Mystery Company Hopes To Increase Malware Quality
Fake News written by on Monday, January 10, 2005
The rain poured as I wandered the docks looking for Midnight Alley. This was the place I was told to be at exactly 23:37, to meet H4xWarez spokesman J. Doe.
H4xWarez specializes in "various Internet related services" according to the promotional literature I obtained from their secret Gopher server (I promised not to reveal the server's IP number... as if anybody remembers how to use Gopher). An anonymous caller had hinted that it might prove an interesting article to investigate the newest H4xWarez technology.
A man wearing sunglasses and a long black coat suddenly appeared next to me. With an intense whisper he said, "Keep moving... and don't look at me!"
Here follows a transcription of my interview with J. Doe (not his real pseudonym):
Q: What kind of software does H4xWarez provide?
A: There is a growing demand for rock solid, portable malware. That's exactly what libbackdoor and the rest of our product suite will deliver.
Q: But doesn't the Internet have enough malware as it is?
A: Yes. But it's bad, low-quality malware. Most of it is riddled with serious bugs, like buffer overflows and uninitialized variables. Most of it will segfault after the tiniest bit of stress. In other words, it is easily exploited by other malware. For instance, in a matter of milliseconds, our libworm can easily take complete control over popular malware such as mydoom, blaster and sasser. Our product suite, with libbackdoor as our flagship, will provide reliable malware that runs on all platforms.
Q: Tell me a bit about libbackdoor.
Q: No seriously...
A: Well, with libbackdoor installed it will be a piece of cake to get external access to everything on the host, including root/administrator rights. This way we can install any range of products from the rest of our suite. Like libvirus. The smart thing is that libbackdoor only accepts H4XWarez malware ensuring that poorly written competitors can't use libbackdoor as an access point.
Q: The name libbackdoor implies that it is a libraray, right? So will a user have to link his binaries against it? That seems awfully complicated.
A: Yes. That is a point we are addressing at this very moment. One solution comes from an unnamed OS vendor who has shown interest in providing libbackdoor preinstalled. Unfortunately, their pending OS has been delayed over and over again.
Q: What have been the major obstacles in writing solid malware?
A: At the moment we are struggling heavily with our build machines constantly crashing. They are using 99-100% CPU power just running "ls" or "dir"; we are trying to figure out why. We have also been forced to rework our code from scratch several times because the hard drives in our servers keep getting wiped by unknown forces. Communication between our ha... programmers is also severely hampered by the skazillion megabytes of junk email they receive every day. Our libspam development team has been particularly hard hit.
Q: With all the problems you are facing, when can we expect a stable release?
A: I am sorry but I cannot reveal that.
Q: Even off the record?
A: Especially off the record. If you found out, I would have no choice but to kill you. And my technique is rather unpleasant -- it involves the command "dd if=/dev/urandom of=/dev/brain".
Q: How did this all get started?
A: Initially, we at H4xWarez wanted to produce a portable installation of ActiveX, but as we progressed, we eyed a bigger market. The rest is history.
Q: Thank you. I think I've got enough here.
A: No problem. Just remember, I wasn't here. You didn't see nothin'.