I'm here to talk about "who writes the worms." Soworms, we're talking about those threats that spread to hundreds of thousandsof machines in minutes. You all I'm sure are aware of them. The question is whois doing the writing of them, I mean I get that question a lot. Well the answeractually might surprise you.
So the first group of people I'd like to talk about are whatI call the white hats. These are a group of very highly technical individuals.Their job is to dig into software and find vulnerabilities, extremely difficultto do. Very few folks can actually pull this off so it's not a very large groupof people but what they'll do is they'll take the information that they'vebuilt and they'll generate a disclosure. So your intent, it's a very puremotive, they're going to create some text. They're going to send it to thevendor. They're going to send it to the public, not a lot of details, butenough to recreate the issue so that vendors can get on the problem and fixthem.
So the second group is what we're going to call the grayhats. So somewhat less technical, but still pretty good and what they're goingto do is, they want to take this disclosure and they want to generate somethingthat actually can prove that it can break systems. So they're going to turnthis into break-in code. So this is what these folks deliver; you take thedisclosure, you do additional analysis, you create source code, you put it onthe web, now you've proven that you can actually break into thesevulnerabilities. But they won't do much else so they're really not trying tobreak into systems and do bad things, they're just trying to prove the case,and you know, these folks are motivated possibly by fame. You know, "heygreat, I'm the guy that made this code," or maybe, you know, they'll sellsome break-in code to vendors or to customers so that they can do pen testingessentially on their system.
The last group is the one that we're all worried about,these are the black hats, these are not technical at all typically, and whattheir job is, their job is to take the break-in code that's out there on theweb and add a payload. So when we say payload what are we talking about? Wellguess what: worms - spread yourself, trojans, viruses, spyware so all the badthings that we're trying to protect ourselves against, this group of people arethe ones that are doing all the writing and they are motivated by all kinds ofthings, but we know these are the activities we really don't want them to do.
So back to the question "who writes the worms,"the interesting point is, is that this group of people wouldn't be able towrite the worms unless this group actually generated disclosures and then thisgroup generated the break-in code. Even though these folks are trying to do theright thing, these folks are using that information to do the wrong thing.
