Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

The Sassor worm 1

Status
Not open for further replies.
sleipnir214

sleipnir214

Programmer
Joined
May 6, 2002
Messages
15,350
Location
US
The author of the original Sassor worm apparently claims to have released it to help his mother's PC repair business.



My question is:

Do computer technology curricula in your area require computer ethics training, and do you think it would have kept this kid on the straight and narrow?





Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Sort by date Sort by votes
Few opinions.

1) This guy is not a script kiddie in my book. Script kiddies to often have no clue how their tools work. This worm was the fastest released major worm. 10 days from the vunerability to the propergation of the worm. While it is not rocket science to write some of the worms/viruses with the info out there those situations are normally just rebadging exsisting work. The hard part about this vunerablity was done very quickly.

2) You can't hold the tool makers responsible. A large portions of the tools script kiddies use are actually security tools. It would be like holding a bulletproof jacket manufacturer responsible because some lunatic got ahold of one of their jackets then went on a shooting spree and the cops shooting him didn't stop him because of the vest. Also in the security areana they men and women that defend us openly discuss the issues so that everyone is better prepared.

This virus was written in 10 days. Some of the security patches and virus cleaners have been written within hours of a virus being released because of the open nature of the security industry sharing and discussing potential issues.

It has further implications then just electronics. I can go down to the local library and get plans for creating a nuclear bomb. The knowledge isn't the problem. In some cases the tools are I admit but I don't see this carrying over to the computer side.

Much discussion has been going around about should the government protect more and more information making it illegal to know. While I'm one of the last people to scream about my "big brother" type of government this would be just that. Government deciding who can learn what.

The biggest place this will effect us is not in electronic virus writing but biological virus creating. We won't be able to stop the ones that will try to do dmg with the knowledge and tools by trying to keep the info from them. I'd would rather have as many people have access to the same tools and knowledge that creates these viruses so that when the rogue ones get out they can be stopped as quickly as possible.



Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first
 
Upvote 0 Downvote
Do computer technology curricula in your area require computer ethics training, and do you think it would have kept this kid on the straight and narrow?
Click to expand...

Unfortunately I do not think this would have much impact. We are all a product of our experiences (albeit very complicated products) and I believe that the major experiences occur in early life; I believe ethic/moral training should be (and usually is) part of parenting.

The schools could attempt to educate students on right and wrong but it's all so very late for that at 16+.

The only analogy I can think of is number averaging. If you are brought up with a lot of negative numbers (lessons/exeriences) then the addition of a small positive (ethics training) will make very little difference on it's own.

Personally I believe we need to start thinking a generation ahead and try to produce better parents rather than better children. That said I understand that it is quite possible for the most caring and ethically upstanding parents to produce a twisted child.
 
Upvote 0 Downvote
This guy is not a script kiddie in my book. Script kiddies to often have no clue how their tools work. This worm was the fastest released major worm. 10 days from the vunerability to the propergation of the worm.
Click to expand...

Actually stating that a virus was written in only 10 days, and that this was very fast, is misleading.

Since many viruses use existing code and strategies, often all it takes to create a "new" virus is changing a couple of lines of code. This is hardly speedy coding.

Also, many of the "vulnerabilities" are known in many circles for months, years even, before the information is literally "leaked" to the public at large: this is because manufacturers prefer to keep this kind of info secret (hopefully until they have a cure) in order to protect their product.

It is also true that many of these kids that release viruses have no idea how exactly their code does the job. It's really irrelevant to them: they simply know it is a virus - the same way we know it's a 'word processor' without any unnecessary details. Information on how to customize the virus is what these kids are after, not how the virus actually works - too heady.

Too many times these kids are taken by surprise when they see the extent of damage they created. They usually have no idea that their code will even work that efficiently if at all.

Let's stop giving these people too much credit - this is what fuels them. The science behind the viruses is mostly laughable.

Dimandja

 
Upvote 0 Downvote
We are all a product of our experiences (albeit very complicated products) and I believe that the major experiences occur in early life
Click to expand...

While I agree that most learning occurs early in life I think many experienses throughout your life can segnificantly on your personality. The frontal cortex, which is basically our moral center of our brain, doesn't fully develop until we are about 30. So unlike much of our other learning moral issues effect us for a long time. Robert Sapolsky has some good papers on the issue.

