|
CompuServe Magazine's Virus History Timeline '88
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
The following text is copyright © 1987-1990 CompuServe Magazine
and may not be reproduced without the express written permission of CompuServe.
CompuServe Magazine's Virus History Timeline
CompuServe Magazine is published monthly by the CompuServe Information
Service, the world's largest on-line information service with over 600,000
subscribers worldwide.
If you would like to become a CompuServe subscriber, call
1-800-848-8199 to receive a copy of the CompuServe Information Service
membership kit.
- 1988 -
COMPUTER VIRUS THREATENS HEBREW UNIVERSITY'S EXTENSIVE SYSTEM
(Jan. 8)
In Jerusalem, Hebrew University computer specialists are fighting a deadline
to conquer a digital "virus" that threatens to wipe out the university's system
on the first Friday the 13th of the year. That would be May 13.
Associated Press writer Dan Izenberg says the experts are working on a
two-step "immune" and "unvirus" program that could knock down the vandalized
area of the system.
"Viruses" are the latest in computer vandalism, carrying trojan horses and
logic bombs to a new level, because the destructiveness is passed from one
infected system to another. Izenberg quotes senior university programmer Yisrael
Radai as saying that other institutions and individual computers in Israel
already have been contaminated.
"In fact," writes the wire service, "anyone using a contaminated computer disk
in an IBM or IBM-compatible computer was a potential victim."
Radai says the virus was devised and introduced several months ago by "an
evidently mentally ill person who wanted to wield power over others and didn't
care how he did it."
AP describes the situation this way:
"The saboteur inserted the virus into the computer's memory and the computer
then infected all disk files exposed to it. Those disk files then contaminated
healthy computers and disks in an electronic version of a contagious cold."
Apparently, the intruder wanted to wipe out the files by Friday, May 13, ?????+??haW:??????impatie because
he then had his virus order contaminated
programs to slow down on Fridays and on the 13th day of each month.
Radai thinks that was the culprit's first mistake, because it allowed
researchers to notice the pattern and set about finding the reason why.
"Another clue," says AP, "was derived from a flaw in the virus itself. Instead
of infecting each program or data file once, the m!l`gnant orders copied
themselves over and over, consuming increasing amounts of memory space. Last
week, experts found the virus and developed an antidote to diagnose and treat
it."
Of viruses in general, computer expert Shai Bushinsky told AP, "It might do to
computers what AIDS has done to sex. The current free flow of information will
stop. Everyone will be very careful who they come into contact with and with
whom they share their information."
--Charles Bowen
TAMPA COMPUTERISTS FIGHT VIRUS
(Jan. 10)
Tampa, Fla., computerists say they are fighting a digital "virus" that sounds
as if it may be th}??ame`?????????????r????????????
????????????J??R????ale[?H�
??reported earlier, Hebrew University computer specialists are contending
with a virus program that threatens to wipe out the university's system on the
first Friday the 13th of the year -- May 13. The Jerusalem team is working on a
two-step "immune" and "unvirus" program that could knock down the vandalized
area of the system.
Meanwhile, members of the Tampa Amiga User's Group now tell United Press
International that they, too, are fighting a computer virus, and UPI quotes one
expert as saying a version of that vandalizing program also is designed to begin
destroying files on May 13.
Computer viruses are self-propagating programs that spread from one machine to
another and from one disk to another, a sort of new generation of more
destructive trojan horses and logic bombs.
"It kinda creeps up on you," president Jeff White of the Amiga group told the
wire service, adding that the group's membership was infiltrated by the program.
UPI reports, "Experts don't yet know what, if any, damage the virus can cause
to the disks or programs. Similar problems have erased programs and information.
... White said the program spread itself to more than 20 of his floppy disks
before he discovered it. But by then, the program had spread to the disks of
many of the club's members via its regular disk-of-the-month distribution."
White said he doesn't know how the bug got to Tampa, but suspects it came from
West Germany on a disk from an overseas user group.
"White said the program works invisibly," says UPI. "When the computer is
turned on, the program stores itself in the machine's main memory and then
begins spreading copies of itself to new disks used in the machine."
He added that the Tampa club members now use a "virus-checker" program to test
disks to prevent another infection.
--Charles Bowen
VIRUS PROGRAMS COULD HAVE USEFUL APPLICATIONS, SAYS COLUMNIST
(Jan. 11)
Despite all the recent negative publicity about computer "viruses" --
self-propagating programs that spread from one machine to another in way that
has been called the computer version of AIDS -- a California computer columnist
says there could be a positive result.
Writing in The San Francisco Examiner, John Markoff observes, "In the future,
distributed computing systems harnessed by software programs that break tasks
into smaller parts and then run portions simultaneously on multiple machines
will be commonplace. In the mid-1970s computer researchers John Shoch and Jon
Hupp at Xerox's Palo Alto Research Center wrote experimental virus programs
designed to harness many computers together to work on a single task."
Markoff points out that some of the programs in that work functioned as "'town
criers' carrying messages through the Xerox networks; others were diagnostic
programs that continuously monitored the health of the computers in the
networks."
Also the researchers called one of their programs a "vampire worm" because it
hid in the network and came out only at night to take advantage of free
computers. In the morning, it disappeared again, freeing the machines for human
users.
For now, nonetheless, most viruses -- particularly in the personal computing
world -- are viewed as destructive higher forms of trojan horses and logic
bombs.
Markoff traces the first virus to the military ARPAnet in 1970. On that
system, which links the university, military and corporate computers, someone
let loose a program called "creeper."
Notes the paper, "It crawled through the network, springing up on computer
terminals with the message, 'I'm the creeper, catch me if you can!' In response,
another programmer wrote a second virus, called 'reaper' which also jumped
through the network detecting and 'killing' creepers."
Markoff also pointed out that Bell Labs scientist Ken Thompson, winner of the
prestigious Turing Award, recently discussed how he created a virus in the lab
to imbed in AT&T's Unix operating system, which he and colleague Dennis Ritchie
designed.
In a paper, Thompson noted how he had embedded a hidden "trapdoor" in the Unix
log-on module each time it created a new version of the operating system. The
trapdoor altered the log-on mechanism so that Unix would recognize a password
??own only to Thompson.
Thompson and Ritchie say the Unix virus never escaped Bell Labs.
--Charles Bowen
SUBSCRIBER, SYSOP BLOCK POSSIBLE "VIRUS" IN APPLE HYPERCARD FORUM
(Feb. 8)
Quick reactions by a subscriber and a veteran forum administrator have blocked
a possible computer "virus" program that was uploaded over the weekend to
CompuServe's new Hypercard Forum.
The suspicious entry was an Apple Hypercard "stack" file called "NEWAPP.STK,"
which was uploaded Friday to the forum's Data Library 9, "HyperMagazines." It
was online for about 24 hours before it was caught.
Subscriber Glenn McPherson was the first to blow the whistle. Saturday night
McPherson posted a message saying that when he ran the application, the file
altered his Macintosh's systems file. "I don't know why it did this," he wrote,
"but no stack should touch my system file."
Neil Shapiro, chief forum administrator of the Micronetworked Apple Users
Group (MAUG), quickly investigated and removed the suspicious file.
In a bulletin to the membership, Shapiro warned those who already had
downloaded NEWAPP.STK that the stack would alter the system files with unknown
results. He also warned against using system files from any disk that was run
while the NEWAPP.STK's modified system was in effect.
Said Shapiro, "If you run NEWAPP.STK, it will modify the system on the disk it
is on so that the system's INITs contain an INIT labeled 'DR.' Then, if you use
another system with the DR-infected system as your boot system, the new system
will also contain the self-propagating 'DR' INIT Resource. While it is possible
to, apparently, 'cut' this resource from infected systems with the Resource
Editor, the only sure course of action is to trash any system file that has come
in contact with this stack."
It was not immediately known if the system alternations were deliberately or
accidentally programmed into NEWAPP.STK. Shapiro notes the file's uploader has
been locked off the entire system and that "he will be contacted by CompuServe
and/or myself."
Computer "viruses" -- self- propagating programs that infect system files and
then spread to other disks -- have been in the news for the past six months. To-
date, most of their targets have been regional computer users groups, private
and semi-public networks and stand-along bulletin board systems. This apparently
is the first report of a virus-like program on a national consumer information
service.
Shapiro says in his bulletin that in eight years of the various Apple forums'
operation, this is the only such occurrence.
"While I, of course, cannot say it will be the last, I still have just as much
confidence as always in the fact that 99.99999999% of the Mac community are
quite trustworthy and that there is no real need to fear downloads," he wrote.
Shapiro also urged his membership, "If you have not used (NEWAPP.STK) yet, do
not! If you have uploaded it to other BBS or network systems, please immediately
advise the sysops there of the problem. If you have placed it on a club disk,
please be certain to remove it from that disk before distribution and -- if it
has been run from the 'Master' disk already -- don't just remove it, but trash
the system."
Subscriber McPherson indicates the suspect file already has spread to other
systems. His forum note says he found the same stack program also in a software
library on the General Electric's GEnie network.
--Charles Bowen
DOD TRIES TO PROTECT ITS COMPUTERS FROM ELECTRONIC VIRU
(Feb. 9)
Just as a medical virus can spread rapidly, so does the deadly computer virus
seem to be making the rounds.
In an effort to inoculate itself against an outbreak, the Department of
Defense has taken steps to prevent the electronic sabotage from affecting its
computers, reports Government Computer News.
The computer viruses are self- propagating programs that are designed to
spread automatically from one computer to another and from one disk to another,
totally disrupting normal operations.
As reported in Online Today, such viruses have already struck computer systems
at Hebrew University in Jerusalem and IBM Corp.'s regional offices in Tampa,
Fla.
"It can spread through computer networks in the same way it spreads through
computers," said DOD spokeswoman Sherry Hanson. "The major problem areas are
denial of service and compromising data integrity." In addition to basic
security measures, computer scientists at the National Security Agency are
installing programming tools and hardware devices to prevent the infiltration of
virus programs. Hanson told GCN that DOD is also using specialized ROM devices
and intrusion detectors. The virus only comprises a few lines of programming
code and is easy to develop with few traces.
After IBM was infiltrated last December with an innocent- looking Christmas
message that kept duplicating itself many times over and substantially slowed
the company's massive message system, specialists installed a filter program to
monitor the system and protect against further intrusion.
According to GCN, executable programs can't be traj3?erred from one computer
to another within IBM's networi
??Y???????????????????????
???????????????????????????????????B??????J??
5Rcom?ute??.j??u?memory. For instance, almost the entire membership of a Florida
Commodore Amiga users group was infected by a virus before it was discovered.
