Byting Bagles

Noticed something weird about your computer lately? Maybe you see yourself uploading files with names like “Porno Screensaver.scr” on Kazaa even though you didn’t download anything of the sort. Maybe your antivirus software doesn’t load anymore, or your computer beeps randomly. Or maybe your hard drive has been constantly running ever since you downloaded that attached message from the “Harvard.edu Team.”

If so, you’re a victim of social engineering—a tactic used by the latest viruses to trick you into downloading an attachment. Socially-engineered viruses aren’t new, but their recent rise in sophistication is. Viruses like Sobig, Mydoom, Netsky and Bagle “spoof” (or fake) sender addresses, create believable e-mail texts and give their attachments harmless names, all in an effort to convince you to download and run their harmful payloads. Bagle.J, for instance, sent a message to Harvard students from what appeared to be “Harvard.edu Technical Support,” explaining that the attached file was for antivirus protection. But instead, the Bagle virus opened up a backdoor in computers it infected. The virus’ creators and others use this backdoor for sending spam, serving files or even further infecting your system with more viruses.

Catastrophic virus outbreaks had long been based on security holes in Windows, like last August’s Blaster worm. Current virus writers have realized that while security holes are fleeting, user gullibility is forever. This gullibility has enabled an international hacker war fought with all the drama of daytime television and all the maturity of an adults-only AOL chatroom infiltrated by sixth-graders.

It all started with the January 27 release of Mydoom.A. At its peak, this first variant of Mydoom accounted for 8.3 percent of all e-mails moving across the Internet—one out of every 12 e-mails processed—according to the e-mail-filtering firm MessageLabs. The virus launched a vengeance Denial of Service attack against the SCO Group, a company that has claimed ownership of some of the code used in open-source Linux distributions. With millions of computers sending token bits of data 12 times every second, Mydoom’s attack would have easily overrun SCO’s servers. But SCO just changed its domain name temporarily and avoided the Mydoom-mediated wrath of its pro-open-source assailants. Though Mydoom failed in its main objective, it succeeded in proving that social engineering tactics were useful on a grand scale.

Enter big-business Bagle. The Bagle virus is actually an example of good—if illegal—business. By compromising computer systems, the Bagle virus can create networks of highly efficient spamming servers. So the next penis-enlargement e-mail you get might just be your own fault. Spamming can generate significant profits, especially if the spammers don’t have to pay for Internet access.

Apparently angered at Bagle’s success, another group of hobby virus-writers created Netsky in the same mold. Netsky.D, its most successful variant, took the additional step of uninstalling any versions of Bagle it found on systems it infected. The war had begun, and l33t h4x0Rs on both sides struck back in the only way they could: “Hey, NetSky, fuck off you bitch, don’t ruine our bussiness, wanna start a war?” read the internal code of a new Bagle variant.

Soon Mydoom joined the verbal assault against Netsky in a new variant, Mydoom.G. Part of the internal code drew a poor comparison between Netsky and the “Skynet” of the Terminator movies: “imho, skynet is a decentralized peer-to-peer neural network. we have seen P2P in Slapper in Sinit only. they may be called skynets, but not your shitty app.”

Then things started going downhill.

With each retort, virus-coders on all sides release new variants with new social engineering tactics. There are now 21 official variants of Bagle and 17 of Netsky. And in this hackers’ spitting contest there are only millions and millions of losers—Internet users. Netsky, Bagle and Mydoom together have caused over 100 billion dollars of estimated damage to personal and commercial computer systems, according to Internet security firm mi2g. All this havoc, so few grammatical skills.

While the puerile creators of Bagle, Netsky and others may eventually tire of their war, there will doubtless be many more to take their place. The demonstrated ease with which these socially-engineered viruses have spread is an tantalizingly simple way to achieve hacker immortality for anyone familiar with Visual C++ at the …for Dummies level and above. And with antivirus companies releasing new updates daily to combat new variants, even day-old protection files can damn computers to virus hell.

The only solution is vigilance. In the end, socially-engineered viruses rely on user gullibility to spread. But you don’t have to stop using e-mail to be safe—just be a little more liberal with the “delete” key. Hopefully, the current baptism by fire will convince new and novice users that e-mail attachments aren’t necessarily friendly. Because if not, socially-engineered viruses with payloads that do more than open security holes—like payloads that delete files or steal passwords—could make the current hacker spat seem like a fond memory.

Alex Slack ’06, an editorial editor, is a history concentrator in Leverett House.