To all virus writers.
bothered
Manchester UK
I have been reading about the Sasser worm that's currently causing a lot of hassle for a lot of people. Who ever writes this crap STOP IT. What does anybody get from causing all this nonsense? I must assume they have some brain cells that actually work but they must be somehow defective. I don't suppose any of them would come here as normal, grown up people probably scare them but if they do, Stop it now, you are a moron, get help, we're not impressed, get a life you sad sad halfwits. 
:banghead:
There, I feel better already.
:banghead:There, I feel better already.
0
Comments
Yeah you people suck at life.
Or is it more the man/sports car theory? Worse the worm, smaller the "worm"?!
Yes I think they are trying to compensate for something as you suggest.
cough!
Be-Have!
Virus writers want this reaction. Virus writers typically fall into more than one of three classes of personality subclass:
They want revenge on someone, or one class of computer users, and know that that person or class has or is demonstably likely to have a computer or computers vulnerable to this attack form.
They have available to them info that lets them use modules that can be modified to experimentally hone attacks by fixing things that do not work -- thus small groups of virus writers are forming, that share attack code and are willing to work and share how to hone attacks with new varinats based on code they wrote together.
Second, and I hate to say this, but virus writers tend to be power-trippers as well as wanting revenge. Sex per se does not give a prediliction to virus writing or war even, but power tripping and revenge wanting DOES.
They are using virtualized routing power trip fulfillment to overwhelm others, and as with soldiers that follow generals' orders, they write things that hit lots of innocents.
Third, due to the web's openness and complexity, it is hard to track these folks easily. Thus, they can get semi-anonymous revenge on perceived enemies.
They are folks that are not satisifed with how they are being treated by persons or a class of persons. could be race, could be sex, could be groups or individuals that they feel are stepping on them unjustly.
Fourth, the web has an underground that is large-sized. Think gaming clans with virus attacking as the game. there are restrcited access sites that are often anonymized and spoofed as to real intent that pass this info, underground mail servers or MAil Transfer Agent relays used to pass info, and that inof is often key encrypted which makes it hard to break the conversations.
The only way I know for this to be stopped is by force-applied measures and by fast knowledge passing of threats to public. Part of teh answer will be ISPs that work with vendors interactively and keep AV running on email, as LOTS fo these threats are email-vectored for spreading or partly so for initial spread followed by trojan spread followup attacks.
Part of the problem with the wild web is that things can go so many ways that it is dang hard to get problem "bad apples" isolated. Part of the problem is that gaming very often gets one an attitiude of personal power fulfillment needs that can be expressed with viral attacks by those who get harrassed when trying to communicate those needs-- mathematicians and authors tend to be differnt people, and viruses are targeted algorithmic expresssions. Those who are good at code tend to be not too good with words of common sorts, or of translating code to words that communicate feeling.
Part of the other porblem right now with teh climate of tech is the opposition of "suits" to "hackers." Hackers who have lived in the climate of penetration can, if switched to "white-hat" side, be the best hunters of such folks who ARE active. Nitnick is an example of a hacker turned "black-hat" hunter. He is so dang good because he knows what to do to find because he has been on the other side. The problem is, a better power trip message has to be sent to these folks, and the greed of anting to have AND getting free revenge with relative anonymity has to be countered.
A new breed of heavy duty, experienced coder is coming into play in IT. Those who know how to do can counter, and folks are willing to pay a lot for that career skill set these days. It can be a power trip to get hackers exposed. And for folks who might not have learned other ways to be satisifed, the power trip might be their prime satisfaction getter.
It is not hard to break into the lower and more open parts of teh underground, it is hard to appear to have the attitude inherent in monitoring that community by thoroughly penetrating it unless you understand the psyches of the denizens of the underground and their philosophies.