The president of the group said he believed the virus originated in Europe on
a disk of programs the group received from an overseas source. The club now has
a checker program to check disks for viruses before they are used.
Al Gengler, a member of the Amiga group, compared the virus to AIDS. "You've
got to watch who you compute with now," he said.
--Cathryn Conroy
EXPERTS SEES TWO SCENARIOS FOR THE COMPUTER "VIRUS" PROBLEM
(Feb. 9)
Don Parker, who heads the information security program for the Menlo Park,
Calif., SRI International, has been studying the problem of computer "viruses"
and now says he see two possible directions in the future.
Speaking with Pamela Nakaso of the Reuter Financial News Service, Parker said
his scenarios are:
-:- One, that viruses will be too difficult to design and use for
infiltration, and that interest in using them as "weapons" will die away.
-:- Or, two, viruses will increase in destructiveness as more sophisticated
saboteurs use them to destroy the public domain software resources available.
Nakaso also quotes editor Harold Highland of the magazine Computers and
Security as saying that "hysteria" over the few documented incidents may fuel
even more viruses, which are defined as self-propagating files that usually
damage a computer's systems files and then spread to other disks.
Highland pointed out that in a recent Australian virus case among Amiga
computers, one tabloid newspaper reported the incident with a headline that
sp`?ned the entire cover, reading, "Terror Strikes in the DP Industry."
Parker told Reuter, "The vulner`?ility is growing at the same rate as the
number of computers and number of communications with computers."
Nakaso writes, "Parker estimates that of the 2,000 cases of documented
computer crime he has compiled at SRI, about 20 to 30 have been virus attacks.
There is no question, however, the reported incidents are rising, and they are
expanding beyond personal computers to mainframes and other networks."
--Charles Bowen
COMPUTER VIRUS CALLED FRAUD
(Feb. 10)
Comp}?dr viruses may be frauds. Although lots of people are talking about
computerdoms latest illicit fad, to date, no one has produced a copy of a living
breathing virus. Now, a University of Utah expert on urban legends thinks that
the dreaded virus may be have become the high tech version of the bogey man.
Professor Jan Harold Brunvand has written three books about urban legends and
he seems to think that the virus is just the latest incarnation in a long line
of legends. Brunvand, and others, have pointed out that there are striking
similar???V
???=?r??K???of the virus and legends such as the cat in the
microwave oven. For one thing, there are lots of reported sightings but no
concrete evidence. And urban legends always seem to appear and affect those
things about which urban dwellers are just coming to terms with: shopping malls
and microwave ovens in the 70's, computers in the 80's.
In do?ayg?????????
?????????????????????"????????J???z???????"???5Rc?rtai?ly qualifies as the stuff about which legendse made.
Even the way in
which the deed is accompli.HY6????mystical qualities: a computer wizard works
strange magic with the secret programming codes of a computer operating system.
Brunvand, a computer owner himself, says that although viruses could be
created, he has found absolutely no evidence to support claims about their
existence.
--James Moran
HYPERCARD VIRUS JUDGED "HARMLESS"
(Feb. 12)
Administrators of a CompuServe forum supporting the Apple Hypercard technology
have confirmed that a file uploaded to their data libraries last weekend did
indeed contain a so-called computer "virus."
However, they also have determined the program apparently was harmless, meant
only to display a surprise message from a Canadian computer magazine called
MacMag.
As reported earlier this week, forum administrator Neil Shapiro of the
Micronetworked Apple Users Groups (MAUG) removed the suspicious entry, a
Hypercard "stack" file called "NEWAPP.STK," after a forum member reported that
the file apparently altered his Macintosh's system files.
Computer "viruses," a hot topic in the general press these days, have been
defined as self-propagating programs that alter system files and then spread
themselves to other disks.
Since removing the file last weekend, the Apple administrators have been
examining the file and now Shapiro says it apparently was designed merely to
display a message from MacMag on March 2.
On the HyperForum message board ?G2APPHYPER), Shapiro reports, "Billy
Steinberg was able to reverse engineer (disassemble) the INIT that the virus
places into system files. The good news is that the virus is harmless. But it
*is* a computer virus."
Shapiro says that if the downloaded file remained in the user's system, then
on March 2, the screen would display:
"Richard Brandnow, publisher of MacMag, and its entire staff would like to
take this opportunity to convey their universal message of peace to all
Macintosh users around the world."
Apparently the file is so designed that after March 2 it removes itself from
the ?????.????em\
Shapiro notes that, while this file apparently is harmless, it still raises
the question of the propriety of database entries that quietly alter a user's
system files.
Shapiro said he has spoken to publisher Brandnow. "It was not his intention to
place it in a HyperCard stack nor to have it on (CompuServe)," Shapiro writes.
"What he did do was to develop the INIT in December and 'left' it on their
(MacMag's) own machines with the hope that 'it would spread.'"
Subsequently, someone else apparently captured the file, added it to his
"stack" and uploaded to the CompuServe forum and other information services.
While Brandnow maintains the system-altering INIT file was harmless, Shapiro
says he's concerned about what the NEWAPP.STK incident could represent.
"While the INIT itself is non-destructive," Shapiro wrote, "I believe it was
at least irresponsible for MacMag to have perpetrated this type of problem and
to have caused the confusion that they did. I also fear that this could give
other people ideas on less peaceful uses of such a virus.
"I bel?ede that MacMag has opened here a Pandora's Box of problems which will
haunt our community for years. I hope I am wrong."
--Charles Bowen
PUBLISHER DEFENDS HIS "VIRUS" PROGRAM AS "GOOD FOR COMMUNITY"
(Feb. 13)
The publisher of Canadian computer magazine MacMag contends the computer
"virus" program his staff initiated recently was not only harmless but was "good
for the Macintosh community."
Says 24-year-old Richard Brandow, "If other people do nasty things (with virus
programs), it is their responsibility. You can't blame Einstein for Hiroshima."
Speaking by phone with reporter Don Clark of The San Francisco Chronicle,
Brandow maintained his magazine's virus program, which spread through the Apple
Macintosh community this week on this continent and apparently reached Europe,
was intended to do nothing more than display a "peaceful" message on Mac screens
on March 2, the first anniversary of the introduction of the Apple Mac II.
Of the so-called "virus" technology, Brandow said, "This message is very good
for the Macintosh community."
The controversy centered around an Apple Hypercard "stack" file called
"NEWAPP.STK" that was uploaded to various public domain databases around the
country, including the data library of CompuServe's HyperForum (G APPHYPER).
When subscribers discovered that the file quietly altered their Mac's system
files when it was executed, a warning was posted and forum administrator Neil
Shapiro immediately removed the data library entry. Only after the forum's
sysops had disassembled the suspect file could it be determined that
NEWAPP.STK's only apparent function was to display a March 2 greeting from
Brandow and the MacMag staff.
HyperForum members now have been informed that the file, while indeed a
"virus," apparently is harmless. However, Shapiro contends MacMag staffers were
"at least irresponsible ... to have perpetrated this type of problem and to have
caused the confusion that they did."
Shapiro is quoted in The Chronicle as adding, "This is very similar to someone
breaking into your home and writing a message of good will in red lipstick on
your wall. It is a violation of the right of private property... Our computers
are machines that belong to us and other people should remain out of them."
On the other side of the argument, Brandow told the paper, "The idea behind
all this is to promote peaceful methods of communication between individuals
using harmless ways."
Montreal-based MacMag, with a circulation of 40,000, is Canada's only
Macintosh magazine. Brandow also heads a 1,250-member Mac user group, which he
says is Canada's largest.
Brandow told Clark that programmers worked more than a year on the virus,
adding that it was inspired by two groups, known as "The Neoists" and "The
Church of!?he SubGenius." (He said the latter was formed in Texas as a satire on
fundamentalist religion and inspired a 1983 book.)
As noted here earlier, the MacMag virus also reached beyond CompuServe to
other information services and private bulletin board systems. For instance, The
Chronicle quotes General Manager Bill Louden of General Electric's GEnie as
saying that about 200 users downloaded the file from that information service
before it was discovered and removed early Monday. Meanwhile, Shapiro told Clark
that only about 40 of CompuServe's subscribers retrieved the file before it was
removed early Sunday.
The Chronicle says that Mac devotees in the Bay Area were "stunned" by news of
the virus, but not all were upset. For example, Apple wizard Andy Hertzfeld, a
co-designer of the original Mac, told the paper, "As far as I'm concerned, it
doesn't have any malicious intent and is just some people having fun. I don't
see why people are so uptight."
Meanwhile, a spokeswoman for Apple at company headquarters in Cupertino,
Calif., said the company is searching for details of the virus and could not
comment on it at present.
--Charles Bowen
TWO FIRMS OFFER TO "INOCULATE" US AGAINST THE COMPUTER "VIRUSES"
(March 4)
The debate continues over whether computer "viruses" are real or just the
latest urban legend, but at least two companies are hoping that we don't want to
take any changes.
Independent of each other, the firms this week both claimed to have the first
commercial software to "inoculate" systems against those reported rogue programs
that damage data and systems files.
One of the companies, Lasertrieve Inc. of Metuchen, N.J., introduced its
VirALARM product during Microsoft Corp.'s CD-ROM conference in Seattle.
In addition, in Stockholm, a Swedish company called Secure Transmission AB
(Sectra) today announced a similar anti-virus program called TCELL, after a
counterpart in human biology.
A Lasertrieve statement contends that previous anti-viral software utilities
-- mostly offered in the public domain -- work by drawing attention to the
virus's attempted alterations of system files, noting a change of file size, or
monitoring the dates of program changes. However, the New Jersey firm contends,
this approach makes such programs "easily fooled by sophisticated viruses."
Lasertrieve says its VirALARM contains a program designed to protect another
program, creating a software "barrier." According to the statement, before
anyone can use the protected program, VirALARM checks to determine whether the
program has been altered since it was inoculated. If there has been any change,
the software then blocks use of the altered program, notifies the user and
suggests a backup copy of the program be substituted.
Meanwhile, Bo-Goran Arfwidsson, marketing director of the Swedish company,
told Bengt Ljung of United Press International that its TCELL "vaccine" gives a
database a partial outside protection, sounds an alarm if a computer virus
appears inside a database and identifies the infected file so it can be
isolated. The contaminated part then can be replaced with a backup file.
Sectra spokesman Torben Kronander said that TCELL has been "tested for a year
now and ther% `s no question that it works," adding that since early 1987 the
software has functioned on computers of major Swedish manufacturing companies.
Arfwidsson declined to name those companies for security purposes.
