Lots of people have web-based e-mail addresses, such as Hotmail, Live, or Gmail. Some of these addresses are used as "throw away" accounts, and abandoned once they are no longer needed. Others are simply left alone and forgotten as real life intrudes. It seems likely that most of the corporations that offer the service also have a policy of closing accounts that have been dormant for a period of time. Once the account is closed, someone else can easily create a new account and take over the e-mail address.
As a result, some e-mail addresses which originally belonged to "famous" people might end up belonging to less famous people who decide to trade on the reputation of the original owner. Sometimes, only the account name is constant, while a different service provider is used. In some cases, the deception is obvious, but in other cases, it's unclear or just too hard to tell at all. Of course, we're also talking about people who are "celebrities" only in a very small circle. These are virus writers, after all, so they are hardly household names.
Let's take, for example, "Q" the Misanthrope. He was a virus writer in the DOS days who produced several interesting proof-of-concept works, such as placing the virus code in the High Memory Area (also known as the HMA, and which was not scanned by anti-virus engines at the time). He described himself in a public document in 1997 as a 38-year-old from the USA, and he seems to have retired shortly after the document was written. However, more than ten years later, someone created an account using his name, and started sending e-mail. Interestingly, that person did not know how old he was supposed to be, and his first language was no longer English.
Then we have Jacky Qwerty, who was described in a public document as becoming a father. He seems to have retired in 1999. Shortly after "Q" the Misanthrope was identified as a fake, a "jqwerty" appeared. He did not know that he had any children.
Fortunately, neither of these new people have written any new viruses.
We also have hh86. She has been described in a public document as female. Her website saw a flurry of activity and many changes in a short period of time, after which her site and all of her forum posts were deleted. A few months later, she was back, and then gone again, and then back again. Is it the same person? We have no idea, but one of the viruses attributed to her appeared during one of her breaks and it has a distinctively different style. The more recent viruses have mostly returned to the original style.
Typically, identity theft is used to acquire goods and services using someone else's money. Virus writer identity theft seems to have no purpose, since the writing style (both communication and code) becomes the template which must be maintained in order to retain the illusion of continuity. However, if the illusion is maintained for long enough that the new person actually acquires great skills, then that person can't suddenly appear on the scene using a different identity because they will be accused of simply imitating the original person. This doesn't affect us particularly, since one virus writer is essentially the same as any other. However, it does pose a problem for the projects that claim to be able to attribute code to a person. Do you think that you've caught the right person? Try proving it. It just might be a copycat.
So we don't know why someone would do that, but then again we don't understand a lot of the things that some people do.
- Peter Ferrie
没有评论:
发表评论