Home > Articles > Security > Network Security

  • Print
  • + Share This
Like this article? We recommend

Like this article? We recommend

Me and 29A

29A is an international group connected by a common interest in computer security, especially in self-replicating code. To many who don't know us, we represent criminals who only want to destroy. Under the 29A name, several technically capable people have released programs that, if not interesting, are at least different from "mainstream production" viruses. You won't meet most of our code in the wild—not because we wouldn't be able to write a virus that would propagate; in fact, almost any programmer can to do it these days—but because our purpose is to release proof-of-concept in order to point out security vulnerabilities that can be fixed.

Unlike many of the stereotypes about us, we don't want to destroy data, waste institutions' time, or con them out of money (and the published damage figures caused by many worms are questionable at best). We just want to show that not much has changed since MS-DOS. Computer systems are still vulnerable, and vendors are still unenlightened. Maybe they're comfortable with this state (together with AV firms), but that's just speculation.

Our viruses are very often designed so that it would be impossible for them to spread in the wild without altering their structure: For example, they're limited to infecting one file per run, or they ask the user before even trying to reproduce.

I often hear the opinion that by releasing source code of our viruses and worms in our magazine that implement new ideas and techniques, we indirectly cause destruction, because these techniques are then used in worms in the wild. (For example, 29A has written the first macro virus and the first real Win32 virus, and we worked out polymorphism and metamorphism, as well as the first Win64 virus and the first worm for Symbian that was able to spread via Bluetooth.) However, if you accept this opinion, then you're also pointing the finger at people who seek exploitable bugs in software and who release proof-of-concept exploits; you must believe that these researchers are also criminals. Behind almost all mass-spreading worms (if we omit worms that use social engineering methods) stands a bug in the software that was first discovered, then publicly described, and later exploited. Are you calling full-disclosure researchers criminals?

The answer is clear: Security through obscurity was overcome a long time ago, and that's why 29A and most of the serious virus-writing programmers release their code in magazines. But first, of course, we let AV firms know about these viruses, so they can adapt and prepare new cures. If the few of us who practice virus-writing as a hobby are able to attack almost every main platform, what would professional attackers or terrorists be able to do? It's better to know vulnerabilities in advance in order to prepare your defenses.

  • + Share This
  • 🔖 Save To Your Account