
    
    But of course I could ignore that advice. I could give this virus an
    enticing name, like ''britney--spears--wedding--clip.mpeg,'' to fool
    people into thinking it's a video. If I were to e-mail it to a victim,
    and if he clicked on it -- and didn't have up-to-date antivirus
    software, which many people don't -- then disaster would strike his
    computer. The virus would activate. It would quietly reach into the
    victim's Microsoft Windows operating system and insert new commands
    telling the computer to erase its own hard drive. The next time the
    victim started up his computer, the machine would find those new
    commands, assume they were part of the normal Windows operating system
    and guilelessly follow them. Poof: everything on his hard drive would
    vanish -- e-mail, pictures, documents, games.
    
    I've never contemplated writing a virus before. Even if I had, I
    wouldn't have known how to do it. But thanks to a teenager in Austria,
    it took me less than a minute to master the art.
    
    Mario drags the virus over to the trash bin on his computer's desktop
    and discards it. ''I don't think we should touch that,'' he says
    hastily.
    
    
    [...]
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Feb 10 2004 - 06:07:16 PST