The future's bright for (ex-)virus writers

2005-08-01

Costin Raiu

Kaspersky Lab
Editor: Helen Martin

Abstract

Sasser author Sven Jaschan walked away free from a German court last month after receiving a 21-month suspended sentence for his crimes. With a job offer already in the bag, his future could be rosy. Costin Raiu looks at the fate of Jaschan and other virus writers and hackers who have been convicted.


There has been a lot of publicity lately about the author of the Sasser worm, Sven Jaschan, following his conviction by a German court. This got me thinking about other virus writers and hackers who have been caught, and the similarities between them.

What are the similarities between Sven Jaschan and, for instance, Robert Morris, Jr? Well, they both wrote highly successful network worms, which caused chaos when they took over the Internet. They both confessed to writing their worms, although Sven Jaschan first had to be found by the police, who did this thanks to information provided by a couple of his friends (or ex-friends – I'm not sure whether Sven will be playing with them for a while, given that they sold him for Microsoft's $250,000 bounty). Finally, both Jaschan and Morris received fitting sentences, which in Robert Morris's case put him back on track and, as far as I can tell, drove malicious software writing out of his mind.

What about the similarities between Sven Jaschan and Kevin Mitnick? Actually, in this case, there are more differences than similarities: Mitnick was a hacker and wasn't really into writing malware. Moreover, Mitnick didn't even write his own tools; he relied on ones created by his friend 'jsz' at Ben Gurion University in Israel. Sven Jaschan wrote his own viruses, carefully choosing the exploits which would allow his creations to spread at maximum speed on the Inter-Windows-net. Whereas Mitnick was driven by profit and the need to make a living, Sven Jaschan was a young man coding worms in order to show the world how clever he was. So there is no real similarity between Mitnick's sociopathic behaviour and Jaschan's utter foolishness.

It would seem that Sven Jaschan's profile is a lot closer to Robert Morris, Jr's than Kevin Mitnick's. But this may not be the whole story.

Almost immediately after being apprehended, Sven Jaschan was hired by a security company, which promised to teach him to become a security programmer. With a suspended prison sentence of 21 months, and 30 hours of community service to pay for his crime, Jaschan can return to his studies knowing that he has a job in the security field, and a very bright future ahead of him (if he stays away from the malware game). Here, Kevin Mitnick's story is more than relevant. The author of two popular (they could even be called best-selling) security books, Mitnick is now a regular speaker at various security events, most notably the IDG Roadshows. This ex-hacker is now teaching people to secure their systems against the very things he was doing a couple of years ago.

I wouldn't be surprised if, in a couple of years, the reformed Sven Jaschan becomes the author of a couple of books (best-sellers, of course) on computer viruses and ways to attack networks. Thanks to his notoriety as the author of Sasser, he could be in high demand for teaching people how to protect themselves against viruses. The fact that these would be the very same people he infected with his creation years ago would be almost irrelevant. Sven Jaschan would have been turned overnight into a marketing symbol, which is exactly what happened with Mitnick.

Of course, Jaschan could write another worm, spread it over the Internet and go to jail, this time for good. Given the alternative, I think the choice is obvious.

The question is: who is at fault in the current situation, when reformed hackers and (why not?) virus writers, are talking about security, writing books which become best-sellers and being transformed into idols for the 12-year-old slashdot trekkie who has too much spare time? Is it the people who promote them, or the audience attending the seminars and buying the books? I'm afraid that the answer has serious implications. Moreover, I'm afraid that this issue will come back to haunt us in years to come. One question you should all consider: if Sven Jaschan writes a book, will you be buying it?

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest articles:

The dark side of WebAssembly

The WebAssembly (Wasm) format rose to prominence recently when it was used for cryptocurrency mining in browsers. This opened a Pandora’s box of potential malicious uses of Wasm. In this paper Aishwarya Lonkar & Siddhesh Chandrayan walk through some…

Through the looking glass: webcam interception and protection in kernel mode

The computer’s webcam is one of the most relevant components when it comes to digital privacy. In this paper, Reason Software's Ronen Slavin dives into the video capturing internals of Windows and discusses the implementation of a driver that…

VB2017 paper: Browser attack points still abused by banking trojans

With the ever-increasing use of banking-related services on the web, browsers have naturally drawn the attention of malware authors. They are interested in adjusting the behaviour of the browsers for their purposes, namely intercepting the content of…

Does malware based on Spectre exist?

It is likely that, by now, everyone in computer science has at least heard of the Spectre attack. Since many excellent explanations of the attack already exist, this article focuses on the probability of finding Spectre being exploited on Android…

EternalBlue: a prominent threat actor of 2017–2018

At the centre of last year's infamous WannaCry ransomware attack was an NSA exploit leaked by the Shadow Brokers hacker group, known as ‘EternalBlue’. The worm-like functionality of the exploit made a deadly impact by propagating to interconnected…


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.