By Michael Atkinson
By Luke Winkie
By Steve Weinstein
By Brian McManus
By Brian McManus
By Dan McQuade
By Dan McQuade
By Brian McManus
In 1992 I finished programming a computer virus called Heevahava using a colorful tool called the Virus Creation Lab. Heevahava was a Pennsylvania Dutch word for the person who held the bull's johnson when it was time to collect semen. A heevahava was a dolt and a rube, someone to put at a disadvantage and the virus was published in the Crypt Newsletter, an e-zine I wrote devoted to probing the world of computer viruses.
The Sony rootkit Trojan horse now in the news, a/k/a Sony's Digital Rights Management (DRM) software, fulfills the definition of malicious code I came to recognize with the genesis of Heevahava. Like that virus, it installed itself on computers with the twin intents of being hidden and difficult if not often impossible to remove by regular people without help. It did so to control access to the music contained on Sony BMG CDs. But as with computer viruses, there was no explanation of its action or command for dispatching it once it had burrowed into the system. If removed, it was designed to make copying CD music to the computer impossible by rendering the disk drive useless. To normals, it would seem the CD drive had failed.
To understand why Sony can be said to be in the virus business, it's necessary to backtrack. For a few years in the early '90s, the Crypt Newsletter published a stream of frequently brutish and malicious programs. Anyone could reconstitute them, easy as powdered milk. Through Crypt, I gathered experience in the applications of digitized badness and gained an ability to see it in the work of others, whether that of teenagers out for kicks or businessmen grasping at ways to retaliate against kids thought to be stealing the company's music. Crypt knew the textures and flavors of rotten in the machine world. It published a virtual landmine based on a useful program, only overturned and corrupted to harshly prune the directory tree of a disk. Booby traps were written to show filth to moochers of porn while, in the background, the machine was being fouled. Viruses multiplied slowly and, when finished, either displayed vulgar quotes, logged keystrokes, or played idiotic music.
The Heevahava, dumb as it was, mocked the infected by associating them with its name. In one version, it obstructed efforts to unravel its instructions. In other words, it was managing its digital rights, a copy-protected Heevahava. Face-to-face, an anti-virus software programmer threatened to punch me in the mouth at a security convention because the protection had taken him hours to dissect, time he wished to spend with his family.
I had started fooling around with computer viruses while working at a Pennsylvania newspaper. In 1992, the Michelangelo computer virus had caused a mini-panic at the company. Workers rushed to back up the newspaper's PCs, afraid the virus's detonation, set for March 6, would crash all systems. It never happened. But my curiosity was stoked; I had to find a copy. I was tipped by teenagers that the place to look was the computer virus underground, secreted away on loose networks of bedroom PCs connected by phone lines.
At the time, the virus underground hoarded its collections. To get access, you had to offer computer viruses in trade. Hence, the origin of the Crypt.
What everyone learned in the land of nasty code, was that it was elementary to subvert and destroy. There was an allure in the multitude of ways a person could be taken unawares and relieved of control of his machine and the property on it. The wide-open nature of systems meant files could be shuffled and sliced, stealthy code delivered to hidey-holes in memory, the entire roots of the operation replaced with sinister functions that put the machine under the Trojan horse's control. The corruption could be hidden away, rendered invisible. If sanitation were attempted, a crash would be instigated, digital valuables incinerated, or conditions set that would make it appear hardware had been put to death.
Trouble was, it was hard to get paid for writing things that purposely messed up the computers of others. There was reluctance in the corporate world to hire people to brainstorm screwing up the computers of othersrivals, enemies, competitors, anyone who needed to be controlled, monitored, and meddled with, like fans of pop music, all obviously thought to be thieves.
It took a true egghead, Mark Ludwig, a graduate of Caltech and MIT, to work out the early profit margins. (He eventually became the publisher of my book on virus-writers.) Ludwig's first step was to write an explanatory volume, The Little Black Book of Computer Viruses, and it started the business off with a bang.A CD-ROM packed with arcane digital troubles and entitled Outlaws of the Wild West was assembled and sold for $100. There were many takers. The crowning achievement was a $400, 200-page tome called Computer Virus Supertechnology. Government and industry security men reliably bought copies, fueling the business.
By the turn of the century that profit model was shot. Bad code became too common to sell. It was stockpiled on multiple Internet sites. Virus-writing was amplified by the growth in speed and size of the world network and the ease with which growing numbers were willing to try their hands at it. Infection landed in e-mailboxes every day.