The Virus Underground

[InfoSec News <isn () c4i org>]

Forwarded from: Brian Reilly <reillyb () georgetown edu>

http://www.nytimes.com/2004/02/08/magazine/08WORMS.html

The New York Times Magazine
February 8, 2004
By CLIVE THOMPSON

This is how easy it has become.

Mario stubs out his cigarette and sits down at the desk in his
bedroom. He pops into his laptop the CD of Iron Maiden's ''Number of
the Beast,'' his latest favorite album. ''I really like it,'' he says.
''My girlfriend bought it for me.'' He gestures to the 15-year-old
girl with straight dark hair lounging on his neatly made bed, and she
throws back a shy smile. Mario, 16, is a secondary-school student in a
small town in the foothills of southern Austria. (He didn't want me to
use his last name.) His shiny shoulder-length hair covers half his
face and his sleepy green eyes, making him look like a very young,
languid Mick Jagger. On his wall he has an enormous poster of Anna
Kournikova -- which, he admits sheepishly, his girlfriend is not
thrilled about. Downstairs, his mother is cleaning up after dinner.
She isn't thrilled these days, either. But what bothers her isn't
Mario's poster. It's his hobby.

When Mario is bored -- and out here in the countryside, surrounded by
soaring snowcapped mountains and little else, he's bored a lot -- he
likes to sit at his laptop and create computer viruses and worms.
Online, he goes by the name Second Part to Hell, and he has written
more than 150 examples of what computer experts call ''malware'': tiny
programs that exist solely to self-replicate, infecting computers
hooked up to the Internet. Sometimes these programs cause damage, and
sometimes they don't. Mario says he prefers to create viruses that
don't intentionally wreck data, because simple destruction is too
easy. ''Anyone can rewrite a hard drive with one or two lines of
code,'' he says. ''It makes no sense. It's really lame.'' Besides
which, it's mean, he says, and he likes to be friendly.

But still -- just to see if he could do it -- a year ago he created a
rather dangerous tool: a program that autogenerates viruses. It's
called a Batch Trojan Generator, and anyone can download it freely
from Mario's Web site. With a few simple mouse clicks, you can use the
tool to create your own malicious ''Trojan horse.'' Like its ancient
namesake, a Trojan virus arrives in someone's e-mail looking like a
gift, a JPEG picture or a video, for example, but actually bearing
dangerous cargo.

Mario starts up the tool to show me how it works. A little box appears
on his laptop screen, politely asking me to name my Trojan. I call it
the ''Clive'' virus. Then it asks me what I'd like the virus to do.
Shall the Trojan Horse format drive C:? Yes, I click. Shall the Trojan
Horse overwrite every file? Yes. It asks me if I'd like to have the
virus activate the next time the computer is restarted, and I say yes
again.

Then it's done. The generator spits out the virus onto Mario's hard
drive, a tiny 3k file. Mario's generator also displays a stern notice
warning that spreading your creation is illegal. The generator, he
says, is just for educational purposes, a way to help curious
programmers learn how Trojans work.

But of course I could ignore that advice. I could give this virus an
enticing name, like ''britney--spears--wedding--clip.mpeg,'' to fool
people into thinking it's a video. If I were to e-mail it to a victim,
and if he clicked on it -- and didn't have up-to-date antivirus
software, which many people don't -- then disaster would strike his
computer. The virus would activate. It would quietly reach into the
victim's Microsoft Windows operating system and insert new commands
telling the computer to erase its own hard drive. The next time the
victim started up his computer, the machine would find those new
commands, assume they were part of the normal Windows operating system
and guilelessly follow them. Poof: everything on his hard drive would
vanish -- e-mail, pictures, documents, games.

I've never contemplated writing a virus before. Even if I had, I
wouldn't have known how to do it. But thanks to a teenager in Austria,
it took me less than a minute to master the art.

Mario drags the virus over to the trash bin on his computer's desktop
and discards it. ''I don't think we should touch that,'' he says
hastily.


[...]




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.