I do agree that parents need to shape the development of moral judgement but we still have huge amounts of learning after we leave the home. I look back and think my moral values have developed more in the last 16 years of my life compaired to the first. This is just my experience. I practise discussing moral judgement with my 8 year old son all the time and I'll do so well beyond his 18th birthday to develop his moral stance on subjects.

Dimandja - I appreciate what you are saying but I don't agree with it, which is fine, we don't have to agree. Sven Jaschan supposedly was writing basically a virus cleaner when he "succumbed to peer pressure after his schoolmates badgered him into writing a more malicious program"

I'm not glorifing what he did. I'm just saying many of the virus writers out there know a fair bit about computers. Script kiddies are more likely to rebadge exsisting viruses.

Sorry for my inaccurate information. Scalper had a time from patch to worm being released of 10 days. The LSASS, sasser, worm was 17 days while I admit that Microsoft knew about the problem for months.

Another thing is that just because he's 18 doesn't mean much. I know plenty of programmers around 18 years old that are WELL above the bell curve of programmers.

His teaches talked about how good he was. Don't mix up vocational school in germany with vo-tech schools in the US where the guys are there doing mostly auto shop or other production type work.



Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first
 
Upvote 0 Downvote
Ok, SemperFiDownUnda,

I am not going to argue this point any further, because I prefer not to release information about the techniques behind viruses. I have studied ways to defeat viruses for over 20 years now, and I think I should know something about them. If you think viruses are a great deal, then I will not dispute your point of view: the hysteria they create is certainly big.

I'll say one thing though. Computers and their networks were never safe from the get go - a fact that is not really well publicized. And the problem lies in the digital nature of computers, not in the existence of some super geniuses. Breaking digital locks is far easier than physical ones.

Dimandja
 
Upvote 0 Downvote
anyone remember Microsofts first attempt at Networking, talk about open house!

the're still trying to catch up (bad sign when they're the market leader in OSs)

XP SP2 is looking promising (so far)

Gurner

What is Divine Paradox?

 
Upvote 0 Downvote
Dimandja, I don't think every virus writer out their are geniuses or even that most of them are. I don't think talking about how to exploit buffer overflow vunerablities and the like is going to aid any potential virus writers as there are a ton of places that are just a google away.
By your statement I'll assume you are not getting what I'm saying.

While I agree that there are a large number of kids out there that can compile a small bit of code that they wrote and insert it into a virus shell I'll not assume that these kids (not saying all are under 18) don't understand what they are doing. They don't have to be any smarter then joe bloggs that spends his time in wood shop because as you point out there are basically step by step guides.

But I do recognise that the first round of a particular virus often takes more skill then just a script kiddie following a directions.

In any case these kids in my view should understand what they are doing....its like kids saying they don't understand that it is wrong to burn a school, or spraypaint someones fense or to egg someones car or to beat up the neighbors kid. As far as these worms and viruses spreading around the world ... these kids definately know the no boundry rules of the internet. They work daily with the fact that they can break into someones computer half way around the world.

To me its just like a kid caught spray painting a fence that the owner just finished painting from the last bit of graffiti saying "I didn't know or think about the owner having to paint over my tags" trying to get out of getting punished. So even if the kids are joe average or even stupid I fail to believe the don't understand what they are building is dangerous.

So in a nut shell even "script kiddies" saying "I didn't know it would be this bad..." is IMHO total BS.

The kids do it to make themselves look cool in their own circles. Start punishing the kids with appropriate sentences. Because they are kids doesn't wash with me.

Babies aren't as stupid as people believe they are. Many people think babies don't understand the world around them but even babies understand concepts like gravity before they begin to talk. I believe script kiddies understand the world they play in too.



Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first
 
Upvote 0 Downvote
But I do recognise that the first round of a particular virus often takes more skill then just a script kiddie following a directions
Click to expand...
Wayne, I think we agree on most things here. Without nitpicking, this quote above is probably the type of comments we disagree about. Simply because a virus has been given a new name does not exactly make it a "first round" virus.