Kronander said TCELL simply made the task of creating a virus so complicated
that only vast computer systems would be able to carry it out. "We've
effectively removed the hacker type of attack, and these have been the problem.
It will take the resources of a major software producer or a country to produce
a virus in the future."
UPI says Sectra is a 10-year-old research company with 19 employees in
Linkoping in central Sweden, closely tied to the city's Institute of Technology.
--Charles Bowen
"VIRUS" SPREADS TO COMMERCIAL PROGRAM; LEGAL ACTION CONSIDERED
(March 16)
That so-called "benign virus" that stirred the Apple Macintosh community
earlier this year when it cropped up in a public domain file in forums on
CompuServe and other information services now apparently has invaded a
commercial program called FreeHand.
The publisher, Seattle's Aldus Corp., says it had to recall or rework some
5,000 FreeHand packages once the virus was discovered and now is considering
legal action against those who admitted writing the self- propagating program.
Meanwhile, other major software companies reportedly are worried that the
virus may have affected some of their products as well.
At the heart of the controversy is a "peace message" that Canadian Richard
Brandow, publisher of Montreal's MacMag magazine, acknowledged writing. As
reported here earlier, that file was designed to simply pop up on Mac screens7??round the world on Mh 2 to
celebrate the first anniversary of the release of
the Macintosh II. However, many Mac users reacted angrily when they learned that
the file quietly had altered their systems files in order to make the surprise
message possible.
Now the virus has re-emerged, this time in FreeHand, a new Mac program Aldus
developed. Aldus spokeswoman Laury Bryant told Associated Press writer George
Tibbits that Brandow's message flashed when the program was loaded in the
computer.
Bryant added that, while it "was a very benign incident," Aldus officials are
angry and "are talking with our attorneys to understand what our legal rights
are in this instance.... We feel that Richard Brandow's actions deserve to be
condemned by every member of the Macintosh community."
This may be the first instance of a so-called "virus" infecting commercial
software.
Tibbits says the Brandow virus apparently inadvertently spread to the Aldus
program through a Chicago subcontractor called MacroMind Inc.
MacroMind President Marc Canter told AP that the virus appears to have been in
software he obtained from Brandow which included a game program called "Mr.
Potato Head," a version of the popular toy.
Canter said that, unaware of the digital infection, he ran the game program
once, then later used the same computer to work on a disk to teach Mac owners
how to use FreeHand. That disk, eventually sent to Aldus, became infected. Then
it inadvertently was copied onto disks sold to customers and infected their
computers, Canter said.
Upset with Brandow, Canter says he also is considering legal action. For his
part, Brandow says he met Canter, but denied giving him the software.
The whole incident apparently has some at other companies worried because they
also use Canter's services. Tibbits says that among MacroMind's clients are
Microsoft, Ashton-Tate, Lotus Development Corp. and Apple Computers. A-T has not
commented, but officials at Microsoft, Apple and Lotus all told AP that none of
their software was infected.
Ma!?while, Brandow told Tibbits that, besides calling for world peace, the
virus message was meant to discourage software piracy and to encourage computer
users to buy original copies.
The full message read: "Richard Brandow, the publisher of MacMag, and its
entire staff would like to take tZl.H??tuni?y ?o convey their universal
message of peace to all Macintosh users around the world." Beneath that was a
picture of a globe.
Bran?Kw`?XZ?????z??????????B??*???????????????j?????????????????????????z?5R????????z??????j?????????????
??????????????J??????j??????e?area and possibly
a few other areas of Canada and the United States. However, he said he was
shocked later to find that, after the virus program began to appear in the
databases of online information services, an estimated 350,000 people in North
America and Europe saw the message pop up on their computers on March 2.
--Charles Bowen
THREAT OF "VIRUS" BLOWN OUT OF PROPORTION, NORTON AND SYSOPS SAY
(April 10)
The threat of so-called computer "viruses" has been vastly overrated,
according to software guru Pet?r2Norton and two CompuServe forum administrators.
"We're dealing with an urban myth," Norton told Insight magazine. "It's like
the story of alligators in the sewers of New York. Everyone knows about them,
but no one's ever seen them. Typically, these stories come up(?wery three to
five years."
Don Watkins, administrator of CompuServe's IBM Users Network forums (GO
IBMNET) also told the general interest magazine that he's more concerned about
being hit by a meteor than a computer virus.
"In five years," Watson said, "I've seen only one program that was designed to
do intentional damage. That was about three yea?W`???
???J?????????????5R????????????j
@""I@have never spoken to anyone who personally, firsthand, has ever seen or
experienced a program like this," Watson added, "and my job keeps me i?touchM
?Z?????z????????????z?????????j$ Com?uS??W2?????administrators check each piece of user-contributed tware
before posting it in data libraries for general distribution.
The alleged virus problem received widespread attention in early March when an
unauthorized message was placed onto Freehand, a commercial software product for
the Apple Macintosh published by Aldus Corp. Earlier, the same message
circulated in several information services and was uploaded to CompuServe's
Hyper Forum, a forum devoted to the Hypertext technology that is part of the
Micronetworked Apple Users Groups (GO MAUG).
The message read "Richard Brandow, publisher of MacMag, would like to take
this opportunity to convey a universal message of peace to all Macintosh users."
It then erased itself without doing any harm.
Of the situation, Neil Shapiro, MAUG's chief sysop, said, "The whole problem
has been completely hyped out of proportion."
--Daniel Janal
COMPUTER VIRUS NEWSLETTER DEBUTS
(April 13)
If you want to follow all the latest news on insipid computer viruses, you
might be interested in the debut of "Computer Virology," a newsletter devoted to
identifying and analyzing those annoying computer diseases.
Produced by Director Technologies Inc., the developers of Disk Defender, a
hardware device that write protects PC hard disks, the newsletter will be
published monthly. Topics will include developments for protection against the
viruses, precautions and procedures to follow to insure that terrorists not let
loose this rampant epidemic.
"The latest strain of computer viruses presently causing serious damage at
university labs, scientific research facilities, hospitals and business
organizations worldwide, has created a very real concern for the future of
having free access to the tremendous amounts of information that are now readily
available for unlimited use," said Dennis Director, president of Director
Technologies.
"The potential dangers of such viruses is that they can be used not only as a
means to facilitate malicious pranks in the home computer area, but also pose a
real `terrorist' threat to academic computing labs, scientific research projects
and business. Data loss can cost hundreds of thousands of dollars in real money,
as well as in wasted man-hours."
The newsletter is distributed free of charge. For information or to subscribe,
contact Director Technologies Inc., 906 University Pl., Evanston, IL 60201.
312/491-2334.
SIR-TECH UNVEILS ANTI-VIRUS
(April 14)
Sir-tech Software Inc., the Ogdensburg, N.Y., firm best known for its
recreational programs such as the acclaimed "Wizardry" series of adventure
games, now has released a free program called "Interferon, the Magic Bullet"
that it says is meant to "halt the devastation of computer virus."
A company statement reports that Robert Woodhead, 29-year-old director of
Sir-tech's Ithaca, N.Y., development center, designed the Apple Macintosh
program to "detect and destroy the highly-publicized computer virus which
threatens the integrity of the world's computer systems."
Sir-tech says the program will be offered free for downloading from related
services o? QompuServe and GEnie. In addition, it is available by mailing a
diskette with a self-addressed, stamped envelope to Sir-tech, 10 Spruce Lane,
Ithaca, N.Y. 14850.
While the program itself is free, Woodhead asks for donations to a fund
established to buy computer equipment for visually impaired users. A notice in
the software gives details on the fund.
Woodhead said he has worked since early this year to come up with Interferon,
named for the antiviral treatment for cancer. "Just as a virus leaves clues in a
human body, the computer virus is detectable if users know what to look for,"
Woodhead said.
The Inter~??on`??????????????????????????????????????????????j????
??????5R????????????J?????????
????????J???????????????????J????????????
????????5Rstatement`?XZ???????V??????can be cured by deleting the diseased files," it
added. "As new viruses are discovered, Interferon will be updated for instant
detection."
--Charles Bowen
NEW VIRUS PLAGUES MACINTOSHES AT NASA AND APPLE
(April 18)
Apple Macintosh computers at the National Aeronautics and Space Administration
and at Apple Computer as well as other business offices around the country have
caught a new computer virus, reports0N?wsdayn
@"Theb??????high-tech plague is under investigation by Apple and federal
aut?G?ities.
During the past three weeks, Apple has been receiving reports of a virus
called Scores. Although it has not been known to erase any data, it can cause
malfunctions in printing and accessing files and can cause system crashes,
Cynthia Macon of Apple Computer told Newsday.
Two hundred of the 400 Macintosh computers at the Washington, D.C. offices of
NASA have been infected. Many of them are connected to local area networks and
are spreading the virus. "This particular virus does not attack data. We have
no record indicating anyone lost anything important," said Charles Redmond, a
NASA spokesman.
Newsday notes that the Scores virus can be detected by the altered symbols
that appear in Scrapbook and Note Pad, two Macintosh files. Instead of the Mac
logo, users see a symbol that looks like a dog-eared piece of paper. Two days
after the virus is transmitted, it is activated and begins to randomly infect
applications, such as word processing and spreadsheet programs.
EDS Corp. of Dallas, Texas was also infected with the Scores virus, but
managed to stop its spread.
-- Cathryn Conroy
FRIDAY THE 13TH "VIRUS" FIZZLES
(May 14)
Good morning, computerdom! It's Saturday the 14th and we're all still here. At
least, we all SEEM to still be here, though some are saying it's too early to
tell for sure.
Yesterday, the first Friday the 13th of the year, was widely reported to be
the target date for the denotation of a computer virus called "Black Friday"
which was first discovered in the computers of the Hebrew University in
Jerusalem late last year. The virus, which was reported to have spread from
Jerusalem to computers around the world, was said to be designed to destroy
computer files on May 13.
However, no early reports of damage have surfaced. Computer experts in
Jerusalem told Associated Press writer Karin Laub that the so-called virus was
undone because most computer users were alerted in time. Hebrew University
researchers detected the virus on Dec. 24 because of a flaw in its design,
according to senior programmer Yisrael Radai.
Nonetheless, a few experts are saying that we aren't out of the woods yet.
For instance, Donn Parker of the SRI International research firm in Menlo
Park, Calif., told The Washington Post this morning that he hadn't heard of any
virus-related damage, "but we have been holding our breath. I think it will be a
dud, but we won't know until next week, and only then if people whose computers
go down talk about it."
