Unemployed virus writers take heart

The Music Biz want you

  • alert
  • submit to reddit

Securing Web Applications Made Simple and Scalable

The recording industry is hiring cyber miscreants to attack its own customers. And we thought you'd never amount to anything, writes George Smith, SecurityFocus columnist.

Nowhere Man, please listen, the recording industry has a job for you. The pay is good, the work easy and exciting, ripe with opportunity for someone creatively adept at clandestine dirty tricks.

Nowhere Man was an American virus-writer -- vintage 1992 -- who "invented" the Virus Creation Lab, one of the first widely-distributed programs to automate the production of malicious software. It was full of smirking computer hotfoots, none difficult for the anti-virus industry to counter, but ideal for turning a cyberspatial tenderfoot's afternoon into a hair-pulling good time.

Conceptually, it was perfect for a recording industry "exploring options," as the New York Times obliquely put it last week, for "overwhelming [music] distribution networks with potentially malicious programs that masquerade as music files."

Included with the Virus Creation Lab were the Nowhere Utilities, a set of "tools" to be used in plaguing software pirates, the feeble-minded, people in the wrong place at the wrong time and the avaricious with the electronic equivalent of free poisoned chocolate candies.

"They were for taking down lamers!" Nowhere Man laughed ten years ago.

Some were designed to create waste-your-time dummy files called "fakewarez"; Madonna would have certainly liked them. Others took advantage of file compression to create seemingly small archived binaries which expanded to system-crashing Brobdingnagian size when expanded, a stunt that still worked on some electronic file scanners a couple years back.

Other techniques disguised old viruses or patched code so that the use of a program would corrupt or erase data.

Taken singly, they were merely annoying. But in the aggregate they were enablers of escalating hostility.

Using Nowhere Man's software in 1992, I quickly made a virus called Heevahava, the name being a Pennsylvania Dutch pejorative for a simpleton, colloquially -- a farmhand given the job of harvesting sperm from a bull. "A more malicious program, dubbed 'freeze,' locks up a computer system..." wrote the Times of "industry options" to fight piracy. Heevahava locked up the machine, too, and could even be custom-tailored to display an annoying message, perhaps like: "Only Heevahavas steal music. Stop thief or else!"

New Dog, Old Tricks

What I learned was that there's no real line between mildly annoying disruption -- the industry's spin on these anti-piracy measures -- and pure overt and aggressive malice. It's too easy, even alluring once you're neck deep in it, to go from jamming up the computer and causing a reset to making the machine impossible to start without a trip to the doctor. Rationalizing such action as justified by circumstance is an even simpler task.

Imagine something like imposing a "cursed disk" fault. A few years back you could diddle the system sector of a Windows machine so that the PC could not even be started from a bootable diskette without some very specialized knowledge on the nature of the induced error.

Caught in a sweat, it was easy to persuade the afflicted that the hard disk had failed completely even though everything on it was unharmed. Ha-ha-ha, so funny. You shouldn't ha' ripped that Linkin Park CD, pally. Now you've learned your lesson.

The industry knows this type of conduct is contemptible. So do the media defender firms hired to develop and deploy the dirty work. One can just imagine the briefings on plans and "plausible deniability" already -- smug but clueless suits buying hogwash about how some allegedly sanitary enforcer technology will thrash the guilty and restore profits through fear and intimidation in a couple quarters.

Virus-writers never enjoyed any good publicity from working on code that could be used to devil pirates. No certificates of merit were handed out; it wasn't worth any money.

The entertainment conglomerates will find out that investing in the reinvention of virus-writer ideology and applications earns them more grief than satisfaction. They'll be ripped off by the firms they have commissioned because it is easy to overcharge for the work, the fruit of it being technical swill reproducible by chimpanzees. And then they will find that they have to keep it secret lest the more reptilian actions leak, and present public relations catastrophes.

Nowhere Man was just a kid and he outgrew his underground hobby. But the new nowhere men stand ready to poke rock and roll fans in the eyes with electronic sticks. That's real progress.

© SecurityFocus logo

Related stories

RIAA attacking our culture, the American Mind
Madonna's borderline MP3 tactics
Like a virgin: Madonna hacked for the very first time

George Smith is Editor-at-Large for VMYTHS and founder of the Crypt Newsletter. He has written extensively on viruses, the genesis of techno-legends and the impact of both on society. His work has appeared in publications as diverse as the Wall Street Journal, the Village Voice and the National Academy of Science's Issues in Science & Technology, among others.

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story


Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.