02.08.16

Obscured by the mists of time…

Posted in Culture of Lickspittle, Cyberterrorism, Virus Creation Labs at 2:04 pm by George Smith

Over the weekend a number of news organizations ran with short stories on the Malware Museum at the Internet archive, a listing of some old MS-DOS computer viruses that came with visual or audio effects. The hook is you can now view these old programs without endangering yourself.

True, but only in a sideways manner. MS-DOS viruses were 16-bit. They don’t run on modern systems. And even when you are free to download them (working DOS and boot sector virus code is still archived widely around the web), your browser will stop you first (Chrome in particular), Windows Defender second, and your installed anti-virus program, third.

So what’s been done at the Internet archive is the piping of the screen effects of some old computer viruses, shown by old MS-DOS programs made to do just that and run in DOSBox, a set of programs that allows you to run old 16-bit PC programs on a variety of modern platforms. (Mostly, DOSBox was made so you could play old and obsolete games.)

Getting down to the nitty-gritty, the programs on-line at the Malware Museum were typically made by anti-virus researchers. The resulting screen displays make much of it clear. Often what was done was a surgical removal of the display code, or an emasculation of those parts of the virus responsible for replication and the destructive part of the payload, rendering the code inert.

What is and was lost in most of the short pieces on the matter is that the old PC viruses with visual or sonic activations did not give you the entertainment all the time, or sometimes even very frequently. They were set to various triggers, date or time counts. The reason for that, generally speaking, was simple.

The virus that gave itself away with a performance trick was a virus that was going to be removed.

In the early Nineties I wrote a file virus called Acme. It searched out .exe files on your hard disk and copied itself beside them, taking their name, except as a .com program, taking advantage of the DOS operating system rule that when the name of a program was given, the operating system would load the .com version of it in preference to the .exe. This guaranteed Acme would execute before the file it was a mimic for.

When Acme could find no more programs to infect it would play a few musical notes in an endless loop. This guaranteed it was always discovered. And, eventually, I got a call from some kid who had infected the family’s PC, which would now do nothing but play music. The virus was easy to take off a system without harm once you knew what it was.

All the programs at the Malware Museum date from the very late-Eighties and early Nineties. The displays are from file-infecting viruses and boot sector viruses, the latter which were the most easily and widely spread. The reason again was simple: Vectors. Vectors, another word designating how diseases, real world, or digital, are spread.

With old PCs, one vector was shared disks and diskettes. A virus that infected the first sector on them stood the best chance of being spread around. Another vector was infected program files. But infected programs, or utilities, apps they’re called today, were only effective in spreading computer disease if they came in contaminated packages or shareware, the latter of which was largely distributed online, often through networks connected by telephone lines.

So when an old virus infected diskette or floppy was left in your PC overnight until you turned it on the next morning, the first thing that happened was that your hard disk was infected. And after that, every subsequent data disk put in the machine was contaminated and able to spread the program.

One story on the Malware Museum reads:

The good news is that you can peruse a pretty sizable collection in the Malware Museum now without worrying that they’ll wreck your machine. Like the night-forgotten PC games it has collected over the years, the malware plays within browsers. To a point, they’re even somewhat interactive …

Like The Next Web notes, some of them are even kind of gorgeous in their own spartan way now that they’ve been pacified.

The last part’s stretching it.

And the graphic chosen shows one of the displays, clearly labeled as a virus demonstrator.

Now comes the good part, personal history.

When I was doing the old Crypt Newsletter in prep for The Virus Creation Labs book twenty some years ago, I wrote computer viruses and included them in the former.

And one of the issues of the old newsletter delivered a set of programs called Urnst’s Scareware. It was a set of four of the common virus displays, sans all the crap that warned users they were just virus simulators.

Urnst’s Scareware is still available on the net. And the programs are labeled as computer viruses, although they are not.

Here they are.

If you try to download the file your browser will get in the way. Danger! Danger!

Even if you bypass the warnings, Chrome will snatch the download away from you, forcing you to call up its downloads “history” and “recover” the file. At which point it plaintively asks if you want to get hurt, “plenty.”

Even if you say yes, Windows Defender will then take the download off you.

And then you must call up Defender and turn it off for a minute. (This, in and of itself, is a bit amusing if you know the history of anti-virus and Microsoft. When Urnst’s Scareware was distributed Microsoft Anti-virus was about the worst anti-virus program, ever. It was a sort of crippled version of a program offered by Central Point, a company that was bought and killed by Symantec in the mid-Nineties. Today, however, Microsoft is very much better at anti-virus. Windows Defender is actually good.)

However, you can also view what Urnst’s Scareware did here. Auf Deutsch.

On display, the effects for the Den Zuk boot virus, the Ping Pong and Cascade viruses. Not included, the Jerusalem virus payload mimic, which instigated a minor system slowdown and a slight disruption of the old ASCII screen with a small empty patch.

Finally, the reason why I made Urnst’s Scareware. So you could scare people without hurting them! Not all of the programs in the Crypt Newsletter were quite so benign.

So you think you’re pretty hot stuff when it comes to tech, huh?

06.12.12

Expose the US virus war machine (more)

Posted in Cyberterrorism, Virus Creation Labs at 2:41 pm by George Smith

You can count there being no end to the hypocrisy of the US national security complex, “the self-licking ice cream cone.”

It looks in the mirror, sees its own menacing face, grins and runs screaming that it’s seen someone else preparing to attack.

So now we have the news of the US virus war program being used to justify the argument that others, Iran included, are readying cyberattacks on us. Digital 9/11s.

It takes a special kind of low and shady character to do this so smoothly. And a special lousy mainstream press not to point it out.

One example, from The Hill:

The revelation that the United States used a computer virus to damage Iranian nuclear facilities has added urgency to a push in Congress for cybersecurity legislation.

Top administration officials, such as National Security Agency Director Keith Alexander and Homeland Security Secretary Janet Napolitano, have long argued that the nation is at risk of suffering a devastating cyber attack …

Paul Wolfowitz, a former Deputy Secretary of Defense under President Bush, said he hopes the news of the attack would “put some added urgency” on Congress to pass cybersecurity legislation.

“Maybe it will raise awareness,” Wolfowitz said. “I hope we don’t have to wait for the cyber-equivalent of 9/11 before people realize that we’re vulnerable …”

“I hope the urgency with which we must treat cybersecurity issues is becoming clear to policymakers,” Rep. Jim Langevin (D-R.I.) said. “Putting aside the anonymous sources in that story, we know that foreign adversaries are developing capabilities to harm us and our interests in cyberspace. We must be proactive in strengthening our cyber defenses now, before a major attack, and this requires comprehensive cybersecurity legislation.”

Yes, it takes mucho gall to twist the American virus war against Iran around until it’s a convenience for claims that others are about to launch “devastating” attacks and that we should immediately beef up cybersecurity.

It’s so rotten to the core the eyes water just scanning it.

As for Paul Wolfowitz, he’s certainly a man for the job. Everyone will remember (although the Hill chooses not to recover the ground) he was one of the disgraced architects of the pre-emptive war to find the non-existent WMDs in Iraq. His name, as it turns out, is not to difficult to find associated with the praiseworthy description — “war criminal” — through Google.

“He is a bad man,” said one e-mail to yours truly today.

Further:

[Adam Segal], a fellow at the Council on Foreign Relations, said the attack may actually undermine the moral authority of the U.S. government.

“If the U.S. is trying to get the owners of critical infrastructure to agree to certain standards for security, and it turns out we’re creating the malware to attack it, it becomes slightly more difficult,” he said.

Slightly more difficult is a bit of an understatement. The situation is untenable and I’ll explain why.

Our national malware writers have created an environment where the
objective is to discover and keep secret security vulnerabilities so that they may be exploited in ongoing and future attacks. This is anathema to the international computer security model which spends considerable time and money researching and finding holes so they can be patched.

You can’t have both operations existing side by side. It’s indefensible and a conflict of interest. However, arms manufacturing companies have no problems with such things. They will only be too happy to provide defense and offense at the same time, with one operation discovering flaws and keeping them secret and another operation, allegedly, doing the opposite.

But, internationally, how can you trust such a business? You can’t.

The anti-virus companies know this. So do most computer security companies, I would think. In fact, at the beginning of the a-v industry, and I’ve written about this, there was always a suspicion among a hard core of conspiracy minded people that the anti-virus industry wrote viruses to help grease its business. It did not although one minor company did hire the hacker who wrote the virus that knocked the US Secret Service’s network off-line in 1993 to write cures for his viruses.

