August 25, 2003

Why people write computer viruses

The BBC has written an article in an attempt to explain why people would write virii.

I'm not sure that it is that simple anymore. It used to be easy to profile an attacker. In my last book there was an over simplified chapter on profiling attackers, ranging from cyber terrorists to script-kiddies. But lets be honest... its really hard to catagorize attackers, their means and their motives now adays. Well, more to the point its hard to seperate men from the boys.

I don't fret as much from script kiddies that are more an irritation than anything else. You know what keeps me up at night? Realizing each strain of these malicious attack sequences are getting more creative, more experienced and more focused. As these attacks get more sophisticated, it will attract more and more serious criminals. With the huge potential for monetary gain directly or indirectly, serious criminals will enjoy the remote advantages that they don't have when breaking into a physical location. More importantly, they can avoid the legal juristictions and poor cyberlaws to take advantage of these systems.

Crime follows where the money is. We are an information age society, and more and more transactions are being done online each day. So too does the crime. But alas, the BBC article is still an interesting read. You should go do that now.

Posted by SilverStr at August 25, 2003 12:15 AM
Comments

It's hard to tell if something like SoBig is just a prank getting out of hand or something that is malicious. I'd love someone to track down SoBig to it's source and just ask. I seem to remember that they found the creators of codered or one of the recent systems; but I don't remember them printing the answer to the question highest up on my mind... "why".

From what I remember, there are websites that let you assemble virii online; or kits you can download to use to create trojans or worms or whatnot. I think that part of the thrill is creating these and is still, just the act of creating some cool code, even if it is potentially harmful. Even RTM's famous internet worm wasn't supposed to do more than wander through the network, yet it shut down the whole internet (as it was) for a time due to a bad calculation on propagaintion code.

It's sad that people should want to create something destructive, but we've all thought about the ways we could make "the ultimate virus" at some point right? Slashdot has a link to an article basically asking if windows is flawed by design (http://slashdot.org/article.pl?sid=03/08/24/2255231&mode=nested&tid=109&tid=126&tid=172&tid=185&tid=187&tid=190). Interesting reading. It seems that longhorn is working (still) on making a more complex ui, more features, and not concentrating on security (though as it's not going to be out for a few more years it's hard to tell). I'd love to see an update to XP (XP2?) that does nothing more than make it secure. None of this hotfix shit, just an injection of security right into the core of it all. Of course, MS is keeping lots of people in business by making sure that their OS is NOT secure.

/me get his tinfoil hat out

Posted by: Arcterex at August 25, 2003 09:18 AM

Ever given any thought to publishing your book online? There are some very good, easy to understand, bits that would love to send some of my less expienced users who are wishing for security enligtenment.

Posted by: fozbaca at August 26, 2003 09:03 AM

Actually I have been thinking about this. I was looking at the idea of publishing it as an ebook, but just haven't figured out how to go about it in regards to which format to use, how to present/advertise it and so on.

I'll keep you posted into what happens.

Posted by: SilverStr at August 26, 2003 09:13 AM