• United States

War of the worms

Mar 09, 20043 mins

* Worm and virus writers trade insults in their code

Virus writers have always seemed like immature vandals to most security and network specialists. Since the Virus Creation Lab of 1993 was loosed upon the world, even children with zero technical skills have been able to create viruses. Most of the viruses and worms being generated today are minor variants of each other, but that doesn’t make them less of a nuisance.

Lately, though, some of the virus writers seem to have developed quite a level of animosity toward each other.

In a recent IDG News Service article on Network World Fusion, the author writes: “Researchers have uncovered text messages in two of the worms that suggests a battle is underway between virus writers… Spiced with foul language and bad spelling, the messages portray a playground-style brawl between the authors, with the Internet worms acting as messengers. ‘Hey, Netsky…don’t ruine our bussiness, wanna start a war?’ reads a message in the Bagle.J worm’s code, according to Sophos. A message found in Netsky.F reads: ‘Skynet AntiVirus — Bagle – you are a looser!!!!’”

The article continues, “The back and forth between virus authors started in January when Netsky began removing the Mydoom and Bagle viruses from machines it infected.”

The reason I mention this is that the rivalry may play into the hands of those who are trying to fight all this electronic vandalism. As most readers know, Microsoft has been offering rewards for information leading to the arrest and conviction of the vandals who wrote the MSBlast worm and the SoBig virus and also against the criminals who stole Windows source code. Recently SCO posted a bounty on the creators of the Mydoom e-mail worm that has been harassing network administrators and users around the globe.

Is it conceivable that the jerks who write this garbage will actually turn each other in to collect the bounties? Would it help if other firms contribute to a global fund to help find and prosecute the nasties who are wasting our time, clogging our e-mail systems and causing blood pressure to rise on a global scale? Could greed conquer stupidity?

What a dreadful pass we’ve come to: offering to pay one group of sociopaths to turn in another group of sociopaths.

The pity of it is that much of the problem comes from allowing files received as attachments to be granted execution privileges. There’s no good reason for allowing a program that has arrived as an e-mail attachment to be permitted to execute at all without an explicit change of file privileges. In the first place, programs should not be distributed by e-mail at all; they should be downloaded from an appropriate source and checked for validity using well-known and easily implemented methods such as digital signatures and checksums. But files received through e-mail should not be allowed by the operating system to execute at all, let alone without user intervention. And files with double extensions? Phooey – delete ‘em all before they reach the user. More on this in another column.