Back to article
There but for the Grace of Bill....
Getting Down to that Crazy Nero Beat
May 5, 2000
It was so nice of the creator of the ILOVEYOU worm to write it in Visual BASIC Script (VBScript). After all, as a Linux advocate, I feel that even malicious code should be open source. It's part of my image as an Eric S. Raymond droog, you see, and I wear it proudly!
I spent a little time looking at the source code for ILOVEYOU yesterday afternoon. I was laughing out loud at the whole thing. The code is childishly simple, and is overtly marked in the MIME headers as a .vbs (VBScript) executable file. The comments made it seem as if it was written by someone in the Philippines, but there were also comments that had Arabic-sounding names in them. My guess is that both are phony, designed to give a false clue to anyone trying to trace the worm's origins.
What amused me most is that this creator of a malicious e-mail worm had misspelled the word "mail" repeatedly in the comments. They kept referring to it as "male," and it took me a while to figure out that their code really wasn't changing its behavior depending on the gender of the recipient. I realize the operating system shouldn't know that, but given that this worm runs on Windows, I would believe just about any surreptitious info collection by the OS.
As a Linux user, I gleefully quipped to anyone who'd listen that I was immune to anything written in VBScript. My wife, a longstanding OS/2 loyalist, positively cackled as she safely read her e-mail in Innoval's PostRoad Mailer. I'm sure FreeBSD, Mac, BeOS, Amiga, UNIX, and mainframe users around the world were doing the same thing as we all listened to the clueless journalists announcing a major, worldwide e-mail crisis. Nyah, nyah! Can't hurt us! Let their cities burn! We're enjoying the fiddle music from this Nero guy!
Well, my little droogies, we are all so busy whistling in the dark that we don't see the headlight of an oncoming train. After these goofballs get tired of Windows, they'll turn their attention to Linux, and we will look even worse than Bill and the Boys from Redmond do today.
Let's get some standard disclaimers out of the way, before my fellow Penguinistas grab the ropes and torches and come banging on my door: Windows is a lame excuse for an operating system. Windows security is an oxymoron. Micros~1 Outhouse is the most vulnerable e-mail software ever written. Bill Gates rips the heads off live bats and feeds them to innocent children in famine-stricken countries, or so I've heard.
Now that my pedigree as a true zealot is established, may I explain why Linux is just as vulnerable as Wintendo, and why we should be thankful to Mr. Bill for being our stunt double?
Worms, viruses, and Trojan horses aren't magical, and they aren't alive or self-aware. They are just programs, mere bits and bytes that have meaning to the operating system or CPU. As such, they can't do anything to the system just by existing on the hard drive. They have to be executed, have to gain control of the CPU. And there are only a few ways for that to happen.
For the moment, let's ignore the case of someone cracking a system from the network. No matter what operating system you're running, vulnerability to network attacks has more to do with an administrator who has--or does not have--a clue than with the quality of the operating system itself. But when malicious code enters a system from a Web page, or e-mail, there are really only two ways for it to be executed: automatic and manual.