And I’ll get to this, as an addendum, in a little bit.

This defines the problem with writing viruses for the military.

The US academy has been charged with training people in computer security and it is these programs which will furnish graduating students, some of whom may be hired by arms manufacturers/contractors to write malware. In fact, they have probably already trained people presently working in the US virus war program.

In such cases the computer security academics will be put in the same hard position as anti-virus companies. Some of them will know they have readied people who are producing state-sponsored malware.

Maybe some will be OK with it. But some will find it ethically troubling just as many scientists don’t want money from DARPA because they believe it will largely result in things that make the world a worse place.

In other words, the US has created an untenable situation for itself. It has cultivated a poison tree and wants everyone else to trust the fruit.

Once again, we are shamed by the national security infrastructure and our leadership for reasons of short term, short-sighted, often just plain venal business gain.

This is hardly new. Unfortunately it’s been the on the record of standard behavior for the last dozen years, at least.


And now to addendum from The Virus Creations Labs.

After Priest wrote a virus that knocked the US Secret Service’s network off-line in 1992 he was hired by a minor anti-virus firm.

Here it is, excerpted.


From A Priest Deploys His Satanic Minions

Programming the Satan Bug computer virus in 1992 had turned out to be richly rewarding for Priest. Not only had it made him immediately recognized in the computer underground, he was also feared in the trenches of corporate America to the point where the Secret Service had felt compelled to intervene.

But the most interesting fallout from the Secret Service visit was a job offer from a small anti-virus company called Norman Data Defense Systems, said Priest. A director at the company wanted the virus programmer to come to work for them, starting in the summer of 1994, after the hacker finished high school.

Priest said they were interested in his opinion about the use of virus code in anti-virus software. Such code wasn’t copyrighted, so it was fair game.

Priest thought this was a bad idea. Too much virus code, in his opinion, was crappy anyway, so why would anyone want to use it? But Priest said he would think about the job offer.

By May 1994, a different Priest virus called Natas — that’s Satan spelled backwards, haw-haw — had cropped up in Mexico City, where, according to one anti-virus software developer, it had been spread by a consultant providing anti-virus software services. Through ignorance and incompetence, the consultant had gotten Natas attached to a copy of the anti-virus software he was using, sort of like some scrap of dog dirt you have neglected to scrape from your shoe.

However, like most of Priest’s viruses, Natas was a bit more than most software could handle. The software detected Natas in programs but not on itself or another critical area of the machine where the virus also took up shop. The result was tragicomic.

The consultant would search computers for viruses.

The software would find Natas!

Golly, the consultant would think, “Natas is here! I better check other computers, too.”

And so, the consultant would take his Natas-infected software to other computers where, quite naturally, it would also detect Natas as it spread it around and could not remove it fully from new, formerly uninfected computers!

Natas had come to Mexico from Southern California. The consultant frequented a computer underground bulletin board system in Santa Clarita which stocked Natas. He had downloaded the virus, perhaps not fully understood what he was dealing with, and a month or so later uploaded a desperate plea for help with Priest’s out-of-control program. You could tell from the date on the electronic cry for help — May 1994 — when Natas began being a real problem for him in Mexico.

Back in San Diego, Priest was still being interviewed on the telephone by people from Norman anti-virus. They were concerned that Priest might leak proprietary secrets to competitors after hiring so it was a must he be absolutely sure of the seriousness of his potential employment.

By the end of the interview, Priest thought he didn’t have much of a chance at the job, but by July he’d accepted an offer and moved to Fairfax to begin working for them. Paradoxically, this was the same company that had removed Priest’s Satan Bug virus from the US Secret Service’s crippled network.

But what was Priest working on at the anti-virus company?

“A cure for Natas,” he laughed softly one afternoon in late July, 1994, in telephone interview from the company office. Looking over the virus once more, Priest sardonically concluded that his disinfector made it clear the hacker had made Natas a little too easy to remove from infected systems.

By the end of the summer things were ending badly. Another manager at the anti-virus company, unsurprisingly, didn’t like the idea of the hacker working for the company, Priest said. And when management representatives arrived from the parent corporation in Norway on an inspection tour and were appraised of Priest’s status at a meeting, the hacker heard, they were also not warmed upon learning a virus writer was on staff. Officially, said Priest, there was no reaction, but in reality, the hacker felt, the atmosphere was deeply strained.

