ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Security

Security management Toolkit

Who writes viruses?

Scorp Tech Republic

Published: 25 Sep 2003 13:30 BST

Who takes the time and effort to pull off malicious stunts, like viruses, malware, worms, Trojans, or any other deliberately damaging actions? And why? After all, there are risks involved. Who are these people and what do they gain?

The common stereotype is a bored but brilliant teenager from a dysfunctional family. The very name "script kiddies" implies that. And the latest (as of this writing) virus writer caught seems to reflect that stereotype. Go to any news search engine and enter "Jeffrey Lee Parson" and there he is, the alleged author of a variant of the LovSan/Blaster worm. Yes, he's 18, probably smart, possibly maladjusted, and instead of writing an original chunk of code, he (allegedly) chose to modify an existing worm. Part of his (alleged) modification was to insert a backdoor Trojan to enable (in theory) the remote control of any infected box. His motive is at this time unclear -- the best current guess is that he merely wanted to prove that he could do it and gain some status or notoriety. He also left a clear trail back to himself as the author, which strikes the investigators who caught him as being careless.

One would think that anyone technically competent enough to modify code would have to have at least a basic understanding of how the Internet works.

The case of the "LovSan" worm
This cute little piece of prankishness in its original form contained the message: "Billy Gates, why do you make this possible? Stop making money and fix your software!"

This is ironic. The LovSan worm was so poorly written and executed as to be laughable. Not only did it announce its presence by causing spontaneous shutdowns (not an event that could be classified as "subtle"), but its payload -- supposed to be a Trojan that would launch a simultaneous DDoS attack on the Microsoft update site -- was a miserable failure. Not only was the embedded URL inaccurate (it "almost" led to a page that merely forwarded the visitor to the real page) but once alerted, Microsoft was able to disable the page long before any damage was done.

It's difficult to see just where this kind of stunt results in any accolades for the author. What presumably began as a grand scheme to "send a message" to Microsoft merely caused minor aggravation nearly everywhere else -- by any standard, that can't be rated as a "successful" exploit.

1 2 3 4

Did you find this article useful?
236 out of 445 people found this useful

Post a comment

Full Talkback thread

2 comments

Who are the only group to really benefit from Viru... Anonymous
As much as I agree, I dont think all Anti-Virus so... Anonymous2

More In Security management

Company/Topic Alerts

Create a new alert from the list below:

Featured Talkback

It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.