Tales From the Crypt

As Sony dabbles with CD host-busters, a virus programmer remembers the bad old days

But the fundamentals for using malicious code had been worked out by the first virus-writers. Not only could it be used to harass file-sharing network users but also to enforce digital rights. The original kids often entertained themselves by victimizing software pirates and their trading networks. The networks were anchored to antique bulletin board systems and the prevailing philosophy was that pirates deserved trouble because they were greedy. Does that sound familiar?

Plus, thieves were viewed as lamers unaware of the many ways their virtual trading market could be contaminated. To that end, in 1992, a Chicago-area high school student named Nowhere Man came up with the idea of making programs to speed the poisoning of portions of pirate file-sharing networks with an assortment of vexing dummies. Although Nowhere Man never received a piece of the intellectual credit for this, The New York Times wrote in May 2003, the recording industry was "exploring options" that included "overwhelming [music] distribution networks with potentially malicious programs that masquerade as music files." It took 11 years to get there. Today, what had been the pesky work of teenagers is corporate entertainment-industry retaliation: "Overpeer Inc. . . . is paid by the entertainment industry to combat illegal downloading with an army of computerized drones," stated the Los Angeles Times in October. "From an office overlooking the New York Public Library, [it] unleashes millions of fake files into popular networks such as eDonkey, Kazaa and Gnutella every hour."

Shotgunning fake files into networks being used for piracy was petty stuff in the early '90s, and it still is, compared to Sony BMG's rootkit Trojan horse. Discovered on the Sysinternals blog, Mark Russinovich's examination of the Sony Trojan revealed it to be the infliction of malicious software on the unwitting. Delving into its slippery ways, the blog showed the Sony malware cloaking itself within the vitals of the machine, stratagems virus writers were happy to use more than a decade ago.

illustration: Nate Williams

The corporate-speak in Sony's "user agreement" was functionally similar to the sucker texts furnished in old Trojan horses. It was a script for gaining consent to run something on the computer while revealing little of what that something was. If cauterized later, Russinovich discovered the Sony virus had massaged the machine so that it would appear the CD-ROM drive had failed. And since it was distributed through retail, it was assured that potentially millions would get it, snaring even those who did not trade music via the Internet.

Because of outrage from music fans Sony halted production of its malware. But if a twentysomething virus-writer had written the Sony Trojan finding its way to thousands, the law would have been after him in a flash.

A few virus-writers have been dragged into criminal court and convicted. To a man, they have never been able to defend themselves with claims that they didn't know what they were doing, that it was all an accident, just fooling around or intent to protect one's property gone awry. That's because when writing code like the Heevahava's or the Sony Trojan's, the author knows implicitly that it is malicious and will cause trouble for people in unknowing contact with it. It's not illegal to write viral code and although I never put the Heevahava on someone else's machine or tried to, I did distribute it in the Crypt on virus underground bulletin boards. Once there, it was out of my control. Anyone else with bad intent could do with it what they wished. Like me, Sony's viral programming flunkies had to know the bad potential of their Trojan horse. And they were successful in purposefully loading it onto the computers of others. It would be good to arrest them.

George Smith wrote about viruses and computer security for over a decade and is the author of the book, The Virus Creation Labs.

« Previous Page

Concert Calendar

  • May
  • Sat
  • Sun
  • Mon
  • Tue
  • Wed
  • Thu
  • Fri