Approaching Zero, Paul Mungo [good summer reads TXT] 📗
- Author: Paul Mungo
- Performer: -
Book online «Approaching Zero, Paul Mungo [good summer reads TXT] 📗». Author Paul Mungo
programmers were nineteen-year-old Basit Farooq Alvi and his
twenty-six-yearold brother, Amjad Farooq Alvi. Together they run a computer
store in Lahore, Pakistan, called Brain Computer Services. They wrote the virus
in 1986, they said, “for fun,” and it was in all probability the first virus
ever to be disseminated internationally.
Shortly after writing Brain, Basit had given a copy of the virus to an
unidentified friend, and it traveled from Pakistan to North America via an
unknown route, finally reaching the University of
Delaware. Like Joe Dellinger at A&M, who was surprised at how quickly his
selfreplicating programs had traveled, Basit and Amjad Alvi were startled that
their little virus had emigrated all the way to America in less than a year.
The second documented virus attack occurred only a month later, in November
1987, on computers at Lehigh University in Bethlehem, Pennsylvania. Unlike
Brain, the virus at Lehigh was deliberately damaging. It kept a count of the
number of files that it infected and, when its counter reached four, it trashed
the diskette by overwriting it with “garbage” collected from another part of
the computer.
The university’s senior computer consultant, Ken van Wyk, realized he had a
problem when students began complaining that their diskettes didn’t work. At
first there was a trickle of bad diskettes, then a flood. Something was zeroing
out the diskettes, and Van Wyk guessed that it was probably a virus.
Van Wyk worked for five days to isolate the bug and find a cure. He discovered
that, unlike Brain, the Lehigh virus did not infect the boot sector; instead,
it hid itself inside one of the three startup programs that are triggered
immediately after the boot had occurred. Like Brain, the virus jumped into
memory whenever a computer was started from an infected diskette. Van Wyk also
discovered that the antidote was extremely simple: all he needed to do was
delete the infected startup program and replace it with a clean one. The data
on the trashed diskettes, however, was irrecoverable. Van Wyk notified
colleagues at other colleges that the virus “is not a joke. A large percentage
of our disks have been gonged by this virus in the last couple of days.”
Later that year the university suffered another attack from a modified version
of the same virus. This one trashed a diskette after infecting ten files, as
opposed to four. The longer delay made the new version of what was by then
known as the Lehigh virus much more insidious in that it infected more
diskettes with versions of itself, and therefore propagated more widely, before
unleashing its payload. But because the antidote was already known to Van Wyk,
the cleanup operation was quick.
The writer of the Lehigh virus was never discovered, though he or she was
assumed to be a student at the university. But by one of those concurrences
that excite conspiracy theorists, the professor of electrical engineering and
computer science at Lehigh when the viruses attacked was Fred Cohen, by then
Dr. Cohen, the same student who two years earlier had written the dissertation
that had first coined the term computer virus.
Early in 1988 two more viruses were discovered, both of them written for the
Macintosh, a personal computer produced by Apple, which had become the
successor to its historic Apple II. The first became known as MacMag or,
sometimes, Peace, and contained the phrase “universal message of peace” signed
by Richard Brandow, the publisher of MacMag Magazine, a Canadian publication
for Macintosh users. It also included a small drawing of the world autographed
by the author of the virus, Drew Davidson.
Later it was discovered that the virus had been included on a computer game
shown at a meeting of a Macintosh users’ group in Montreal. A speaker at the
meeting had accidentally copied the virus onto a diskette, and subsequently
infected a computer in the offices of Aldus, a Seattle-based software
publisher, for whom he was doing some work. The company then unwittingly copied
the virus onto what was later described as “several thousand” copies of a
program called Freehand, which were distributed to thousands of computer
stores. After complaints from consumers, who were quite bewildered at receiving
a peace message with their software, the company recalled five thousand copies
of the program.
The MacMag virus, though relatively widely distributed, was not malicious.
After displaying its message, it removed itself from infected systems.
Nevertheless, it was an unwanted extra and served to demonstrate the speed and
ease with which selfreplicating programs could propagate. When questioned
about the morality of deliberately publishing Davidson’s virus, Brandow was
quoted as saying, “You can’t blame Einstein for Hiroshima.”
The second Macintosh virus to be reported in 1988 was called Scores and was
much more serious. On April 19,1988 Electronic Data Systems (EDS) of Dallas, a
subsidiary of General Motors, announced that twenty-four of its machines had
been infected with a virus that was thought to have been written by a disgrun-tled ex-employee. The virus had infected the operating system and two standard
files of each computer, and then hidden itself inside two more secret files
that it had created. Two days after a system has been infected with Scores, the
virus begins to spread to the other programs on the computer—in particular, it
looks for two specific programs developed by EDS, and when it finds them, it
prevents the computer user from saving his data, thereby causing the loss of
whatever he was working on.
