Approaching Zero, Paul Mungo [good summer reads TXT] 📗
- Author: Paul Mungo
- Performer: -
Book online «Approaching Zero, Paul Mungo [good summer reads TXT] 📗». Author Paul Mungo
Computer viruses are carried from computer to computer by diskette or, in
networked computers, by the wires that link them. they can also be transmitted
on telephone lines, through modems, like ordinary computer programs. Viruses do
not fly through the air and cannot jump from computer to computer vithout being
carried by a physical medium. Moreover, all viruses are man-written: they
aren’t natural, or caused spontaneously by computer technology. The only
“artificial life” inherent in a virus is its tendency to modify itself as it is
copied, but that’s possible with any computer program.
This explanation may seem simple to the point of absurdity, but when viruses
first began to garner mentions in the press, and breathless reporters began to
write lurid stories about “technological viruses,” their properties were
exaggerated into the realm of science fiction. Viruses made a good story—even
when there was no evidence that they had actually damaged anything.
In 1986, when Burger made his presentation to the Chaos conference, there were
almost no viruses in existence. Few people in the computer industry had ever
seen one, despite increasing interest in the subject from security experts, who
were touting them as the next big threat to computer systems. The simple fact
was that Burger’s Virdem was probably the only virus that most of them had even
heard about.
The properties of viruses and the damage that they could cause were widely
known, however. Even the nightmare scenario had been posited: that a plague of
viruses would move swiftly through the computers of the world, wiping out data
and devastating
corporations, government agencies, police forces, financial institutions, the
military, and, eventually, the structure of modern society itself. By 1986,
however, actual attacks by viruses on computer systems had yet to occur.
The next year, 1987, Burger’s book about computer viruses Das
Grosse-computervirenbuch, was published by Data Becker GmbH of Dusseldorf. In
the book Burger warned: “Traveling at what seems the speed of moving electrons,
comical, sometimes destructive programs known as viruses have been spreading
through the international computer community like an uncontrollable plague.”
There was in fact no hard evidence for this statement, and later in the book,
contradicting the apocalyptic tone of the first section, Burger admitted: “So
far it has been impossible to find proof of a virus attack.”
Later that year, two new viruses appeared. The first was created by the Greek
computer magazine Pixel, which had hired a local computer wizard named Nick
Nassufis to write one. The magazine published the virus as a list of
BASIC-language instructions in the April 1987 issue. Readers who keyed in the
instructions found themselves with a fully functioning virus on their computers. It didn’t do much apart from replicate, but from time to time it would
display a poorly written English language message on the computer screen:
PROGRAM SICK ERROR: CALL DOCTOR OR BUY PIXEL FOR CURE DESCRIPTION. Three months
later Pixel published instructions for wiping it out.
Then, as Burger was preparing the second edition of his book he received a copy
of a virus found in Vienna by a local journalist. This virus, now known as
Vienna, was said to have appeared at a local university in December 1987. Its
writer is unknown, as are the writers of most viruses.
Burger described Vienna as “extremely clever.” But by the standards of virus
writing today, it wasn’t, though it was certainly the most advanced virus in
existence at the time. Vienna is known as a file virus because it attaches
itself to what are known in the computer industry somewhat tediously as
executable files (i.e., the software, such as a word-processing program, that
actually enables a computer to do something useful). When an infected program
is loaded onto a computer from a diskette (or transferred through a network),
Vienna comes with it and slips itself into the computer’s memory. It then looks
for other executable files to infect, and after infecting seven it damages the
eighth, simply by overwriting itself onto the program code.
Although the payload of the Vienna virus was destructive—the eighth program
that was damaged was irreparable—by presentday standards it wasn’t
particularly malicious. More dangerous was Burger’s decision to publish a
reconstruction of the Vienna program code in the second edition of his book. It
became the recipe for writing viruses.
Programmers with access to the code could quite easily adapt it for their own
purposes—by altering the payload, for instance. That’s what eventually
happened with Vienna. Though Burger had deliberately altered his
reconstruction to make it unworkable, programmers had little trouble finding
their way around the alterations. Variants of Vienna have been found all over
the world: in Hungary, a Vienna clone carries a sales message that translates
roughly as POLIMER TAPE CASSETTES ARE THE BEST. GO FOR THEM. A Russian version
was adapted to destroy the computer’s hard disk, the internal memory and
storage area for programs, after infecting sixty-four files. A Polish variant
displays the message MERRY CHRISTMAS on infected computers between December
19th and 31st. A version from Portugal carries out the standard overwriting of
the eighth program, but also displays the word AIDS. In the US a group of
unknown American virus writers used Vienna as the basis for a series of viruses
called Violator, all intentionally damaging to computer systems.
