Implications of Computer Viruses
Writers] [Script Kiddies] [Social
So Who is the Generic
Virus Writer Anyway? [Top]
In 1994, Sarah Gordon published a groundbreaking paper entitled The
Generic Virus Writer. In this paper Gordon
attempted to delineate the different categories of virus writers and also
apply ethical models to their actions. According to the author, the four
main types of virus writers at the time were:
- The Adolescent
- Virus writer aged 13-17; has written at least one computer virus; has distributed
at least one computer virus into the wild.
- The College Student
writer aged 18-24; has written at least one computer virus; has distributed
at least one computer virus into the wild. Student in university or university
- The Adult/Professionally Employed
- Post-college or adult,
professionally employed; has written at least one virus; has distributed
at least one virus into the wild.
- The Ex-Virus Writer
- Virus writer who has written and distributed one or more computer
viruses. The viruses must have been found in the wild; the author
must have supplied sufficient proof to enable determination that
he did indeed write the virus; there must be no evidence that he
has written or continued to write viruses for a period of at least
6 months prior to commencement of this research.
Gordon worked with
one actual virus writer from each of the above categories, measuring their
reasoning skills as well as their reactions to common ethical dilemmas.
Her study used the ethical
models prepared by Lawrence Kohlberg, a former Harvard University
professor who committed suicide in 1987 under extremely strange circumstances.
The Kohlberg system separated moral development into three levels with
two stages at each level. Ethical growth proceeds from Stage 1, Level
1, where decisions about right and wrong are based primarily on punishment
and obedience to avoid punishment, to Stage 6, Level 3, where individuals
make decisions about right and wrong based on their own formulated ethical
principles. In order to determine the virus writers' position in the ethical
spectrum, Gordon presented them with Kohlberg's classical ethical dilemma,
defined as follows:
Read and consider
carefully the following scenario.
In Europe, a woman
was near death from a special kind of cancer. There was one drug that
the doctors thought might save her. It was a form of radium that a pharmacist
in the same town had recently discovered. The drug was expensive to make,
but the pharmacist was charging $2000, or 10 times the cost of the drug,
for a small possibly life-saving) dose. Heinz, the sick woman's husband,
borrowed all the money he could, about $1000, or half of what he needed.
He told the pharmacist that his wife was dying and asked him to sell the
drug cheaper, or to let him pay later. The pharmacist replied, 'No, I
discovered the drug and I'm going to make money from it.' Heinz then became
desperate and broke into the store to steal the drug for his wife.
Should Heinz have
Now that you have
read it, and considered it, please resolve the moral dilemma. That is,
what are the problems in the story? What problems does each person have
to deal with? Who is wrong, right, and why?
When you write
your response, please include the following points:
be punished for stealing the drug? Did the pharmacist have the right
to charge so much? Would it be proper to charge the pharmacist with
murder? If so, should his punishment be greater if the woman who died
was an important person? What would you have done if you were Heinz?
The motivation for
Gordon's 1994 study was to see if virus writers could accurately be lumped
into a single, well-defined group. It was clear then and is still clear
now that this is not possible. For one thing, the results of the Kohlberg
dilemma placed the younger virus writers approximately in the ethical
norm for their respective ages. Most believed that malicious code was
wrong and claimed to begin writing viruses out of curiosity. On the contrary,
Kohlberg's own work with criminals categorized many known criminals as
consistently falling below the ethical average. For the adult virus writers,
Gordon did not find any admitted virus writers who fell within the ethical
norm for their age, and confirmed this deficit by comparing with a control
group. What sort of conclusions can we draw
from this work? Are all virus writers ethical crusaders trying to enhance
their knowledge of computer intricacies, and the media intentionally mislabels
them as criminals? Are standard ethical models appropriate measures for
electronic acts of mischief such as virus creation and distribution? Whatever
questions arise from Gordon's study, it is important to note that seven
years have passed since the initial publication of the results. We are
now in the new millennium, facing new viruses with greater destructive
capabilities. Welcome to the generation of the script kiddies.
The Age of the
Script Kiddies [Top]
The year 2000 was the year that the so-called "script kiddies" left an
indelible mark on the history of the Internet. On February 7 of that year,
a coordinated denial of service attack launched from various locations
around the Internet brought down the Yahoo
web site for approximately three hours. Two
days later, other major websites were hit with similar attacks, including
Amazon.com, and Buy.com.
May saw the release of the ILoveYou virus which crippled millions of computers
worldwide and caused tens of millions of dollars worth of damage. Although
the attacks differed in their methods and their perpetrators, one thing
held in common - all of the suspects can safely be placed into the category
of "script kiddies," the new age of Internet hackers. A 1995 book entitled
"Hack Proofing Your Internetwork" contains the following entry for "script
"The term script
kiddie has come into vogue in recent years. The term refers to crackers
who use scripts and programs written by others to perform their intrusions.
If one is labeled a "script kiddie," then he or she is assumed to
be incapable of producing his or her own tools and exploits, and lacks
proper understanding of exactly how the tools he or she uses work.
As will be apparent by the end of this chapter, skill and knowledge
(and secondarily, ethics) are the essential ingredients to achieving
status in the minds of hackers. By definition, a script kiddie has
no skills, no knowledge, and no ethics." 
Jargon Dictionary has a similar definition:
pl.n. 1. The lowest form of cracker;
script kiddies do mischief with scripts and programs written by others,
often without understanding the exploit.
