Hmm, I don't understand that "wonder if..." aspect of virus writing. I think the value of curiosity is over stated constantly. I know a lot of "hackers" consider themselves on the side of good because they are acting out of "curiosity" and they use that to justify their actions. I think the real answer is that it's sheer idiocy combined with an undeserved talent that results in all this criminal activity. People make the mistake of assuming that intelligence is a function of skill, when a person can become skilled through pure repetition of an action, any action... We still can't accurately define intelligence, but I think if you were going to go out on a limb with it, I would say foresight is the most powerful indicator of intelligence. People who attempt to destroy or exploit the world of computers out of curiosity fail to see how ultimately their action could take away the thing they are so curious about. The same way people have to be idiots for using Nuclear power, and dropping nuclear bombs... And on that note I realize this is about to turn into a "people are idiots" rant so I'll just quit while I'm ahead (and before I inadvertently call myself an idiot)
-Shawn -----Original Message----- From: D. Glenn Arthur Jr. [mailto:[EMAIL PROTECTED] Sent: Thursday, May 20, 2004 3:29 PM To: [EMAIL PROTECTED] Subject: RE: OT: Virus Taxonomy Graywolf wrote: > Well, we can be kind of glad. You see trojans are pretty innoctuous, > you have to be an internet idiot to get them. Well ... yes and no. The thing is, _any_ trojan relies on "social engineering" to convince victims to run it, and setting aside for a moment the question of whether "Internet idiot" is an appropriate term for someone merely naive as opposed to dense, sometimes that social engineering can be quite clever. Early trojans, back in the days when a) malware was rare and b) what malware that existed was mostly practical jokes, all a trojan needed was a sign saying, "I'm fun. Run me." Users got more sophisticated, and trojans needed to be more enticing, or even _do_ something cool in addition to whatever nefarious acts they were there for. Various tricks were devised (such as giving the trojan the same name as a system command and hoping that sooner or later a sysadmin would type that command while in the same directory as the trojan, thus running the trojan without being aware he or she had done so). Each time the idea of a trojan comes into a new environment or a new population of potential victims, the malware writers seem to reinvent the old techniques, using each until the victim population learns it then moving on to the next. So early in "permanent September", and even as recently as a few years ago, naive users were falling for "This is cool; run it and find out what it does!" Then enough people grew wary that the technique shifted to, "Check out this new screen saver I made!" Remember that this was at a time when _most_ of the population of Internet users was still naive enough not to be aware how dangerous it is to execute untrusted code. Somewhere along the line, users learned not to run .EXE, .COM, or .PIF attachments. So the writers figured out that many users had a Windows feature turned on which hid the filename extension, so if you named a file NAJORT.GIF.EXE, the recipient would only see NAJORT.GIF and think "A GIF file is safe to open, right?" Once enough users learned to turn off that feature, new tricks were needed. How about a message saying, "I love you"? The trick is to _engage_the_target's_curiosity_and/or_fear_ before they remember to be suspicious. Someone who _knows_ about trojans, viruses, and worms can still be caught off guard by someone who's better at making use of _human_psychology_ get their reactions out of order. Not fooled by "I love you" or an offer of a naked picture of the celebrity of the month? What about, "Order confirmed: 158.57 charged to your Visa card"? I didn't order anything recently, so there must be some mistake! I'd better check this out before it's too late! Users starting to catch on to that? How about reinventing the fake-login trick for stealing passwords, from the 1960s, using a message like, "Your PayPal account will be suspended unless you update your information"? Get the FEAR reaction going first, and you just might be able to get the victim to react before they remember to check for a trojan. Even if the victim knows better ... maybe they missed their coffee that morning. Eventually you wind up with a majority of users knowing not to trust _or_get_spooked_by_ that sort of trick. But as long as there are _enough_ users naive enough or sleepy enough, trojans _are_ a Real Problem because enough people will run them to make them a problem. They're not a threat to the individual educated (and _properly_ paranoid) user, which is probably what you meant, but they're still a major problem in general. > Worms are worse, In general, yes, but in particular the most common worms (i.e. mail worms, except for those that rely on mail clients that execute Javascript in a preview pane) rely on a trojan aspect to convince someone to make them active at their destinations. Completely autonomous worms which don't use email are much less common (but the successful ones make really big news because they make incredibly huge problems). > and true viruses are a real bitch to deal with as they can latch > themselves onto about any bit of data and get into your system > without you having a clue and they usually do real damage. True that. Most of what we hear about these days are worms, and specifically mail worms, but true viruses are [expletive] nasty. I'm not sure whether they've actually become less common, or news of them is being drowned out by all the talk of mail worms. It's useful to note that many pieces of malware incorporate more than one type of behaviour. Specifically, many worms and viruses reply on a trojan aspect to help spread them. Malcolm Smith wrote: > There is a mindset for the creation of viruses, that I just don't > understand. I can't understand vandalism either, wanton destruction of > public and/or private property for no purpose makes no sense to me. I understand *part* of it. I understand the "I wonder whether it's possible to...?" part. I understand the math-cool and SF-cool aspects of self-propogating code. But the "is it possible?" question was answered long ago, I don't understand the desire to have these things do damage, and an awful lot of them are written using "virus construction kits" or by slightly modifying someone else's virus, suggesting that the only really interesting parts of the matter are not what motivate the people writing most of them. Email address harvesters are icky but make economic sense. Password stealers are icky but make power-trip sense. Credit card stealers are icky but make criminal sense. Zombie installers are icky but sort of make sense *if* you assume that whatever the controller wants to use the zombies for makes any sense (but unless they're used as spam remailers, zombies are usually used to do more vandalism elsewhere, such as launching a DDoS attack, which brings us back to the "I don't understand vandalism" problem). Pointless destruction of information, causing random grief to strangers, and DoS-ing the entire net or popular important sites (thus making the net work less well for the attacker as well as for all the victims) make no sense to me at all. -- Glenn