I am not saying that gaming is bad, far from it, but I am saying that the attitude that gaming can introduce into minds, if the gaming becomes an obsession, can result in bad things gradually happening to that person by gettign pulled into the arena of extreme powertripping virtually. Ironnically, some of the folks that make the most money in IT, have been at least to some extent, part of one or mre layers of the underground.
They need to live, they can make lots of money recovering and preventing client box or LAN infections. Proof, however, is still in the pudding, or how effective folks are at finding the holes, and using them or closing them. Hacker's resumes' are what they have DONE, experiential resumes'. They are virtual street and jungle fighters who fight with code.
John D.
Uhm, any way I can fix this?
It has only gotten worse as more and more people try to use the internet for commerce...
I think that we have to keep it in perspective really... if you don't want to risk a virus then abstenance is the only sure way of avoiding them... :grin
"g"
Years ago I got a recall notice from GM telling me that there may be a fault with the bolts holding my seat belts to the car. I called the dealer, made an appointment, and had the bolts replaced in about ten minutes at no charge. Had I been like some computer users I guess I would have:
A) Driven recklessly
B) Had an accident and gone through the windshield
C) Griped about GM's crummy cars
Patch your systems, folks!
But to do so would mean to admit to personal responsibility. It's far easier to gripe about programmers and whine when the virus gets them.
It's like the McDonald's coffee....coffee is hot?? I shouldn't put it in my lap?
Perhaps someone should create a Darwin Award-esque page to post about those that don't protect their own computers...
A good observation, I think you're probably correct.
Virus writers? Rebels without a cause, imo. So, they're opting out of society, in their own eyes, and rebelling. They cause untold misery.
Trouble is, they don't get much credit for it, do they?
Except for those pathetic clandestine sites where they gather and pat each other on the back.
And they probably all converse in script kiddy talk. Maybe they'll get a pat on the back from maybe twenty other sad individuals and maybe they'll make the National News on TV, Radio or The Net.
Total bunch of tossers and losers.
I have a mental image of a virus writer, maybe I'm wrong, maybe I'm right, I dunno.
Probably adolescent, spotty, possibly a metal fan, wears black, considers themself hard done by & misunderstood, likes to prove their worth by spending hours and hours writing code in a darkened room drinking Diet Coke; is definitely not getting any and is jealous of their peers for regularly getting laid; sucks at sport in school/college; in other words, a complete and utter wanker.
I don't know what the answer is, but if ever I had the good fortune to meet one face to face, I'd hurt them. A lot. And probably feel quite good about it.
And yeah, is everybody stupid or what? Microsoft may be the Anti-Christ in lots of people's eyes, but at least they try and stay ahead of all the problems caused by the original faults in their OS coding. Update. Simple, really.
And use AV.
Yeah, the underground has become a partly clannically organized semi-anarchistic subculture in a sense.
John D.
Vote two for this to be a QOTD.
Nice accurate chunking of a message that NEVER is out of date. The nice thing, is lots of the tiny pinpoint patches CAN be uninstalled or rolled back.
The cumulatives are those that have proven to break fewest boxes.
BUT, part of the reason that lots of the viruses are for Windows boxes is that lots of folks dislike the windows culture and dislike being told that want works for them is "wrong." Second, folks who use some of the alternatives, actively and openly discuss code as part of teh alternative O\S culture, and some things are not said about these O\Ss that would let folks find holes. in many cases, these very things are so different that it is harder to find them, or the alternative culture has led to the patches being applied before the virus writers can get code out that really successfully exploits them in amjorit yof cases. widnwos is so mature that many holes are being found faster and faster. Some code was leaked into the underground, and the LSASS adn SSL ones were part of that code. So in this present time, the message is hyper-important especially for those with NT based O\Ss.
BUT, I found new patches for 98 SE things for my mother's box today that were not there a week and a half ago, even older O\Ss are getting patches for them to fix holes still in them. Mom is used to 98 SE now, and XP's choices are beyond her skills. She neither wants the bells and whistles that XP has builtin nor wants the expense of upgrading her machine to handle a more complex to her XP. She is happy to have her box do what she wants to with it. So I patch it for her.