Some software companies tackled the virus scare. AP reports that the Iris
software publisher of Tel Aviv developed an anti-virus program for the Israeli
computing community and sold 4,000 copies before yesterday. President Ofer
Ahituv estimated that 30 percent of his 6,000 customers, most of them
businesses, had been infected by the Black Friday virus.
Meanwhile, some are saying the apparent fizzle of the virus is what they
expected all along.
"Viruses are like the bogyman," said Byron C. Howes, a computer systems
manager at the University of North Carolina at Chapel Hill. Speaking with AP, he
compared programmers who believe in viruses to "people who set little bowls of
milk outside our doors to feed the dwarfs."
Barry B. Cooper, owner of Commercial Software in Raleigh, N.C., agreed. "I
just think that the whole thing is a joke," like the prediction by medieval seer
Nostradamus of a major earthquake on May 8, 1988. "That didn't come true, and
this won't come true."
--Charles Bowen
R.I. NEWSPAPER DISLODGES VIRUS
(May 16)
The Providence, R.I., Journal-Bulletin says it worked for the past week and a
half to stamp out a "virus" that infected an in-house personal computer network
used by reporters and editors, but not before the virus destroyed one reporter's
data and infected scores of floppy disks.
Writing in The Journal, Jeffrey L. Hiday said the virus was "a well-known,
highly sophisticated variation called the 'brain' virus, which was created by
two brothers who run a computer store in Lahore, Pakistan."
Variations of the virus, he noted, have been discovered at companies and
colleges across the country, including, last week, Bowie State College in
Maryland, where it destroyed five students' disks. Online Today reported on
April 23 that a similar Pakistan-based virus infected a student system used at
Miami University in Ohio, threatening to wipe out term papers stored there.
Apparently this is the first time a virus has invaded a US newspaper's system.
Hiday said The Journal contacted one of the Pakistan brothers by phone, who
said he created this particular virus merely to keep track of software he wrote
and sold, adding that he did not know how it got to the United States.
However, Hiday added, "US computer programming experts ... believe the
Pakistanis developed the virus with malicious intent. The original version may
be relatively harmless, they point out, but its elegance lends itself to
alterations by other programmers that would make it more destructive."
The newspaper says it discovered the virus on May 6 when a message popped up
on computer screens reading, "Welcome to the Dungeon. ... Beware of this VIRUS.
Contact us for vaccination." The message included a 1986 copyright date, two
names (Basit and Amjad), a company (Brain Computer Services), an address (730
Nizam Block Allama Iqbal in Lahore, Pakistan) and three phone numbers.
Journal-Bulletin systems engineer Peter Scheidler told Hiday, "I was sort of
shocked. I never thought I'd see a virus. That's something you read about."
The virus infected only the PC network; neither the paper's Atex news-editing
system nor its IBM mainframe that supports other departments were affected.
Hiday says the newspaper now is taking steps to protect itself against another
virus attacks. It has tightened dissemination of new software and discussed
installing "anti-virus" devices. In addition, computer users have been warned
not to use "foreign" software, and reporters have been instructed to turn their
computers off and then on again before inserting floppy disks.
--Charles Bowen
EPA MACINTOSHES RECOVER FROM VIRUS
(May 18)
Although Apple Macintosh computers at the Environmental Protection Agency were
recently plagued with a virus, all of them seem to be on the mend now.
According to Government Computer News, the computers were vaccinated with
Virus Rx, a free program issued by Apple Computer Inc. to help users determine
if their hard disks have been infected. Apple has begun an educational campaign
to promote "safe computing practices," Apple spokeswoman Cynthia Macon told GCN.
Virus Rx is available on CompuServe in the Apple Developers Forum (GO APPDEV)
in Data Library 8 under the name VIRUS.SIT.
Macon said the best long-term response to viruses "is to make users aware of
steps they can take to protect themselves." These include backing up data files,
knowing the source of programs and write-protecting master disks. Other steps
include booting from a floppy disk and running all programs from floppies rather
than installing and running them from the hard disk.
EPA is having some trouble with reinfection. Since up to 20 people may use one
Macintosh, someone may unknowingly insert a virus-plagued disk into a clean
machine. "It's like mono. You just never get rid of it," said Leslie Blumenthal,
a Unisys Corp. contract employee at EPA.
FBI agents in Washington, D.C. and San Jose, Calif. are investigating the
spread of the Macintosh virus, notes GCN.
-- Cathryn Conroy
CONGRESS CONSIDERS VIRUS PROBLEMS
(May 19)
Computer viruses have come to the attention of Congress and legislators would
like to be assured that US defense computers are safe from the replicating
little bugs. Although defense systems can't be reached simply by telephoning
them, a virus could be contracted through an infected disk containing
non-essential information.
The Defense Authorization Bill for FY 1989 is likely to direct the Defense
Department (DoD) to report on its methods for handling potential viral
infections. Congress also wants to know what DoD has done about safeguarding
military computers. They'd like some assurance that the Defense Department also
has considered situations where a primary contractor's computer could be
infected and subsequently endanger DoD's own computers.
Anticipating future hearings, Congressional staffers are soliciting comments
from knowledgeable users as to what the report to Congress should cover.
Interested parties should forward their comments to Mr. Herb Lin, House Armed
Services Committee, 2120 Rayburn House Office Building, Washington DC 20515.
Further information is available by calling 202/225-7740. All comments will be
kept in confidence.
--James Moran
TEXAN STANDS TRIAL FOR ALLEGEDLY INFECTING SYSTEM WITH "VIRUS"
(May 24)
In Fort Worth, Texas, a 39-year-old programmer is to stand trial July 11 on
felony charges that he intentionally infected an ex-employer's system with a
computer "virus." If convicted, he faces up to 10 years in prison.
The man, Donald Gene Burleson, apparently will be the first person ever tried
under the state's tougher computer sabotage law, which took effect Sept. 1,
1985.
Dan Malone of the Dallas Morning News broke the story this morning, reporting
on indictments that accuse Burleson of executing programs "designed to interfere
with the normal use of the computer" and of acts "that resulted in records being
deleted" from the systems of USPA and IRA Co., a Fort Worth-based national
securities and brokerage.
The paper quoted police as saying the electronic interference was a "massive
deletion" of more than 168,000 records of sales commissions for employees of the
company, where Burleson once worked as a computer security officer.
Burleson currently is free on a $3,000 bonding pending the trial.
Davis McCown, chief of the Tarrant County district attorney's economic crimes
division, said of the alleged virus, "You can see it, but you can't see what it
does -- just like a human virus. It had the ability to multiply and move around
and was designed to change its name so it wouldn't be detected."
McCown also told Malone he wanted to make sure "that this type of criminal
understands that we have the ability to make these type of cases; that it's not
so sophisticated or complicated that it's above the law."
Company officials first noticed a problem on Sept. 21, 1985. Says the Dallas
newspaper, "Further investigation revealed that an intruder had entered the
building at night and used a 'back-door password' to gain access to the
computer. ... Once inside, the saboteur covered his tracks by erasing computer
logs that would have followed his activity, police said. With his access to the
computer complete, the intruder manually deleted the records."
Authorities say that only a few of the 200 workers in the USPA home office --
including Burleson -- had access and the knowledge needed to sabotage the
system.
Earlier USPA was awarded $12,000 by a jury in a civil lawsuit filed against
Burleson.
--Charles Bowen
FBI CALLED TO PROBE VIRUS CASE
(July 4)
The FBI has been called in by NASA officials to investigate an alleged
computer virus that has destroyed data on its personal computers and those of
several other government agencies.
The New York Times reported this morning that the rogue program -- apparently
the so- called "Scores" virus that surfaced last April -- was designed to
sabotage data at Dallas' Electronic Data Systems. The paper said the virus did
little damage to the Texas company but did wreak havoc on thousands of PCs
nationwide.
The Times quoted NASA officials as saying the FBI was called in because, even
though damage to government data was limited, files were destroyed, projects
delayed and hundreds of hours were spent tracking the culprit at various
government agencies, including NASA, the Environmental Protection Agency, the
National Oceanic and Atmospheric Administration and the US Sentencing
Commission.
NASA says it doesn't know how the program, which damaged files from January to
May, spread from the Texas EDS firm to PC networks nor whether the virus was
deliberately or accidentally introduced at government agencies.
Meanwhile, the Times quoted experts as saying that at least 40 so-called
"viruses" now have been identified in the United States, defining a virus as a
program that conceals its presence on a disk and replicates itself repeatedly
onto other disks and into the memory of computers.
As reported here in April, the Scores virus was blamed for infecting hundreds
of Apple Macintosh computers at NASA and other facilities in Washington,
Maryland and Florida.
The Times says the spread of the virus was exacerbated when private
contractors in Washington and North Carolina inadvertently sold dozens of
computers carrying the virus to government agencies. The virus spread for as
long as two months and infected networks of personal computers before it was
discovered.
--Charles Bowen
NEW MEXICO BBS SUES OVER VIRUS
(Aug. 17)
The operator of a New Mexico computer bulletin board system has filed what may
be the first federal suit against a person accused of uploading a computer
"virus."
William A. Christison, sysop of the Santa Fe Message BBS, alleges in his suit
that a man named Michael Dagg visited his board in the early hours of last May 4
and "knowingly and intentionally" uploaded a digitally-infected file called
"BBSMON.COM."
The suit says Christison "checked the program before releasing it to the
public and discovered that it was a 'Trojan Horse'; i.e., it appeared to be a
normal program but it contained hidden commands which caused the program to
vandalize Plaintiff's system, erasing the operating system and damaging the file
allocation tables, making the files and programs stored in the computer
unusable."
Christison says that the defendant re-visited the BBS nine times between May 5
and May 12, sometimes logging in under a pseudonym. "Several of these times,"
the suit says, "he sent in messages and on May 7, 1988, he knowingly and
intentionally sent in by modem a program of the same name, BBSMON.COM, as the
original 'Trojan Horse' computer program."
Through attorney Ann Yalman, Christison asks the court to grant $1,000 for
each Trojan Horse violation and to enjoin the defendant "from sending 'Trojan
Horses' or 'viruses' or other vandalizing programs to Plaintiff or anyone else."
A copy of the Santa Fe Message's suit has been uploaded to CompuServe's IBM
Communications Forum. To see it, visit the forum by entering GO IBMCOM at any
prompt. The ASCII file is VIRUS.CHG in forum library 0.
Also, you can reach Christison BBS directly with a modem call to 505/988-5867.
--Charles Bowen
VIRUS FIGHTERS FIGHT EACH OTHER
(Aug. 31)
Two groups that mean to protect us in the fight against so-called computer
"viruses" seem to be spending rather a lot of their energies fighting each
other.