Commercially (for virus fighters) and media-wise, a new name does wonders; technically, it may simply be a recycled 10 years old shell of a virus targeting an equally old vulnerability hole.

Let me reiterate that our current Internet and OSes are rife with holes. If you want a safer environment, try a private network; Internet is wide open and public.

Dimandja
 
Upvote 0 Downvote
You put an orange suit on the kid and let him sweep streets for every free moment he has for a year, and publicise it, you'll cut down on some of it. Sweeping streets in orange jumpsuits isn't cool.

Ed Fair
Give the wrong symptoms, get the wrong solutions.
 
Upvote 0 Downvote
Sweeping streets in orange jumpsuits isn't cool, until DJ Cool or whoever dons one in their next video.
 
Upvote 0 Downvote
How about 2 or 3 away from where we are, cause we're offset somewhat to start with.

Ed Fair
Give the wrong symptoms, get the wrong solutions.
 
Upvote 0 Downvote
You know I hate when people put the blame on MS or any other companies. You know we would be safer if we lived in a police state where everything was recorded blah blah blah

But we live in a world with laws and an expectation that these laws will be followed by most of the world. Candy stores don't put bubble gum under lock and key to stop shop lifters. Saying this worm is MS fault is annoying. It is that little twerps fault and he's the one that cost organisations around the world and estimated 1 billion dollars. Of which WE end up paying for it via higher prices on good etc.

It just MS haters. No one jumps up in arms about *NIX systems that have holes. FFS its alot easier for grandma to use MS update to patch her machine then it would be for her to get a patch and recompile her TCP stack on her RH box.

I guess car companies should be at fault for people breaking into cars and house owners that have a brick thrown through their windows should sue the builder for no using bullet proof 3" windows.



Hope I've been helpful,
Wayne Francis

If you want to get the best response to a question, please check out FAQ222-2244 first
 
Upvote 0 Downvote
Ok, SemperFiDownUnda, it is not MS fault. It's just that MS became so big that it is fashionable to take jabs at them. Being clobbered in the media is a sure sign you have been annointed a celebrity: I am sure MS secretly relishes it. Fame comes with its own price. Unix systems are too obscure to most people for them to care.

Dimandja
 
Upvote 0 Downvote
Perhaps it is the failure to expend adequate resources to attempt to break things so they can be fixed.
I'm not neccessarily a basher, but it seems that I'm a beta tester on every new product MS has released since w3.1.
NASA may be considered a bureaucratic mess but when they were getting ready for the moon they did it right. They had their failures but had most of the possible screwups either trapped or recoverable.

Ed Fair
Give the wrong symptoms, get the wrong solutions.
 
Upvote 0 Downvote
To me, this is a microcosm of one of the biggest civil problems that needs addressing.
People don't accept responsibility for their own actions.
It doesn't matter if your wrong, just blame it on some shortcoming of the victim. Just because I shot the gun is not what counts, the victim wasn't wearing a bullet-proof vest. That's why he died. Clearly, contributory negligence on the part of the victim.

What is so distressing is that the media and many people, even some participating in this discussion, encourage this behavior. Very similar to some of the comments and bias shown in the thread "Microsoft Screws Up Again." I'm no fan of Microsoft, and they certainly have their faults, but let's be realistic, if perfection is required to be a victim, then we're all in deep trouble.

Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
Upvote 0 Downvote
You may have misstated the case,CC. If perfection is required to not be a contributory cause, we are in trouble.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jimbojimbo
  • Locked
  • Question Question
Did Microsoft Threaten to disrupt the Internet?
Replies
0
Views
889
jimbojimbo
jimbojimbo
sircles
  • Locked
  • Question Question
New customers in the UK and worldwide
Replies
1
Views
418
Welshbird
Welshbird
SEBirch
  • Locked
  • Question Question
“Cloud Computing” The New Paradigm?
Replies
2
Views
372
kmcferrin
kmcferrin
MasterRacker
  • Locked
  • News News
The Web is Dead, Long Live the Internet
Replies
14
Views
857
Sympology
Sympology
Mountainbear
  • Locked
  • Question Question
What are the best ways to get job leads?
Replies
4
Views
513
mmorancbt
mmorancbt

Part and Inventory Search

Sponsor

Back
Top