Feeds

Unemployed virus writers take heart

The Music Biz want you

  • alert
  • submit to reddit

Using blade systems to cut costs and sharpen efficiencies

The recording industry is hiring cyber miscreants to attack its own customers. And we thought you'd never amount to anything, writes George Smith, SecurityFocus columnist.

Nowhere Man, please listen, the recording industry has a job for you. The pay is good, the work easy and exciting, ripe with opportunity for someone creatively adept at clandestine dirty tricks.

Nowhere Man was an American virus-writer -- vintage 1992 -- who "invented" the Virus Creation Lab, one of the first widely-distributed programs to automate the production of malicious software. It was full of smirking computer hotfoots, none difficult for the anti-virus industry to counter, but ideal for turning a cyberspatial tenderfoot's afternoon into a hair-pulling good time.

Conceptually, it was perfect for a recording industry "exploring options," as the New York Times obliquely put it last week, for "overwhelming [music] distribution networks with potentially malicious programs that masquerade as music files."

Included with the Virus Creation Lab were the Nowhere Utilities, a set of "tools" to be used in plaguing software pirates, the feeble-minded, people in the wrong place at the wrong time and the avaricious with the electronic equivalent of free poisoned chocolate candies.

"They were for taking down lamers!" Nowhere Man laughed ten years ago.

Some were designed to create waste-your-time dummy files called "fakewarez"; Madonna would have certainly liked them. Others took advantage of file compression to create seemingly small archived binaries which expanded to system-crashing Brobdingnagian size when expanded, a stunt that still worked on some electronic file scanners a couple years back.

Other techniques disguised old viruses or patched code so that the use of a program would corrupt or erase data.

Taken singly, they were merely annoying. But in the aggregate they were enablers of escalating hostility.

Using Nowhere Man's software in 1992, I quickly made a virus called Heevahava, the name being a Pennsylvania Dutch pejorative for a simpleton, colloquially -- a farmhand given the job of harvesting sperm from a bull. "A more malicious program, dubbed 'freeze,' locks up a computer system..." wrote the Times of "industry options" to fight piracy. Heevahava locked up the machine, too, and could even be custom-tailored to display an annoying message, perhaps like: "Only Heevahavas steal music. Stop thief or else!"

New Dog, Old Tricks

What I learned was that there's no real line between mildly annoying disruption -- the industry's spin on these anti-piracy measures -- and pure overt and aggressive malice. It's too easy, even alluring once you're neck deep in it, to go from jamming up the computer and causing a reset to making the machine impossible to start without a trip to the doctor. Rationalizing such action as justified by circumstance is an even simpler task.

Imagine something like imposing a "cursed disk" fault. A few years back you could diddle the system sector of a Windows machine so that the PC could not even be started from a bootable diskette without some very specialized knowledge on the nature of the induced error.

Caught in a sweat, it was easy to persuade the afflicted that the hard disk had failed completely even though everything on it was unharmed. Ha-ha-ha, so funny. You shouldn't ha' ripped that Linkin Park CD, pally. Now you've learned your lesson.

The industry knows this type of conduct is contemptible. So do the media defender firms hired to develop and deploy the dirty work. One can just imagine the briefings on plans and "plausible deniability" already -- smug but clueless suits buying hogwash about how some allegedly sanitary enforcer technology will thrash the guilty and restore profits through fear and intimidation in a couple quarters.

Virus-writers never enjoyed any good publicity from working on code that could be used to devil pirates. No certificates of merit were handed out; it wasn't worth any money.

The entertainment conglomerates will find out that investing in the reinvention of virus-writer ideology and applications earns them more grief than satisfaction. They'll be ripped off by the firms they have commissioned because it is easy to overcharge for the work, the fruit of it being technical swill reproducible by chimpanzees. And then they will find that they have to keep it secret lest the more reptilian actions leak, and present public relations catastrophes.

Nowhere Man was just a kid and he outgrew his underground hobby. But the new nowhere men stand ready to poke rock and roll fans in the eyes with electronic sticks. That's real progress.

© SecurityFocus logo

Related stories

RIAA attacking our culture, the American Mind
Madonna's borderline MP3 tactics
Like a virgin: Madonna hacked for the very first time

George Smith is Editor-at-Large for VMYTHS and founder of the Crypt Newsletter. He has written extensively on viruses, the genesis of techno-legends and the impact of both on society. His work has appeared in publications as diverse as the Wall Street Journal, the Village Voice and the National Academy of Science's Issues in Science & Technology, among others.

The smart choice: opportunity from uncertainty

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.