"I personally know most of the people in this industry and I have never seen
this kind of animosity," Brian Camenker of the Boston Computer Society tells
business writer Peter Coy.
The bickering grew louder on Monday in page-one article in MIS Week trade
newspaper in which each side accused the other of using sloppy techniques and
manipulating the testing process for its own purposes.
Says Coy, "The intensity of the debate has left some software developers
disgusted with the whole business."
The argument, which centers around fair evaluation anti-virus "vaccine"
software, pits the 2- month-old Computer Virus Industry Association led by John
McAfee, president of InterPath Corp. of Santa Clara, Calif., against what Coy
terms "a loose collection of other computer experts" led by consultant Jon R.
David of Tappan and editor Harold Highland of Computers & Security magazine.
"Customers and producers agree on the need for an independent panel of experts
to review the (vaccine) software," Coy comments. "The question splitting the
industry is who should be in charge."
CVIA is pulling together an independent university testing panel made up of
representatives of Pace University, Adelphi University and Sarah Lawrence
College and headed by John Cordani, who teaches computer science at Adelphi and
Pace. However, David and Highland say these people don't have the necessary
credentials and that McAfee's InterPath products will have an advantage in the
testing because McAfee invented a virus simulator that will be used as a testing
mechanism.
Meanwhile, Highland says he's getting funding from his publisher, Elsevier
Advanced Technology Publications, for his own review of anti-viral software, but
adds he isn't interested in operating an ongoing review board.
--Charles Bowen
VIRUS TRIAL BEGINS IN FORT WORTH
(Sept. 7)
A 40-year-old Texas programmer has gone on trial this week, accused of using a
"virus" to sabotage thousands of computer records at his former employer's
business.
If convicted in what is believed to be the nation's first virus-related
criminal trial, Donald G. Burleson faces up to 10 years in jail and a $5,000
fine.
Reporting from the state criminal district court in Fort Worth, Texas, The
Associated Press notes Burleson was indicted on charges of burglary and harmful
access to a computer in connection with damage to data at USPA & IRA Co.
securities firm two days after he was fired. The trial is expected to last about
two weeks.
USPA, which earlier was awarded $12,000 in a civil suit against Burleson,
alleges the defendant went into its offices one night and planted a virus in its
computer records that, says AP, "would wipe out sales commissions records every
month. The virus was discovered two days later, after it had eliminated 168,000
records."
--Charles Bowen
VIRUS ATTACKS JAPANESE NETWORK
(Sept. 14)
Japan's largest computer network -- NEC Corp.'s 45,000- subscriber PC-VAN
service -- has been infected by a computer "virus."
McGraw-Hill News quotes a NEC spokesman as saying that over the past two weeks
13 different PC- VAN users have reported virus incidents.
Subscribers' user IDs and passwords "were apparently stolen by the virus
planter when the members accessed one of the service's electronic bulletin
boards," MH says. "The intruder then used the information to access other
services of the system and charged the access fees to the password holders."
NEC, which says it has not yet been able to identify the virus planter, gave
the 13 subscribers new user IDs and passwords to check the proliferation of the
virus.
--Charles Bowen
JURY CONVICTS PROGRAMMER OF VIRUS
(Sept. 20)
After deliberating six hours, a Fort Worth, Texas, jury late yesterday
convicted a 40-year-old programmer of planting a "virus" to wipe out 168,000
computer records in revenge for being fired by an insurance firm.
Donald Gene Burleson is believed to be the first person convicted under
Texas's 3-year-old computer sabotage law. The trial, which started Sept. 6, also
was among the first of its kind in the nation, Judge John Bradshaw told the
Tarrant County jury after receiving its verdict.
The Associated Press says jurors now are to return to State District Court to
determine the sentence.
Burleson, an Irving, Texas, resident, was found guilty of harmful access to a
computer, a third-degree felony with a maximum penalty of 10 years in prison and
a $5,000 fine. However, as a first-time offender, Burleson also is eligible for
probation.
As reported here earlier, Burleson was alleged to have planted a rogue program
in computers used to store records at USPA and IRA Co., a Fort Worth insurance
and brokerage firm.
During the trial, prosecutor Davis McCown told the jury the virus was
programmed like a time bomb and was activated Sept. 21, 1985, two days after
Burleson was fired as a programmer at the firm because of alleged personality
conflicts with other employees.
AP quoted McCown as saying, "There were a series of programs built into the
system as early as Labor Day (1985). Once he got fired, those programs went
off."
McCown added the virus was discovered two days later after it had eliminated
168,000 payroll records, holding up paychecks to employees for more than a
month.
Expert witnesses also testified in the three-week trial that the virus was
entered in the system via Burleson's terminal by someone who used Burleson's
personal access code.
However, the defense said Burleson was set up by someone else using his
terminal and code. Says AP, "Burleson's attorneys attempted to prove he was
vacationing in another part of the state with his son on the dates in early
September when the rogue programs were entered into the system. But prosecutors
presented records showing that Burleson was at work and his son was attending
school on those dates."
The Fort Worth Star-Telegram reports that also during the trial, Duane Benson,
a USPA & IRA senior programmer analyst, testified the automated virus series,
which was designed to repeat itself periodically until it destroyed all the
records in the system, never was automatically activated. Instead, Benson said,
someone manually set one of the programs in motion Sept. 21, 1985, deleting the
records, then covering his or her tracks by deleting the program.
Prosecutor McCown says data damage in the system could have amounted to
hundreds of thousands of dollars had the virus continued undetected.
As reported here earlier, Burleson also has lost a civil case to USPA in
connection with the incident. That jury ordered him to pay his former employers
$12,000.
Following the yesterday's verdict, McCown told Star-Telegram reporter Martha
Deller, "This proves (virus damage) is not an unprosecutable offense. It may be
hard to put a case together, but it's not impossible."
--Charles Bowen
UNIVERSITY PROFESSORS ATTACK COMPUTER VIRUSES
(Sept. 30)
Because they have not been given access to the National Security Agency's
anti-virus research, several university- based computer experts are planning to
begin their own testing and validating of software defenses against computer
viruses, reports Government Computer News.
Led by John Cordani, assistant professor of information systems at Adelphi
University, the results will be made public, unlike those being researched by
NSA. The work being done by the Department of Defense is too classified for use
by the general computer community.
GCN notes that computer viruses are hard-to-detect programs that secretly
replicate themselves in computer systems, sometimes causing major damage.
Cordani and five other academics will establish secure laboratories to study
viruses in three New York colleges: Adelphi University, Pace University and
Sarah Lawrence College. The lab will test anti-virus software developed by
companies that are members of the Computer Virus Industry Association, a
consortium of anti-virus defense developers.
The group will then publish what it is calling "consumer reports" in the media
and on electronic bulletin board systems. Once sufficient research is completed,
more general grading systems will be applied, said Cordani. In addition, the lab
will use viruses sent to them by the CVIA to develop classification algorithms
to aid in describing a virus' actions and effects.
-- Cathryn Conroy
SECOND VIRUS FOUND AT ALDUS CORP.
(Oct. 21)
For the second time this year, a computer "virus" has been found in a
commercial program produced by Seattle's Aldus Corp. The infection was found in
the latest version of the FreeHand drawing software, the same software that was
invaded by a different virus last March.
An Aldus official told The Associated Press the company was able to prevent
the virus's spread to programs for sale to the public, but that an entire
computer network within Aldus' headquarters has been infected.
The virus was found in a version of the Apple Macintosh software that was sent
to specific users to be tested before going to market. One of the testers
discovered the virus, dubbed "nVir," and two days later, Aldus realized the
virus was in its own in-house network.
Said Aldus spokeswoman Jane Dauber, "We don't know where it came from. That is
the nature of the virus. You can't really track it."
AP says Aldus officials said the new virus has remained dormant so far, a tiny
program that merely attaches itself to other programs.
"We don't know why," Dauber said. "We don't know what invokes this virus. With
some of them, you have to launch the program a certain number of times," for the
virus to activate.
The company told the wire service that, while it does not know where the virus
originated, reports are that it apparently has infected at least one
unidentified East Coast university's computers.
Another Aldus spokeswoman, Laury Bryant, added, "You just can't always stop
these things from coming in the door. But what we have done is to set up systems
which eliminate them before they are actually in full version, shrink-wrap
software and stop them from going out the door."
Last March, in what was apparently the first instance of an infection in
commercial software, a virus called the "March 2 peace message" was found in
some FreeHand programs. The invasion caused Aldus to recall or rework thousands
of packages of the new software.
--Charles Bowen
MAN SENTENCED IN NATION'S FIRST VIRUS-RELATED CRIMINAL COURT CASE
(Oct. 23)
Donald Gene Burleson, the first person ever convicted of using a computer
"virus" to sabotage data, has been sentenced to seven years' probation and
ordered to pay back nearly $12,000 to his former employer.
The 40-year-old Irving, Texas, man's attorney told United Press International
he will appeal the sentenced handed down late Friday by District Judge John
Bradshaw in Fort Worth, Texas.
As reported earlier, Burleson was convicted Sept. 19 of the third-degree
felony, the first conviction under the new Texas state computer sabotage law. He
was accused of infecting the computers of USPA & IRA, a Fort Worth insurance and
securities firm a few days after his firing Sept. 18, 1985.
Burleson could have received two to 10 years in prison and a fine up to $5,000
under the 1985 law. As a first-time offender, however, he was eligible for
probation.
As reported during last month's trial, a few days after Burleson's firing in
1985, company officials discovered that 168,000 records of sales commissions had
been deleted from their system.
Burleson testified that he was more than 300 miles away from Fort Worth on
Sept. 2 and Sept. 3 when the virus was created. However, UPI notes that evidence
showed that his son was not traveling with him as he said but in school, and
that a credit card receipt Burleson said proved he was in Rusk on Sept. 3 turned
out to be from 1987.
Associated Press writer Mark Godich quoted Burleson's lawyer, Jack Beech, as
saying he had asked for five years' probation for his client, and restitution
not to exceed $2,500.
Godich also observed that the Burleson's conviction and sentencing "could pave
the way for similar prosecutions of people who use viruses."
Chairman John McAfee of the Computer Virus Industry Association in Santa,
Clara, Calif., told AP the Texas case was precedent-setting and that it's rare
that people who spread computer viruses are caught. He added his organization
had documented about 250,000 cases of sabotage by computer virus.
--Charles Bowen
BRAIN VIRUS HITS HONG KONG
(Oct. 30)
According to Computing Australia, a major financial operation in Hong Kong was
infected with a version of the "Brain" virus. This is the first reported
infection of a commercial business in the East.
