The Times: Op-ed - What makes a computer-virus writer?
Lonely nerds, greedy crooks, or just up for a challenge? The profile of a virus writer is more complex than the stereotypes suggest. By David Rowan
It would be discourteous not to thank all those Times readers who have been kindly e-mailing me this week enclosing "That movie", a "Wicked screensaver", their "Resume" or the joyous news that I had finally been "Approved". It is always exciting to find oneself a part of history, even if only as a passive recipient of the fastest-spreading computer virus yet monitored. Admittedly, the 176 copies of the new SoBig virus hitting the Rowan in-tray this week make me a bit-part player compared with the 23 million copies picked up by AOL since last Monday.
This week's fun with SoBig has been compounded by the arrival of the Welchia or Nachi worm, blamed for halting Air Canada's check-in system, Maryland commuter trains and a US Naval network, and the continuing chaos caused by the Slammer virus, which earlier this year crashed the computers at an Ohio nuclear plant. Surely this cannot all be the work of pimply adolescents who wreak electronic havoc as vengeance for their lack of girlfriends?
The truth is that this conventional stereotype is as useless as an unsolicited e-mail. Yes, the writers are typically computer-obsessed males aged 14 to 34 - but their reasons for infecting the electronic networks may range from ego and the lure of an intellectual challenge to a specific grudge or, increasingly, greed.
What worries security experts is the growing co-operation between virus writers and the "spam" industry, designed to use third-party computers - yours and mine - to relay their unsolicited e-mails and pornographic images for profit and to evade the law. Even though the anti-virus companies have still to isolate the source of the latest version of the SoBig virus - named SoBig.F, the sixth variation on a theme - there is a growing consensus that it is designed to distribute spam using "Trojan horse" software that can capture a victim's computer. A number of these hijacking programs have been used to relay messages via ordinary users' machines, with names such as Jeem and Proxy-Guzu. Other programs can log your every keystroke, sending your passwords and bank details back to the bad guys.
The world's vendors of anti-virus products - ever keen to terrify us into buying their products - have naturally been talking up the Trojan horse threat. They will no doubt bank a few million this weekend as panicking PC owners buy their software.
What is not being asked is why these companies - if they are so good at warning us of every minor threat - can't isolate the "big" threats at source. After all, you wouldn't expect to buy a new car, pay extra for reinforced bumpers, and then find your petrol tank supplying other cars with fuel, or your engine refusing to work. What is it about the low standards we expect from the computer industry?
Besides, it still isn't certain that SoBig is the work of malicious spammers. Why would a spammer rerelease over and over again a virus that slowed the internet and disabled users' machines? They certainly would not want to make people afraid to open an e-mail. But logic and virus writing are rarely synonymous.
What we do know about destructive coders is that, for all the stereotypes peddled about them, they are mostly well-adjusted and well-educated young people who simply relish a challenge. Sarah Gordon, a Florida-based researcher for the Symantec Antivirus Research Centre, who has come to know more virus writers than anyone, rejects the notion of a "virus writer psychology". Having interviewed perpetrators aged between 11 and their mid-fifties, she sees the only consistent characteristic as "a fundamental disconnect between virus writing and acknowledging the large-scale consequences of those actions". Many fail to understand the impact their creations will have, and mean no harm. The malicious writer, in fact, is a rarity.
It is too soon to know whether the SoBig creator is the most malevolent pornographer ever to go online, as the anti-virus firms' hype would have you believe, or simply a foolish and naive coder. All we know, from two decades of studies of virus writers, is that they act from a number of motives, whether to gain credibility in their underground communities, or, increasingly, to take a more private satisfaction from a challenge fulfilled. Often, they will pick on certain software products known to have a fault, and in particular those claiming to be secure (is it any wonder that Microsoft is the most frequent target?).
Others will simply want to achieve something that supposedly cannot be done - known in the business as "proof of concept" writing. That does not appear to be the case with the latest SoBig virus: a variation on an earlier creation, and with its own inbuilt switch-off date of September 10, it seems unlikely that it was designed either to show off a new technical trick or to reach an unlimited number of e-mail users. It is just a pity that the computing industry and its software vendors have not yet got around to fixing the flaws that gave its creator the opportunity.
Fortunately, human nature is often a more effective means of isolating coders than the anti-virus police. Many find it irresistible to boast about their work, whether online or in the virus code itself. Simon Vallor, the Welsh creator of the Gokar, Admirer and Redesi viruses, who was sent to jail last year, left a remarkable trail of boasts on his personal website.
This weekend, as you carefully clean out your e-mail inbox and back up your hard disk (what, you mean you still haven't?), reflect for a moment on why, in an era when we can clone babies and populate space stations, we still cannot protect our computer networks from the mischief or malevolence of a few loners. And then ask the people trying to sell you PCs and software why they still have not found a way to make them secure.