2. People who cannot program, but who create tacky HTML pages
a script kiddie writes (or more likely cuts and pastes) code without
either having or desiring to have a mental model of what the code
does; someone who thinks of code as magical incantations and asks
only "what do I need to type to make this happen?" 
Whatever they're called,
one thing is common among all script kiddies: "true" hackers hate them.
The "real" hackers despise the lazy maliciousness employed by such script
kiddies and time and again try to separate themselves from being placed
into the same category.
Script kiddies are
important to mention because most of the major computer attacks over the
past two years have been caused by these new members of the hacking community.
The recent Anna Kournikova virus is a good example. The virus was released
into the wild on February 11th, and by February 14th, hundreds of thousands
of copies were circulating the Internet, jumping from computer to computer
as curious users clicked on an attachment purporting to be a photograph
of the famous Russian tennis star. So who was the skilled programmer who
crafted such an effective virus? Surely it was the work of a veteran hacker,
perhaps a disgruntled tennis player with a PhD in Computer Science? In
reality, the author of the virus was a twenty-year-old Dutch man who goes
by the alias "OnTheFly." After posting an anonymous letter on a Dutch
Web Site and turning himself in to his local police, authorities began
questioning the man to his motives. Fitting perfectly to the script kiddie
stereotype, his own letter claimed that he did not actually know how to
program a computer.
Instead, the man used
a popular "virus toolkit" called the VBS Worm Generator to make his mass-mailer
in a simple point and click fashion. Such toolkits have been around since
1990 , but in recent years their power and
ease of use has risen dramatically. This particular toolkit requires almost
no technical know-how beyond the ability to use a mouse and allows the
user to customize the type and severity of attack associated with his
virus. Here is a screenshot from the toolkit, courtesy of ZDNet: 
different flavors of "payloads" are available, ranging from the display
of an innocuous message to a complete system crash. Additionally,
the user can customize when the payload is executed, effectively creating
a virus "time bomb". The Anna Kournikova virus was triggered to connect
to a certain Dutch web site on January 26th and perhaps send information,
but other than that, no malicious code existed. In actuality, the
author wrote that he "never wanted to harm the people who opened the
attachment. But after all: it's their own fault they got infected."
OnTheFly also claimed in his online admission that he wrote the virus
to demonstrate that people had not learned their lessons from the
LoveBug virus. Judging from the extent of the Anna Kournikova worm,
it appears that this script kiddie was right on the money.
When she's not modeling or playing tennis, she's spawning mass-mailing
email worms like the VBS/OnTheFly virus that recently swept the world
in a fashion nearly identical to that of the LoveLetter disaster of 2000.
The Hack of the Future? [Top]
The Jargon Dictionary defines social
engineering as the following:
n. Term used among crackers and samurai
for cracking techniques that rely on weaknesses in wetware
rather than software; the aim is to trick people into revealing passwords
or other information that compromises a target system's security.
Classic scams include phoning up a mark who has the required information
and posing as a field service tech or a fellow employee with an urgent
access problem. See also the tiger
team story in the patch
engineering is "people hacking" - getting people to comply with your wishes
even though they would normally not do such things. The major virus attacks
of the past two years have all been successful because of some element
of social engineering. The ILoveYou virus came with the three most powerful
words of all time - who doesn't want to be loved? Apparently members of
the British House of Commons and the US Congress had enough interest to
click on the attachment and unleash the virus in their respective establishments.
a virus that circulated in 1999, included a picture of a character from
the popular Comedy Central
cartoon South Park.
Of course we cannot overlook the Anna Kournikova virus - would people
have clicked on the attachment if, say, it was named BobDole.jpg.vbs?
Ken Dunham, a writer for securityportal.com,
pondered that exact question in a piece written shortly after the Kournikova
incident. Some of his thoughts are included below:
Imagine if the attachment
was named something else: perhaps the name of another person. Would that
have made a difference? What if Anna was. . . Ken? Here are some initial
thoughts on the matter.
a sexy tennis star, worthy of the massive proliferation that took
place on 2/12/01. MessageLabs VirusEye alone shows over 8,500
detections to date!
he is a guy, but according to what women tell me, he's sexy. He
might get 40% of Anna's share on the market if he were to go public
with this attachment name.
by some America's Sweetheart, she might be able to compete with
Anna. But I don't know - she smiles a lot and wears more clothes
James Bond, 007! He's so full of charm I think the name of the
attachment might need to be updated a bit to be more provocative.
Perhaps something like PierceBrosnanBaresItAll.jpg.vbs might work
is truly the king of music. If he was sighted in an email it could
be big news worldwide. Rumor has it he was seen pumping gas in
Idaho just the other day.
by far, has the greatest potential. It has everything the average
employee is looking for when reading email. Contrary to popular
opinion, attachments such as TasksToComplete.jpg.vbs are not popular
Surely, the fact
that the virus was named after an international sex symbol helped galvanize
its spread throughout the Internet. This leads to a dilemma that anti-virus
teams and virus writers alike are aware of - anti-virus software is
not human and is not yet capable of detecting "human weaknesses." Virus
writers have discovered a socially engineered portal into a world where
paranoia disappears if you say the right words. Until people become
better educated about how to spot suspicious emails and questionable
file attachments, social engineering will continue to fuel the spread
Kournikova Pictures Site