Business International, a major financial consulting firm in Hong Kong, is
believed not to have suffered any major damage. A company spokeswoman played
down the appearance of the virus and said that no data had been lost.
The "brain" virus has been reported as a highly sophisticated piece of
programming that was created by two men in Lahore, Pakistan who run the Brain
Computer Services company. It's last reported appearance in the US was during
May when it popped up at the Providence, R.I., Journal- Bulletin newspaper.
--James Moran
60 COMPUTER FIRMS SET VIRUS GOALS
(Nov. 2)
Some 60 computer companies have organized a group to set guidelines that they
say should increase reliability of computers and protect the systems from
so-called "viruses."
The Reuter Financial News Service says that among firms taking part in the
movement are Microsoft Corp., 3Com Inc., Banyan Systems and Novell Inc. At the
same time, though, declining to join the efforts are such big guys as IBM and
Digital Equipment Corp.
Reuter reports, "The companies said the measures would promote competition
while allowing them to cooperate in making computers more reliable and less
vulnerable to viruses."
However, the firms apparently have shied away from specific proposals, instead
issuing broad recommendations that leave it up to each company to develop the
technology needed to prevent the spread of viruses, Reuter said.
--Charles Bowen
THOUSANDS OF UNIVERSITY, RESEARCH COMPUTERS STUCK IN MAJOR ASSAULT
(Nov. 4)
Thousands of Unix-based computers at universities and research and military
installations were slowed or shut down throughout the day yesterday as a rogue
program ripped through international networks, an incident proclaimed by some to
be the largest assault ever on the nation's computers.
No permanent damage or security breaches appear to have occurred during the
attack. This led some to say this morning that the intrusion was not actually a
computer "virus" but rather was a "worm" program, in that it apparently was
designed to reproduce itself, but not to destroy data.
Science writer Celia Hooper of United Press International says the virus/worm
penetrated the computers through a "security hole" in debugging software for
electronic mail systems that connect Unix-based computers, evidently then moving
primarily through ARPAnet (the Advanced Research Projects Agency Network) and
NSFnet (network of the National Science Foundation) that link 2,000 computers
worldwide.
At other systems:
-:- The virus/worm also apparently invaded the Science Internet network that
serves many labs, including NASA's Jet Propulsion Laboratory in Pasadena, Calif.
-:- NASA spokesman Charles Redmond said there were no reports of the space
agency's network, Space Physics Analysis Network (SPAN), being affected by the
attack, but he added that SPAN was linked to some of the infected networks.
Meanwhile, The New York Times this morning reported an anonymous call from a
person who said his associate was responsible for the attack and that the
perpetrator had meant it to be harmless.
The caller told the newspaper that his associate was a graduate student who
made a programing error in designing the virus, causing the intruder to
replicate much faster than expected. Said The Times, "The student realized his
error shortly after letting the program loose and ... was now terrified of the
consequences."
UPI's Hooper says the virus/worm intrusion was detected about 9 p.m. Eastern
Time Wednesday at San Francisco's Lawrence Livermore National Laboratory, one of
two such labs where nuclear weapons are designed. Spokeswoman Bonnie Jean
Barringer told UPI said the invasion "was detected and contained within two
hours."
The rogue program evidently spread through a flaw in the e- mail system of the
networks. Hooper said it quickly penetrated Air Force systems at the NASA Ames
Research Center in Mountain View, Calif., and systems at the Massachusetts
Institute of Technology, the University of California at Berkeley, the
University of Wisconsin, the University of Chicago, the University of Michigan,
the University of Rochester, the University of Illinois and Rutgers, Boston,
Stanford, Harvard, Princeton, Columbia, Cornell and Purdue universities.
Charley Kline, senior research programmer with the Computing Services Office
at the University of Illinois at Urbana-Champaign, Ill., told Associated Press
writer Bernard Schoenburg, "This is the first time that I know of that (a virus
infection) has happened on this scale to larger systems."
Kline agreed the virus traveled between computer systems through e-mail and,
once the messages were received, they linked up to command controls and told the
local computers to make copies of the virus. Kline said the copies then sought
out other connected devices.
He also said that as far as he knows, only locations using Digital Equipment
Corp.'s VAX computers or those systems made by Sun Microsystems Inc. were
affected. He estimated about 75 percent of all national networks use such
systems.
Schoenburg also noted that all the affected computers use the BSD Unix
operating system, written at University of California/Berkeley as a modified
version AT&T's original Unix.
Commenting on the situation, Chairman John McAfee of the new Computer Virus
Industry Association in Santa Clara, Calif., told AP writer Paul A. Driscoll,
"The developer was clearly a very high-order hacker (because) he used a flaw in
the operating systems of these computers."
Research director Todd Nugent of the University of Chicago's computing
department told UPI computer operators across the country were tipped off to the
invasion when they noticed their Unix-based systems running unusually slowly.
Thm?lachines turned out to be bogged down by loads of viral programs. Nugent
said that in one machine he had disconnected, the virus appeared to have
replicated itself 85 times.
Today, in the morning-after, systems operators were fighting back on several
fronts:
-:- First, a software "patch" has been developed to fend off the virus/worm.
Spokesman Bill Allen of the University of Illinois at Urbana-Champaign told
UPI's Hooper, "The strategy is to shut off various (infected) computers from the
network then sanitize them, purging the virus with a patch program." Hooper said
the patches, which find and excise the virus/worm from the computer and then
plug the hole through which it entered, now are circulating on campuses and have
been posted nationally on computer bulletin board systems.
-:- Secondly, the Defense Communications Agency has set up an emergency center
to deal with the problem. However, The New York Times noted that no known
criminal investigations are under way.
NSFnet Program Manager Al Thaler told UPI he considered the virus/worm "a
mean-spirited, vicious thing that interferes severely with the communications
network our research computers live in. We are angry." Even though it will be
hard to determine who started the virus/worm, Thaler said, "We are going to
try."
Finally, McAfee of the virus group told AP that this virus/worm was rare
because it infested computers at major institutions, not just personal
computers. "Any hacker in the world can infect personal computers," McAfee said,
"but in this case, the person who did this would have had to have been
physically at the site of one of the computers belonging to the network." He
added, though, that chances of identifying that person were "extremely slim."
--Charles Bowen
REPORTS NAME 23-YEAR-OLD CORNELL STUDENT AS THE AUTHOR OF "VIRUS"
(Nov. 5)
A 23-year-old Cornell University student and the son of a government computer
security expert now is said to be the person who planted that "virus" that
stymied some 6,000 Unix- based computers across the nation for more than 36
hours this week.
The New York Times this morning quoted two sources as identifying the suspect
as Robert T. Morris Jr., a computer science graduate student. The paper says
Cornell University authorities found that the young man possessed unauthorized
computer codes.
The young man's father, Robert Morris Sr., the Silver Springs, Md., chief
scientist at the National Computer Security Center in Bethesda, Md.,
acknowledged this morning that "it's possible" his son was responsible for the
rapidly-replicating virus that started crashing international networks late
Wednesday night.
However, Morris Sr., who is known for security programming in Unix systems,
told science writer Celia Hooper of United Press International that he had "no
direct information" on his son's involvement. He added he had not spoken to his
son in several days and was unaware of his whereabouts.
The elder Morris also told The Times that the virus "has raised the public
awareness to a considerable degree. It is likely to make people more careful and
more attentive to vulnerabilities in the future."
As reported here yesterday (GO OLT-391), the incident, in which thousands of
networked computers at universities and research and military installations were
halted or slowed, is said to be the largest assault ever on the nation's
computers. However, no permanent damage or security breaches appear to have
occurred during the attack.
Of Morris Jr.'s alleged involvement, Cornell Vice President M. Stuart Lynn
released a statement late last night saying the Ithaca, N.Y., university has
uncovered some evidence. For instance, "We are investigating the (computer
files) to see if the virus was inserted in the system at Cornell. So far, we
have determined that this particular student's account does hold files that
appear to have passwords for some computers at Cornell and Stanford University
to which he's not entitled.
"We also found that his account contains a list of passwords substantially
similar to those contained in the virus," said Lynn. He added that students'
accounts show which computers they had accessed and what they had stored. The
university is preserving all pertinent computer tapes and records to determine
the history of the virus.
Morris Jr. himself has not been reached for comment. Associated Press writer
Douglas Rowe says the young man is believed to have flown to Washington, D.C.,
yesterday and plans to hire a lawyer and to meet with officials in charge of the
infected computer networks to discuss the incident.
Rowe also quotes computer scientists as saying the younger Morris worked in
recent summers at the AT&T's Bell Laboratories, where one of his projects
reportedly was rewriting the communications security software for most computers
that run AT&T's Unix operating system.
AP also notes that computer scientists who now are disassembling the virus to
learn how it worked said they have been impressed with its power and cleverness.
Of this, Morris' 56-year-old father told the Times that the virus may have
been "the work of a bored graduate student."
Rowe says that when this comment was heard back at Cornell, Dexter Kozen,
graduate faculty representative in the computer science department, chuckled and
said, "We try to keep them from getting bored. I guess we didn't try hard
enough."
Meanwhile, there already is talk of repercussions if Morris is determined to
be responsible for the virus.
Lynn said, "We certainly at Cornell deplore any action that disrupts computer
networks and computer systems whether or not it was designed to do so. And
certainly if we find a member of the Cornell community was involved, we will
take appropriate disciplinary action." He declined to specify what the action
would be.
In addition, federal authorities may be calling. Speaking with reporter Joseph
Verrengia of Denver's Rocky Mountain News late yesterday, FBI spokesman William
Carter said a criminal investigation would be launched if it is determined
federal law was violated. He said the bureau will review the Computer Fraud and
Abuse Act, which deals with unauthorized access to government computers or
computers in two or more states. Conviction carries a maximum penalty of 10
years in prison.
--Charles Bowen
ROBERT MORRIS' FRIENDS SAY NO MALICE MEANT WITH ALLEGED VIRUS
(Nov. 7)
Friends of a Cornell University graduate student suspected of creating a
"virus" that jammed some 6,000 networked computers for 36 hours last week say
they believe he intended no malice and that he also frantically tried to warn
operators after he saw his programming experiment had gone terribly awry.
Twenty-three-year-old Robert Tappen Morris Jr. is said to now be in contact
with his father -- Robert T. Morris Sr., a computer security expert with the
super secret National Security Agency - - and is expected to meet this week with
FBI agents after hiring a lawyer.
As reported earlier, the virus, which started Wednesday night, spread along
several major networks and, for about 36 hours, created widespread disturbances
in the unclassified branch of the military's defense data system, as well as in
thousands of university and research computer systems. However, apparently no
information was lost or damaged.
