X

He's got the virus-writing bug

Under the name "Benny," Marek Strihavka wrote computer viruses. Now he's under investigation in connection with the Slammer outbreak.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
4 min read
For five years, Czech student Marek Strihavka programmed computer viruses as part of the underground group 29A.

A twist of fate, however, has led the former virus writer to take a job stopping digital pests like those he used to create. About a year after leaving 29A, which takes its name from the base-16 representation of 666, the 22-year-old resident of Brno in the Czech Republic became the main developer of Zoner Software's antivirus system.

I am glad that I can use the skills I achieved by studying viruses in practice and real life.

Now Strihavka finds himself under attack. The Czech police have raided his home and confiscated his computer equipment as part of an investigation into the Slammer worm. In addition, some antivirus companies are attacking Zoner for hiring a known virus writer.

In an interview with CNET News.com, the man who used to be "Benny" claims that he never took part in spreading his programs on the Internet and maintains that virus writers contribute to online security.

Q: Why did you join a virus-writing group like 29A? What is the purpose of the group?
A: The purpose of 29A has always been technical progress, invention and innovation of new and technically mature and interesting viruses. 29A distances itself from virus-spreading, since 29A always tried to act as a security group, not any cybergang, as has been portrayed in the media. 29A just wants to share ideas with others, and source code is a way of expression.

People that (have known me for) some time know very well that I've always distanced myself from spreading (viruses) and that I never did such a stupid thing. I am not member of 29A anymore, since I try to orient myself on my work, which I like as much as virus writing.

Who else (besides virus writers) should code antivirus programs? Who else has the experience and technical skills for fighting viruses?

How many viruses have you coded? What sort of projects did you pursue and why?
A lot. I don't know the exact number. But I always tried to come up with something new, never seen before. I coded viruses for platforms that were considered infect-resistant. I found some satisfaction in programming, just because I like logical and abstract thinking. This is not about any sort of "cyberterrorism."

Do you think that coding viruses has any ethical or moral implications?
Writing technically new and innovative viruses is like writing exploits for new programs. Coming up with new ideas advances the Internet, since it becomes more prepared against real attacks. I don't see anything wrong with saying, "Hey! This can be abused! There is a bug! You are not prepared for this!" without doing a single cent of real damage.

What has made you stop coding viruses? Do you still view the virus underground in the same way?
I am still the same. I am still interested in computer security, but now from the other side. I'm trying to fight viruses by finding better ways of detection. I am glad that I can use the skills I achieved by studying viruses in practice and real life.

Antivirus companies frequently say that no virus writer should ever have a job in security. What are your views of this opinion?
That is funny. Why? Just because a lot of skilled virus writers already have jobs in the antivirus industry. I don't want to cause any problems to my friends, so I won't give concrete examples. But believe me, this is just marketing theater for customers--the truth is a bit different.

Coming up with new ideas advances the Internet, since it becomes more prepared against real attacks.

In any event, who else should code antivirus programs? Who else has the experience and technical skills for fighting viruses? Some antivirus firms say that I have no moral right to do it, but...almost all ex-members and current members of 29A are employed in the antivirus and information technology security industry.

What sort of work do you do for Zoner? Has your virus-writing experience made your programming better?
I take care of ZAV (Zoner Antivirus) core--this means all those low-level functions for scanning, unpacking, emulation, heuristics, ZAV database maintenance and new detection patterns.

Since elementary school, I have been interested in computer viruses, and I focused on computer security. So I think I am the right person to program antivirus.

Should virus writers and releasers be tolerated on today's Internet? Does your answer depend on how the Internet has changed or the virus-writing community?
I think that source code is just a form of expression, and this should be legal, since freedom of speech is protected. I never spread any of my viruses, and I always thought doing so to be a stupid act. All that I am interested is a programming--nothing else.

The Internet is changing, and spammers and phishers should not be tolerated, of course. But people from 29A--and others who are only studying, publishing and not releasing self-replicating programs--are the last people that cause any real or virtual damage and should not be persecuted.