"Keep the infection alive"
Inside the dark, weird world of virus writers
By ALAN C. ROBLES
Hot Manila [May 2000]
When Alpha was a computer science major at a Manila university, a professor in one subject failed him, giving him a grade of "5". In revenge he wrote a virus he called "singko" (5), which invades a PC and then flashes a diatribe against teachers.
Alpha is the pseudonym of a computer programmer, one of many who hang around in a strange shadowy region of the Internet. It's an underground world dotted with websites for Filipinos obsessed with one thing: viruses.
In these cybernooks, some of which have IP addresses that are concealed or difficult to remember, programmers discuss, analyze, criticize and display their work. Most of the sites are now down, but the few I managed to wander through made me feel I was in a very peculiar world, eerie and tacky at the same time. Like being inside the set of a bad science fiction novel -- "Blade Runner meets Count Dracula." One website, the Pinoy Virus Writers webpage is mostly black with a tasteful graphic of dripping blood.
Nobody who goes to these sites gives his or her real name. The programmers all use aliases -- "handles" or "protected mode names" -- like Destro Ex or Brianjan. I've never met any of them face-to-face but the impression I get reading their posts is of very young guys, cocky and maybe highly skilled.
Some of them sound immature and few of them can write grammatically perfect English. Some prefer to post in Pilipino. Suprisingly, a lot of them are from the provinces. A university in Batangas, San Carlos University in Cebu, are among the institutions claimed as alma mater.
I know these things thanks to the one trait nearly all virus writers have in common.. Arrogance. They're so arrogant that they post snippets of their biographies on the sites they visit. The computer chips on their shoulders give them bragging rights so extensive they even include their names in the viruses they create.I heard that when the virus writing community found out how potent ILOVEYOU proved, there was a rush to claim involvement in the project.
A thirst for learning is another characteristic of many virus writers. They want to know how to accomplish certain effects, creating a self-replicating file for sneaking into a system (delivery) and unloading an unwanted program (the payload). Often the programming is its own reward.
The virus writing sites stress that they exist strictly for educational purposes. "DISCLAIMER:", says one of them,"Site has HARD CORE JavaScript implementations. Enter with CAUTION . Some materials contain harmful or offensive information. The contents and files in this webpage is solely for EDUCATIONAL PURPOSES only . The author and contributors will not be held accountable for any damages of ANY kind." Some of the sites store live viruses for visitors to download and study. .
On astigmatizm.cjb.net (currently down), virus writer ksg gives his (or her) age as 19 and school as AMACC. "I have written a few simple Word and Excel macros," he says. "I wish to learn more and venture into more complicated viruses." Another programmer, heX wreX n effeX says he too is 19 and from AMACC."I think its impossible to have a career with DOS viruses. Im currently into macros & VBScripts
The goal of all virus writers, as one site exhorts, is to "keep the infection alive." I've been told that there are programmers who've coded ferocious digital beasts which they never unleash on any system, they just want to study it and test their own skills.Then there are the programmers who fully intend to turn their creations loose on the world. "I want a simple write for geting into someelse's computer" writes one visitor to a site.
It seems the only thing that matters to such virus writers (strictly speaking they're not "hackers") is the acclaim of peers. "All virus writers are playwrights and computers lousy actors", proclaims one site. The consummate hacker is someone who can make the biggest impression while keeping his identity secret from all but the inner circle. Apparently pay no attention to the consequences of letting their viruses out into "the wild."
Writing in the aftermath of the ILOVEYOU assault, Destro Ex posts: "Damn kids does it again .., heh, dont get caught spyder!"
It's as if mastery of programming languages confers the status of nobility. Those who don't know the skills deserve everything they get. As it trashes a document file, one Word macro virus flashes this message to the hapless victim: "Michael Learns To Hack -- And Hope You'll Learn From It Too."
Hand in hand with arrogance is a sense of elitism. To virus writers the the world is divided along very clear lines. On one side are the cool guys, computer programmers who get it, who have what they believe to be consummate mastery of coding. On the other side is the rest of the world, "lamers", the inferior programmers, the other hackers who also think highly of themselves. And of course, us. Computer cattle. The dull, docile, placid, ignorant masses who go about believing we know how to use PCs.
