Lions and Tigers and Bears, Oh My! - Part 1

by Robin Laudanski
June 2, 2004

Most of us probably remember those timeless words from the Wizard of Oz. Life ran at a slower pace then. Computers were the size of Semi-trailers and only the government or the most advanced corporations had them. There was little thought given to the need of security on the net, because there was no public Internet. In point of fact little consideration was given to security, until it became painfully apparent there was a problem. There is no doubt we aren't in Kansas anymore: Lions and Tigers and Bears have been replaced by Trojans and Viruses and Worms... Oh My!

Last month Computer Cops came under attack from a DDoS (Distributed Denial of Service), which was launched via a variation of the Internet Worm Gaobot. One of the domain holders who was listed as a recipient site in the official notices, changed the A record of their sites to point to Nukecops.com. Nukecops.com was Computercops sister site, since they share a server, they also shared in the DDoS. In today's society there are very few homes which don't have at least one computer. The day of a pencil and paper being the mainstay supplies of students is long gone. Our advancing technology has left a good portion of society at a disadvantage and quite vulnerable to attack. Simply because they have been turned loose on the internet, but haven't been taught how to protect themselves, their privacy, their children, their data etc. Internet access is available almost everywhere you go on planes and ships, even on the stairmaster at my gym. The majority of the population has heard of viruses, worms and trojans but only an extremely small percentage understand the difference between them, how they propagate themselves, and just how dangerous some of them can be. Throughout this week's series I will attempt to address some of the most commonly asked questions related to Viruses, Worms and Trojans.

Countless times I’ve heard people ask “Who would do something like this?” in relation to the writing of a Virus, Worm or Trojan. There are several answers to that question, and terms which are used to describe the individuals responsible, the reason varies dependant upon whether the culprit script is a Worm, Virus or Trojan as they all have different functions. To me the most unbelievable is the “job seeker”. While it might seem unreasonable to most people to attempt to find employment through destruction, there are folks out there who attempt just that. Many of the authors actually leave items within the code indicating who they are much like credits at the end of a movie. While the scripts created by these people are very annoying and destructive, they generally aren’t created to perpetrate fraud either corporately through the stealing of company secrets, and technologies or on a personal level involving your identity, banking and credit information. Please don’t misunderstand there are many malicious scripts out there with no other purpose then to steal your personal private information, and the people who write them, KNOW that is what they are going to do, those people fully intend to use that information for their own profit. In the case of the job seeker, they are generally trying to show their abilities off and by writing something that exploits a large companies’ software, like Microsoft, they hope to use it as a resume of sorts. However they neglect to realize when they are caught they will in all likelihood go to jail. There are also those who are just destructive in nature, they have nothing better to do with their time, these people are referred to as “script kiddies”. Interestingly enough these folks may also be considered “hackers” by the general populas.

For those who have been around computers and technology for a few years, they know the term hacker doesn’t adequately describe these people. The term Hacker was once considered a good thing, now it is associated with many negative connotations because it was applied incorrectly by the media and fed to the unaware public. What is the difference between a Hacker and a Cracker? A "Cracker" is someone who is destructive in nature, they create to do damage. They intentionally try to break into systems to take them down, to deface websites, steal personal and corporate information etc. In contrast a "Hacker" is someone who programs, enhances existing software, wants to stretch the boundaries of a programs capabilities. There are many people here on CCSP who provide their time and products, I personally consider hackers. On occasion Hackers have also been known as Whitehats. I believe it is important to dispell the misconceptions forced on to the public by poor reporting. Thus the reason we are starting with Hackers and Crackers.

Say as an example you have an unknown file, and you are asked by one of the Security Experts here to upload that file to our Unknown Files forum. There is a specific group of the staff here, who will take that unknown file and examine it and take it apart and determine what it does. They are the good guys, which is where Whitehats come from (remember the old westerns?).

We know who they (the bad guys) are we know why they do it, but why don’t they get caught? The truth is that the majority of the people who actually end up in jail, have either left an enormous bread crumb trail leading up to their front door or they turn themselves in. As criminal minds go, it doesn’t seem that this strategy would be a successful one. However we are talking about people who want the publicity. With the nature of the internet and technology there are many things which can be forged or encrypted. In order to spread a Worm, Virus or Trojan, it doesn’t require access to a large database. All it requires is one unprotected public computer, public meaning Internet accessible whether through a browser or simply through email. The more systems it passes to the less likely it is the culprit will be caught unless they really want to be...

@Copyright ComputerCops 2004