Technically, 'viruses' and 'worms' are slightly different things. When a virus arrives on your computer, it disguises itself. It might look like an OutKast song ('hey_ya.mp3'), but if you look more closely, you'll see it has an unusual suffix, like 'hey_ya.mp3.exe'. That's because it isn't an MP3 file at all. It's a tiny program and when you click on it, it will reprogram parts of your computer to do something new, like display a message. A virus cannot kick-start itself; a human needs to be fooled into clicking on it. This turns virus writers into armchair psychologists, hunting for new tricks to dupe someone into activating a virus. ('All virus-spreading,' one virus writer said caustically, 'is based on the idiotic behaviour of the users.')

Worms, in contrast, usually do not require any human intervention to spread. That means they can travel at the breakneck pace of computers themselves. A worm's danger lies in its speed: when it multiplies, it often generates enough traffic to crash internet servers. The most popular worms today are 'mass mailers' which attack a victim's computer, swipe the addresses out of Microsoft Outlook (the world's most common email program) and send a copy of the worm to everyone in the victim's address book. These days, the distinction between worm and virus is breaking down. A worm will carry a virus with it, dropping it on to the victim's hard drive to do its work, then emailing itself off to a new target.

The most ferocious threats today are 'network worms', which exploit a particular flaw in a software product (often one by Microsoft). The author of Slammer, for example, noticed a flaw in Microsoft's SQL Server, an online database commonly used by businesses and governments. The Slammer worm would find an unprotected SQL server, then would fire bursts of information at it, flooding the server's data 'buffer', like a cup filled to the brim with water.

Once its buffer was full, the server could be tricked into sending out thousands of new copies of the worm to other servers. Normally, a server should not allow an outside agent to control it that way, but Microsoft had neglected to defend against such an attack. Using that flaw, Slammer flooded the net with 55 million blasts of data per second and in only 10 minutes colonised almost all vulnerable machines.

Computer-science experts have a phrase for this type of fast-spreading epidemic, 'a Warhol worm' in honour of Andy Warhol's prediction that everyone would be famous for 15 minutes. 'In computer terms, 15 minutes is a really long time,' says Nicholas Weaver, a researcher at the International Computer Science Institute in Berkeley, who coined the Warhol term. 'The worm moves faster than humans can respond.' He suspects that even more damaging worms are on the way. All a worm writer needs to do is find a significant new flaw in a Microsoft product, then write some code that exploits it. Even Microsoft admits that there are flaws the company doesn't yet know about.

Virus writers are especially hostile toward Microsoft, the perennial whipping boy of the geek world. From their (somewhat self-serving) point of view, Microsoft is to blame for the worm epidemic, because the company frequently leaves flaws in its products that allow malware to spread. Microsoft markets its products to less expert computer users, cultivating the sort of gullible victims who click on disguised virus attachments.

But it is Microsoft's success that really makes it such an attractive target: since more than 90 per cent of desktop computers run Windows, worm writers target Microsoft in order to hit the largest possible number of victims. (By relying so exclusively on Microsoft products, virus authors say, we have created a digital monoculture, a dangerous thinning of the internet's gene pool.) Microsoft is now so angry that it has launched a counterattack. Last autumn, it set up a $5 million fund to pay for information leading to the capture of writers who target Windows machines. So far, it has announced $250,000 bounties for the creators of Blaster, Sobig.F and Mydoom.B.

The motivations of the top virus writers can often seem paradoxical. They spend hours dreaming up new strategies to infect computers, then hours more bringing them to reality. Yet when they're done, most of them say they have little interest in turning their creations free. Though Philet0ast3r is proud of his keylogger, he said he does not intend to release it into the wild. His reason is partly one of self-protection; he wouldn't want the police to trace it back to him. But he also said he does not ethically believe in damaging someone else's computer.

So why write a worm, if you're not going to spread it?

For the sheer challenge, Philet0ast3r replied, the fun of producing something 'really cool'. For the top worm writers, the goal is to make something that's brand new. A truly innovative worm, Philet0ast3r said, 'is like art'. To allow his malware to travel swiftly online, the virus writer must keep its code short and efficient. 'One condition of art,' he noted, 'is doing good things with less.'

