Print
Close Window
From: www.itworld.com
What Makes Johnny (and Janey) Write Viruses?
May 16, 2001 —
The friends and business colleagues who send you the likes of the
unloving LoveLetter virus attachments and other unpleasant e-mail surprises are
unwitting messengers, of course. Who's really responsible for computer viruses?
And what's their motivation, anyway?
The popular perception of virus writer as a dysfunctional, pasty-faced
teenager with no girlfriend and no life, who taps out malicious code to a
backbeat of trance music, is too pat and not accurate, says Sarah Gordon, a
researcher at IBM's Thomas J. Watson Center who has been profiling virus
writers since 1992.
Gordon became curious about viruses when she found one in a
shrink-wrapped software package years ago. She recently published a survey about the effect of antivirus legislation on virus writers.
"Most virus coders are well-adjusted youths who have normal
relationships with their family and friends and intend no real harm with the
viruses they write," she says.
One such subject agrees.
"Most virus writers I know have girlfriends or are married," says
"Doctor Owl," a 20-year-old virus writer. "I don't think we're different than
anyone else."
Gordon has interviewed more than 100 virus writers since first visiting
virus Web sites and chat rooms almost ten years ago in an attempt to understand
the community. One writer even dedicated one of his creations to her.
The image of the virus writer as an angry social malcontent bent on
destruction is generally wrong, Gordon says. Most -- especially the
teenagers -- code for thrills and are often disconnected from the reality of what
their creations can do, she says.
"They don't believe that their code can actually hurt anyone," Gordon
says. It's actually a normal level of ethical development for their age group,
she adds. "Most teenagers don't really think about the effect their actions
will have on other people."
The community harbors a few malcontents, but virus writers come from all
ages, backgrounds, countries, and skill levels, with varying motivations and
intents. They are teenagers and college students and middle-aged professionals,
Gordon says. Some are female.
Virus Writing: Entry to the Underground
Virus writers are at the bottom of the distinct hierarchy in the
computing underground, which places hackers at the top of the pyramid. Most
hackers, even those who once wrote viruses, disdain the inferior skills of
virus writers, especially the newbies or "script kiddies" who trade on already
written exploits or put together a simple macro. "There's very little
originality among virus writers today," Gordon says.
Virus writers are the wild, unpredictable younger siblings whose
unleashed programs are uncontrollable. Hacking involves different, refined
skills. A hacker tends to target a specific computing system and pinpoint where
the program lands.
"Hacking is really about control," Gordon says, "and virus writing is
about ... uncontrolled mayhem."
Like any adolescent, virus writers tend to mature and change their ways.
Most quit the activity once they began to consider the consequences of a virus
unleashed in the wild, Gordon finds in her study.
"Evul" is one who says he stopped spreading viruses once he saw himself
in his victim's shoes. Now 30, he began coding six years ago after a hiatus and
unleashed several programs with his e-mail address embedded in the code. He
felt a bit chastened when recipients wrote to him and described the data they'd
lost because of his creations. But he didn't stop until an Internet service
provider terminated his Web site account for posting viruses at the site.
"The first thing I yelled was, 'What gives you the right to destroy my
hard work!'" Evul recalls. "After a moment of reflection, it hit me like a
brick wall ... what gives me the right? I decided I don't have the right to tamper in
anyone else's hard work."
He still writes file and boot sector viruses, but says he posts only the
source code, which he claims is too complicated for most would-be writers to
cobble into a program. He says he intensely dislikes anyone who intentionally
writes and spreads a virus that could destroy someone's work.
The Changing Profile of the Virus Writer
The face of virus writers has shifted since Gordon began interviewing
them nearly a decade ago. A writer can be a teenager coding in the family rec
room or an undergrad on a university system. Ten years ago, virus writers
averaged 14 to 17 years old; today they're 25 to 28. David L. Smith, who was
convicted of writing and distributing the Melissa virus, was 30 when he was
arrested in 1999. (See "Melissa Creator
Pleads Guilty.")
Usually, older virus writers work as engineers or system
administrators in the computing industry. Evul is an engineer; Smith was a
network programmer.
And Gordon is in touch with some of the few female writers, such as a
16-year-old European girl who goes by "Gigabyte." Female virus writers like her
are generally motivated by an urge to impress boyfriends or male peers, to be
accepted in a predominantly male club. But Gordon knows at least one female
virus writer in her early 50s. Another, in her 40s, works at a government
agency, Gordon says.
