Simon Waldman
Just when you thought it was safe to switch on your computer, when you had dumped Melissa, chucked out Chernobyl and dug out the few files that had not been eaten up by the Explorer worm, along comes another virus.
This time it’s Back Orifice 2000, a cunning program written by a group called The Cult of the Dead Cow. It allows people to take remote control of Windows machines.
You should be safe from Back Orifice 2000: it is mainly aimed at system administrators. But it is yet further proof that for a teenager hell-bent on international notoriety, writing computer viruses is the way to go.
Melissa, Chernobyl, the Worm and now Back Orifice have earned global coverage in a way that was previously only known to rock stars. The flip side of this is that virus writing is a deeply destructive thing to do with your spare time, with little left to show for it other than a trail of devastation and the threat of a prison sentence. So who are the virus writers? Why do they do it?
Virus writing has had something of a boost since the Internet has been accessible to the mass market. As IBM’s Sarah Gordon, who has spent 12 years researching virus writers, says: “It is increasing, and this is probably due to the sheer number of new people who are gaining access to the information and possibility.”
The virus writer’s online arena, the Virus Exchange or Vx, was once a closed world of exclusive online bulletin boards scattered from Bulgaria to Australia. Now it is open for all to see on a number of websites.
The FBI has closed down some of them, such as the Source of Kaos, which is home to many writers, including VicodinES, the creator of Melissa. But you can still visit others, such as www.virusexchange.org. Here virus writers swap code and discuss ways to outwit the Vx’s arch enemies, the anti- virus industry or the AVs.
The publicity for Melissa and the Explorer worm virus has increased interest in the area. According to George Smith, author of The Virus Creation Labs: “These people are extremely imitative. They do notice the kind of coverage, and being young they try to emulate the kind of things they have read about.”
Because of this easy access, some virus writers are hardly programmers at all. They simply cut and paste other virus code to make their own mixes. They are called “scripters” or “script kiddies”. “It’s a sheeplike club,” says Smith. “These people are followers, not the iconoclasts of the early 90s.”
Ah, the good old days. In 1991, a virus writer called Hellraiser started the first virus writers’ electronic magazine, 40Hex. He was an unemployed twentysomething, living outside New York, and addicted to playing Mortal Kombat at his local video arcade. Gordon says he was also “a talented poet, musician and graffiti artist”.
Edition one of 40Hex, however, started with this less than poetic warning: “If you are an anti-virus pussy, just scared that your hard disk will get erased so you have a psycological [sic] problem with viruses, erase these files. This aint [sic] for you.”
Like many who write viruses in their teens or twenties, Hellraiser gave it up as he grew up, although 40Hex still appears sporadically. But perhaps his greatest legacy is his definition of viruses as “digital graffiti”.
Virus writers and graffiti “bombers” share a number of characteristics. Just as graffiti writers have their tags, so virus writers have their nicknames, and there have been a number of virus gangs on the Vx scene. Most importantly, both believe they are involved with an anarchic art form, while for those who are left to deal with the mess it is simply annoying, destructive and expensive to clean up.
Hellraiser’s gang was called Skism, short for Smart Kids into Sick Methods. This merged with another New York group to form Phalcon/ Skism, one of the best known of recent times. Other groups have included NuKE, TridenT and VLAD.
Gordon is the world expert in the area, but even she admits: “I can’t give you a simple answer to the question, `What sort of people do this?’ If I could, we could develop a generic approach to solving the problem. This is an extremely complex issue.”
Her research has made her something of a myth in virus circles. She developed an intriguing relationship with notorious Bulgarian virus writer Dark Avenger (motto: “confusion to your enemies”), who practised at the start of the decade. At one point he dedicated one of his viruses to her.
In her definitive work on the subject, The Generic Virus Writer II, she gives a number of different reasons, including “relief from boredom, actively seeking fame, exploration, malice and peer pressure”. She also noted a number of different types of writer: the adolescent, the college student and the adult. She noted that most eventually “aged out” and saw the error of their ways.
She now believes she has found a new type of writer, the new-age virus writer, who is older, employed and refuses to “age out”. He is particularly dangerous as he is likely to get involved with more complex code.
And yes, it is invariably a “he”. There are female virus writers, but they are very much in the minority.
One of those is Veggietailz, who wrote a particularly nasty variant of Melissa called the Vengine. “I had several motivations for writing this,” she explained as she posted the code to the Net. “One, of course, was to demonstrate that women can code too, a fact often overlooked in today’s patriarchal society.”
The common temptation is to think of teenage geeks who lock themselves in rooms and listen to heavy metal. But again, such stereotypes are dangerously simplistic.
The virus writer charged with writing Melissa, David L Smith, is a 31-year-old freelance programmer from New Jersey – no teenager. But he is also not one of Gordon’s new-age virus writers, as there was technically nothing special about the Melissa virus.
The big question is how Smith is related to VicodinES, the writer responsible for much of the Melissa code. Are they the same person? Did Smith just put a few pieces together and post it, unaware of what he was doing? It is left for the court to decide.
After Melissa a statement was released by the Vx community. They stressed that the community is split between “white hats”, who simply research viruses and keep them among themselves, and “black hats” who distribute them “in the wild”. They said the authorities should focus on whoever distributed the virus, not who wrote it.
Gordon is not impressed with the good/bad virus writer definition: “I’d describe them as young people who simply haven’t fully considered the implications of their actions. Black hat virus writers, on the other hand, do understand and simply do not care.”
ENDS