Virus Creators

By | November 9, 2004

A federal judge in USA has issued a temporary restraining order against a man, whose name is not worthy to appear here, who has dedicated his life to spam. The track record of this individual is incredible… In the 90s he headed a company that sent out 30 million spam messages to consumers every day, earning him the nicknames of “Spamford” and “Spam king.”

Up to here, his activities are nothing different from the normal actions of spammers. But what is really worrying is the reason why a federal judge has issued a temporary restraining order: this man is accused of offering computer users two anti-spyware programs, which delete spyware that he himself has installed on many systems!

Since antivirus programs have been around, manufacturers have had to fight against an urban legend that this character has fed: the authors of viruses are antivirus developers themselves. This statement is already a popular belief in IT circles, and it is as difficult to shake off as the claim that Walt Disney is cryogenically frozen, the corn circles created by extraterrestrials or the assassination of Kennedy by the US government.

The fact that the individual I refer to is selling his own software (and what´s more, at 30 US dollars) to eliminate the spyware he has created is truly despicable, more suited to a science fiction movie plot than the reality of IT security today. Remember the James Bond movie “Tomorrow never dies,” in which a communication magnate sold antivirus software for the viruses that his company created. As a complement to the argument of the movie, it´s not bad, even if it does present an idea that could reinforce the legend. “If they say it in the movie, it must be true.” It´s a shame, however, that they don´t also believe many of Yoda´s statements about the Jedi philosophy.

Since I have been working for Panda Software (some years now), on many occasions I have had to deny this rumor (and I´m sure that many of my colleagues in other antivirus companies have also had to do the same many times), and it´s useless. It is easier to believe that antivirus developers need to use these tricks to sell their products than face reality. Even though my knowledge of the law is very limited, I suppose that this kind of activity is illegal in the legislation in many countries, which, although they do not categorize cyber crime correctly, do have legislation on commercial activities like this.

A few months ago, I coincided with a friend of mine, who works for another antivirus company, at an IT trade fair. And another person took advantage to have a joke: “What, designing the next virus?” We didn´t know what to say. We looked at each other perplexed and said the only thing we could: “What do you think?” Of course, the person that had asked us didn´t reply. He just grinned and rapidly changed the subject. He realized that he had said made a fool of himself in public. He was not talking to criminals but to security professionals.

Viruses are not created by the same companies that develop antivirus programs in order to get clients, just like no doctor would release the flu virus on a bus full of people to get more patients. We are vulnerable enough to catching the flu when someone sneezes without needing someone to go round contaminating buses on purpose. The same can be said for computer viruses: computer users worldwide are sufficiently vulnerable and there are enough heartless virus creators around without antivirus companies wasting their time on a virus created by ourselves.

I hope that the judge in charge dictates a sentence that will set an example, so that both those that feel tempted to do the same, as well this unscrupulous programmer and salesman himself think twice.

Leave a Reply