一个病毒制造者的自述[英文]

When Mario is bored, he likes to sit at his laptop and create computer viruses and worms. Online, he goes by the name Second Part to Hell, and he has written more than 150 examples of what computer experts call 'malware': tiny programs that exist solely to self-replicate, infecting computers hooked up to the internet. Sometimes, these programs cause damage and sometimes they don't. Mario says he prefers to create viruses that don't intentionally wreck data, because simple destruction is too easy. 'Anyone can rewrite a hard drive with one or two lines of code,' he says. 'It makes no sense. It's really lame.' Besides which, it's mean, he says, and he likes to be friendly.

But still - just to see if he could do it - a year ago he created a rather dangerous tool: a program that autogenerates viruses. It's called a Batch Trojan Generator and anyone can download it freely from Mario's website. With a few simple mouse clicks, you can use the tool to create your own malicious 'Trojan horse'. Like its ancient namesake, a Trojan virus arrives in someone's e-mail looking like a gift, a jpeg picture or a video, for example, but actually bearing dangerous cargo.

Mario starts up the tool to show me how it works. A little box appears on his laptop screen, politely asking me to name my Trojan. I call it the 'Clive' virus. Then it asks me what I'd like the virus to do. Shall the Trojan horse format drive C:? Yes, I click. Shall the Trojan horse overwrite every file? Yes. It asks me if I'd like to have the virus activate the next time the computer is restarted and I say yes again.

Then it's done. The generator spits out the virus on to Mario's hard drive, a tiny 3k file. Mario's generator also displays a stern notice warning that spreading your creation is illegal. The generator, he says, is just for educational purposes, a way to help curious programmers learn how Trojans work.

But, I could ignore that advice. I could give this virus an enticing name, like 'britney-spears-wedding-clip. mpeg' to fool people into thinking it's a video. If I were to email it to a victim and if he clicked on it and didn't have up-to-date anti-virus software, then disaster would strike his computer. The virus would activate. It would quietly reach into the victim's Microsoft Windows operating system and insert new commands telling the computer to erase its own hard drive.

The next time the victim started up his computer, the machine would find those new commands, assume they were part of the normal Windows operating system and guilelessly follow them. Everything on his hard drive would vanish - emails, pictures, documents, games. Mario drags the virus over to the trash bin on his computer's desktop and discards it. 'I don't think we should touch that,' he says hastily.

Computer experts called 2003 'the Year of the Worm'. For 12 months, digital infections swarmed across the internet with the intensity of a biblical plague. It began in January, when the Slammer worm infected nearly 75,000 servers in 10 minutes, clogging cashpoint networks and causing sporadic flight delays. In the summer, the Blaster worm struck, spreading by exploiting a flaw in Windows; it carried taunting messages directed at Bill Gates, infected hundreds of thousands of computers and tried to use them to bombard a Microsoft website with data.

Then in August, a worm called Sobig.F exploded with even more force, spreading via email that it generated by stealing addresses from victims' computers. It propagated so rapidly that at one point, one out of every 17 email messages travelling through the internet was a copy of Sobig.F. The computer security firm mi2g estimated that the worldwide cost of these attacks in 2003, including clean-up and lost productivity, was at least $82 billion (though such estimates have been criticised for being inflated).

The pace of contagion seems to be escalating. When the Mydoom.A email virus struck in late January, it spread even faster than Sobig.F; at its peak, experts estimated, one out of every five email messages was a copy of Mydoom.A. It also carried a nasty payload: it reprogrammed victim computers to attack the website of SCO, a software firm vilified by geeks in the 'open source' software community.

You might assume that the blame - and the legal repercussions - for the destruction would land directly at the feet of people like Mario. But as the police around the globe have cracked down on cybercrime in the past few years, virus writers have become more cautious, or at least more crafty. These days, many elite writers do not spread their works at all. Instead, they 'publish' them, posting their code on web sites, often with detailed descriptions of how the program works. Essentially, they leave their viruses lying around for anyone to use.

Invariably, someone does. The people who release the viruses are often anonymous mischief-makers, or 'script kiddies'. That's a derisive term for aspiring young hackers, usually teenagers or students, who don't yet have the skill to program computers but like to pretend they do. They download the viruses, claim to have written them themselves and then set them free in an attempt to assume the role of a fearsome digital menace. Script kiddies often have only a dim idea of how the code works and little concern for how a digital plague can rage out of control. Our modern virus epidemic is thus born of a symbiotic relationship between the people smart enough to write a virus and the people dumb enough - or malicious enough - to spread it.

This development worries security experts, because it means that virus writing is no longer exclusively a high-skill profession. By so freely sharing their work, the elite virus writers have made it easy for almost anyone to wreak havoc online. When the damage occurs, as it inevitably does, the original authors just shrug. We may have created the monster, they'll say, but we didn't set it loose. This dodge infuriates security professionals and the police, who say it is legally precise but morally corrupt. Like a collection of young Dr. Frankensteins, the virus writers are increasingly creating forces they cannot control and for which they explicitly refuse to take responsibility.

'Where's the beer?' Philet0ast3r wondered. An hour earlier, he had dispatched three friends to pick up another case, but they were nowhere in sight. He looked out over the controlled chaos of his one-bedroom apartment in small-town Bavaria. (Most of the virus writers I visited live in Europe; there have been very few active in the United States since 9/11, because of fears of prosecution.) Philet0ast3r's party was crammed with 20 friends who were blasting out punk band Deftones, playing cards, smoking furiously and arguing about politics. It was a Saturday night. Philet0ast3r, a 21-year-old with a small silver hoop piercing his lower lip, wears his brown hair in thick dreads. (Philet0ast3r is an online handle; he didn't want me to use his name.)

His friends finally arrived with a fresh case of beer and his blue eyes lit up. He flicked open a bottle using the edge of his cigarette lighter and toasted the others. A tall blond friend in a jacket festooned with anti-Nike logos put his arm around Philet0ast3r and beamed.

'This guy,' he proclaimed, 'is the best at Visual Basic.'

In the virus underground, that's love. Visual Basic is a computer language popular among malware authors for its simplicity; Philet0ast3r has used it to create several of the two dozen viruses he's written. From this tiny tourist town, he works as an assistant in a home for the mentally disabled and in his spare time runs an international virus-writers' group called the 'Ready Rangers Liberation Front'. I met him, like everyone profiled in this article, online, first emailing him, then chatting in an internet relay chat channel where virus writers meet and trade tips and war stories.

Philet0ast3r got interested in malware the same way most virus authors do: his own computer was hit by a virus. He wanted to know how it worked and began hunting down virus-writers' websites. He discovered years' worth of viruses online, all easily downloadable, as well as primers full of coding tricks. He spent long evenings hanging out in online chat rooms, asking questions, and soon began writing his own worms.

One might assume Philet0ast3r would favour destructive viruses, given the fact that his apartment is decorated top to bottom with anti-corporate stickers. But his viruses, like those of many malware writers, are often surprisingly mild things carrying goofy payloads. One he is developing will install two artificial intelligence chat-agents on your computer; they appear in a pop-up window, talking to each other nervously about whether your antivirus software is going to catch and delete them. Philet0ast3r said he was also working on something sneakier - a 'keylogger'. It's a Trojan virus that monitors every keystroke its victim types, including passwords and confidential email messages, then secretly mails out copies to whoever planted the virus. Anyone who spreads this Trojan would be able to quic

[1] [2] [3] [4] 下一页