The WildList Organization International      






In the Wild Virus Descriptions

Frequently Asked Questions   

Report a Virus Incident

Product Testing


About Us

In the News

Our Code of Conduct


Tell us what you think


The webslingers 

                (from The Guardian Unlimited)

Melissa, Chernobyl, the Worm and now
Back Orifice 2000: this has been the year
of computer viruses. But who writes them
and why are they being released in ever
greater numbers? Simon Waldman
identifies the creators of so-called 'digital

Thursday July 15, 1999

Just when you thought it was safe to switch on your
computer. Just when you had finally dumped Melissa,
chucked out Chernobyl and dug out the few files that
had not been eaten up by the Explorer worm, along
comes another virus. 

The threat this time is Back Orifice 2000, a cunning
program written by a group called The Cult of the
Dead Cow. It allows people to take remote control of
Windows machines and was released last week in
Las Vegas at Def Con, the seventh annual convention
for virus writers and hackers from around the world. 

You should be safe from Back Orifice 2000: it is
mainly aimed at system administrators. But it is yet
further proof that for a teenager hell-bent on
international notoriety, writing computer viruses is the
way to go. 

Melissa, Chernobyl, the Worm and now Back Orifice
have earned global coverage in a way that was only
previously known to rock stars. Forget years of playing
gigs in seedy clubs, a few hours' writing computer
code, a few buttons clicked and, hey, you're an
overnight global sensation. 

The flip side of this is that virus writing is a deeply
destructive thing to do with your spare time, with little
left to show for it than a trail of devastation and the
threat of a serious prison sentence. So who are these
virus writers? Why do they do it? 

Virus writing has had something of a boost since the
internet has been accessible to the mass market. As
Sarah Gordon of IBM, who has spent 12 years
researching virus writers, says: "It is increasing, and
this is probably due to the sheer number of new
people who are gaining access to the information and

The virus writer's online arena, the Virus Exchange or
Vx, was once a closed world of exclusive online
bulletin boards scattered from Bulgaria to Australia.
Now it is open for all to see on a number of websites. 

The FBI has closed down some of them, such as the
Source of Kaos, which is home to many writers
including VicodinES, the creator of Melissa, but you
can still visit others such as It is here that virus
writers swap code and discuss ways to outwit the Vx's
arch enemies, the anti-virus industry or the AVs. 

Needless to say, the global publicity for Melissa and
the Explorer worm virus has also increased interest in
the area. According to George Smith, author of The
Virus Creation Labs: "These people are extremely
imitative, they do notice the kind of coverage, and
being young they try to emulate the kind of things they
have read about." Because of this easy access, some
virus writers are hardly programmers at all. They
simply cut and paste other virus code to make their
own mixes. They are called "scripters" or "script
kiddies". "It's a sheep-like club," says Smith, "These
people are followers, not the iconoclasts of the early

Ah, the early 90s, the good old days. In 1991, a virus
writer called Hellraiser started the first virus writers'
electronic magazine, called 40Hex. He was an
unemployed 20-something, living outside New York,
and addicted to playing Mortal Kombat at his local
video arcade. Sarah Gordon says he was also "a
talented poet, musician and graffiti artist". 

Edition one of 40Hex, however, started with the
somewhat less than poetic warning: "If you are an
anti-virus pussy, who is just scared that your hard disk
will get erased so you have a psycological (sic)
problem with viruses, erase these files. This aint (sic)
for you." Illiteracy aside, it was the start of a

Like many who write viruses in their teens or 20s,
Hellraiser gave it up as he grew up, although 40Hex
still appears sporadically. But perhaps his greatest
legacy is his definition of viruses as "digital graffiti". 

Virus writers and graffiti "bombers" share a number of
characteristics. Just as graffiti writers have their tags,
so virus writers have their nicknames, and there have
also been a number of virus gangs on the Vx scene.
Most importantly, both believe they are involved with
an anarchic art form, while for those who are left to
deal with the mess it is simply annoying, destructive
and expensive to clean up. 

Hellraiser's gang was called Skism, short for Smart
Kids Into Sick Methods. This then merged with
another New York group to form Phalcon/Skism, one
of the best known of recent times. Other groups have
included NuKE, TridenT and VLAD. 

Sarah Gordon is the world expert in the area, but even
she admits: "I can't give you a simple answer to the
question 'What sort of people do this?' If I could, we
could develop a generic approach to solving the
problem. The reality is that this is an extremely
complex issue." 