Morris Sr. told Associated Press writer David Germain that he met with FBI
agents for about an hour Saturday to explain why his son will not immediately
comply with their request for more information. The elder Morris said the family
has had preliminary discussions with an attorney and expects to hire one by
today. He said his son won't be available for a comment until at least tomorrow
or Wednesday.
The New York Times yesterday quoted Morris' friends as saying he had spent
weeks creating the virus. However, the paper said that by all accounts Morris
meant no harm to the systems; instead, the virus, created as an intellectual
challenge, was supposed to lie dormant in the systems.
A friend alleges Morris discovered a flaw in the electronic mail section of
the Unix 4.3 operating system, a modification of AT&T's original Unix produced
by the University of California at Berkeley. When he saw the flaw allowed him to
secretly enter the networked Unix computers, Morris literally jumped onto the
friend's desk and paced around on top of it, the Times reported.
Cornell instructor Dexter Kozen told AP the flaw was "a gaping hole in the
system that I'm amazed no one exploited before." While the loophole was not
evident before the virus was unleashed, "in retrospect it's really quite
obvious," Kozen said.
Incidentally, the programmer who designed Unix's e-mail program through which
the virus apparently entered told the Times this weekend that he had forgotten
to close a secret "back door." Eric Allman said he created the opening to make
adjustments to the program, but forgot to remove the entry point before the
program was widely distributed in 1985. He was working for a programming
organization at the University of California/Berkeley at the time.
Friends and others say Morris' original vision was to spread a tiny program
throughout and have it secretly take up residence in the memory of each computer
it entered, the Times said.
Working virtually around the clock, Morris reportedly made a single
programming error involving one number that ultimately jammed more than 6,000
computers by repeating messages time after time.
AP's Germain said Morris reportedly went to dinner after setting the program
loose Wednesday night and then checked it again before going to bed. Discovering
his mistake, Morris desperately worked to find a way to stop the virus' spread.
However, "his machines at Cornell were so badly clogged he couldn't get the
message out," said Mark Friedell, an assistant professor of computer science at
Harvard University, where Morris did his undergraduate studies.
AP says that, panicked, Morris called Andrew Sudduth, systems manager at
Harvard's Aiken Laboratory. He asked Sudduth to send urgent messages to a
computer bulletin board system, explaining how to defeat the virus.
Sudduth told The Washington Post, "The nets were like molasses. It took me
more than an hour to get anything out at all."
At a press conference this weekend, Cornell University officials said that,
while the computer virus was traced to their institution, they actually had no
evidence to positively identify Morris as the virus creator.
Said Dean Krafft, Cornell's computer facilities manager, "We have no
fingerprints. We have no eyewitness, but it was created on his computer
account." Krafft added that Morris' computer account holds files that appear to
have unauthorized passwords for computers at Cornell and Stanford University.
In addition, Cornell Vice President M. Stuart Lynn said the origin of the
program is hard to investigate, and it may be impossible to trace the virus back
to Morris. "At this stage we're simply not in a position to determine if the
allegations are true," Lynn said, adding he did not know how long the
investigation would take.
Curiously, in light of Krafft's statements, Lynn is quoted as saying, "It's
quite conceivable we may not be able to say with any certainty" if the virus was
created in Cornell's computer system.
Lynn also said the university had been contacted by the FBI, but there was no
indication any criminal charges would be filed. Officials said the school could
discipline Morris if he was involved.
By the way, one Cornell official, who spoke on condition of anonymity, told AP
that it appeared there was an earlier version of the virus in Morris' computer
files.
Regarding possible penalties, United Press International this morning quoted
an FBI spokesman as saying that the person responsible for the virus could face
up to 20 years in prison and $250,000 in fines for the federal offense of
unauthorized access to government computers.
Finally, Harvard graduate student Paul Graham, a friend of Morris, told the
Times he thought Morris' exploit was similar to that of Mathias Rust, the young
West German who flew a light plane through Soviet air defenses in May 1987 and
landed in Moscow.
"It's as if Mathias Rust had not just flown into Red Square, but built himself
a stealth bomber by hand and then flown into Red Square."
--Charles Bowen
NEW LAN LABORATORY GROUP OFFERS SUGGESTIONS FOR VIRUS PREVENTION
(Nov. 7)
Just a week or so before thousands of networked computers across the country
were struck by a rapid virus, some 60 computer companies endorsed a set of
virus-prevention guidelines drafted by the National LAN Laboratory.
The Reston, Va., group, devoted to local area networks, hopes its tips can
prevent and control future viruses and worm program intrusions.
Speaking with business writer Peter Coy of The Associated Press, LAN Lab
spokesman Delbert Jones said, "The key issue is that with proper precautions,
one can continue to live a normal existence. ... "It's very much like the AIDS
virus: The best solution is precaution."
Here, according to AP, are the suggestions by the LAN Lab group:
1. All software should be purchased from known, reputable sources.
2. Purchased software should be in its original shrink wrap or sealed disk
containers when received.
3. Back-up copies should be made as soon as the software package is opened.
Back-ups should be stored off-site.
4. All software should be reviewed carefully by a system manager before it is
installed on a network.
6. New software should be quarantined on an isolated computer. This testing
will greatly reduce the risk of system virus contamination.
7. A back-up of all system software and data should be made at least once a
month, with the back-up copy stored for at least one year before re-use. This
will allow restoration of a system that has been contaminated by a
"time-released" virus. A plan that includes "grandfathered" rotation of back-up
copies will reduce risk even further.
8. System administrators should restrict access to system programs and data on
?"needm??Sk????????a?? isol?te?!p?K????? protects critZ?X
????????????
and aids problem diagnosis.
9. All programs on a system should be checked regularly for program length
changes. Any program-length deviations could be evidence of tampering, or virus
infiltration.
10. Many shared or free programs are invaluable. However, these are the prime
entry point for viruses. Skeptical review of such programs is prudent. Also,
extended quarantine is essential before these programs are introduced to a
computer system.
11. Any software that exhibits symptoms of possible virus contamination should
be removed immediately. System managers should develop plans for quick removal
of all copies of a suspect program, and immediate backup of all related data.
These plans should be made known to all users, and tested and reviewed
periodical?Q??#jjZ???????Bowen
FBI UPGRADES VIRUS PROBE TO A "FULL CRIMINAL INVESTIGATION"
(Nov. 8)
The young man alleged to have written the virus that stymied some 6,000
networked computers last week has hired a Washington, D.C., attorney. His
selection apparently comes just in time, because the FBI reportedly is upgrading
its probe of the matter to a full criminal investigation.
Robert T. Morris Jr., 23-year- old Cornell University graduate student, has
not been formally charged, but nonetheless is widely alleged to have created the
virus that played havoc for 36 hours last week with Unix- based computers on the
Pentagon-backed ARPANET network and other systems.
Associated Press writer Anne Buckley this morning reported that lawyer Thomas
Guidoboni of the Washington firm of Bonner & O'Connell has been retained to
represent Morris. Guidoboni told Buckley, "We have notified the federal
authorities of our representation and (Morris') whereabouts. We are in the
process of investigating the facts and circumstances which have been reported by
the press in order to determine our course of action."
Meanwhile, The Washington Post this morning quoted law enforcement sources as
confirming their inquiry has been expanded to a full field investigation by the
FBI's Washington field office. That means the FBI has consulted with federal
prosecutors, agreed that the bureau has jurisdiction and that there is reason to
believe there may have been a violation?ot federal criminal law.
"In a full-scale investigation," Buckley said, "the government has the power
to subpoena records and documents and compel testimony through the authorization
of immunity, two techniques which are not permitted through preliminary
inquiries. The move indicate(s) the FBI (is) moving very quickly in the case
because in many instances, preliminary inquiries take a month or more."
AP also quoted a government source who spoke on condition of anonymity as
saying investigators aren't sure whether any criminal activity actually
occurred, as defined by a statute passed in 1984.
Says Buckley, "A section of that law says it is unlawful to enter a government
computer with the intent to disrupt its functions. The crime is punishable by up
to 10 years in prison. The source said that in this case, there's no evidence
that anything was taken from the computers, but rather that it was a question of
disrupting computer systems. One section of law addresses sabotage, but the
source said it (is) unclear whether the virus case would involve an intent to
disrupt the computer."
AP says its source believes the bureau is investigating the matter in view of
the fact that there were breaches of security, and that the Justice Department
will have to determine whether the matter involved criminal conduct.
--Charles Bowen
GOVERNMENT MAY SUBPOENA CORNELL
(Nov. 9)
Sources close to the investigation of last week's massive virus attack say the
government may seek search warrants or subpoenas to get documents from Cornell
University before trying to interview the virus's alleged author.
AssoCiY?Y??????writer Pete Yost quotes Washington, D.C., lawyer Thomas
Guidoboni as saying he hasn't been contacted by the FBI since informing the
bureau that he was chosen on Monday to represent the suspect, 23-year-old Robert
T. Morris Jr., a Cornell graduate student.
Says Guidoboni, "The ball's in their court. We're waiting to hear from them."
Yost notes that earlier the FBI had sought to question Morris, but that was
before Guidoboni was retained. The lawyer told AP he didn't think "we'll have
enough information by the end of this week" to determine whether to talk to the
FBI. He says he wants to talk more with his client before deciding what course
to take.
Says the wire service, "The possibility of seeking grand jury subpoenas or a
search warrant for data at Cornell that could shed light on the computer virus
incident was considered (yesterday) within the FBI. It was discarded as being
unnecessary and then revived in discussions with Justice Department lawyers,
said the sources, speaking on condition of anonymity."
Meanwhile, Cornell Vice President M. Stuart Lynn reiterated that the
university will cooperate fully with the investigation.
Morris, son of acclaimed computer security expert Robert Morris Sr. of Arnold,
Va., has not been formally charged. Still, he is widely alleged to be the person
who created the virus that paralyzed some 6,000 networked Unix-based computers
on the Pentagon-backed ARPANET network and other systems for about 36 hours last
week.
--Charles Bowen
"BRAIN VIRUS" APPEARS IN HOUSTON
(Nov. 9)
A version of the so-called "Brain virus," a rogue program believed to have
originated in Pakistan, now has cropped up in computers used by University of
Houston business students. Texas officials say that the virus, while a nuisance,
has posed no real problem.
University research director Michael Walters told The Associated Press, "It
probably hasn't cost us much, except a few days of people-time to clean up these
disks, but it probably cost the students a good bit of frustration."
Some students report they have lost data, but Walters told the wire service he
knows of no one who has lost an entire term paper or other large quantity of
work. Nonetheless, reports still were coming in from students late yesterday.
