9 Feb 2004

Writing viruses/worms - with power comes responsibility..

Note: This article has been moved over from my previous blog for historical purposes.

2003 was called "The year of the worms". It began in Jan with the slammer worm affecting nearly 75000 servers in 10 minutes, clogging bank of america's ATM network, causing sporadic flight delays, etc. Just when we thought that nothing could beat that - along came the Blaster worm exploiting a flaw in the Windows OS, effecting twice as many servers in half the time using them to bombard a microsoft site. 

Come August, Sobig.F worm was born with still more destructive force using email (it used email addresses stolen from the infected machines address books). It is said to have propogated so rapidly that at one point one of every 17 mails travelling through the internet was a copy of the Sobig worm (and looking at the size of internet - that was astronomical level of infection !)
Next came Mydoom.A in late January (it still continues to rage) spreading faster than Sobig.F (one out of every 5 copy was a copy of mydoom). This one however, was programmed to attack the computer software maker - SCOs website. Similiarities in the last two worms indicated a copy-and-use situation. 

Over the time, several people have been arrested (mostly teenagers) for having written such viruses. These unfortunate people will face severe persecution if convicted (something like atleast 10 years in prison followed by a lifetime of ban from using computers - not to mention a ruined career).

All the above comes from a article "The Virus Underground" (The New York Times, Feb 8, 2004). The article goes on to discuss how easy it has become to make such viruses (there are point-click-and-mail utilities now). Not all of them are using copy-modify-publish method, but it basically starts there. Once caught the author come up with "All right we wrote it, but we didnt set if free". Allthough infuriating, the attitude deserves a little peice of advice. 

This advice is something that has been repeated countless number of times in countless situations - "With great power comes greater responsibility". In todays world Knowledge is power. Which translates into "The more you know the greater becomes the responsibility to use it wisely".
A know several kids who have looked into viral codes (including myself) and buried the source code there and then buried it (they meant it when they said "We want to learn"). The source code and the knowledge acquired from it was used for the purposes of educating friends and others on how to stay safe (i continue to spread the message around with several others doing the same.)
I guess the point i am trying to make is that it is very easy to take the wrong turn and end up misusing such knowledge. I dont have a solution for this - just a suggestion. Try looking at the brighter side within yourself and the answers will come in easy. Yeah, it does translate into harder work - but be the man ! (err.. or the woman !). 

Now that u have learnt to write worms or viruses lets see u write something that will stop atleast one of the ones out in the wild and then claim victory. I am a professional programmer who continues to help people recover from virus incidents or prevent them from happening at all. I am still to come up with something that has been able to stop more than a handful worms!

I see leagues, clubs and forums of youngsters sprouting up and collaborating on writing worms. I am yet to see a single one which has dedicated itself to fighting them (except the commercial companies of course). Why ? I guess its because thats the hard thing to do right ?
Its always easy to fight the day. I would like to see someone fight the night (the darkness). 

Just my humble thoughts, of course.