home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Shareware Overload
/
ShartewareOverload.cdr
/
utils
/
antivir1.zip
/
VIRUSMAG.LIS
< prev
next >
Wrap
File List
|
1988-02-25
|
17KB
|
291 lines
Sunday, January 31, 1988
New York Times
Vin McLellan
It could be a science-fiction nightmare come to life. In the last
nine months, computer viruses - which could subvert, alter or destroy the
computer programs of banks, corporations, the military and the Government -
have infected personal computer programs at several corporations and
universities in the United States, as well as in Israel, West Germany,
Switzerland, Britain and Italy.
Security experts say they fear that terrorists, hackers or even
practical jokers could invent viruses that would wreak havoc in the
computer world - and in the business and military operations that have
become so dependent on it.
"The dangers of viruses and some of these other computer attacks are
just unbelievable," said Donald Latham, executive vice president of the
Computer Sciences Corporation and former Assistant Secretary of Defense who
ran a Reagan Administration program to increase security in civilian and
Government computer systems. "The threat is more serious than most people
think; no one can say enough about it."
Like it biological counterpart, a computer virus can be highly
contagious. It has the capability of instantaneously cloning a copy of
itself and then burying those copies inside other programs. All infected
programs then become contagious, and the virus passes to other computers
that the software comes into contact with. Virus infections also can be
transmitted between computers over telephone lines. A single strategically
placed computer with an infected memory - say, a personal computer-based
electronic bulletin broad - can rapidly infect thousands of small computer
systems.
The most virulent outbreaks so far have occurred in personal
computers. But security experts say the greatest risk would come from
infected large computers, such as those governing the air traffic
controllers' system or the Internal Revenue Service.
"The basic rule is, where information can go, a virus can go with it,"
said Fred Cohen, a University of Cincinnati professor who has been doing
research on the threat of computer viruses since 1983.
According to Dr. Cohen, research that he did in 1983 and 1984 has
shown that most mainframe computers can be successfully subverted within an
hour. And networks - even a huge international network with thousands of
computers spread over continents - can be opened up to an illicit intruder
within days, he said. The possibility of computer networks becoming a
primary medium for subversion and warfare - the "softwar" depicted in a
dozen classic science-fiction thrillers - "has become much more real." Dr.
Cohen said.
What further complicates the problem is the fact that the virus can
evade the normal controls and barriers that all computers, even those at
secure military installations, use to control who has access to information
available through the computers.
"A virus is deadly because it can jump - actually slide right through
- the barriers everyone uses to control access to valuable information,"
said Kenneth Weiss, technical director at Security Dynamics Technologies
Inc., a computer security division of the American Defense Preparedness
Association. "The solution is to put a wall with a good solid gate around
the jungle - most computers still have the equivalent of a sleepy guard at
the door. But the larger problem is how to secure the system against
people who have legitimate work inside."
One of the early warnings about the threat of computer viruses was
raised in a paper given by Dr. Cohen at a computer conference in Toronto in
September 1984. It drew wider public attention in March 1985, when
Scientific American magazine published a letter from two Italian
programmers in the Computer Recreations column that gave a virtual
blueprint for a virus that could attack small personal computers.
Only in the last nine months, however, have actual reports surfaced
concerning virus infections, including infections striking personal
computer programs used by I.B.M. employees on the East Coast, and others at
Hewlett-Packard, Apple Computer and several small companies in the San
Francisco area, according to security consultants.
College administrators report widespread virus infection in personal
computers used by students and faculty at the University of Delaware and
Lehigh University in Bethlehem, Pa. Other reports of infections have come
from the University of Pittsburgh, the University of Maryland and
Georgetown University. Personal computer user groups have also reported
infections in Florida, Colorado, New Jersey and New York.
"It's apparently going to be the game this year: to see who can come
up with the best virus," said Dennis Steinaur, a senior security specialist
at the National Bureau of Standards, which promotes computer security in
non-military Federal agencies and the private sector. "We've all very
vulnerable."
Yet he said that the bureau planned no immediate recommendations on
the virus threat. "With limited resources," he said, "we like to put our
priorities in areas where we can see solution."