This version of the Brain virus, which last spring was traced to a computer
store in Lahore, Pakistan, announced itself at the university early last week on
the screen of one of the 150 PCs the business department has for students and
faculty. Walters said the virus hasn't spread to the school's larger computers.
AP quotes Walters as saying the virus flashed this message (with these
misspellings) to students who tried to use infected programs:
"Welcome to the dungeon. Copyright 1968 Brain & Amjads, PVT, LTD. Virus shoe
record V9.0. Dedicated to the dynamic memory of millions of virus who are no
longer with us today -- Thank Goodness. BEWARE OF THE VIRUS. This program is
catching. Program follows after these messeges."
The original "Brain" virus -- which appeared in May at colleges and businesses
along the East Coast and in the computers of The Providence, R.I.,
Journal-Bulletin newspaper -- flashed the "Welcome to the Dungeon" message, but
added "Contact us for vaccination." It also gave names, an address and a phone
number of two brothers who run a Lahore, Pakistan, computer store.
Walters said the Houston version of the virus says nothing about any vaccine,
and the "V9.0" in its message suggests it may be a modified version.
Before this, the most recent sighting of the "Brain" virus was at Business
International, a Hong Kong financial operation. It was thought to be the first
reported digital infection of a commercial business in the East. The firm is
believed not to have suffered any major damage.
--Charles Bowen
UNIX EXPERT SAYS VIRUS "PANIC" UNNECESSARY, BLAMES BAD PLANNING
(Nov. 10)
An expert on the Unix operating system says that much of last week's "panic"
over the virus that brought down some 6,000 networked computers was caused by
poor management technique.
In a statement from his Rescue, Calif., offices, newsletter editor Bruce
Hunter said, "Most of the damage was done by the organizations themselves, not
the virus."
Hunter, who edits Root, a bimonthly Unix administration and management journal
published by InfoPro Systems, observed that more than 50,000 users were
reportedly cut off at a single site due to last week's virus, and that more than
a million people are believed to have been directly affected.
However, Hunter said, "By dropping network connections, administrators were
ensuring that the virus was winning. Good communications and information sharing
between administrators is what helped people on the network find and implement a
solution to the virus quickly."
Hunter, who also is an author and mainframe Unix system manager, said that one
job of an administrator is to keep all system resources available to users, and
another is to "go around searching for possible trouble."
He said the most important lesson learned from last week's virus was that a
definite plan is imperative to avoid inappropriate reactions.
Hunter made these suggestions to managers:
-:- Develop a set of scenarios and responses for future virus attacks as well
as physical disasters.
-:- Keep a printed list of system administrators at all company sites.
-:- Establish a central point of information.
-:- Coordinate an emergency response task force of key personnel.
-:- Keep current off-site backups of all data.
-:- Perform regular security audits.
--Charles Bowen
FBI LOOKING AT WIDE RANGE OF POSSIBLE VIOLATIONS IN VIRUS CASE
(Nov. 10)
The FBI now is looking at a wide range of possible federal violations in
connection with last week's massive computer virus incident, ranging beyond the
bureau's original focus on the provisions of the Computer Fraud and Abuse Act of
1986.
That was the word today from FBI Director William Sessions, who told a news
conference in Washington that the FBI is trying to determine whether statutes
concerning wire fraud, malicious mischief or unlawful access to stored
communications may have been broken.
The Associated Press notes that earlier the FBI had said it was concentrating
on the 1986 Computer Fraud and Abuse Act, which prohibits fraud or related
activity in connection with computers.
The FBI chief said, "We often look at intent as being knowing and intentional
doing of an act which the law forbids and knowing that the law forbids it to be
done. But we also have other statutes which deal simply with knowingly doing
something."
The wire service observed the following about two statutes to which Sessions
referred:
-:- The malicious mischief statute provides a maximum 10-year prison term for
anyone who wilfully interferes with the use of any communications line
controlled by the US government.
-:- The unlawful access law makes it a crime to prevent authorized access to
electronic communications while they are in electronic storage and carries a
maximum six-month jail term absent malicious destruction or damage.
Sessions also told reporters the preliminary phase of the bureau's criminal
investigation probably will be completed in the next two weeks.
As reported here earlier, authorities think 23-year-old Cornell University
student Robert T. Morris created the virus that disrupted thousands of networked
computers last week. However, Morris has not yet been charged with any crime.
--Charles Bowen
MICHIGAN WEIGHS ANTI-VIRUS LAW
(Nov. 15)
Michigan lawmakers soon will consider a proposed state law that would impose
felony penalties against anyone convicted of creating or spreading computer
"viruses."
Sponsoring the bill, Republican Sen. Vern Ehlers told United Press
International, "Because this is a new type of crime, it is essential we address
it directly with a law that deals with the unique nature of computers."
Citing this month's virus attack on military and research computers linked by
ARPANET and other networks, Ehlers added, "The country recently saw how quickly
a virus can spread through network users. The Defense Department and its
contractors were extremely fortunate that the virus was relatively harmless."
The senator said his bill, still being drafted, is expected to include
provisions making it a felony for anyone to deliberately introduce a virus into
a computer system.
UPI notes Ehlers is a physicist with a Ph.D who has 30 years' experience with
computers.
--Charles Bowen
VIRUS STRIKES CALIF. MACINTOSHES
(Nov. 15)
Students at Southern California universities were being warned today of a
rapidly spreading West German virus that reportedly is disrupting functions of
Apple Macintosh computers.
"In general, this thing is spreading like mad," Chris Sales, computer center
consultant at California State University at Northridge, told The Associated
Press. "It originated in West Germany, found its way to UCLA and in a short time
infected us here."
AP quotes school officials as saying that at least a dozen Macs at the
suburban San Fernando Valley campus have been infected since the virus first
cropped up last week. Cal State says the virus apparently does not erase data,
but that it does stall the computers and removal requires hours of
reprogramming.
The wire service said students' disks are "being tested for the virus" before
they can rent a Mac0a? the`?+?????????????????j
@"--C?arlY.????5
COMPUTER SECURITY EXPERT OFFERS TIPS
(Nov. 15)
The need to protect against computer viruses has heralded the end of the
user-friendly computer era, says one security expert.
According to Government Computer News, Sanford Sherizen, president of Data
Security Systems Inc. of Natick, Mass. said the objective now is to make
software bullet-proof, not accessible.
He said that since the advent of computers in offices, managers have been
faced with the conflicting needs of protecting the data versus producing it.
Data must be accessible to those who need it and yet at the same time secure
from those who can alter, delete, destroy, disclose or steal it or steal
computm?!hardware.
Sherizen told GCN reporter Richard A. Danca that non- technical managers can
contribute to computer security as advocates and facilitators. Users must learn
that security is a part of their jobs.
He predicted that security managers will soon use biometric security measures
such as comparing retinal blood vessels or fingerprints. Needless to say, such
techniques raise complicated issues of civil liberties and privacy.
Sherizen said that all information deserves protection.
--Cathryn Conroy
VIRUS THREAT SAID EXAGGERATED
(Nov. 16)
Because of the latest reports of attacks by computer "viruses," some in the
industry are ready to blame such rogue programs for anything that goes wrong.
However, expert Charles Wood told a 15th annual computer security conference
in Miami Beach, Fla., this week, "Out of over 1,400 complaints to the Software
Service Bureau this year, in only 2 percent of the cases was an electronic virus
the cause of the problem. People are jumping to the conclusion that whenever a
system slows down, it's a virus that's responsible."
The Associated Press reports that Wood and other panelists cautioned that
computer-dependent companies should focus more on the day-to-day breakdowns
caused by human error than on viruses.
President Steve Irwin of LeeMah Datacom Security Corp. told the conference
that this month's virus assault on networked computers on the ARPANET system
"could be a cheap lesson."
Said Irwin, "We were lucky because it was not a real malicious attempt ... If
(the virus' author) had ordered the programs to be erased, the loss could have
gone into billions, lots of zeroes."
AP quoted Wood as adding, "The virus is the hot topic right now, but actually
the real important subject is disaster recovery planning. But that's not as
glamorous as the viruses."
--Charles Bowen
FBI SEIZES MORRIS RECORDS IN PROBE OF NATIONAL VIRUS CASE
(Nov. 17)
While young Robert T. Morris Jr. still has not been charged with anything in
connection with the nation's largest computer virus case, the FBI now reveals
that items it has seized so far in its probe include magnetic tapes from Morris'
computer account at Cornell University.
The Associated Press reports that documents released by the FBI late yesterday
say investigators seized "two magnetic tapes labeled `files from Morris account
including backups' and hard copy related thereto" from Dean Krafft, a research
associate in computer science at Cornell, where the 23- year-old Morris is a
graduate student.
AP says the agents also obtained "two yellow legal pads with calculus and
assorted notes." Associate university counsel Thomas Santoro had taken the legal
pads from an office in Upson Hall, a campus building that contains computer
science classrooms and offices, AP says.
Even though Morris hasn't been charged, it has been widely reported that the
young man told friends he created the virus tHa? stymied an estimated 6,200
Unix- based computers on ARPANET and other networks for some 36 hours earlier
this month.
As reported, the FBI is conducting a criminal investigation to determine
whether statutes concerning wire fraud, malicious mischief or unlawful access to
stored communications may have been violated.
AP quotes these latest FBI documents as saying that US District Judge Gustave
J. DiBianco in the northern district of New York in Syracuse issued two warrants
on Nov. 10 for the Cornell searches. The FBI searches were conducted that same
afternoon.
"The government had said earlier that it might try to obtain documents from
the university before interviewing Morris," AP observes, "and Cornell's vice
president for information technologies, M. Stuart Lynn, had said the university
would cooperate fully with the investigation."
--Charles Bowen
SPA FORMS GROUP TO KNOCK DOWN RUMORS ABOUT COMPUTER VIRUSES
(Nov. 17)
Upset over wild rumors about the destructiveness of computer viruses, the
Software Publisher Association has formed a special interest group to address
computer security.
In a statement released today at the Comdex trade show in Las Vegas, SPA says
its new Software Security SIG will help distribute information and serve as
liaison for software publishers, industry analysts and consultants.
McGraw-Hill News quotes SPA member Ross Greenberg, president of Software
Concepts Design, as saying, "Recent unsubstantiated statements regarding the
actual damage caused by viruses...has caused more of X???????fervor than served
as a public service."
At the SIG's organizational meeting, several companies discussed setting
standards on how to educate the public regarding viruses and various anti-viral
products now being advertised.
--Charles Bowen
|
|