Jack Lewis, one of the Secret Service agents who had interviewed the hacker after learning he was the author of the virus that had knocked over the agency’s network, had contacted the anti-virus company to set up a luncheon date with the hacker to discuss more technical issues, Priest said.

However, the luncheon eventually fell through. The Secret Service, said Priest, thought it might be construed as a conflict of interest. Unknown to him at the time, the agency had also started spying on his comings-and-goings in Fairfax.

The entire business relationship of a famous virus writer at an anti-virus company proved totally unworkable. Paranoia escalated, trust was impossible. Priest was a hot potato. He was eventually let go.

06.09.12

Serialization: VCL

Posted in Virus Creation Labs at 12:46 pm by George Smith

Now eighteen years old, The Virus Creation Labs, my only book still serves as a slice of history. It’s time to serialize interesting parts of it with new annotation. Today malware creation is worlds away from 1994 when the most successful viruses needed to travel on diskettes and through digital trades on telephone lines, to span the globe. This made the pace of mischief in cyberspace much slower.

However, many things have not changed. Promises and claims made then were as grandiose as those made now. Human nature, as it pertains to corrupted programming, hasn’t changed a bit. The way people look at trouble on computers, the interconnected world and interpret both hasn’t either.

So, in the the beginning…


Introduction

The book probably wouldn’t exist without the great techno-white elephant of 1991-92, the Michelangelo computer virus. As I’ll get into, the Michelangelo affair was the apotheosis of Paul Fussell’s America: An immense accumulation of not terribly acute or attentive people beaten repeatedly over the head by the cudgel of poorly understood computer technology.

Fussell put it this way: “[Americans are] obliged to operate a uniquely complex technology, which, all other things being equal, always wins. No wonder error and embarrassment lurk everywhere, and no wonder cover-up and bragging have become the favored national style.”

The Michelangelo virus was real. But the nation’s PC’s were not about to lose their datastores to it during the months leading up to March 6, 1992, it’s activation date. At least not in any noticeable way.

Most Americans seemed to figure this out instinctively — after the fact. Skeptics and some computer industry insiders certainly knew in February 1992 the virus would be a bust. But you would never have suspected as much from the panicked cries of software vendors and assorted experts in the computer press and mass media who predicted significant calamity on March 6. Predictably, error and embarrassment there were aplenty after the sixth when less successful anti-virus companies that the one founded by John McAfee turned on the software developer and blamed him for manufacturing the crisis. Bragging was in no short supply, either. USA Today’s technology reporter, John Schneidawind, insisted during an interview that “Everyone’s PC would have crashed” if the press hadn’t sounded the alarm in a timely manner.

Schneidawind attempted to cover himself in glory by comparing the Michelangelo virus threat to the BCCI bank scandal. He weirdly maintained that since the press took a hit for being asleep at the wheel for BCCI, it wasn’t going to happen again for the Michelangelo virus. All the foolishness was summed up by Carl Jensen, a journalism professor and media critic at Sonoma State in California who dubbed Michelangelo virus one of the “junk food news stories” of 1992 in the annual Project Censored Report, “The News that Didn’t Make the News — And Why.”

The Michelangelo debacle ignited a keen interest in me to find out what, precisely, computer viruses were, how they worked, and better, who was writing them. It sent me down the trail to the edge of cyberspace in search of people, who, perhaps not surprisingly, turned out to be pretty much like most Americans, except with an order of magnitude greater interest in the inner workings of the desktop personal computer. Like most of us — there wasn’t a nobleman in the lot. And there were none among the ranks of the anti-virus software developers and security consultants who considered themselves the gatekeepers at a fantasy wall of their own construction, erected between the Wild West of cyberspace and the mannered, sterile environment of safe home and business computing.

The story of computer viruses is also a tale at the vaunted apex of the Age of Information, it’s denizens mythical outliers in the new land of Nod — Information Superhighway, that country named by Vice President Al Gore and too many futurologists to mention.