Her research has made her something of a myth in
virus circles. She developed a particularly intriguing
relationship with the notorious Bulgarian virus writer
the Dark Avenger (motto: "confusion to your
enemies"), who practised at the start of the decade.
At one point he dedicated one of his viruses to her. 

In her definitive works on the subject, The Generic
Virus Writer II, she gives a number of different reasons
including: "relief from boredom, actively seeking fame,
exploration, malice and peer pressure". 

She also noted a number of different types of writer:
the adolescent, the college student and the adult. She
noted that most eventually "aged out" and saw the
error of their ways. However, she now believes she
has found a new type of writer, the new age virus
writer, who is older, employed and refuses to "age
out". He is particularly dangerous as he is likely to get
involved with more complex code. 

And yes, it is invariably a "he". There are female virus
writers, but they are very much in the minority. One of
those is Veggietailz, who wrote a particularly nasty
variant of Melissa called the Vengine. "I had several
motivations for writing this," she explained as she
posted the code for the virus to the internet. "One, of
course, was to demonstrate that WOMEN CAN
CODE TOO, a fact often overlooked in today's
patriarchal society." 

The common temptation is to think of teenage geeks
who lock themselves in rooms and listen to heavy
metal. But again, such stereotypes are dangerously

The virus writer charged with writing Melissa, David L
Smith, is a 31-year-old freelance programmer from
New Jersey - no teenager. However, he is also not
one of Sarah Gorgon's new-age virus writers as there
was technically nothing special about the Melissa
virus. The big question is how Smith is related to
VicodinES, the writer responsible for much of the
Melissa code. Are they the same person? Did Smith
just put a few pieces together and post it, unaware of
what he was doing? It is left for the court to decide. 

After Melissa a statement was released by the Vx
community. They stressed that the community is split
between "white hats", who simply research viruses
and keep them among themselves, and "black hats"
who distribute them "in the wild". They said the
government should focus on whoever distributed the
virus, not who wrote it. 

Sarah Gordon is not impressed with the good/bad
virus writer definition: "I'd describe them as young
people who simply haven't fully considered the
implications of their actions. Black hat virus writers, on
the other hand, do understand and simply do not

A virus writer writes... 
By Johnny, The Homicidal Maniac

Why do I write viruses? I have to ask myself that
sometimes. Why do I spend nights without sleep,
fuelled by caffeine, cigarettes and sugar? Why do I
buy, borrow and read technical manuals that the
average person would classify boring? Or even
consider doing something that can result in the loss of
a job or an investigation by the police? 

Well, here are my philosophical reasons for writing
viruses. It allows me to play god in my own little
microcosm. I can write something closely resembling
what one would call life. I can pretend to be a dark
villain, or some sort of cyber-terrorist. Not that I'd
seriously pose as one, but it's quite often fun to play
on people's preconceptions and negative
stereotypes. Oh and for the record, I'm not antisocial,
nor do I wear centimetre-thick glasses. 

How about ethics then? Aesthetically, a virus can be a
piece of art. Think of grafitti. You can use it as a
means to send some sort of message to the world.
Like guns (or pyrotechnics) viruses are fun to play
with. In irresponsible hands, they can be dangerous.
Luckily, if I walk into a school wearing a black
trenchcoat and carrying a diskette, I'll only be laughed

Then, there are the social aspects of virus writing. If
you ever read any of the papers Sarah Gordon wrote
for anti-virus companies on the psychology of virus
writers, you'll be thinking peer acceptance. Yeah,
that's right. Then again, if I can be accepted for what
can be equated an intellectual pursuit, I'm pretty
happy. I will make this clear though - I don't believe
that the average person does deserve to lose data.
So, I've never written a destructive virus, nor have I
ever intentionally spread one. Oppressive
socialisation, however, brings about the reactions of
people seeking political forums - whether as brutal as
terrorists who would blow up a pub, or as subtle as
virus writers who would hope to hit corporate systems.

Those are my thoughts, if anyone cares. 

The WildList and The WildList Organization International] are trademarks of The WildList Organization. All other products mentioned are registered trademarks or trademarks of their respective companies.

Questions or problems regarding this web site should be directed to
Copyright © 1999,2001 The WildList Organization International. All rights reserved.
Last modified: Saturday September 25, 1999.

Thank you for visiting our WWW site. Remember, viruses spread every day of the year. Keep your antivirus software up-to-date, and practice safe computing.