Opinion

A few thoughts on virus writing…

Once upon a time, back when everyone knew why a “floppy disk” was “floppy”, computers were not completely Windows-ized, and the black screen of DOS was the standard “desktop”, virus writers were just kids who happened to write viruses. They did it for fun, to assert themselves, to hit their friends and neighbours systems, or to get revenge on the world at large. They wrote some very silly viruses, and some very complicated viruses. They used different kinds of infection and stealth technologies, and there were lot of these “true” viruses – I remember a time when we were adding about 100 records per week to our antivirus database updates.

And now most malicious code is “commercial” – it’s designed to control infected networks and/or earn money (see more at the beginning of this article. In among these programs, we still find “true” viruses and Trojans. But surprise! Not as many as in the past. Looking at our statistics, I see that we are now adding less than 10 “true” viruses and Trojan programs a week – ten times less than ten years ago. Does this mean that virus writers have stopped creating “true” viruses? Yes. But why? The situation should be totally the opposite – there are more and more teenagers getting access to computers, so shouldn’t there be more and more “true” viruses written by them?

I think increased access to computers is actually the reason why the number of “true” viruses is decreasing. The fact is teenagers don’t have time for writing viruses – they’re busy playing online games.

They can assert their personality, they can create their own worlds, and destroy the existing one. They can find real friends, and “kill” virtual enemies in their virtual worlds. They attack and protect. They don’t need extra proof anymore.

So – the kids have left the world of “true” virus writing. This was a world which had bad, sometimes very bad, consequences, but sometimes it lead to the creation of technically interesting or sophisticated programs. In moving out of this world, they stopped training their brains by developing their own virtual creatures – now they’re lost in the virtual underworld of online computer games.

Is this good or bad, for us and for them? I don’t know. My colleague Teodor Cimpoesu, from KL Romania, has also had some thoughts about this:

“People might think that it’s good for the AV vendors if virus writers produce malicious programs, and the more numerous and more complex, the better. This is one point of view.

From a security point of view, less complex viruses mean easier intervention. But with serious virus writers moving into the commercial arena, it looks like we may start to see more complex business malware soon – and then the AV industry may end up playing a significant role in blocking or breaking cybercrime.”

A few thoughts on virus writing…

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox