Know your enemy: the author of Netsky/Sasser speaks | |||
Robert Vamosi Senior Editor, Reviews Friday, Aug. 27 |
|
According to the Stern interview, Sven J., 18, started writing computer viruses only recently, in January of 2004, after he became fascinated with the MyDoom worm, which failed to shut down Microsoft's Windows Update site but later succeeded in shutting down SCO Linux's home page. It was around this time that Sven asked a friend if they could create something that would spread more quickly and wipe MyDoom from infected PCs. First of all, the idea of a "helpful" virus is not new. Secondly, any virus that seeks to remove other malware from an infected computer is still, by definition, a virus. Back in 2001, Code Blue attempted to remove Code Red infections. And last year, the Nachi worm attempted to undo the effects of MSBlast; unfortunately, the Nachi worm contained errors (such as the inability to distinguish between Windows 2000 and Windows XP systems) and ended up causing a lot of damage. Any code from the outside that enters your computer and changes something without your consent is a violation, if not of your privacy, then of your computer, at least. Apparently, Sven J. is so new to the virus-writing scene that he just didn't know this. The Stern interview captures several of these "gosh, wow" moments, such as Sven's admission that he wrote the code that could later become Netsky in the basement with his stepfather, a man who repairs PCs for a living, sitting on the other side of a wooden partition, or when Sven tells of watching the evening news and seeing his own Netsky virus mentioned, or when he hears the name Netsky and thinks its a nice name for his virus (viruses are named by antivirus experts, not the virus authors). Or when antivirus experts--me included--publicly wonder if Russian text found within Netsky implies East European programmers. "We died laughing," he grins, according to Stern. But Sven's repeated claims of innocence and remorse fall on deaf ears after he says, "I once wrote five variants in one week...I did not do anything else." In addition to writing 29 variations of Netsky, Sven has admitted to writing a couple of variations of the Sasser worm, including the original. Ignorance is no excuse
I am not impressed with Sven's public mea culpa nor with his heartbreaking tale of betrayal by one of his friends. Virus writers are often exposed through carelessness, such as bragging of their exploits on IRC, or by putting a link to their own Web site, as Jeffrey Lee Parson did in MSBlast.b. Sven J. is no different. What really scares me, though, is that so many people apparently knew of his activities yet did nothing to stop him early on. Apparently his brothers and sisters, even his classmates at the vocational school for computer science in Rotenburg, Germany, all knew what he was doing. Only after Microsoft offered $250,000 did one of his classmates, the friend he originally asked to help craft the antiworm virus, turn him in. While specific charges are pending (German authorities are currently building their case), Sven has returned to his vocational school, sitting in classes with the very friend who betrayed him. He wonders how he will pay for all the damages should anyone file a claim against him. He wants to work for a computer security software company and concludes, "I hope sometime to be able to live a totally normal life." Do you think the law should be sympathetic to first-time virus writers like Sven J.? Talk back to me.
|
Click on
a top-level comment to explore tree (185 total replies - 0 NEW )
|