However, this country isn’t much like the pretty pictures painted in the mainstream media, where ill-defined riches information screaming for freedom reward the quick, the clever or the unorthodox mind armed merely with a telecommunications line and a computer. It is, instead, a country that defines the meaning of information glut — data, data everywhere but not a thought to think. It is a world where it’s clear that pushing packets of information from point A to point Z is of little benefit to anyone except those in position to place press releases as media stories-of-the-day. Those who think the United States is on the verge of creating a new utopia where the national product, currency and sole means of reward is data would do well to pay attention …

Like the on-line world today, the characters in The Virus Creation Labs have little real interest in the revitalization of democracy or any other high-minded ideals cited as benefit of electronic interconnectivity, unless you consider the mindless accumulation of binary data a socially invigorating development. More often you’ll find relentless hucksterism, witless gossip masquerading as reason, corrosive vulgarity, petty vendettas, dirty tricks and routine invasions of personal privacy. If The Virus Creation Labs is a new world, you’ll find it bears close resemblance to the old one, only events zip by faster and with more unpredictable ferocity.


A fragment from the code of Michelangelo virus.


[We now jump ahead to deep inside the book and a chapter on one virus writer who became famous for infecting the network of the US Secret Service. Today he would be in his mid-thirties.]



A Priest Deploys His Satanic Minions

Everyone knows the best virus writers hang out on secret bulletin board systems, the bedroom bohemias of the computer underground, right? Wrong. In mid-1992, a 16-year-old hacker from San Diego who called himself Little Loc signed on to the Prodigy on-line service for his virus information needs. The experience was not quite what he expected.

Prodigy [now long gone] had a reputation in 1992 as the on-line service for middle-class Americans who could stand mind-roasting amounts of retail advertising on their computer screens as long as they had relatively free access to an almost infinite number of public electronic mail forums devoted to callers’ hobbies. Since Prodigy’s pricing scheme was ridiculously cheap per hour, it was quite seductive for callers to spend an hour or two a night sifting through endless strings of messages just to engage in a little cyberspace chit-chat.

Into this living-room atmosphere stepped Little Loc looking for anyone to talk with about computer viruses, particularly his idea of properly written computer viruses. Little Loc, you see, had written a mutating virus which infected programs on a system dangerously quickly. If you were using anti-virus software that didn’t properly recognize the virus – and at the time it was written none did – the very process of looking for it on a machine would spread it to every possible program on a computer’s hard disk. While many viruses were trivial toys, the virus — called Satan Bug, was sophisticated enough to pose a real hazard.

The trouble was, Little Loc was dying to tell people about Satan Bug. But he had no one to talk to who would understand. That’s where Prodigy came in.

Prodigy, thought Little Loc, must have some hacker discussions, even if they were feeble, centered on viruses. It was a quaintly naive assumption.

The Satan Bug was named after a Seventies telemovie starring George Maharis, Anne Francis and a sinister Richard Basehart in a race to find a planet-sterilizing super virus stolen from a U.S. bio-warfare lab.

Little Loc had never actually seen the movie, but he’d run across the name in a copy of TV Guide and it sounded cool, so he used it for his digital creation. Satan Bug was the second virus he had electronically published. The first was named Fruitfly but it was a slow, tame infector so the hacker didn’t push it.

A bigger inspiration for Satan Bug was the work of the Dark Avenger, a shadowy Bulgarian virus programmer whom anti-virus software p.r. men and others had elevated to the stature of world’s greatest writer of malware. Little Loc was fascinated by the viruses attributed to Dark Avenger. The Dark Avenger obviously knew how real computer viruses should be written, thought Little Loc. None of his programs were like the silly crap that composed most of the malware stockpiled in the computer underground. For example, his Eddie virus – also known as Dark Avenger – had gained a reputation as a program to be reckoned with. It pushed fast infection to a fine art, using the very process anti-virus programs used to examine files as an opportunity to corrupt them with its presence.

If someone suspected they had a virus, scanned for it and Eddie was not detected but in operation, the anti-virus software would be subverted, spreading Eddie to every program on the disk in one sweep. Eddie would also mangle a tiny part part of the machine’s operating system when it was in action. When this happened, the command processor, the operating shell program, would reload itself from the hard disk and promptly be infected, too.

This put the Eddie virus in total charge. From that point on, every sixteen infections, the virus would take a pot shot at a sector of the hard disk, obliterating a small piece of data. If the data were part of a never-used program, it could go unnoticed. So as long as the Eddie virus was in command, the user stood a good chance of having to deal with a slow, creeping corruption of his programs and data.

Little Loc was a good student of the Dark Avenger’s programming and although he was completely self-taught, he had more native ability than all of the other virus programmers in the more well-known hacking groups.