"From the programmer's point of view", reads a quotation from the "Michael Learns to Hack" site, "a user is just a peripheral that types whenever the program issues a read request."
The condescension is typical. Among the 15 points of etiquette in one site are: no.2 "No lamers allowed", no.8. "No Stupid remarks or questions unless you are really stupid." and no. 11. "Please limit insults 100 per person. I think he she will get the idea."
Onel de Guzman is being questioned by authorities in Manila who want to know why his rejected thesis proposal, a program for filching passwords from other computers, bears a remarkable resemblance of one of ILOVEYOU's actions.Even as he was sweating buckets of blood from nervousness during a press conference where he was accompanied by a lawyer, de Guzman let a little of the elitism show. When a reporter asked him if his sister was capable of coding a virus, he replied in Pilipino, "if you, a newscaster, were asked to do programming, what would you know about it?"
Dismiss this as nerdish disdain, as the posturings of insecure kids who need to see sunlight more often. Then read this earnest request from a visitor in one site: "There is a guy who hates Warez and Virii sites. I want to give him a lesson. Does anybody can help me with something that KILL his Hard Disk?, not just his information." The marriage of arrogance with the technical ability to wreak mass destruction has never been a happy one.
The programming elite has its own language. Viruses are "virii" or "vx" for short. The newest term is supposed to be "hpcav" -- "hacking-phreaking-cracking-anarchy-virus"
One site offers up this ethos:
"We are the future of the computer age . We represent freedom ,not anarchy . We represent equality not racism .We are the seeds to be reaped in the next millennium We live in a virtual world , free from hatred ,free to speak what we want, free from low life beings the real world holds . We live in what I can call Utopia.
"Since the birth of the computer. So did we. We were always there, denied by the people who didn't understand, cannot contain us, envied us. So we lived in the underground ...computer underground. But we liked it that way. No longer shall we persecuted, no longer shall we labeled criminals, No longer shall we be told what to do ...information will be free for everyone, information will be fed to those in need, information shall never again be sealed.And to Accel, There will be, No More Secrets ..."
The truth is a virus writer usually has a dual persona. In the "real" world he's probably a young, responsible and skillful programmer, perhaps a student. In the "virtual" world he's a transformed person, one seeking the overthrow of the computer systems he's running or studying.
It's an appropriate character for a world where nothing is as it seems, where something turns out to be its opposite. A love letter is actually a computer killing message of hate. The fastidiousness and tight discipline that goes into coding is a stark contrast to the destruction it accomplishes. The openness a programmer wants is achieved through dark secrecy of a conspiracy.
Why would a programmer write a virus? For petty reasons: years ago Jonjon Gumba wrote "Possessed" because he was being neglected by his parents. For the thrill of using programming skills. "Sometimes," one programmer remarks, "when you're into something that's fun, you forget to think ahead, you overlook things in your excitement. I suppose it might be something like getting high on drugs." For peculiar motives. There's a story of one person asking programmers for a virus to kill his parents' computer.
Why write a destructive payload? Isn't a program that infiltrates a system enough cause for satisfaction? Why modify ILOVEYOU from a password stealing virus to a destructive code? The reason, the programmer mentioned above replies, is that "the virus writers want to get noticed, to get talked about; if you want your virus listed in antivirus program information, it should be destructive or do something against antivirus programs."
It might seem hard to believe that a Third World nation like the Philippines with a stone age President like Joseph Estrada could produce computer programmers. The truth is the Philippines has been producing top caliber programmers for years, and is second only to India as the favorite Asian country of recruiters from American computer companies
The Filipino's knowledge of English helps. So does the proliferation of computer schools like AMACC. And the Internet has also increased the learning opportunities for programmers in general and for virus writers in particular. Scripts, codes and advice are freely exchanged by programmers all over the world.
The result is a thriving community of virus writers. One site alone used to lists more than 20 handles of Filipinos who 've written viruses. That part of the site has since been taken down by its webmaster.
You might think of virus writers as highly skilled acolytes practicing black magic -- jedi seduced by the Dark Side. Or you could just write them off as pests. This is how the hackers like to characterize themselves when caught. They're just juveniles carried away by youthful hijinks. It's hardly an image in keeping with the way they project themselves as cyber ninja, sneaking in and out of protected systems at will. But if it will hold off serious jail time, don't knock it.