Microsoft took years to patch a hole that had to do with type recognition in its browser, and that hole is only partially fixed. OTOH, Linux admins do not always patch their boxes either, fro similar reasons-- one persons box's perfect fix can be another persons box's dependency hell causer.
Same is true with Windows boxes. But, here, we have to conquer fear and educate, that is one reason for the security area in Microsoft. One reason the fixers are available is that the best running desktop AV for linux also was dang good for Widnwos boxes-- Microsoft bought all that tech lock stock and barrel from one company (not all AV tech, but some VERY good AV tech), and the devs for it work for Microsoft for the most part. Microsoft gets virus remover making capability inhouse and security analysis ability inhouse as a result, and for a long time they did not have that inhouse to a great degree-- since to Microsoft, inhouse can now be worldwide, that is hyper-true. They are also buying and sponsoring cross-platform development now. Aggregately, all the alternatives to Windows have made that needful for Microsoft to keep making good profits over the five to ten year time span from now into the future.
John D.
Or, give them required minimum performance community service jobs (say ten boxes a day each, minimum)cleaning viruses off of computers.... Let them see how hard that can be, without wiping and reloading, in some cases.... Then, take the best performers, put them to work securing networks against viruses.... And get them some counselling as a side benefit. Take the best coders, teach them heuristics coding, get them jobs coding suspicious things detection by what the things do.... Adam Mitnick's deal with the government was that he help clean up computer messes instead of making them, in partial recompense for the innocents who suffered because of what some folks did with his information and how he got it....
Those who cannot perform, get root jails with patch test software in them to play with and in, on honeypots, so we can study how they decide to write this stuff.... Then we build thier behavior into AV and HJT and Adaware heuristics.... Hint, this is already being done, though not publicly....
Add to that a semi-centralized reception neural network where suspicious things are autosubmitted by paid users boxes' AV software, for fast and accurate assessment of virus hits and new virus detection in closer to real time. Some Av software folks have this kind of thing in test at enterprise level, the receiving boxes do not run the viruses submitted and by nature of the O\Ss used deliberately cannot do so, but the viruses are studied on boxes with speciimen installs fo O\Ss that do get compromised adn are reinstalled on same box legally from images of original uninfected complete setup install package with firewalls to ID ports used, and AV to test the AV heuristics against new software....
What we have right now are sentinel boxes, mostly sponsored by governemnts and virus info services, and those who are morally white hats who study the malware software coming in and assess and share info gained by having anonymous sentinels up. Kind of like what the Florida Dept of Agriculture and the USDA are doign here to find Citrus Canker outbreaks, our Grapefruit tree is a sentinel tree whihc is examined on a schedule for citrus canker. Do that kind of thing with anonymous boxes scattered in a gridded neural-network reporting scheme over the globe to localize propagation by region.
I would let the CERTs uber-coordinate this, myself. Let those who want careers as white hat malware prevention folks beta test patches in honeypots.... Work\study kind of thing.... In other words, war quitely on hackers of black-hat kind, publicize that this is done, and use study sentinel boxes to localize where the viruses are coming from so the folks making them do get located and caught. Make a law that all ISPs have a few such hooked to reporting grid, with random customer IPs assigned to them and tracked with DHCP logging by MAC (IPV6)....
In other words, limited and controlled war.... Part of the problem is that the user taxes are too high, get the universities that have advanced computer security study programs to provide hands on study and fighting training in real world and provide data in an organized fashion to computer security folks, by also putting up timestamp and IP logging of email and have them gridded over the world and integrated in with ISP and governement spoinsored sentinels. Lets make it harder to be virus writers who are anonymous, strip the anonymity veils by localizing and mapping virus spreads....
If you folks want to see something interesting, Google Internet +Storm +Center....
John D.
Dexter...