2. Computer vandalism is a process wherein there is a program that performs
malicious function such as extracting a user's password or other data or erasing
the hard disk. A vandal differs from a virus, which attaches itself to an existing
executable program. The vandal is the full executing entity itself, which can be
downloaded from the Internet in the form of an ActiveX control, Java applet,
browser plug-in or e-mail attachment.
Who are the computer vandals?
In the early days of the development of malware, the majority of
computer viruses and Trojans were created by students and other young
programmers – plus some older, more experienced programmers. Today,
there are still four main types of computer vandal:
3. Skilled students… showing off!
In many cases, students – that have just mastered the use of a
programming language – may want to try out their skills, test their ability
or prove how clever they are. Fortunately, many of these malware
do not actually distribute their malware – instead, they may send the
or worm virus to an antivirus company.
Inexperienced youths… assisted by the Internet
Young people that haven’t quite mastered the art of programming may
also turn to computer vandalism – sometimes to prove their ‘self-worth’.
In the past, this resulted in primitive viruses. However, there are now
numerous websites that explain how to write and distribute computer
viruses – and how viruses can sidestep antivirus software. So the Internet
has made it much easier for the inexperienced to create their own
4. ‘Professional developers’
As young virus writers mature, their experience can make their activities
much more dangerous. Older, talented programmers can create very
‘professional’ computer viruses. These can be sophisticated programs
use innovative methods to intrude into data system domains, or can
exploit security vulnerabilities within operating environments, capitalise
on social engineering or use a range of other tricks.
Researchers
These are shrewd programmers that are capable of inventing new methods of
infecting computers, concealing the infection and resisting the actions of
antivirus software. The programmer’s objective is to research the potential of
‘computer fauna’. The programmer may choose not to spread their creations –
but actively promote their ideas, via numerous Internet resources that are
devoted to the creation of computer viruses. Those ideas and ‘research viruses’
may then be used by malicious individuals or criminals.
5. United States v. Robert T. Morris, 1991
Robert Morris was one of the first to be prosecuted under the Computer Fraud and Abuse Act
of 1986. As a Cornell University graduate student, Morris wrote and released onto the Internet
a "worm" program designed to propagate itself automatically without harm to the host
computers, but due to a flaw in its design, the Morris worm caused thousands of computers
nationwide to crash on November 2-3, 1988. By itself, the worm did no permanent damage,
although the estimated cost of rectifying its effects at each location involved ranged from $200
to $53,000. As a graduate student in the Cornell University computer science department, he
full and legal access to all the department's computing facilities; these facilities were connected
to the Internet.
Although Morris' defense claimed the worm was a benign test of computer security that went
wrong, Morris was convicted on the grounds that he intentionally accessed remote computers
without authorization. He was sentenced to 3 years probation, fined $10,050, and ordered to
perform 400 hours of community service, a sentence far less than the maximum permissible
under law. The conviction later was upheld by a federal appeals court, and review was denied
the Supreme Court.
SOURCE: United States v. Robert T. Morris, No. 89-CR-139 (N.D.N.Y.), aff'd 928 F.2d 504 (2nd
Cir. 1991), cert. denied, 112 S. Ct. 72 (1991).