Who writes viruses?
Scorp
Published: 25 Sep 2003 13:30 BST
Who takes the time and effort to pull off malicious stunts, like viruses, malware, worms, Trojans, or any other deliberately damaging actions? And why? After all, there are risks involved. Who are these people and what do they gain?
The common stereotype is a bored but brilliant teenager from a dysfunctional family. The very name "script kiddies" implies that. And the latest (as of this writing) virus writer caught seems to reflect that stereotype. Go to any news search engine and enter "Jeffrey Lee Parson" and there he is, the alleged author of a variant of the LovSan/Blaster worm. Yes, he's 18, probably smart, possibly maladjusted, and instead of writing an original chunk of code, he (allegedly) chose to modify an existing worm. Part of his (alleged) modification was to insert a backdoor Trojan to enable (in theory) the remote control of any infected box. His motive is at this time unclear -- the best current guess is that he merely wanted to prove that he could do it and gain some status or notoriety. He also left a clear trail back to himself as the author, which strikes the investigators who caught him as being careless.
One would think that anyone technically competent enough to modify code would have to have at least a basic understanding of how the Internet works.
The case of the "LovSan" worm
This cute little piece of prankishness in its original form contained the message:
"Billy Gates, why do you make this possible? Stop making money and fix your software!"
This is ironic. The LovSan worm was so poorly written and executed as to be laughable. Not only did it announce its presence by causing spontaneous shutdowns (not an event that could be classified as "subtle"), but its payload -- supposed to be a Trojan that would launch a simultaneous DDoS attack on the Microsoft update site -- was a miserable failure. Not only was the embedded URL inaccurate (it "almost" led to a page that merely forwarded the visitor to the real page) but once alerted, Microsoft was able to disable the page long before any damage was done.
It's difficult to see just where this kind of stunt results in any accolades for the author. What presumably began as a grand scheme to "send a message" to Microsoft merely caused minor aggravation nearly everywhere else -- by any standard, that can't be rated as a "successful" exploit.
Previous
Did you find this article useful?
230 out of 437 people found this useful
- Share this article:
Full Talkback thread
2 comments
