Thursday, August 23, 2007

what is a script kiddie?

script kiddies were people whose ability to attack digital resources came entirely from the pre-made scripts they found and shared with each other...

they were considered one of the lowest forms of attacker (even amongst other attackers) due to the fact that they showed no real aptitude for anything except clicking, copying, and pasting... as such the term 'script kiddie' was universally considered an insult...

before scripting became widely adopted as a way to create malware this class of attacker would have been the type to hex edit (with difficulty, i'm sure) other people's viruses in order to change text strings inside and pretend like they'd made something new or later to use virus creation kits to pretend basically the same thing...

scripting made editing existing malware easy because the malware didn't need to be compiled/assembled into hard to read machine code in order to run; it remained in source code form and could be opened and modified using nothing more than notepad... some of the more creative script kiddies could even cobble together something sort of new by cut-n-pasting parts of other malware scripts together... if any were to rise rise above this stage they might be recognized as being more than just a script kiddie, but most were too clueless to realize that they were regarded derisively even by their would-be peers...

back to index

4 comments:

Unknown said...

I loosely define script kiddies as those people who can use certain scripts to do things, but have no clue about why they work or how they work underneath it all. Script kiddies use automation to compensate for any real knowledge. Granted, we don't all need to know how to write scanners, for instance, but if you use nmap, you should know the mechanics on why it works like it does...

kurt wismer said...

wait, what?!

that sounds almost like you use the term script kiddie to refer to good guys as well as bad...

while i have no illusions about av terminology bleeding into the mainstream i never expected to see the term script kiddie used by good guys to insult other good guys... that ranks right up there with the use of the term '(l)user' (well, ok, maybe not quite that bad but still)...

Unknown said...

Hehe, yes, it can be appied there, and perhaps my connotation of script kiddie is not as harsh as yours, so it might not be quite as much of an insult. Script kiddies, to me, have potential to learn. They just have taken the easy way thus far, and some of us have done script kiddie things...but eventually we do learn the why and how to stand on our own.

Yeah, I think I just use the term less insultingly. :)

kurt wismer said...

well, under normal circumstances i might make the argument that technical jargon does not evolve the same way that conversational language does - but to say that there's anything technical about script kiddies just seems wrong...