A Special Needs Class

The Little Red Book of Computer Viruses

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

The University of Calgary's new course in virus-writing begs the question: is it a cheap publicity stunt or just boneheaded educating, asks SecurityFocus columnist George Smith.

Did you hear the one about the college professor and his virus-writers course? For the final exam students had to work up viruses that land them in jail for eighteen months. Ta-dump!

It's a valid requirement for getting inside the mind of the virus-writer. It sufficed for virus-writer Chris Pile and would be sure to separate the men from the boys in any such class, guaranteeing that if they talked the talk of the malicious code programmer, they could walk the walk, too.

But I doubt whether John Aycock of the University of Calgary will make his Fall semester virus-writing students do that. Angry parents, outrage, lawsuits, ejection from the academy.

Outrage alone is good, though. It means publicity, and the University of Calgary's press release on its new virus-writing course explicitly promises "[i]nterviews and photo opportunities can be made possible subject to availability."

The computing men of UCal want notice and they should have it. And not just kudos for dreaming up an exciting curriculum but admonishments, too, because real virus-writers revel in their bad notices.

The aim of the UCal course is to get a personal look through the eyes of the malware maker, the reasoning being that only by generating nasty code can one understand and fight digital disease.

"This attitude is similar to what medical researchers do to combat the latest biological viruses such as SARS," blabbers the UCal statement. Absolutely! Everyone knows that the doctors who fought smallpox invented new brands of it and that all medical students specializing in infectious disease have to spend a semester cooking up new ailments.

However, a virus-writing course shouldn't be dumbed down with only milk-liver assignments like the programming of new computer viruses.

The technique of virus-writing is only about ten percent of the mind of the virus-writer and, truth be told, it's the most easily duplicatable and boring part. In addition, the programming is ephemeral: what makes a good Klez now will be no damn good in five years, and students deserve to be given skills that will last them a lifetime.

The good professor, wishing to fathom the motivations of virus-writers first-hand, will have to reproduce in the class some true virus-writer orthodoxy. Aycock, however, may not be able to fulfill this since it is alleged that students who take their work outside the lab will flunk. He might wish to think twice about that penalty.

You see, virus-writers have traditionally been stoked to produce more by observing the success of their creations in the real world. Priest, a San Diego-based virus-writer, was particularly thrilled when anti-virus companies would include the names of his viruses in ads placed in the trades. Others gained inspiration from seeing their creations appear in the anti-virus industry's "Wild List."

As a student, Harry McBungus released his work onto the computing devices of his peers in Australia and, of course, a university presents many opportunities of this nature, too.

Midterm Worms

To build esprit de corps, the class could divide into competing virus-writing claques, with names chosen with an eye toward virus history -- like NuKE[Calg@rEe] or Northern Corrupted Programming.

A week or two could be reserved for devising means of baiting victims with virus-infected porn-loaders, or the launching of mass mailing worms from an anonymous computer in the school library.

Another portion of the class could be used to build a virus-writers' website, perhaps named The Hellacious Pit, in honor of one of the largest virus exchanges of pre-World Wide Web days. A system of digital barter would be set up so that one could download viruses only by contributing new viruses. Verification could be strict or non-existent, depending on the rigor of the exercise.

Some students, for example, might want to take a digital fingerprint of all original viruses before stocking, and then scan uploads for minor variants, duplicates, non-functional "intended" viruses or dummy files. Using the fruit of this labor, viruses could be burned to CD as a unique collection and sold, the cash collected going into a fund that could be used as hush money for angry students and administrators involuntarily enrolled in the class as logical end points of a virus-writing experiment.

Viruses written during the course could be collected and published by the university press. A good title would be "The Little Red Book of Computer Viruses." I would suggest the color black but it's already been used.

By nature, virus-writers love to imagine themselves as nemeses of the anti-virus industry. The UCal course is off to a good start with its initial press, but to fully carry out this delving into the virus-writing persona it will need to continue its bonehead boasting through the semester. The school is well-suited for this capacity because it can issue inflammatory can't-miss press releases like: "Elite Aycock group produces midterm worms that could cause [fill in the blank] billion dollars in damage to world economy if released."

Students should be prepared, with knowledge born from course experience, to also explain how virus assaults to the US economy -- $266 billion, according to the UCal press release -- are over three hundred times more destructive and dangerous than the September 11 attack on the Pentagon, which resulted in $800 million in damages. If they can't do this, they'll become the object of jests, their faculty regarded as buffoons. Perish the thought.

George Smith is Editor-at-Large for VMYTHS and founder of the Crypt Newsletter. He has written extensively on viruses, the genesis of techno-legends and the impact of both on society. His work has appeared in publications as diverse as the Wall Street Journal, the Village Voice and the National Academy of Science's Issues in Science & Technology, among others.

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story


Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.