23.3 Authors

Little is known about the people who write programmed threats, largely because few of the authors have been identified. Based on those authors who are known to authorities, they can probably be grouped into a few major categories:


The first Internet worm was written by a graduate student, apparently to demonstrate a class of security problems. The ILOVEYOU computer worm was written by computer science undergraduate students as a class project, again as a demonstration. Following both incidents, the individuals admitted that they had exercised poor judgment and had not anticipated how far these programs would spread. Poor judgment or not, courts have ruled that writing and releasing such programs is criminal behavior.

Publicity hounds

Another motivation for writing a virus or worm might be to profit, gain fame, or simply derive some ego gratification from the pursuit. For example, the Melissa computer worm was written by a computer programmer who wanted to impress an exotic dancer of the same name. The Back Orifice Trojan horse was written by the Cult of the Dead Cow as an apparent publicity stunt.

In the future, someone might write a virus and release it, and then try to gain publicity as its discoverer, be the first to market software that deactivates it, or simply brag about it on a bulletin board. This notion is similar to a firefighter setting fire to a building so that he can take the credit for putting the fire out.

Experimenters and hobbyists

Some of the most potent PC viruses have been written by a small group of Eastern European programmers who compete with each other to see who can create the most effective virus.

Common criminals

A few viruses have been written to commit acts of extortion or wipe out evidence of another crime. In several cases, viruses have been written as acts of revenge against a company or government agency, and have spread to a worldwide audience.


There is a history of some viruses being written to make political statements. For instance, there have been viruses with messages against political figures (e.g., Ronald Reagan, Margaret Thatcher), against various government policies (e.g., marijuana laws), and against commercial interests (e.g., anti-fur and anti-logging).

Information warfare researchers

Since (at least) the 1990s, governments and government contractors have been developing computer viruses, Trojan horses, and other information warfare tools. Some of this research has been for the purpose of developing defensive technologies against these threats, while other research has been geared towards developing an offensive capability that could be targeted against an enemy. Such work is similar in spirit to work on biological weapons undertaken by the U.S. and Soviet Union during and after the Second World War.

Some recent worms and viruses appear to have been targeted at the U.S. by Chinese authors as a result of the bombing of the Chinese embassy in Belgrade in 1999, and again after the mid-air collision between an F-8 fighter and a U.S. Navy EP-3E surveillance aircraft in 2001. Because of the tight control exercised over Internet access in China, some authorities suspect that these were state-sponsored attacks.

Once programs are written, they can be planted or distributed by many more kinds of individuals, including:

Program authors

Many viruses and worms are distributed by their authors. Such distribution can be either intentional or unintentional.


One of the largest categories of individuals who cause security problems includes disgruntled employees or ex-employees who feel that they have been treated poorly or who bear some grudge against their employer. These individuals know the potential weaknesses in an organization's computer security. Sometimes they may install logic bombs or back doors in the software in case of future difficulty. They may trigger the code themselves, or have it triggered by a bug or another employee.


Another category includes thieves and embezzlers. These individuals may attempt to disrupt the system to take advantage of the situation or to mask evidence of their criminal activity.


Industrial or political espionage or sabotage is another reason people might write malicious software. Programmed threats are a powerful and potentially untraceable means of obtaining classified or proprietary information, or of delaying the competition (sabotage), although they are not very common in practice.


Extortion may also be a motive, with the authors threatening to unleash destructive software unless they are paid a ransom. Many companies have been victims of a form of extortion in which they have agreed not to prosecute (and sometimes go on to hire) individuals who have broken into or damaged their systems. In return, the criminals agree to disclose the security flaws that allowed them to crack the system. An implied threat is that of negative publicity about the security of the company if the perpetrator is brought to trial, and of additional damage if the flaws are not revealed and corrected.[3]

[3] This is why, in the scenario at the beginning of the chapter, the victim might be more likely to pay than to call the authorities.

Political activists

One ongoing element in the writing and distribution of programmed threats seems to be an underlying political motivation. These viruses or worms make some form of politically oriented statement when run or detected, either as their primary purpose or as a form of smokescreen.

No matter what their numbers or motives, authors of code that intentionally destroys other people's data are vandals. Their intent may not be criminal, but their acts certainly are. Portraying these people as heroes, as clever or simply as harmless "nerds" masks the dangers involved and may help protect authors who attack with more malicious intent.

    Part VI: Appendixes