“[Virus writing] was something to do besides blasting furballs in Wing Commander,” he said blithely when asked about the origins of his career as a virtuoso virus writer.

Accordingly, the Satan Bug was just as fast an infector as Eddie and it, too, would immediately go after the command shell when launched into memory from an infected program. But Satan Bug was very cleverly encrypted, whereas Eddie was not, and it extended these encryption tricks so that it was cloaked in computer memory, a feature somewhat unusual in computer viruses but popularized by another program called The Whale which intrigued Little Loc.

The Whale was a German virus which – theoretically – was the most complex of all computer viruses. It was packed with code which was supposed to make it stealthy — invisible. It was armored with anti-debugging code and devilishly encrypted, designed purely to thwart analysis and flummox anti-virus software developers trying to examine it. They would often mention it as an example of a super stealth virus to mystified science and technology writers looking for good copy.

In practice, The Whale was what one might call anti-stealth.

Although it was all the things mentioned and more, when run on any machine, The Whale’s processes were so cumbersome the computer would slow to a crawl. Indeed, it was a clever fellow who could get The Whale to consent to infect even one program.

The Whale appeared to be purely an intellectual challenge for programmers. It was intended to mesmerize anti-virus software developers and suck them into spending hours analyzing it. It worked with Little Loc. He was drawn to it, poring over the disassembly of The Whale’s source code.

The hacker even made a version that wasn’t encrypted, pulling out the code which The Whale used to generate its score of mutant variations. It didn’t help. The Whale, even when disassembled, was loathe to let go of its secrets and remained a slow, obstinate puzzle.

Have you gotten the idea that Prodigy callers might not be the perfect choice as an audience to appreciate Little Loc’s Satan Bug?

Nevertheless, Little Loc landed on Prodigy with a thud. He described the Satan Bug and invited anyone who was interested to pick up a copy of its source code at a bulletin board system where he’d stashed it. Immediately, the hacker got into a rhubarb with a Prodigy member named Henri Delger. Delger, was, for want of a better description, the Prodigy network’s unpaid computer virus help desk manager. Every night, Delger would log on and look for the messages of users who had questions about computer viruses. If they just wanted general information, Delger would supply it. If they had some kind of computer glitch which they thought might be a virus, Delger would hold their hand in cyberspace until they calmed down, then tell them what to do. And, for the few who had computer virus infections, Delger would try to identify the virus and recommend software, usually McAfee Associates’ SCAN, which would remedy the problem.

Little Loc was annoyed by Delger, whom he thought was merely a shill for McAfee Associates. Since Delger answered so many questions on Prodigy, he had a set of canned answers which he would employ to make the workload lighter. The canned answers tended to antagonize Little Loc and other younger callers who fancied themselves hackers, too. Prodigy’s liberal demo account policy allowed some of these young callers to get access to the network under bizarre assumed names like “Orion Rogue.” This allowed them to be rude and truculent, at least for a few days, to paying Prodigy customers. These techno-popinjays, of course, immediately sided with Little Loc, which didn’t do much for
the virus programmer’s credibility.

There was often quite a bit of talk about viruses and Delger would patiently furnish much of the information, typing up brief summaries of virus effects embroidered with his own experiences analyzing viruses.

“You’re not a programmer!” Little Loc would storm at Delger.

If you weren’t a programmer, you couldn’t understand viruses, insisted the author of Satan Bug. Little Loc would correct minor technical errors Delger made when describing the programs. In retaliation, Delger would calmly point out the spelling mistakes made by Little Loc and his colleagues. It was quite a flame war. On one side was Little Loc, who gamely tried to get callers to appreciate the technical qualities of some viruses. On the other side was a bunch of middle-aged computer hobbyists who were convinced all virus writers were illiterate teenage nincompoops in need of serious jail time, or perhaps sound beatings.

The debates drew a big audience, including another hacker named Brian Oblivion, whose Waco, Texas, bulletin board, Caustic Contagion, would provide a brief haven for Satan Bug’s author. Little Loc, however, soon found other places that would accept his virus source code. A computer security chat board run by the Department of the Treasury, called the Security Branch system was among them. Little Loc logged on and proffered Satan Bug. The Hell Pit – a huge virus exchange in a suburb of Chicago – had its phone number posted on Prodigy, as was that of one called Dark Coffin, a system in eastern Pennsylvania. Dutifully, Little Loc couriered his virus to these systems, too.