Other reports of viruses are also coming to light. Security experts
at SRI International in Palo Alto, Calif., recently said they had learned
of a mainframe computer in the San Francisco area being subverted by a
virus. Computer & Security, the journal of the security group of IFIPS, a
leading international association for computer professionals, last winter
reported "several" major incidents of virus attacks on big mainframe
systems "in Western Europe." Rumors regarding an alleged virus attack on
two U.S. Univac computers in Philadelphia two weeks ago have been
vehemently denied by I.R.S. officials. The system was taken "off line,"
they said, strictly for maintenance.
Viruses now circulating in the United States were designed to
eventually destory data in I.B.M. and compatible personal computers, the
Apple macintosh and Commodore Technology's Amiga, according to company
officials and employees. In almost all the reported cases, the virus codes
were overtly malicious.
One of the most troubling reports has come from Israel, where an
infectious virus code was spread widely over a two-month perior last fall
and was apparently intended as a weapon of political protest. The code
contained a "time bomb" that on Friday, May 13, 1988, would have caused
infected programs to erase all stored files, according to Yuval Rakavy, a
student at Hebrew University who first discovered, then dismantled the
virus code.
May 13 will be the 40th anniversary of the last day Palestine existed
as a political entity; Israel declared its independence on May 14, 1948.
Mr. Rakavy said there had been rumors that a virus was circulating in
Israel before he was asked on Decmeber 30, to help a friend understand why
his personal computer was not working properly. "When I got to see it," he
said, "I knew immediately what it was; I've known about viruses for several
years," he added, referring to the Scientific American letter.
While it awaited May 13 trigger date, said Mr. Rakavy, the Israeli
virus was already instructing the computer to slow to one-fifth it normal
speed some 30 minutes after it was turned on, and from "time to time put
garbage on the screen."
Yet it was not the irritation with speed or screen problems that
finally called attention to the infected code, said Shmuel Peleg, a
professor of computer science at Hebrew University. The "code bomb" was
only discovered because an error in the virus program caused it to mistake
previously infected programs as uninfected. Then, in error, it would add
another copy of itself to the program. "Supposedly unmodified porgrams
were growing," flooding disk memories, he said. "We had programs which had
been infected 300, 400 times."
A spokesman for Hebrew University, Yisrael Radai, called the infection
"the most devastating thing we have come across." He said "thousands of
computer files were at risk."
Israeli officials suggested a "Friday the 13th" coincidence, but Mr.
Rakavy said the virus was coded to ignore November 13, 1987. At the time
of the infection, the Israeli press quoted many Israeli computer executives
who spoke of panic among customers and peers. That concern is still being
voiced, although the Israelis have widely circulated an immunity program to
kill the virus.
Richard Schwartz, a vice president of ANSA-Borland International Inc a
software company in Belmont, California, said he was visiting Israel at the
end of the year and was given software samples by an Israeli programmer.
Days later, he said, the programmer called, warning that the program
contained the Israeli virus. "We were going to play with the virus here,"
said Mr. Schwartz, "just to see how it worked. But I finally decided I
didn't want to take any risk."
The virus discovered at Lehigh University in December was typical of
others that have surfaced in the United States. It attached itself to a
few lines of the operating system used on the I.B.M. PC's that the college
provides for student use. It then counted the number of new magnetic
memories - hard or floppy disks - that it infected. When the count reached
four, it immediately erased all programs and data it could reach. "It was
pretty juvenile coding," said Kenneth van Wyk, a Lehigh administrator, "but
students may have lost a lot of work."
Another university-based virus raised more questions. Buried within
the code of the virus discovered at the University of Delaware was an
apparent ransom demand: Computer users who discovered the virus were told
to send $2000 to an address in Pakistan to obtain an immunity program,
according to Harold Highland, an Elmont, NY consultant who studies viruses.
The Pakistani contact was not identified.
"It's like a fantasy of being a terrorist with the blood," said Eric
Corley, editor of a national hacker newsletter, 2600, whose electronic
bulletin board was infected.
On a more theoretical level, viruses could provide weapons in
corporate infighting and could affect production. "The classic scenario is
a vice president using a virus to taint the programs and tools the company
president uses to plan and make projects, hoping to make him look bad and
replace him," Dr. Cohen said. "The same potential exists among competing
executives or competing companies. One company could infect the process
controller a competitor uses to govern steel production - with the result
that the steel would be of inferior grade. That sort of subtle sabotage
could be very very difficult to recognize."
