[Metroactive Features]

[ Features Index | San Jose | Metroactive Central | Archives ]

[whitespace] Illustration
Illustration by Jeremy Russell

Scandalous Code

Of Apache hackers and crackers

By Annalee Newitz

Suddenly it seemed like everybody was talking about the recent hack to the Apache servers. I guess the media got wind of it only very recently, although Ed ([email protected]) apparently knew about the whole thing for a week and hadn't been telling anyone.

That somebody messed with Apache is a big deal beyond the boundaries of the code geek community, too: the Apache server software is the most popular server software in the world. That means a hell of a lot of servers are in danger of going boom. And that spells major trouble for large portions of your friendly neighborhood known as the Internet.

According to Apache guru Brian Behlendorf (www.apache.org/info/20010519-hack.html) and a bunch of the other Apache group folks, it doesn't look like the hackers actually did any damage to the server code. A few hundred Apache geeks are combing through their code right now, comparing it to the prehack code, and searching for any discrepancies that would demonstrate that the hacker had done more than grab a bunch of passwords. Here is one of the advantages of open source code writ large: as soon as there is a problem, you've got hundreds of geeks who want to pitch in and help. And if you're worried that the code is still corrupt, you can look at it yourself. When proprietary server code like Windows NT is hacked (and it has been), users just have to trust Microsoft when their reps tell them that it's all safe now.

For the record, the Apache group is calling the person who broke into their servers a "cracker"--a term used disparagingly for small-time hackers who break into networks for fun. It's interesting how when your guys do something sneaky, it's a hack, but when the other guys do it, it's a crack. And if the other guys are particularly stupid (despite outwitting you), they're called script kiddies. Human language is such a subjective and arbitrary code.

Speaking of human language as code, there's a great new virus spreading on the Internet. Known as the sulfnbk.exe hoax, it's actually one of the most ingenious viruses ever invented because instead of launching a program that wreaks havoc on your computer, it releases a psychological program into your brain that induces you to mess up your own computer all by yourself.

The virus comes in the form of an e-mail that "alerts" you to the existence of a virus that's hidden on your computer under the name sulfnbk.exe, which it then advises you to find and delete. Many people, upon receiving and following the directions in this email, will indeed find this executable file in their command folder. According to Stiller Research's virus hoax site (www.stiller.com/hoaxes.htm), "Windows 98 and ME systems have a file called sulfnbk.exe (a DOS program used to restore long filenames) that few people are aware even exists." To make matters more confusing, there actually is a Trojan horse virus with the name sulfnbk.exe that arrives via email attachment.

If you got the sulfnbk.exe "warning" email and actually followed the directions in it, you would never have known what a complete fool you were. Eliminating the sulfnbk.exe file will basically do nothing. According to the Symantec virus warning (www.symantec.com/avcenter/venc/data/sulfnbk.exe.warning.html), "Sulfnbk.exe is a Microsoft Windows utility that is used to restore long file names. It is not needed for normal system operation."

I even induced my bored pal Jon--who would rather have been searching for signs of a buffer overflow exploit in the Apache code--to help me test this out on my beloved Vaio (which runs WinME, blech). We removed the sulfnbk.exe file, then rebooted. Nothing. All the long file names were the same. Then we restored the sulfnbk.exe file anyway, just to be safe.

This makes the sulfnbk.exe virus a truly perfect psychosocial experiment. Whoever created this hoax--apparently it originated in Brazil--did it just to see how many people would follow their directions and remove a file from their own hard drives. Imagine if this file had actually been useful. Thousands of people would have sabotaged themselves. Apparently, if you want to hack a system, human credulity works even better than a Trojan horse virus.

Annalee Newitz ([email protected]) is a surly media nerd whose securirty sucks so hard that script kiddies could probably own her in 10 seconds.

[ San Jose | Metroactive Central | Archives ]

From the June 7-13, 2001 issue of Metro, Silicon Valley's Weekly Newspaper.

Copyright © 2001 Metro Publishing Inc. Metroactive is affiliated with the Boulevards Network.

For more information about the San Jose/Silicon Valley area, visit sanjose.com.