Satan Bug was a difficult virus to detect. Although in a pinch you could find Satan Bug because of a trick change it made to an infected program, you need knowledge of what was beneath the hood on a PC to see it. For all intents and purposes Satan Bug was invisible to anti-virus scanners. And this invisibility persisted for a surprising amount of time despite the fact that Little Loc had supplied the Satan Bug to all the public virus exchanges patrolled by anti-virus industry men.

Little Loc stood apart from other virus programmers who seemed to have little interest in whether their creations made it into the public’s computers. The real travel of his virus around the world would grant him recognition like that of the Dark Avenger, he thought. So he wanted people to take Satan Bug and infect others, period.

Months later, after the virus had struck down the Secret Service network clear across the continent, I asked Little Loc how it might have gotten into the wild in large enough numbers so that it eventually found its way into such a supposedly secure system.

“I’ll tell you this once and only once: Satan Bug had help!” he said, simply.

After his Prodigy debut and before Satan Bug hit the Secret Service, Little Loc was recruited by a virus-writing group called phalcon/SKISM, changing his handle in the process to Priest. Joining phalcon/SKISM didn’t necessarily mean you were going to virus writing conventions in cyberspace with other members of the group, but it was a badge of status signifying to others in the computer underground who required such things that you had arrived, as a virus writer anyway. You might think of it as a virus-writer’s union card.

Since Priest lived on the West Coast, however, and the brain trust of phalcon/SKISM was located in the metro-NYC area, there was little concrete collaboration between the two, especially after Priest racked up a $600 telephone bill calling bulletin boards. Since Priest didn’t hack free phone service, his family had to pay the bill, which effectively cut down on much of his long distance telephone contact with the east and bulletin board systems like Caustic Contagion in Waco, Texas.

Caustic Contagion, for a short period of time, was one of the better known virus exchange bulletin board systems. Its sysop, Brian Oblivion — taken from a character in the movie Videodrome, had an extremely liberal policy with regards to virus access and carried a large number of Internet/Usenet newsgroups which gave callers a semblance of access to the Internet. Caustic Contagion’s other specialty, besides viruses, was Star Trek newsgroups and for some reason which completely eludes me, the BBS’s callers found the convergence of computer viruses and Star Trek debate extremely congenial.

Priest and another phalcon/SKISM virus writer named Memory Lapse would hang out on Caustic Contagion. Quite naturally, Oblivion’s bulletin board was one of the first places to receive the programmers’ newest creations.

Priest’s next virus was Payback and it was written to punish the mainstream computing community for the arrest of another virus writer, an English kid with the ludicrous alias, Apache Warrior, the “president” of ARCV, a rather harmless but vocal virus-writing group in the United Kingdom. The group was undone when a British anti-virus software developer was able to convince New Scotland Yard’s computer crime unit to seize its equipment and software in a series of surprise raids across the country.

Priest’s Payback virus would corrupt the hard disk in retaliation for this event.

Payback gathered little attention in the underground, mostly because few people knew much about ARCV and Apache Warrior in the first place …

All the routines to crash a computer’s hard disk and slowly corrupt data ala the Eddie virus, which Priest had designed a number of his viruses to do, made it clear the hacker cared little for any of the finer arguments over the value of computer viruses as intellectual exercises or potentials for benevolent roaming code. Viruses were for getting your name around, infecting files and destroying data, according to Priest. He just laughed when the topic of ethical or productive uses of computer viruses — such as the study of artificial life — came up.

In any case, by the fall of 1993, after Priest had retired from the Prodigy scene, Satan Bug was generating its own kind of media-fueled panic.

On the Compuserve network, hysterical government employees were posting nonsensical alarums about the virus in the McAfee Associates
virus information special interest group.

“Satan’s Bug” was part of a foreign power’s attempt to sabotage government computers! It was encrypted in nine different ways and was “eating” your data! A State Department alarm had started!

Wherever the information about “Satan’s Bug” was coming from, it was 100 percent phlogiston. Satan Bug was hardly aimed at government computer systems. It did not “eat” anything and although difficult for many anti-virus programs to scan, the virus could be found on infected systems by making good use of software designed to take a snapshot of the vital information on your files and sound an alarm when these changed, which always happened when Satan Bug added itself to programs.