The author is The Times's technology columnist
(The Times, Comment page, August 23 2003)
It would be discourteous not to thank all those Times readers who have been kindly e-mailing me this week enclosing "That movie", a "Wicked screensaver", their "Resume" or the joyous news that I had finally been "Approved". It is always exciting to find oneself a part of history, even if only as a passive recipient of the fastest-spreading computer virus yet monitored. Admittedly, the 176 copies of the new SoBig virus hitting the Rowan in-tray this week make me a bit-part player compared with the 23 million copies picked up by AOL since last Monday.
This week's fun with SoBig has been compounded by the arrival of the Welchia or Nachi worm, blamed for halting Air Canada's check-in system, Maryland commuter trains and a US Naval network, and the continuing chaos caused by the Slammer virus, which earlier this year crashed the computers at an Ohio nuclear plant. Surely this cannot all be the work of pimply adolescents who wreak electronic havoc as vengeance for their lack of girlfriends?
The truth is that this conventional stereotype is as useless as an unsolicited e-mail. Yes, the writers are typically computer-obsessed males aged 14 to 34 - but their reasons for infecting the electronic networks may range from ego and the lure of an intellectual challenge to a specific grudge or, increasingly, greed.
What worries security experts is the growing co-operation between virus writers and the "spam" industry, designed to use third-party computers - yours and mine - to relay their unsolicited e-mails and pornographic images for profit and to evade the law. Even though the anti-virus companies have still to isolate the source of the latest version of the SoBig virus - named SoBig.F, the sixth variation on a theme - there is a growing consensus that it is designed to distribute spam using "Trojan horse" software that can capture a victim's computer. A number of these hijacking programs have been used to relay messages via ordinary users' machines, with names such as Jeem and Proxy-Guzu. Other programs can log your every keystroke, sending your passwords and bank details back to the bad guys.
The world's vendors of anti-virus products - ever keen to terrify us into buying their products - have naturally been talking up the Trojan horse threat. They will no doubt bank a few million this weekend as panicking PC owners buy their software.
What is not being asked is why these companies - if they are so good at warning us of every minor threat - can't isolate the "big" threats at source. After all, you wouldn't expect to buy a new car, pay extra for reinforced bumpers, and then find your petrol tank supplying other cars with fuel, or your engine refusing to work. What is it about the low standards we expect from the computer industry?
Besides, it still isn't certain that SoBig is the work of malicious spammers. Why would a spammer rerelease over and over again a virus that slowed the internet and disabled users' machines? They certainly would not want to make people afraid to open an e-mail. But logic and virus writing are rarely synonymous.
What we do know about destructive coders is that, for all the stereotypes peddled about them, they are mostly well-adjusted and well-educated young people who simply relish a challenge. Sarah Gordon, a Florida-based researcher for the Symantec Antivirus Research Centre, who has come to know more virus writers than anyone, rejects the notion of a "virus writer psychology". Having interviewed perpetrators aged between 11 and their mid-fifties, she sees the only consistent characteristic as "a fundamental disconnect between virus writing and acknowledging the large-scale consequences of those actions". Many fail to understand the impact their creations will have, and mean no harm. The malicious writer, in fact, is a rarity.
It is too soon to know whether the SoBig creator is the most malevolent pornographer ever to go online, as the anti-virus firms' hype would have you believe, or simply a foolish and naive coder. All we know, from two decades of studies of virus writers, is that they act from a number of motives, whether to gain credibility in their underground communities, or, increasingly, to take a more private satisfaction from a challenge fulfilled. Often, they will pick on certain software products known to have a fault, and in particular those claiming to be secure (is it any wonder that Microsoft is the most frequent target?).
Others will simply want to achieve something that supposedly cannot be done - known in the business as "proof of concept" writing. That does not appear to be the case with the latest SoBig virus: a variation on an earlier creation, and with its own inbuilt switch-off date of September 10, it seems unlikely that it was designed either to show off a new technical trick or to reach an unlimited number of e-mail users. It is just a pity that the computing industry and its software vendors have not yet got around to fixing the flaws that gave its creator the opportunity.
Fortunately, human nature is often a more effective means of isolating coders than the anti-virus police. Many find it irresistible to boast about their work, whether online or in the virus code itself. Simon Vallor, the Welsh creator of the Gokar, Admirer and Redesi viruses, who was sent to jail last year, left a remarkable trail of boasts on his personal website.
This weekend, as you carefully clean out your e-mail inbox and back up your hard disk (what, you mean you still haven't?), reflect for a moment on why, in an era when we can clone babies and populate space stations, we still cannot protect our computer networks from the mischief or malevolence of a few loners. And then ask the people trying to sell you PCs and software why they still have not found a way to make them secure.
The author is The Times's technology columnist
(The Times, Comment page, August 23 2003)
<< Home