It is ironic that a book written to warn about the dangers of viruses should be
the medium for distributing the recipe for writing them. But even though no one
had yet documented a proven virus attack on a computer system anywhere in the
world, and the predicted plague of computer viruses had not yet materialized,
the
potential threat of viruses was being aggressively hyped by computer engineers
like Burger and by a small group of computer security consultants in America—
and many people appeared remarkably eager to believe them. In what was probably
the first press report of viruses, in February 1987, the editor of the international computer trade journal Computers de Security wrote, “Computer viruses
can be deadly…. Last year a continuous process industry’s computer crashed
causing hundreds of thousands of dollars’ damage. A post mortem revealed that
it had been infected with a computer virus. Another nationwide organization’s
computer system crashed twice in less than a year. The cause of each crash was
a computer virus…. A computer virus can cause an epidemic which today we are
unable to combat.”
It has never been possible to trace either the “continuous process” corporation
or the “nationwide organization” whose computers had been so badly damaged by
viruses. Like so many aspects of computer viruses, investigation only reveals
myth and legend, rarely fact. But myth is self-perpetuating, and prophecies are
often self-fulfilling.
Chapter 4 VIRUSES, TROIANS,
WORMS, AND BOMBS
The first documented computer virus attack was recorded on October 22,1987, at
the University of Delaware, in Newark, Delaware. According to a spokesperson
for the Academic Computer Center at the university, the virus infected “several
hundred disks, rendering 1 percent of them unusable, and destroying at least
one student’s thesis.” Later a news report appeared in The New York Times that
claimed, “Buried within the code of the virus … was an apparent ransom
demand. Computer users were asked to send $2,000 to an address in Pakistan to
obtain an immunity program.” But that wasn’t quite true. Researchers using
specialized software were later able to call up the actual operating program of
the virus onto a computer screen. Within the mass of instructions that
controlled the bug, they found the following message:
WELCOME TO THE DUNGEON(C) 1986 BASIT & AMJAD (PVT) LTD.
BRAIN COMPUTER SERVICES730 NIZAB BLOCK ALLAMA IQBAL TOWN
LAHORE—PAKISTANPHONE: 430791, 443248, 280530.
BEWARE OF THIS VIRUS …
CONTACT US FOR VACCINATION …
There was no ransom demand.
Computer researchers now know the virus as Brain, though at the time it didn’t
have a name, and it was later discovered to have been programmed only to infect
the first sector on a diskette. Diskettes are divided into sectors invisible to
the naked eye, each holding 512 bytes (or characters) of information,
equivalent to about half a page of typewritten material. The first sector on a
diskette is known as the boot sector, and its function is something like that
of the starter motor on a car: it kicks the machine into operation (hence the
expression “booting up,” or starting up, a computer). When a computer is
switched on, the machine bursts into life and carries out some simple
self-diagnostic tests. If no fault is found, the machine checks to see if there
is a diskette in the disk drive. The disk drive, acting like a record player
with the diskette as its record, begins to rotate if a diskette is in place,
and the boot sector of the diskette directs the computer to the three actual
startup programs that make the computer operational.
The Brain virus was designed to hide in the boot sector waiting for the
computer to start up from the diskette so that it can load itself into the
computer’s memory, as if it were a legitimate startup program. But at around
2,750 bytes long, it is much too big to fit entirely within the boot sector,
and instead does two things: it places its first 512 bytes in the boot sector
and then stores the rest of its code, together with the original boot-sector
data, in six other sectors on the diskette. When the computer starts up, the
head of the virus jumps into memory, then calls up its tail and the original
boot sector.
Brain is one of the most innocent viruses imaginable, though that wasn’t known
at the time. The University of Delaware spent a full week and considerable
manpower cleaning out its computer system and destroying infected diskettes,
only to find that the virus’s payload is simply the tagging of infected
diskettes with the label “Brain.” A label is the name a user can give to a
diskette, and is of no real importance. Most users don’t even bother to label
their diskettes, and if a virus suddenly names it for them, thev are unlikely
to notice or care.
However, like all viruses, Brain can cause unintended damage. If a diskette is
almost full, it is possible for some sectors to be
identally overwritten while the virus is attaching its tail, thereby wiping out
all the data contained there. Also, copying can render the virus unstable,
and could unintentionally overwrite systems areas (the sectors on diskettes that
enable their use by Computers), thus rendering them useless.
Paramount to the viability of a computer virus is an effective infection
strategy. Brain was viable because it didn’t do anything deliberately dangerous
or even very obvious, so it wasn’t likely to get noticed. Therefore, when it
climbed into the computer memory, it could stay there until the computer was
switched off targeting any other diskettes that were introduced into the com-puler during that session.
Brain also contained a special counter, which permitted it to infect a new
diskette only after the computer operator had accessed it thirty-one times.
Thereafter, it infected at every fourth use. Yet another, particularly
ingenious, feature was its ability to evade detection. Normally the boot
sector, where the virus hides, can be read by special programs known as disk
editors. But if someone tried to read the boot sector to look for it, Brain
redirected them to the place where the original boot sector had been stored, so
that everything looked normal. This feature, which now takes other forms, has
become known as stealth, after the Stealth bomber that was designed to evade
radar detection.
It wasn’t difficult to trace the writers of Brain, since they had conveniently
included their names, telephone
Comments (0)