Even more amusing was the suspicion that Satan Bug had been inserted on government computers by some undisclosed foreign country, from whence it originated. I suppose, however, some people might consider Southern California a foreign country.

Priest enjoyed reading these kinds of things. His virus was famous, an obvious source of confusion and hysteria.

About the same time, the Secret Service’s computer network in Washington, D.C., was infected by the virus, which knocked the infected machines off-line for approximately three days. News about the event was tough to keep secret among government employees and it leaked. The Crypt Newsletter, my electronic ‘zine, published a short news piece in its September 1993 issue on the event and reported that the infection had been cleaned up by David Stang, formerly of the National Computer Security Association, but now providing anti-virus and security guidance for a small security/anti-virus firm in Fairfax, northern Virginia.

Priest was not hard to track down. He hadn’t kept his identity and whereabouts much of a secret so Jack Lewis, head of the Secret Service’s computer crime unit, and two other agents flew out to interrogate him in his San Diego home in October of 1993.

Lewis and the other agents gave Priest the third degree. They shook a printed-out copy of The Crypt Newsletter containing the Satan Bug story in his face and did everything in their power to make Priest think he ought to cease and desist writing computer viruses forthwith.

“About the Secret Service, they weren’t too happy about [Satan Bug], and saw fit to pay me a little visit,” recalled Priest ruefully.

The agents wanted to know everything about Priest – his Social Security number, where he’d traveled, even who the 16-year-old worked for. But Priest didn’t work for anyone.

“I’m not quite sure they believed me,” he said. “Apparently, they thought I worked for some anti-virus company or something to write viruses. Plus, they wanted the sources for them.”

The Secret Service men wanted to know, straight from the horse’s mouth, what Satan Bug did. “They said some victims were worried their systems weren’t completely clean because they thought it might infect [text] files,” Priest continued. “I told them it wouldn’t. They also wanted my opinion on things which surprised me, like different anti-virus programs and encryption [code] … I didn’t ask why.

“Jack Lewis also said someone claimed I said ‘All government computers will be infected by December’ or some such rubbish. Apparently, they thought I wrote Satan Bug as a weapon against the government or whatever, I can’t be too sure . . .”

Priest told them no, Satan Bug wasn’t specifically aimed at government computers, but it was hard to tell if the agents believed him. They were trained to reveal little, to be unnerving to those interviewed.

“They just stared,” Priest said, “as they did in response to every question I asked, including ‘what’s your name?’

“I tried – really tried – to act cool, but my heart was pounding like a hummingbird’s.”

The agents were keenly interested in Priest’s other [aliases], all the viruses he had written, which, if any, computer systems he might have spread them on, the names of some phalcon/SKISM members and the structure of the virus-writing group and details of their hacking exploits.

Priest declined to say anything about the identities of members of phalcon/SKISM. “I told them I knew nothing of the hackers and phreakers, and little more than you could pick up from reading … issues of [their electronic magazines].”

Priest was more interested in other secretive agencies within the government. He was keen on stories about deep black intelligence agencies. Perhaps he envisioned himself writing destructive viruses as part of a covert weapons project for one of them.

“Aren’t there any other agencies which would be more interested in what I’m doing?” Priest asked the agents.

He didn’t get an answer.

Eventually, the Secret Servicemen went away with a Priest-autographed printout of the source code to Satan Bug.

Programming Satan Bug had turned out to be richly rewarding for Priest. Not only had it gotten him recognized immediately in the computer underground, it had made him feared in the trenches of corporate America to the point where the Secret Service had felt compelled to intervene.

Priest continued to work on viruses, anyway.

He had just completed Natas, which he’d turned over to the Secret Service and to phalcon/SKISM for publication in that groups electronic computer virus magazine. He also uploaded the virus to a couple of bulletin board systems in Southern California. And he finished a very small, 96-byte .COM program-infecting virus.

There were other things he was working on, too, he added cryptically …

Priest had he had finally been able to videotape “The Satan Bug”
telemovie.
He shifted his VCR into replay and turned to look at his computer while it was playing. But the hacker said he still didn’t know what the movie was about when it was over. He had been too busy at the PC to pay attention.

Working . .



Notice of Satan Bug virus on Secret Service network, Crypt Newsletter e-zine, #19.


Old timers may note that portions of the original have been dropped. This has been done for reasons of clarity, technical discussion of programs long gone now and of little interest, and pacing.