Initialization, or Some Words before the Real Introduction

Currently, as I am writing these lines, at the bottom of the desktop an indicator of a personal firewall is blinking leisurely, filtering packets arriving through the cellular phone with GPRS (a highly recommended gadget; actually, a must to have). Episodically, no more than 3 or 5 times per day, the Love San worm (or something looking much like it) tries to penetrate the system, and my firewall displays the window in Fig. 16.1. The situation is the same when I connect the Internet using the services of my two other ISPs.

Figure 16.1: Something is obstinately trying to force its way to port 135, which contains vulnerability

Although the activity of the worm is declining (a couple of months ago attacks took place every hour or so), it is premature to declare victory. It will take a long time to gain a true victory. The worm is alive , and it will live long. That the author of this worm didn't make provisions for any destructive actions impresses and causes respect; otherwise , the damage might be irreparable, and all of civilization might suffer from it.

How many holes and worms would appear tomorrow? It is naive to hope that this book would help to repair at least some of their damage. Therefore, after long hesitation, doubts , and considerations, I have decided to write this book, reflecting not only administrators' point of view but also that of virus writers. After all, Eugene Kaspersky, the author of the popular antivirus product, chose the same approach. In one of his articles, which gave advice to virus writers, he substantiated this approach, stating that his potential opponents shouldn't blame and reproach him for doing so. The aim of articles and publications like these isn't sharing ideas with virus writers. Developers of antivirus software frequently encounter the same errors in different viruses. On one hand, developers of antivirus software can consider this an advantage, because such viruses do not live long. On the other hand, an unobtrusive and hardly noticeable error can result in incompatibility of the virus and the software used on the computer. As a result, the virus makes the system freeze or crash, and users rush in panic, with wild cries: "Let it hit a hundred computers, but I need my computer working!" As a rule, all this happens at an extremely undesirable time (the job deadline is imminent, the favorite game refuses to start, the compiler freezes , and so on). And all this happens when the computer is infected with a relatively harmless virus. Therefore, developers of antiviral software sometimes share some information about the "life" of a virus after it infects the computer to simplify life both for virus writers and for multiple users.

Worms are not just harmful . They might be even useful, provided that they do not implement destructive functionalities. Viruses in general are simply a childish disease of practically all programmers. What is the driving force that pushes them to write viruses? Is it the desire to do harm? Is it the desire for self-affirmation? Or, is it simply a craving for cognition? Naturally, if the worm has paralyzed the entire Internet, its creator must bear responsibility. This chapter isn't intended to serve as a guide to writing worms. Rather, it is an annotated listing of errors made by virus writers. I do not urge you to write worms. On the contrary, I call upon you to not do so. However, if you cannot help it, then at least write something that isn't harmful and doesn't hinder others' ability to live and work. Amen!