Concern about the virus has spread well beyond the computer industry.
Officials at several affected colleges said they had been contacted by a
representative from the National Security Agency, the Pentagon agency
responsible for the security of classified Government computer systems and
electronic spying abroad, and asked for details about virus codes. Since
1985, the N.S.A. and various military groups have sponsored several
unpublicized and often-classified conferences about the risk of virus
attacks at Government
computer installations.
The first, at the National Bureau of Standards in January 1985, was
"pretty much of an 'ain't-it-awful' affair," recalled Andrew Goldstein, a
senior consulting engineer at the Digital Equipment Corporation. "Then -
and still - I'm afraid, no one really knows what to do about viruses. None
of the existing mechanisms for security deal with them very well."
William H. Murray, a security consultant at Ernst & Whinney and former
I.B.M. spokesman on security issues, said efforts to contain viral
infections were hampered by "all the things you have to do in the face of a
viral attack," such as restricting the exchange and sharing of information.
Those things, he said, "are almost as disruptive as the attack."
Although he conceded that "there are no general defenses against the
virus attack," he stressed that this does not mean the worst will happen.
"For most people - even most businessmen - the world is a fairly benign
place," he said. "Most of us want the world to work, or the temptation to
bring it down is not so great that most people don't resist it."
He stressed that although "the virus vulnerability results from our
desire to share data and programs, vulnerabilities do not necessarily
equate to problems: We've got all sorts of vulnerabilities in our society
that no one is exploiting."
One reason viruses can thrive is that industry has widely adopted
networks between computers to foster profitable cooperation and information
sharing, despite the fact that these links have generally weakened security
at each computer's front gate. Efforts to foster productivity also led to
widespread adoption of personal computers, but that has depended in large
part on free distribution of thousands of non-copy-righted "public domain"
programs, ranging from those that help people balance their checkbooks to
other that connect with sophisticated mainframe computers. It is in this
exchange - among small computers that have no internal controls - that
virus codes have caused a series of small epidemics.
Many companies, like Hewlett-Packard, are trying to contain the spread
of viruses by forbidding employees to bring to work uncopyrighted software
that is in the public domain. Companies like I.B.M., which promoted
distribution of public domain software internally, are reconsidering their
policies and seeking ways to test for viral dangers.
There is growing awareness of the virus threat among computer
professionals, in part because of publicity about an automated chain letter
that flooded a major I.B.M. computer network last year.
Written as a prank by a West German student, the device looked like a
computerized Christmas card. But when it was run, it secretly reached into
computer files and sent copies of itself to everyone who had exchanged
messages with the person running it. From European link to Bitnet, the
largest academic academic computer network, the chain letter jumped to five
continents and I.B.M., flooding systems with trash mail. While this was
technically not a virus, because it did not attach itself to any computer
programs, it was widely dubbed "the Christmas virus."
Although most of the viruses that have surfaced so far appear to be
malicious, more benign uses are apparently possible. The idea of using a
hidden virus code constructively seems to fascinate many programmers, who
always seem interested in stretching the limits of the latest technology.
Dr. Cohen has suggested a virus which would ask permission each time
it acted, that would mathematically compress the coding of data permitting
it to be stored in a smaller space. And at a personal computer software
house near San Francisco, a virus was created to keep track of software
duplication, said Philip McKinney, an executive at Thumbscan, an Oakbrook,
Ill., security firm.
"You could open it up at any time and see how many copies of a program
had been made," he said. "But then a couple of programmers and a few of
their friends at other companies were using them to play practical jokes on
each other." Now, he said, the virus codes are "all over the place in the
Valley. They're generally not destructive, just irritating, messing up the
screen and stuff like that."
"That's part of the problem: They're just so enticing," said Eric
Hansen, vice president at Digital Dispatch Inc. in Minneapolis. To counter
the threat of viruses, the company developed Data Physician, which
identifies and removes viruses on I.B.M. PC and Unix systems. Since 1985
it has sold 500 copies, over half to American military buyers.
"We would have dropped it long ago if we didn't get a couple of calls
from U.S. military sites every month urging us to keep it available," Mr.
Hansen said. Now, concern about viruses means the product will stay on the
market - and he said, the company may even start advertising.
####