Russia Gets Serious About Its Virus Writers?

By | November 19, 2004

Is Russia finally getting serious about its virus writers?

Kaspersky Labs and F-Secure, two anti-virus manufacturers, report that Evgenii Suchkov (or Eugene Suchkov, sometimes known as Whale or Cityhawk) has been found guilty of writing two viruses, Stepar and Gastropod. Suchkov was sentenced in the Russian republic of Udmurtia, and while he was only fined 3,000 rubles ($100) — a sentence which has attracted some derision — Kaspersky’s analyst reckons now “Russian virus writers know that they are not always going to be able to hide from the law. And the world knows that Russia is doing something about virus writing”.

Suchkov, it appears, is no small fish. He’s believed to be a member of 29A, a notorious virus writing group, according to Kaspersky, which also believes he’s a member of the HangUp Team, a group I’ve tried to look more carefully at for their alleged role in phishing. Interestingly, a Czech member of 29A was recently recruited by a Czech software company, a move which has ignited some controversy, not least because it would appear to make virus writing a good way to prepare a CV for more legitimate work.

I tend to agree that hiring these guys might not be the best idea. Beyond the moral hazard issue — why should virus writers care about getting caught if they know it will lead to a job anyway? — there’s the issue of where this guy’s loyalties may lie. Is he going to try to stop his old buddies from doing their thing? Or tracking them down? And even if he did want to do good work for his new employer, he’s going to be a marked man for his former buddies who it’s believed, have active links to the Russian mafia.

The point to remember is that virus writing is now an industry, or sub-industry, of the criminal underworld. So no longer could one argue that these guys are just lonely geeks trying to get some attention. They do what they do for money, which means a virus, worm or trojan is a piece of code designed to do something specific. It’s probably done to order. If one of these virus writers is now working for the other side, I would hope his new employers take a good hard look at his motives: If he’s a good virus writer he could probably command significant amounts of money. Is he going to say goodbye to all that?

Finally, Mikko Hypponen of F-Secure suggests that there may also be traffic the other way. “F-Secure also has evidence which suggest that spammers have succesfully recruited anti-spam software developers to their side,” Hypponen says in a recent email. He points out that “spammers make money from their efforts; that’s why they can actually afford to invest in making their attacks better.” Anti-spammers going to the dark side? There must still be good money in it somewhere. I’ll try to find out more.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.