Sunday, February 08, 2004

The NY Times has an article by Clive Thomas called The Virus Underground.

Some choice excerpts:

"Philet0ast3r said he isn't interested in producing a network worm, but he said it wouldn't be hard if he wanted to do it. He would scour the Web sites where computer-security professionals report any new software vulnerabilities they discover. Often, these security white papers will explain the flaw in such detail that they practically provide a road map on how to write a worm that exploits it. ''Then I would use it,'' he concluded. ''It's that simple.'' "

Nowhere else on the planet do 'good guys' make it so easy to be bad.

"But it is Microsoft's success that really makes it such an attractive target: since more than 90 percent of desktop computers run Windows, worm writers target Microsoft in order to hit the largest possible number of victims. (By relying so exclusively on Microsoft products, virus authors say, we have created a digital monoculture, a dangerous thinning of the Internet's gene pool.) "

Note the monoculture reference - didn't realize this was the opinion of virus authors as well as well known security experts. Here is what I think about that.

"In fact, 99 percent of all malware never successfully spreads in the wild, either because it expressly wasn't designed to do so or because the author was inept and misprogrammed his virus."

The phrase "in fact" has got to be the most overused, under-acknowledged phrase in the English language. How can we prove the negative that malware never spreads? What are the numerator and denominator of this calculation? [btw, I would guess that the percentage is actually higher than 99%.]

"Vorgon is still angry about life. His next worm, he wrote, will try to specifically target the people who wouldn't hire him. It will have a ''spidering'' engine that crawls Web-page links, trying to find likely e-mail addresses for human-resource managers, ''like careers@microsoft.com, for example.'' Then it will send them a fake resume infected with the worm. (He hasn't yet decided on a payload, and he hasn't ruled out a destructive one.) ''This is a revenge worm,'' he explained -- for ''not hiring me, and hiring some loser that is not even half the programmer I am.'' "

I wonder if he realizes that this action validates every single reject letter he ever received.

I can't decide if I am supposed to get "warm fuzzies" from this article - like, everything is going to be all right - or if it just recognizes that viruses and worms are a fact of Internet life (and, for the most part, easily preventable, btw).


11:10:12 PM    comment []


© Copyright 2004 Pete Lindstrom .
Last update: 3/1/2004; 2:18:36 AM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "Spire Security News and Views" in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.