Date: Fri, 18 Jun 93 08:45:52 EDT From: morgan@ENGR.UKY.EDU(Wes Morgan) Subject: File 5--Response to Interview with a Virus Writer (CuD 5.44) Re: CuD 5.44 - Interview with a Virus Writer >We're certainly interested in your reactions, pro and con. Did you get >hit by a virus that was more than a minor inconvenience? Yup; our students are hit by viruses on a regular basis. Just last week, a student lost 3 months' work in a virus attack from a friend's home system. Personally, I'm not hit that often; of course, I burn up time scanning every time I boot my system, and I scan *every* floppy that goes into my PC...not everyone has the time/resources to do that, and PC networks (StarLAN, Novell, etc) make it extremely simple to spread viruses. >GA: Do you want to mention that you are running a BBS (computer >bulletin board)? > >UK: Yeah, sure. Call anytime. It exists for people to come and get the >Crypt Newsletter if they are interested in finding it without going >through the usual hassles of underground channels like the cool, elite >bulletin board systems. The underground world has become very >exclusive. In a sense it is cliquey.......... Gee, why isn't his newsletter distributed more widely? If it's all so innocent, I should be able to subscribe via email, right? Are back issues available via ftp? How about an email server? >GA: Aren't they all written in programming languages? > >UK: Assembly mostly. By far most viruses are written in assembly >language. Did this strike anyone else as a rather silly question? Unless someone's hacking with DEBUG, they *have* to write in a "program- ming language"........ >GA: So how many viruses have you made and which ones are they? > >UK: I don't know all of them. Well, there was the Encroacher. That was >in one of the Newsletters. That was a Mutation virus that attacks >Central Point Software's anti-virus program. There might have been >three variants to that. This guy writes a virus that attacks a specific commercial product, and he still has the chutzpah to claim innocence for viruses? Pfui. >GA: What's so exciting about viruses and source codes? > >UK: [...] >I don't think there's a >lot of mystery associated with viruses. Viruses, in my opinion, are >rather trivial programs that, once you're thoroughly cognizant of what >a virus can and can't do, become more like a pest if you ever run into >one. Viruses are "trivial," but this fellow keeps cranking them out? Sounds like doublespeak to me.....8) >People think it's a major catastrophe when they are >hit by a virus. I do not take seriously claims of people being set >back for hours. If they are completely ignorant of a virus, yes. But >someone in the department or in the household knows about viruses. No, "someone in the department or in the household" does NOT necessarily "know about viruses." College and universities are loaded with students who, in many cases, never used a PC before their arrival. >GA: That's becoming very interesting to me. > >UK: Politically incorrect terms. There's always been a great deal of >controversy surrounding this. And so for this reason alone, viruses to >me are interesting. For example, on Prodigy it is okay for dozens of >people to advertise adult bulletin boards, with gigs of pornographic >files available for download. These are not expunged from the Prodigy >computer club as inappropriate. However, if anyone posted a note on >Prodigy saying they want to find a virus, can someone help them locate >a virus, that is immediately spiked. Why is that? I'm not sure. But >it's interesting. It sounds like this guy gets a charge out of being a gadfly. >UK: Well, I enjoy publishing the Crypt Newsletter. [...] >You want to see if you can top yourself and make it more interesting. I believe that this is the crux of the matter. Most virus authors seem to look at viruses as a competition. Just pick up a virus family tree and check out the derivations; everyone's trying to top everyone else, and none of them care about the damage/lost time they cause. >UK: And, so, why is that interesting? Well, he explains why viruses >are interesting for a number of reasons. Part of it because of the >controversy that the concepts brings up. In a way, I think studying >viruses gives you a good understanding of the computer on a really low >level basis, and that's worthwhile. For some people that makes the >computer much more enjoyable as they start to unlock some of its >secrets or understand what is actually going on inside it a little >better. Viruses are kind of an indirect way of getting at that >information. I'll be the first to agree that viruses are educational in some respects; you can certainly pick up a lot of low-level information during the programming cycle. My point is (and has always been) that release of viruses into the world is completely unnecessary. If you were really taking a scholastic bent, you'd never release a live virus; you'd write one, test it, say "it works," put it in your logs, and move on...... >UK: You don't need anti-virus software to get rid of something like >Michelangelo or Stoned. You can do it with undocumented commands. If >you've talked to someone who does know something about viruses, and >you didn't have anti-virus software, you could use that and dispatch >something like Michelangelo and Stoned rather quickly. Yeah, we can really expect our secretaries, clerks, and data entry operators to be conversant with all those undocumented commands and virus scanners. >GA: So you think the reports about problems in other countries are >over exaggerated? > >UK: Well, there's an article which analyzes the media coverage of >Michelangelo and I think that really puts it into perspective. It >really shows the people that tried to actually come up with hard data >after March 6. They just weren't able to come up with anything that I >consider serious data. The only reason that our labs weren't hit was that we went on a massive eradication mission; we made scanning automatic, and we found several hundred infections in the week prior to the target date. >Actually, it is more annoying. It is a >boot sector infector like Michelangelo but once you discover it, you >usually don't have much time left before it activates. It has a very >short activation period after it has been first placed on a disk and >then it encrypts the information on a disk which essentially makes it >useless to you. So he removed it, but it wasn't Michelangelo, he had a >different virus. So where were all the Michelangelo infections? Were >there any? I think it was vastly overstated. Of course, this "different virus" doesn't really jibe with UK's earlier comment of "I do not take seriously claims of people being set back for hours." >UK: No, I think colleges are still pretty vulnerable, don't you? They >are always going to have computer labs, where people can bring stuff >in indiscriminately. That really hasn't changed and maybe it has >moved a little more to the individuals because computers have moved >more into the homes of individuals. This guy is talking through his hat. He follows comments about the "trivial" nature of viruses with analyses of "vulnerability." The comments that "only a few viruses are truly bad" are ludicrous. This fellow sounds like every other virus author I've read; he comes across with the attitude of "you should be watching out for this stuff anyway; it doesn't matter what I do." This strikes me as the height of irresponsibility (and immaturity). Downloaded From P-80 International Information Systems 304-744-2253