By early 1988 a small but potentially lucrative computer security industry had
begun to specialize in protecting machines from viruses. A number of computer
specialists offered their services as security consultants or sold computer
software designed to track down and kill viruses. But despite Brain, Lehigh,
and the two Macintosh viruses, there was little real evidence of the oft-hyped
plague of computer bugs. It was understandable that writers of antiviral
software and others in the new security industry would exaggerate the threat;
they were like burglar-alarm salesmen in a community without very many
burglars. They needed to convince the public that a slew of viruses was
gathering, to be unleashed on defenseless computer users in the coming year.
The emotive term virus helped their case, as did the willingness of the press
to publish dubious statistics and unverified, unsourced stories of virus
incidents—particularly the computer magazines, which were then locked in a
difficult circulation war and looking for something out of the ordinary to
write about. Viruses made good copy, as did nightmarish stories about the
effects of a plague. In essence, the burglars hadn’t quite hit town yet, but by
God they were on the way.
One of the earliest antiviral programs for IBM PC-type computers was the work
of a New York-based programmer, Ross Greenberg. He said that he had seen the
impending virus threat coming for years, and had therefore created a program
called Flu Shot.
During the summer of 1988 Greenberg was contacted by writer Ralph Roberts, who
was researching a book about computer viruses. According to Roberts, Greenberg
insisted that he had “about twenty viruses in quarantine.” When asked to
identify them, Greenberg told the writer, “I don’t give the little suckers
names.” But he did describe his “favorite virus,” which he said could randomly
transpose two numbers on the screen. “Sounds cute,” he reportedly said, “but it
could be dangerous if you’re using Lotus 1-2-3 [a program used for accounting]
to run a multimillion-dollar company.”
Roberts’s book, Computer Viruses, was the first attempt to put the problem into
perspective. In it he describes his interviews with the newly formed Computer
Virus Industry Association (CVIA), a body representing virus researchers and
consultants that had identified “twenty different types that attack IBM PCs and
compatibles” and fourteen others that infect other types of computers. The CVIA
also listed the names of the top five virus strains by reported incidence as
Scores, Brain, SCSI, Lehigh, and Merritt. Yet the Lehigh virus seemed to be
confined to Lehigh University; Brain was relatively harmless in that the damage
it caused was infrequent and accidental; and the Merritt virus (sometimes
called Alameda or Yale) was a benign virus that simply replicated and had been
seen at only a few universities and colleges. The SCSI virus attacked only the
Amiga, which was primarily a games machine. The most threatening virus on the
list was Scores, even though it seemed to be directed against one particular
company. Of the twenty-nine other reported viruses, either they had been seen
only once or twice or their existence was unconfirmed. (The twenty viruses
Greenburg claimed to have in quarantine were not on the list.) And that,
according to the CVIA, was about the size of the virus problem in the summer of
1988.
In the following year Greenberg wrote an article for Byte, an
eminently respectable American computer magazine, in which he described two of
the viruses he had in quarantine: his favorite number-transposing virus, now
named Screen, and a similar one that he had reported to researchers as dBase,
which transposed characters within files. It was called dBase because it
targeted records generated by a popular program of the same name.
In 1988 and even early 1989, viruses were exceedingly rare, so there was a
growing suspicion about Greenberg’s claims to have twenty unnamed bugs in some
sort of quarantine. It was thought that Greenberg was exaggerating for effect.
Other virus researchers understandably wanted copies of Greenberg’s viruses
and, in particular, the dBase virus he had described in detail.
Eventually Greenberg produced a copy of dBase. It wasn’t quite as he had first
described it; it had only been seen on one unidentified site, and only then by
Greenberg, but at least its existence could be verified. However, the existence
of the other nineteen viruses, including Screen, has yet to be confirmed.
Other early viruses were equally problematic. A virus researcher named Pamela
Kane told writer Ralph Roberts about the Sunnyvale Slug, which flashed the
message, “Greetings from Sunnyvale. Can you find me?” on infected machines. But
it has never been confirmed as a virus, nor seen since Kane first reported it.
Then there was the “retro-virus,” reported to have been distributed with three
popular but unnamed shareware (free, shared software) programs. It was said to
have been programmed to detach itself from its infected hosts—a program or
file—and then to reinfect them at some future date. It was “like a submarine
rigged for silent running … the retro-virus waits until the destroyers have
stowed their depth charges and gone back to port before returning to sink
ships,” it was claimed, somewhat colorfully, in the computing journal Info
World. At the time, the retro-virus was without a doubt the most sinister virus
ever reported, but it had only been seen once—by the researcher who reported
it.
The CVIA was not averse to creating a few myths of its own. Its chairman, John
McAfee, an ebullient and eminently quotable computer expert, was always
available to fill in the press on the irresistible spread of viruses. He was a
good interviewee, with a store of anecdotes about computer viruses and reports
of virus attacks at generally unidentified companies and institutions, and he
managed to give the impression that each anecdote could lead to a thousand
more, that each incident was representative of a hundred others. In 1988 and
1989, reports about viruses always intimated that what was public knowledge was
only the tip of the iceberg—that the problem was much bigger, much wider, and
much more pervasive than anyone suspected. But far from being the tip of the
iceberg, what had been reported was the whole problem—and even that was seen
through a prism. The hype had its effect, however, and sales of antivirus
software soared.
Born in science fiction, legitimized by
Comments (0)