It's not simply that teen virus writers are aging. In the past, most
lost interest in viruses when they began a profession around age 22. Today,
they may still code viruses after entering the workforce. Some don't even start
until their mid- to late 20s.
Easy Tutorials Online
The Internet makes it easy to share source code. In the early days of
boot sector viruses, writers needed a certain level of programming skills. But
the 1995 release of Microsoft WordBasic, a simple, text-based programming
language, opened the market to nearly any amateur. What's more, virus writers
show off their source code at Web sites and distribute virus "starter kits" of
tools. Any mischievous 13-year-old or curious 45-year-old can cobble together a
virus and send it into the wild.
"It's like this huge candy shop has opened up on the World Wide Web,"
Gordon says.
The mixed message with which the public and industry regard virus
writers also encourages older culprits. While authorities sought Onel de
Guzman, a suspect in the LoveLetter outbreak, several computer companies were
reportedly willing to offer him a job. And even press coverage, while largely
negative, contained a whiff of admiration for the cunning way in which the
virus spread so far so quickly.
But most older writers suffer an inadequate development of ethics,
Gordon says. She maintains the twentysomethings who start or continue writing
viruses have a lower level of ethical maturity than their general peers. They
simply don't view writing and releasing viruses as wrong.
What's the Message Behind the Virus?
Motivations vary among virus creators. Some code with malicious
intent. Some write to develop their skills exploiting software vulnerabilities.
Most don't even distribute their creations, but simply write as a hobby and
experiment, Gordon says. Often the viruses are so badly programmed they're
incapable of spreading anyway.
Others want acceptance in the underground fraternity of virus writers.
They thrive on the thrill of shutting down a company or government e-mail
system. Many enjoy the notoriety and pride of seeing their virus listed in
antivirus software programs.
Evul falls into this category. He says he never releases his programs,
but often sends a finished virus to antivirus vendors such as AVP and McAfee so
they can add a definition to their scanning software. (Most antivirus vendors
accept "submissions.") He also distributes to virus "collectors." But he's
reconsidering that action after his program called Angela was unleashed by a
collector.
Crusaders Speak in Code
Politics motivates some writers. A Bulgarian writer named Dark Avenger
who was active in the late '80s railed to Gordon about the inequalities of the
haves and have-nots in his economically and politically repressed country.
Writing viruses lent him a sense of political power and freedom he was denied
in Bulgaria. "I think the idea of making a program that would travel on its
own, and go to places its creator could never go, was most interesting for me,"
he wrote.
Still others cite social injustice. LoveLetter suspect de Guzman was
viewed as a hero by fellow students at the AMA Computer College in the
Philippines because the Trojan horse he allegedly created was designed to steal
Internet passwords. Internet access in the Philippines costs about $90 monthly,
a price prohibitive to students in de Guzman's lower-class neighborhood. He was
viewed as a hero for robbing from rich ISPs to give to the Internet poor. (See "Love Bug Charges
Dropped.")
Doctor Owl's aspirations are less altruistic. He scorns most viruses
today as "worthless" because they're easily detected and destroyed. He really
wants to create a long-lasting virus that will survive transparently in the
wild for months, he says. Then he'll sell the technology and retire a happy
man, content in knowing he created such a great program.
Learning to Take Responsibility
Gordon distinguishes between virus writers who see nothing wrong with
distributing even destructive viruses and those who consider it a moral
crime.
"I think the ones who unleash code intentionally are unethical," Evul
says. "I think the ones who intentionally create and distribute viruses that
are destructive are downright screwed."
Note, however, that Evul runs a well-known virus exchange site where
writers can post source code. The site clearly states he won't allow posting of
executable code; he says he can't stop anyone from stringing together a program
from source code from his site -- including his own code -- and then sending it
off.
Both he and Doctor Owl say they feel it's wrong to directly damage
someone's PC, but they feel no responsibility for what happens if their virus
is loosed by someone else. In their defense, they invoke the National Rifle
Association argument that "guns don't kill people, people do." No one should
hold them responsible for what someone else does with their creations, they
say.
"I can't control what someone else does with [my code]," Evul says.
"The simple fact that one other person is going to do something criminal with
my code doesn't mean I am not going to enjoy my hobby. Had I known someone else
would [spread my virus], I would have made a better choice of who received
it."
PC World