scrapbook

Taming the Wild West of viruses

With a swift arrest in connection with the Sasser worm, are police finally catching up with the virus writers?

In the Wild West world of the internet, a new sheriff is in town as Microsoft puts a high price on the heads of the virus writers, offering bounties of up to $250,000 for information leading to an arrest.

So far the software giant has not had to pay out a penny.

But just the promise of rich rewards was enough to persuade friends of the German teenager to contact Microsoft and turn him in.

"It was a blatant case of profiteering by his associates. He was grassed on by his fellow virus writers," said Jack Clark, technology consultant at anti-virus firm McAfee.

But if the new era of bounty hunting can lead to arrests, then the anti-virus world is happy that Microsoft is playing a part.

"Anything that cleans up the streets of virus writers has to be welcomed," said Graham Cluley, a senior technologist at anti-virus firm Sophos.

Seeking recognition

The arrest of the German teenager could be the first of many as he could be part of a gang responsible for 28 variants of the so-called Netsky virus.

"This could be one of the most significant cybercrime arrests of all time," Mr Cluley told BBC News Online.

Although the worms are complex and sophisticated, their authors often are not, he said.

"These guys aren't geniuses and their downfall is the fact that they like to brag."

Like the murder mysteries of old, the codes written for the viruses offer tantalising clues about its author.

The writers, generally teenagers, often embed their nicknames in the virus.

Coupled with the fact that they tend to be veracious surfers, posting messages to online chat groups, it becomes clear that the search for them would not exactly tax Hercule Poirot.

Search engines such as Google can check back through years of such postings and can reveal all kinds of information about the worm writers.

A female Belgium virus writer, nicknamed Gigabyte, had a personal grudge against Mr Cluley, often including his picture in her viruses.

"It is incredible how much you can find out about her online, down to the fact that she liked horses," he said.

Hidden clues

The author of the Blaster worm, Jeffrey Parson, included a link to his website in his virus.

And in perhaps the most blatant case of ego among virus writers, the Philippino virus writer Michael Buen put a copy of his CV in his virus.

When the virus became active on a PC, it would automatically print out the CV which contained his real name, job history and contact details and threatening to unleash further viruses unless he was given a job.

Ego tends to be the single biggest factor which allows virus writers to be caught.

If a virus writer fails to leave clues and does not have mates who inform on him then the worrying truth is he simply will not get caught, said McAfee's Mr Clark.

A new school of professional virus writers is emerging, more intend on using viruses to steal money than to make a name for themselves.

This could signal worrying times for computer users.

The prevalence of internet cafes and the use of so-called zombie computers - machines that have been taken over for illegal uses - is making it harder to track down the original source of a virus infection.

But the police are becoming more sophisticated in their approach to the internet and related crime and most now have dedicated cyber crime units.

"The police are much, much better and we go out of our way to help," said Mr Clark.

And, the swiftness of the most recent arrest, is a promising sign that the authorities are catching up with the virus writers.

"From time of threat to discovery of the virus to the arrest of the author, I have never seen anything so quick," said Mr Clark, "although there was still an awful lot of damage done in between."

Posted by thinkum at May 11, 2004 01:06 PM