Etap Author Tells Us The Score
I am The Mental Driller, member of the 29A virus-writing group. My reason for writing is that I wish to deny publicly that the virus ‘Simile’, or ‘Etap’ (although, originally, I named it ‘MetaPHOR’), was written by any anti-virus company.
Certain reactionary people read Symantec’s analysis of the virus and made their own malicious misinterpretation of a sentence that was intended by Symantec to calm user fears: ‘So far Symantec has not received any submissions of this virus from customers.’ The sentence means exactly what it says. Period. It cannot be interpreted in other way. The antivirus company is not the author of the virus, I am the author. They have the virus in their hands because I sent it to them and, since I haven’t spread the virus, I do not expect it to appear In the Wild (unless any unscrupulous person unleashes it).
Anti-virus companies do not make viruses. That urban legend is kept alive by people who, unable to achieve recognition by other means, make false statements in an attempt to attract attention to themselves and claim their ‘five minutes of fame’. The only result these unfounded rumours achieve is that some users stop trusting in the protection offered by the anti-virus company – protection that may not be sufficiently robust or necessary for those who have in-depth knowledge of the subject, but which does serve well for the average user who doesn’t know what PE format is, or how a virus works internally.
AV companies have no need to write viruses, there are plenty of people who create them, without financial gain. If it were true that AV companies needed to create viruses, I would have received offers inviting me to program viruses for them! I categorically deny this to be the case.
Leaving aside the cheap sensationalism generated by those who dare to pass opinion on a subject about which they know next to nothing, the worse offenders are the wannabe ‘experts’ who support these individuals, confirming rumours as if they were true, despite being as unqualified to do so as those who made the claims in the first place.
I get annoyed about the lies that some circles try to spread. I am not writing this to draw attention to myself, nor in an attempt to avoid problems for myself: I write because I’m fed up with the ‘kiddies’ who try to attract attention at the expense of the credibility of others.
Perhaps all this discussion has come to light due to the fact that the Simile virus is capable of infecting Linux, and this unsettles some members of the Linux-using community. Perhaps, instead of reacting moderately and with common sense, these people resort to fallacies and accusations, since ‘a Linux virus cannot exist!’, as some users of this magnific operating system affirm fanatically.
The fact that I managed to create a Linux virus in so little time (barely two weeks, including time spent learning about the system and its executable formats) indicates that all isn’t as wonderful as they claim – and denying the evidence doesn’t make the evidence disappear.
I hope my words are not lost in the wind and help to palliate that ‘culture of the rumour’ that too many people practise on the Internet.
Article Copyright 2002 Virus Bulletin Ltd (www.virusbtn.com). Permission is granted to Help Net Security to re-print the article.