Information Security News mailing list archives
Oh, Those Clumsy Anna Copycats
From: InfoSec News <isn () C4I ORG>
Date: Mon, 26 Feb 2001 18:25:28 -0600
http://www.wired.com/news/culture/0,1284,41947,00.html by Michelle Delio 2:00 a.m. Feb. 23, 2001 PST The Anna Kournikova worm may have infected more people than it did computers. Since Anna made the rounds, it certainly seems as if a lot of humans' hard drives have been attacked by some kind of brain-sucking ailment. Novice crackers are frantically trying their hands at copycat virus creation and failing miserably -- but that was to be expected. Other people - politicians, public relations pros, pundits, and yes - even a certain tennis player, are all reacting to the Anna virus in increasingly odd and silly ways. Take the mayor of the town where Anna's creator lives -- Sneek, Holland -- alsjeblieft. According to local papers, Mayor Sieboldt Hartkamp was so pleased with the attention the virus brought that he told Onthefly, the virus writer promptly arrested for his actions, to come in for "a serious interview" once he has completed college. Hartkamp thinks that Onthefly would be the perfect person to put in charge of the town's computer systems. Kournikova wants in on the action, too. Her official website is plastered with perky mentions of the virus, and a banner declares that the site offers the "best Kournikova photos available without trashing your hard drive." Kournikova's site also shared all the juicy details of the virus, in a story rather gleefully titled, "Many People Want To See Anna -- How Anna Kournikova Photos Are Destroying The World's Computers!" Some wonder whether paying so much attention to viruses and their writers will encourage other kids to write viruses. Australian Internet users were spammed last weekend with a copycat worm that was created using the same kit that Onthefly used to cobble together Anna. The e-mail's headers -- cleverly titled "virus warning!!!" -- were carefully faked to look as if the warning came from antiviral software maker Symantec. The e-mail contained an official-sounding warning and an attachment that claimed to be the fix for the virus. But the virus writer stumbled and somehow sent out only the raw virus code in the attachment, instead of compiling it into an active Visual Basic Script that could have spewed the worm merrily across worldwide networks. Another wannabe cracker posted a file purported to be an interview with Onthefly in the alt.comp.virus.source.code newsgroup on Tuesday. The file was actually a VBS script containing a virus, something that the members of the newsgroup -- many of whom seriously study viruses -- didn't have a hard time figuring out. "We are going to be pelted now with these little baby efforts to bring down the Internet," one regular poster said to the group. "Kids who think they are elite hackers are gonna be crawling out of the woodwork for the next few weeks and annoying the hell out of everyone with their cute little stunts. But we'll whack them with our Onthefly swatter." Seemingly ripe for a firm swatting is "Disturbing The Peace," an obscure band from St. Louis that sent out e-mail messages from a fake security firm last week. The e-mails blared the news that an unknown group of terrorists had snagged something called "the New Ice Age virus" from the U.S. government's "information warfare laboratory." The only way to stop the virus was to visit a Web page that turned out to contain information about the band's new album. The stunt failed, though, as virus-weary users failed to pass the frantic e-mail along to everyone in their address book. Rob Rosenberger, webmaster of the Virus Myths site, said that only 25 people received the Ice Age e-mail. But some crackers who have caused real problems by distributing actual viruses have been richly rewarded for their efforts. Onel de Guzman, the writer of the LoveBug, a worm that ravaged networks last year, has become a national celebrity in the Philippines and received many job offers from security firms. So did Chen Ing-hau, the author of the data-munching Chernobyl virus, who also has been deluged with job offers from software and security firms. But none of the recent worms are examples of sophisticated programming, say many security experts who believe that the worm's authors were more skilled at psychology than they were at programming. "Most users are impressed by virus writers because they don't know anything about it," said Ken Dunham of Security Portal. Sneek's mayor was quoted by the press as saying, "It is obvious that the young man is very capable and it is in our interest to employ people like him in our IT department." "How is Onthefly very capable?" wondered Dunham. "All he managed to do was to find a virus site, download a program, and use his mouse to create a worm in a matter of minutes. Seems to me that I can find a lot of 10-year-olds with better ethics and upbringing to do the same thing." Some security experts urge harsh sentences and a ban on hiring crackers. "Hiring authors of malware that have been distributed into the wild is a bad idea," Dunham said. "The mayor of Sneek has disgraced his community with his public remarks, expressing an interest in hiring Onthefly. It appears that some people, including the mayor of Sneek, will do anything for media exposure." Others agree that most virus writers should not be lauded, but say that exceptions should be made in some cases. Rosenberger believes that anyone who ever released a virus into the wild -- hoping it would spread and do harm -- should never be hired to do computer work. "It only encourages others who suffer from narcissistic personality disorder," said Rosenberger. "End of discussion." But Rosenberger believes that those who work on "unsupervised research" in their spare time to "advance the state of the art," and who "might distribute copies to others who also seek to advance the state of the art, even if they perhaps distribute their experiments via open-access websites," should not automatically be assumed to be evil. And Rosenberger wonders -- since some antiviral firms "publicly divulge security flaws and even occasionally release proof-of-concept exploits for publicity purposes" then why aren't individuals encouraged to do this as well? "Why do we accept this kind of behavior at the corporate level if we don't accept it at the personal level?" Rosenberger asked. "And if we do accept it at the corporate level, do we accept it simply because the company sells a product we want? The answer to these questions should guide your hiring decisions." Rosenberger is himself no stranger when it comes to advancing the "state of the art." He once spent two years on a pet project documenting ways to attack corporate networks by exploiting flaws in antiviral software. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Oh, Those Clumsy Anna Copycats InfoSec News (Feb 26)