Страница 28 из 89
This development worries security experts, because it means that virus-writing is no longer exclusively a high-skill profession. By so freely sharing their work, the elite virus writers have made it easy for almost anyone to wreak havoc online. When the damage occurs, as it inevitably does, the original authors just shrug. We may have created the monster, they'll say, but we didn't set it loose. This dodge infuriates security professionals and the police, who say it is legally precise but morally corrupt. "When they publish a virus online, they know someone's going to release it," says Eugene Spafford, a computer-science professor and security expert at Purdue University. Like a collection of young Dr. Frankensteins, the virus writers are increasingly creating forces they ca
"Where's the beer?" PhiletOast3r wondered.
An hour earlier, he had dispatched three friends to pick up another case, but they were nowhere in sight. He looked out over the controlled chaos of his tiny one-bedroom apartment in small-town Bavaria. (Most of the virus writers I visited live in Europe; there have been very few active in the United States since 9/11, because of fears of prosecution.) PhiletOast3r's party was crammed with twenty friends who were blasting the punk band Deftones, playing cards, smoking furiously, and arguing about politics. It was a Saturday night. Three girls sat on the floor, rolling another girl's hair into thick dreadlocks, the hairstyle of choice among the crowd. Phile-tOast3r himself-a twenty-one-year-old with a small silver hoop piercing his lower lip-wears his brown hair in thick dreads. (Phile-tOast3r is an online handle; he didn't want me to use his name.)
PhiletOast3r's friends finally arrived with a fresh case of ale, and his blue eyes lit up. He flicked open a bottle using the edge of his cigarette lighter and toasted the others. A tall blond friend in a jacket festooned with anti-Nike logos put his arm around Phile-tOast3r and beamed.
"This guy," he proclaimed, "is the best at Visual Basic."
In the virus underground, that's love. Visual Basic is a computer language popular among malware authors for its simplicity; Phile-tOast3r has used it to create several of the two dozen viruses he's written. From this tiny tourist town, he works as an assistant in a home for the mentally disabled and in his spare time runs an international virus-writers' group called the "Ready Rangers Liberation Front." He founded the group three years ago with a few bored high school friends in his even tinier hometown nearby. I met him, like everyone profiled in this article, online, first e-mailing him, then chatting in an Internet Relay Chat cha
PhiletOast3r got interested in malware the same way most virus authors do: his own computer was hit by a virus. He wanted to know how it worked and began hunting down virus-writers' Web sites. He discovered years' worth of viruses online, all easily downloadable, as well as primers full of coding tricks. He spent long evenings hanging out in online chat rooms, asking questions, and soon began writing his own worms.
One might assume PhiletOast3r would favor destructive viruses, given the fact that his apartment is decorated top-to-bottom with anticorporate stickers. But PhiletOast3r's viruses, like those of many malware writers, are often surprisingly mild things carrying goofy payloads. One worm does nothing but display a picture of a raised middle finger on your computer screen, then sheepishly apologize for the gesture. ("Hey, this is not meant to you! I just wanted to show my payload.") Another one he is currently developing will install two artificial intelligence chat-agents on your computer; they appear in a pop-up window, talking to each other nervously about whether your antivirus software is going to catch and delete them. PhiletOast3r said he was also working on something sneakier: a "keylogger." It's a Trojan virus that monitors every keystroke its victim types-including passwords and confidential e-mail messages-then secretly mails out copies to whoever planted the virus. Anyone who spreads this Trojan would be able to quickly harvest huge amounts of sensitive personal information.
Technically, "viruses" and "worms" are slightly different things. When a virus arrives on your computer, it disguises itself. It might look like an Out-Kast song ("hey_ya.mp3"), but if you look more closely, you'll see it has an unusual suffix, like "hey_ya.mp3.exe." That's because it isn't an MP3 file at all. It's a tiny program, and when you click on it, it will reprogram parts of your computer to do something new, like display a message. A virus ca
Worms, in contrast, usually do not require any human intervention to spread. That means they can travel at the breakneck pace of computers themselves. Unlike a virus, a worm generally does not alter or destroy data on a computer. Its danger lies in its speed: when a worm multiplies, it often generates enough traffic to brown out Internet servers, like air conditioners bringing down the power grid on a hot summer day. The most popular worms today are "mass mailers," which attack a victim's computer, swipe the addresses out of Microsoft Outlook (the world's most common e-mail program), and send a copy of the worm to everyone in the victim's address book. These days, the distinction between worm and virus is breaking down. A worm will carry a virus with it, dropping it onto the victim's hard drive to do its work, then e-mailing itself off to a new target.
The most ferocious threats today are "network worms," which exploit a particular flaw in a software product (often one by Microsoft). The author of Slammer, for example, noticed a flaw in Microsoft's SQL Server, an online database commonly used by businesses and governments. The Slammer worm would find an unprotected SQL server, then would fire bursts of information at it, flooding the server's data "buffer," like a cup filled to the brim with water. Once its buffer was full, the server could be tricked into sending out thousands of new copies of the worm to other servers. Normally, a server should not allow an outside agent to control it that way, but Microsoft had neglected to defend against such an attack. Using that flaw, Slammer flooded the Internet with fifty-five million blasts of data per second and in only ten minutes colonized almost all vulnerable machines. The attacks slowed the 911 system in Belle-vue, Washington, a Seattle suburb, to such a degree that operators had to resort to a manual method of tracking calls.
PhiletOast3r said he isn't interested in producing a network worm, but he said it wouldn't be hard if he wanted to do it. He would scour the Web sites where computer-security professionals report any new software vulnerabilities they discover. Often, these security white papers will explain the flaw in such detail that they practically provide a road map on how to write a worm that exploits it. "Then I would use it," he concluded. "It's that simple."
Computer-science experts have a phrase for that type of fast-spreading epidemic: "a Warhol worm," in honor of Andy Warhol's prediction that everyone would be famous for fifteen minutes. "In computer terms, fifteen minutes is a really long time," says Nicholas Weaver, a researcher at the International Computer Science Institute in Berkeley, who coined the Warhol term. "The worm moves faster than humans can respond." He suspects that even more damaging worms are on the way. All a worm writer needs to do is find a significant new flaw in a Microsoft product, then write some code that exploits it. Even Microsoft admits that there are flaws the company doesn't yet know about.