For a virus author, a successful worm brings the sort of fame that a daring graffiti artist used to produce: the author's name automatically replicating itself in cyberspace. When anti- virus companies post on their websites a new 'alert' warning of a fresh menace, the thrill for the author is like getting a great book review: something to crow about and email around to your friends. Writing malware, as one author emailed me, is like creating artificial life. A virus, he wrote, is 'a humble little creature with only the intention to avoid extinction and survive'.

Quite apart from the intellectual fun of programming, though, the virus scene is attractive partly because it's very social. When Philet0ast3r drops by a virus-writers' chat channel late at night after work, the conversation is as likely to be about music, politics or girls as the latest in worm technology. Very occasionally, malware authors even meet for a party; when I visited Mario, we met another Austrian virus writer and discussed code for hours at a bar.

The virus community attracts a lot of smart but alienated young men, libertarian types who are often flummoxed by the social nuances of life. While the virus scene isn't dominated by those characters, it certainly has its share and they are often the ones with a genuine chip on their shoulder.

'I am a social reject,' admitted Vorgon, as he called himself, a virus writer in Toronto with whom I exchanged messages one night in an online chat channel. He studied computer science in college but couldn't find a computer job after sending out 400 CVs. With 'no friends, not much family' and no girlfriend for years, he became depressed. He attempted suicide, he said, by walking out one freezing winter night into a nearby forest for five hours with no jacket on. But then he got into the virus-writing scene and found a community.

'I met a lot of cool people who were interested in what I did,' he wrote. 'They made me feel good again.' He called his first virus FirstBorn to celebrate his new identity. Later, he saw that one of his worms had been written up as an alert on an anti-virus site and it thrilled him. 'Kinda like when I got my first girlfriend,' he wrote. 'I was god for a couple days.'

Vorgon is still angry about life. His next worm, he wrote, will try to specifically target the people who wouldn't hire him. It will have a 'spidering' engine that crawls web-page links, trying to find likely email addresses for human-resource managers, 'like careers@microsoft.com, for example'. Then it will send them a fake CV infected with the worm. (He hasn't yet decided on a payload and he hasn't ruled out a destructive one.) 'This is a revenge worm,' he explained, 'for not hiring me, and hiring some loser who is not even half the programmer I am.'

Many people might wonder why virus writers aren't rounded up and arrested for producing their creations. But in most countries, writing viruses is not illegal. Indeed, in America some legal scholars argue that it is protected as free speech. Software is a type of language and writing a program is akin to writing a recipe. It is merely a bunch of instructions for the computer to follow, in the same way that a recipe is a set of instructions for a cook to follow.

A virus or worm becomes illegal only when it is activated, when someone sends it to a victim and starts it spreading in the wild, and it does measurable damage to computer systems. The top malware authors are acutely aware of this distinction. Most virus-writer websites include a disclaimer stating that they exist purely for educational purposes, and that if a visitor downloads a virus to spread, the responsibility is entirely the visitor's.

One of the youngest virus writers I visited was Stephen Mathieson, a 16-year-old in Detroit whose screen name is Kefi. He also belongs to Philet0ast3r's Ready Rangers Liberation Front. A year ago, Mathieson became annoyed when he found members of another virus-writers group called Catfish-VX plagiarising his code. So he wrote Evion, a worm specifically designed to taunt the Catfish guys. He put it up on his website for everyone to see. Like most of Mathieson's work, the worm had no destructive intent. It merely popped up a few cocky messages, including Catfish-VX are lamers. This virus was constructed for them to steal. Someone did steal it, because pretty soon Mathieson heard reports of it being spotted in the wild. To this day, he does not know who circulated Evion, but he suspects it was probably a random troublemaker, a script kiddie who swiped it from his site. 'The kids,' he said, shaking his head, 'just cut and paste.'

Quite aside from the strangeness of listening to a 16-year-old complain

上一页  [1] [2] [3] [4] 下一页