Assault Andy Administrator
I make other people create vaporware
Registered 29/07/2002
Points 5686
20th April, 2007 at 08:43:48 -
Here's another question that I've been wondering about for a little while. How is it that organisations like the FBI are able to find out exactly who created a virus and released it into the wild? You often read articles like "Melissa virus creator sentenced" and things like that. Do they somehow traceback through all the computers and find the source? I find it strange how they would be able to find the one place that a virus originates from, once it has infected thousands of computers.
Yes, that's exactly it. When it comes to email viruses, the sheer volume sent means there's always at least one addressee (often many many more) they can trace back to the previous generation by way of the header information. When the trail runs out they've either found the originator, or more likely, an aquaintence. At that point they just have to find someone in the neighbourhood who has been boasting about it.
That only works for email viruses though. For other types it's very nearly impossible unless a public admission is made.
n/a
DaVince This fool just HAD to have a custom rating
Registered 04/09/2004
Points 7998
20th April, 2007 at 12:01:31 -
Smart virus distributors manage to mask the email with false information.
Well, I know they got to the hacker MafiaBoy mostly because he was bragging about his accomplishments on IRC.
Edited by the Author.
:: Joshtek ::
Oreos? GO! OREOS!
DaVince This fool just HAD to have a custom rating
Registered 04/09/2004
Points 7998
20th April, 2007 at 14:55:02 -
lol, the idiot
Old member (~2004-2007).
Assault Andy Administrator
I make other people create vaporware
Registered 29/07/2002
Points 5686
20th April, 2007 at 18:07:20 -
That's pretty much how I suspected it would happen. But as for those "Smart Virus Distributors", what about this situation:
You invent a virus that spreads by email, msn, file sharing programs and by copying itself onto USB devices connected. You're the only one with the virus, because you created it. Now imagine you have already comprimised a system somewhere on the internet that you have root access to. Then you go to a random internet cafe and do this:
Access your comprimised system via a proxy at the internet cafe, send it the virus, then give it a command to execute it and distribute it. How would they find you then?
Assault Andy Administrator
I make other people create vaporware
Registered 29/07/2002
Points 5686
20th April, 2007 at 18:18:12 -
Lmao, while I was writing that I was like... err this is going to sound really bad, especially after that last post I made. I just thought since you guys answered the last question really well that you could answer this one too. I'm just really interested in both parties involved in malicious activities. I mean, you have to give credit to virus writers who are able to infect millions of computers, and you also have to give credit to people who are able to trace them back aswell. I'm just curious how they all do it.
I'm sure the FBI have ways of tracing a proxy ip back to it's location, i.e the internet cafe. And if they get the date that the proxy was accessed, they can work out who was at the cafe at the time, by getting a list of names from the internet cafe.
Obviously this doesn't help if they use fake names/addresses whatever, but i'm sure there's logs of what goes on on computers on the server somewhere, and no doubt they could use CCTV footage to see who it was.
But obviously, there will be those that manage to get away with it because they hide their tracks so well, and there will be those that go up to people from the FBI and go "O HAY I MAEK A VIRUS AND IT DESTROYED THE WURLD OLOLOL O NOES, HANDCUFFS I BIN CAUGHT"
The only reason people get caught is because they have too much pride to just release a virus and shut up. It's all about bragging rights anyway. I'm pretty sure if people get away with murder, then they could get away with virus crap.
They just need to shut up and lay low.
thinking is like pong, it's easy, but you miss sometimes.
Pretty easy to catch them. The only reason people make viruses are for fun, revenge, or just to show off. Since most of them are noobie script kiddies, they tend to get caught pretty easily and probably got sentenced to something the equivalent of the sentence for vandalism. The ones who do it for revenge are often noticable too.
And as for those who enjoy the technical challenge, they tend to leave a 'counter' in it that adds each time it moves to another computer. That way they get to see how old the virus is and how many computers it visited. The drawback of this is that people can trace it back through the counter. Some of the smarter ones encrypt the counter, but anyone who's taken a course in encryption will tell you that it's possible to 'pick the lock' on most encryptions.
I have to respect whoever made that Bro_Act virus though, it siezed the system by pretending to be the Administrator, disabled task manager and the security, blocked out system restore attempts, and closed the window whenever there were words like Sophos or antivirus. That last part made it near impossible to delete, but thanks to my skill at randomly clicking and searching, I somehow got rid of it after 3.5 hours.
Most other viruses are crap, though, I remember removing HTML viruses from my site by just deleting the code, though Norton couldn't clean it. I also remember a few dozen other viruses which I disabled through the Windows task administrator then searched and deleted the new files.
Disclaimer: Any sarcasm in my posts will not be mentioned as that would ruin the purpose. It is assumed that the reader is intelligent enough to tell the difference between what is sarcasm and what is not.