The future's bright for (ex-)virus writers


Costin Raiu

Kaspersky Lab
Editor: Helen Martin


Sasser author Sven Jaschan walked away free from a German court last month after receiving a 21-month suspended sentence for his crimes. With a job offer already in the bag, his future could be rosy. Costin Raiu looks at the fate of Jaschan and other virus writers and hackers who have been convicted.

There has been a lot of publicity lately about the author of the Sasser worm, Sven Jaschan, following his conviction by a German court. This got me thinking about other virus writers and hackers who have been caught, and the similarities between them.

What are the similarities between Sven Jaschan and, for instance, Robert Morris, Jr? Well, they both wrote highly successful network worms, which caused chaos when they took over the Internet. They both confessed to writing their worms, although Sven Jaschan first had to be found by the police, who did this thanks to information provided by a couple of his friends (or ex-friends – I'm not sure whether Sven will be playing with them for a while, given that they sold him for Microsoft's $250,000 bounty). Finally, both Jaschan and Morris received fitting sentences, which in Robert Morris's case put him back on track and, as far as I can tell, drove malicious software writing out of his mind.

What about the similarities between Sven Jaschan and Kevin Mitnick? Actually, in this case, there are more differences than similarities: Mitnick was a hacker and wasn't really into writing malware. Moreover, Mitnick didn't even write his own tools; he relied on ones created by his friend 'jsz' at Ben Gurion University in Israel. Sven Jaschan wrote his own viruses, carefully choosing the exploits which would allow his creations to spread at maximum speed on the Inter-Windows-net. Whereas Mitnick was driven by profit and the need to make a living, Sven Jaschan was a young man coding worms in order to show the world how clever he was. So there is no real similarity between Mitnick's sociopathic behaviour and Jaschan's utter foolishness.

It would seem that Sven Jaschan's profile is a lot closer to Robert Morris, Jr's than Kevin Mitnick's. But this may not be the whole story.

Almost immediately after being apprehended, Sven Jaschan was hired by a security company, which promised to teach him to become a security programmer. With a suspended prison sentence of 21 months, and 30 hours of community service to pay for his crime, Jaschan can return to his studies knowing that he has a job in the security field, and a very bright future ahead of him (if he stays away from the malware game). Here, Kevin Mitnick's story is more than relevant. The author of two popular (they could even be called best-selling) security books, Mitnick is now a regular speaker at various security events, most notably the IDG Roadshows. This ex-hacker is now teaching people to secure their systems against the very things he was doing a couple of years ago.

I wouldn't be surprised if, in a couple of years, the reformed Sven Jaschan becomes the author of a couple of books (best-sellers, of course) on computer viruses and ways to attack networks. Thanks to his notoriety as the author of Sasser, he could be in high demand for teaching people how to protect themselves against viruses. The fact that these would be the very same people he infected with his creation years ago would be almost irrelevant. Sven Jaschan would have been turned overnight into a marketing symbol, which is exactly what happened with Mitnick.

Of course, Jaschan could write another worm, spread it over the Internet and go to jail, this time for good. Given the alternative, I think the choice is obvious.

The question is: who is at fault in the current situation, when reformed hackers and (why not?) virus writers, are talking about security, writing books which become best-sellers and being transformed into idols for the 12-year-old slashdot trekkie who has too much spare time? Is it the people who promote them, or the audience attending the seminars and buying the books? I'm afraid that the answer has serious implications. Moreover, I'm afraid that this issue will come back to haunt us in years to come. One question you should all consider: if Sven Jaschan writes a book, will you be buying it?



Latest articles:

VB99 paper: Giving the EICAR test file some teeth

There are situations that warrant the use of live viruses. There are also situations where the use of live viruses is unwarranted. Specifically, live viruses should not be used when safer and equally effective methods can be used to obtain the…

Powering the distribution of Tesla stealer with PowerShell and VBA macros

Since their return more than four years ago, Office macros have been one of the most common ways to spread malware. In this paper, Aditya K Sood and Rohit Bansal analyse a campaign in which VBA macros are used to execute PowerShell code, which in…

VB2017 paper: Android reverse engineering tools: not the usual suspects

In the Android security field, all reverse engineers will probably have used some of the most well-known analysis tools such as apktool, smali, baksmali, dex2jar, etc. These tools are indeed must‑haves for Android application analysis. However, there…

VB2017 paper: Exploring the virtual worlds of advergaming

As adverts in gaming (‘advergaming’) ecosystems continue to become more sophisticated, so the potential complications grow for parents, children and gamers, who just want to play without having to worry about where their data is going (and how it is…

Distinguishing between malicious app collusion and benign app collaboration: a machine-learning approach

Two or more mobile apps, viewed independently, may not appear to be malicious - but in combination, they could become harmful by exchanging information with one another and by performing malicious activities together. In this paper we look at how…

Bulletin Archive