VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

There's A Virus In My Software

Philip Hilts
The Washington Post Weekly Edition, Page #38. May 23-29, 1988.
May 1988

[Back to index] [Comments]

Mischief-makers at the computer are deliberately endangering data

Tiny programs that are deliberately cause mischief are epidemic among computers and causing nervousness among those who monitor them. Since the first tests of the notion in 1983 that machines can catch and spread "information diseases," the computer world has reached the point at which as many as thirty instances of "computer virus" have been reported in the past year, affecting tens of thousands of U.S. computers alone.

Such viruses have been found at the National Aeronautics and Space Administration, International Business Machines Corporation, the House of Representatives, at least six universities, several major computer networks such as Comp-u-serve and several businesses, including the world's largest computer-service company, the $4.4 billion Electronic Data Systems Corporation of Dallas, Texas.

Written by malicious programmers, the viruses are sneaked into computer systems by piggybacking them on legitimate programs and messages. There, they may be passed along or instructed to wait until a prearranged moment to burst forth and destroy data.

Hundreds of computers at the Hebrew University of Jerusalem and other places in Israel were hit last fall by a virus designed to spread and then, in one swipe on a Friday the thirteenth, destroy all data in any computer it could reach.

If not for an error by it's author, who has not been caught, the virus could have caused devastation among micro-computers in Israel and other nations. The virus did not check to see whether it already had infected a program and so infected some computers hundreds of times, crowding their memories enough to call attention to itself.

In a seven-month campaign, programmers in Israel hastened to find infected machines and ensure that the smallest number would be affected before Friday, May 13th. Officials say they initially thought that the infection was connected with the anniversary of the last day that Palestine existed as a political entity but subsequently decided that it most likely involved just Friday the thirteenth.

Apparently, the campaign was successful; there has been no word of substantial damage. This past Friday the thirteenth is this year's only such day.

At the Aldus Corporation of Seattle, Washington, a major software maker, executives are huddling with lawyers to try to determine whether international spread of such diseases is illegal. No virus cases have been taken to court.

At N.A.S.A. headquarters in Washington, several hundred computers had to be resuscitated after being infected. N.A.S.A. officials have taken precautions and reminded their machines' users to follow routine computer hygiene: Don't trust foreign data or strange machines.

Viruses have the eerie ability to perch disguised among legitimate data just as biological viruses hide among genes in human cells, then spring out unexpectedly, multiplying and causing damage. Experts say that even when they try to study viruses in controlled conditions, the programs can get out of control and erase everything in a computer. The viruses can be virtually impossible to stop if their creators are determined enough.

"The only way to protect every-body from them is to do something much worse than the viruses: Stop talking to one another with computers," says William H. Murray, an information-security specialist at Ernst and Whinney financial consultants in Hartford, Connecticut.

Hundreds of programs and files have been destroyed by viruses, and thousands of hours of repair or prevention time have been logged. Programmers have quickly produced antidote programs with such titles as "Vaccine," "Flu Shot," "Data Physician," "Syringe."

Experts says known damage is minimal compared with the huge, destructive potential. They express the hope that the attacks will persuade computer users to minimize access to programming and data.

"What we are dealing with here is the fabric of trust in society," says Murray. "With computer viruses, we have a big vulnerability."

Early this year, Aldus Corporation discovered that a virus had been introduced that infected at least five-thousand copies of a new drawing program called Freehand for the Macintosh computer. The infected copies were packaged, sent to stores and sold. On March 2, the virus interrupted users by flashing this message on their screens:

"Richard Brandow, publisher of MacMag, and its entire staff would like to take this opportunity to convey their universal message of peace to all Macintosh users around the world."

Viruses are the newest of evolving methods of computer mayhem, says Donn B. Parker, a consultant at SRI International, a computer research firm in Menlo Park, California. One is the "Trojan horse," a program that looks and acts like a normal program but contains hidden commands that eventually take effect, ordering mischief. Others include the "time bomb," which explodes at a set time, and the "logic bomb," which goes off when the computer arrives at a certain result during normal computation. The "salami attack" executes barely noticeable results small acts, such as shaving a penny from thousands of accounts.

The computer virus has the capability to command the computer to make copies of the virus and spread them. A virus typically is written only as a few hundred characters in a program containing tens of thousands of characters. When the computer reads legitimate instructions, it encounters the virus, which instructs the computer to suspend normal operations for a fraction of a second.

During that time, the virus instructs the computer to check for other copies of itself and, if none is found, to make and hide copies. Instruction to commit damage may be included. A few infamous viruses found in the past year include:

Demonstrations have shown that viruses can invade the screens of users with the highest security classification, according to Fred Cohen of Cincinnati, a researcher who coined the term "computer Viruses." A standard computer-protection device at intelligence agencies, he says, denies giving access by a person at one security level to files of anyone else at a higher level and allows reading but denies writing of files of anyone lower.

This, however, "allows the least trusted user to write a program that can be used by everyone" and is "very dangerous," he says.

Computers "are all at risk," says Cohen, "and will continue to be... not just from computer viruses. But the viruses represent a new level of threat because of their subtleness and persistence."

  1. Computer "viruses" are actually immature computer programs. Most are written by malicious programmers intent on destroying information in computers for fun.
  2. Those who write virus programs often conceal them on floppy disks that are inserted in the computer. The disks contain all programs needed to run the machine, such as word processing programs, drawing programs or spread sheet programs.
  3. A malicious programmer makes the disk available to others, saying it contains a useful program or game. These programs can be lent to others or put onto computerized: "bulletin boards" where anyone can copy them for personal use.
  4. A computer receiving the programs will "read" the disk and the tiny virus program at the same time. The virus may then order the computer to do a number of things:
    1. Tell it to read the virus and follow instructions.
    2. Tell it to make a copy of the virus and place it on any disk inserted in the machine today.
    3. Tell it to check the computer's clock, and on a certain date destroy information that tells it where data is stored on any disk: if an operator has no way of retrieving information, it is destroyed.
    4. Tell it not to list the virus programs when the computer is asked for an index of programs.
  5. In this way, the computer will copy the virus onto many disks -- perhaps all or nearly all the disks used in the infected machine. The virus may also be passed over the telephone, when one computer sends or receives data from another.
  6. Ultimately hundreds or thousands of people may have infected disks and potential time bombs in their systems.
[Back to index] [Comments]
By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka