Unemployed virus writers take heart

The Music Biz want you

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

The recording industry is hiring cyber miscreants to attack its own customers. And we thought you'd never amount to anything, writes George Smith, SecurityFocus columnist.

Nowhere Man, please listen, the recording industry has a job for you. The pay is good, the work easy and exciting, ripe with opportunity for someone creatively adept at clandestine dirty tricks.

Nowhere Man was an American virus-writer -- vintage 1992 -- who "invented" the Virus Creation Lab, one of the first widely-distributed programs to automate the production of malicious software. It was full of smirking computer hotfoots, none difficult for the anti-virus industry to counter, but ideal for turning a cyberspatial tenderfoot's afternoon into a hair-pulling good time.

Conceptually, it was perfect for a recording industry "exploring options," as the New York Times obliquely put it last week, for "overwhelming [music] distribution networks with potentially malicious programs that masquerade as music files."

Included with the Virus Creation Lab were the Nowhere Utilities, a set of "tools" to be used in plaguing software pirates, the feeble-minded, people in the wrong place at the wrong time and the avaricious with the electronic equivalent of free poisoned chocolate candies.

"They were for taking down lamers!" Nowhere Man laughed ten years ago.

Some were designed to create waste-your-time dummy files called "fakewarez"; Madonna would have certainly liked them. Others took advantage of file compression to create seemingly small archived binaries which expanded to system-crashing Brobdingnagian size when expanded, a stunt that still worked on some electronic file scanners a couple years back.

Other techniques disguised old viruses or patched code so that the use of a program would corrupt or erase data.

Taken singly, they were merely annoying. But in the aggregate they were enablers of escalating hostility.

Using Nowhere Man's software in 1992, I quickly made a virus called Heevahava, the name being a Pennsylvania Dutch pejorative for a simpleton, colloquially -- a farmhand given the job of harvesting sperm from a bull. "A more malicious program, dubbed 'freeze,' locks up a computer system..." wrote the Times of "industry options" to fight piracy. Heevahava locked up the machine, too, and could even be custom-tailored to display an annoying message, perhaps like: "Only Heevahavas steal music. Stop thief or else!"

New Dog, Old Tricks

What I learned was that there's no real line between mildly annoying disruption -- the industry's spin on these anti-piracy measures -- and pure overt and aggressive malice. It's too easy, even alluring once you're neck deep in it, to go from jamming up the computer and causing a reset to making the machine impossible to start without a trip to the doctor. Rationalizing such action as justified by circumstance is an even simpler task.

Imagine something like imposing a "cursed disk" fault. A few years back you could diddle the system sector of a Windows machine so that the PC could not even be started from a bootable diskette without some very specialized knowledge on the nature of the induced error.

Caught in a sweat, it was easy to persuade the afflicted that the hard disk had failed completely even though everything on it was unharmed. Ha-ha-ha, so funny. You shouldn't ha' ripped that Linkin Park CD, pally. Now you've learned your lesson.

The industry knows this type of conduct is contemptible. So do the media defender firms hired to develop and deploy the dirty work. One can just imagine the briefings on plans and "plausible deniability" already -- smug but clueless suits buying hogwash about how some allegedly sanitary enforcer technology will thrash the guilty and restore profits through fear and intimidation in a couple quarters.

Virus-writers never enjoyed any good publicity from working on code that could be used to devil pirates. No certificates of merit were handed out; it wasn't worth any money.

The entertainment conglomerates will find out that investing in the reinvention of virus-writer ideology and applications earns them more grief than satisfaction. They'll be ripped off by the firms they have commissioned because it is easy to overcharge for the work, the fruit of it being technical swill reproducible by chimpanzees. And then they will find that they have to keep it secret lest the more reptilian actions leak, and present public relations catastrophes.

Nowhere Man was just a kid and he outgrew his underground hobby. But the new nowhere men stand ready to poke rock and roll fans in the eyes with electronic sticks. That's real progress.

© SecurityFocus logo

Related stories

RIAA attacking our culture, the American Mind
Madonna's borderline MP3 tactics
Like a virgin: Madonna hacked for the very first time

George Smith is Editor-at-Large for VMYTHS and founder of the Crypt Newsletter. He has written extensively on viruses, the genesis of techno-legends and the impact of both on society. His work has appeared in publications as diverse as the Wall Street Journal, the Village Voice and the National Academy of Science's Issues in Science & Technology, among others.

Security for virtualized datacentres

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.