Approaching Zero, Paul Mungo [good summer reads TXT] 📗
- Author: Paul Mungo
- Performer: -
Book online «Approaching Zero, Paul Mungo [good summer reads TXT] 📗». Author Paul Mungo
The arrival of the worm coincided with reports of protestors in Florida
attempting to disrupt the launch of a nuclear-powered shuttle payload. It is
assumed that the worm was also a protest against the launch.
The WANK Worm spread itself at a more leisurely rate than the lnternet Worm,
sending out fewer alarms and creating less hysteria. But when Kevin Obermann, a
computer technician at Lawrence Livermore Laboratories, took it apart, he
reported, “This is a mean bug to kill and could have done a lot of damage.”
The WANK Worm had some features that were not present in the Father Christmas
Worm: to a limited extent it could evolve and miltate, allowing it to become
just a little bit smarter as it made its way from machine to machine. In other
words, the worm had been designed to mutate deliberately, to add to the
problems that might be caused by accidental mutation or by unintentional
programming errors. And, by not immediately announcing its presence, it had more
time to spread.
A method for combatting the worm was developed by Bernard Perrot of the
Institut de Physique Nucleaire at Orsay, France. Perrot’s scheme was to create
a booby-trapped file of the type that the worm could be expected to attack. If
the worm tried to use information from the file, it would itself come under
attack and be blown up and killed.
By the end of 1989 the prophecies of the computer virus experts seemed to
have come true. Now not only were there viruses, but there was a whole panoply
of malicious software to deal with: worms, trojans, and the programs known as
logic bombs.
Bombs are always deliberately damaging but, unlike viruses, don’t replicate.
They are designed to lay dormant within a computer for a period of time, then
explode at some preprogrammed date or event. Their targets vary: some delete
or modify files, some zap the hard disk; some even release a virus or a worm
when they explode. Their only common feature is the single blast of intentional
destruction.
What had started out as simple selfreplicating programs had grown into a
full-blown threat to computer security. Those who
had warned about the potential danger for the past two years were entitled to
say, “I told you so.”
But the prophecies were self-fulfilling. The choice of the term virus to
describe quite unremarkable programs glamorized the mundane; the relentless
promotion of the presumed threat put ideas in the minds of potential virus
writers; the publicity given the concept ensured that the writer’s progeny
would become known and discussed. Even if the writer himself remained anonymous, he would know that his creative offspring would become famous.
The computer underworld is populated with young men (and almost no women),
mostly single, who live out their fantasies of power and glory on a keyboard.
That some young men find computing a substitute for sexual activity is probably
incontrovertible. Just as a handle will often hide a shy and frightened
fifteen-year-old, an obsession with computing to the exclusion of all else may
represent security for a sexually insecure youngster. The computer is his
partner, his handle is his alter ego, and the virus he writes is the child of
this alter ego and his partner.
A German virus writer once said, “You feel something wonderful has happened
when you’ve produced one. You’ve created something that lives. You don’t know
where it will go or what it will do, but you know it will live on.”
The antivirus industry, of course, had no thoughts of creating a hobby for
insecure technology wizards when it began its campaign of publicity and hype in
1987 and 1988. But there was little question that by the end of 1989 a real
threat to computer systems had been created, posed by what was indeed becoming
a plague of viruses. The number of catalogued viruses in the West would grow
exponentially: from thirty-odd in mid-1988, to a hundred at the end of 1989,
five hundred in 1990 and over two thousand-plus at the end of 1992. Along the
way the antivirus industry would lose all control of the plague—its security
software overwhelmed, its confidence battered by the sheer number of new
viruses confronting it. And the new viruses became much more destructive,
malicious, and uncontrollable than anyone had ever imagined.
In March 1990 the first attempt was made to quantify the extent of the threat
posed by computer viruses. Dr. Peter Tippett, a Case Western University scholar
and the president of Certus International, a software company, predicted that 8
percent of all PCs would be infected within two years, even if no new viruses
were written. He estimated the cost of removing the infections at $1.5 billion
over five years—not taking into account the value of the data that would be
destroyed. In 1991 he estimated that organizations in North America with over
four hundred computers had a 26 percent probability of being hit by a virus
within the next year; they also had a 5 percent chance of that virus causing a
“disaster,” which he defined as an infection that spread to twenty-five or more
machines. A more recent projection, made in late 1991, went farther. It
suggested that as many as 12 million of the world’s 70 million computers—or
roughly 17 percent—would be infected within the next two years.
But predictions such as those made by Dr. Tippett have proved difficult to
substantiate: most virus attacks simply aren’t reported; there is no body that
regularly collects reliable statistics about the virus problem, and estimates
of costs are always just guesses. When Dr. Tippett made his predictions, the
number of new viruses that were appearing made it seem possible that their
sheer volume would overwhelm the world’s computer systems. By 1992,
there were over 1,500 catalogued viruses and variants in the West by spring
1993, there could well be twice that number.
Tippett had based his predictions on the behavior of just one virus, called
Jerusalem. It was first discovered in December 1987 at the Hebrew University in
Jerusalem, though it is thought to have been written in Haifa, the country’s
principal port and the home of its leading technical college, Technion
University. At least, that is one theory. No one has proved that the virus was
written in Haifa, nor has anyone ever claimed authorship.
The Jerusalem virus was a malicious joke, which would delete any program files
used on Friday the 13th. There are two Friday the 13ths in any given year; in
between those dates the virus signaled its presence by displaying a little box
in the lower half of the computer screen and then slowing down infected systems
to an unacceptable crawl. It also contained a gremlin that, contrary to the
programmer’s intentions, caused it to reinfect—or add itself to—many of the
same program files. Eventually the files would grow so big that the virus would
take up all of the computer’s memory.
The virus quickly acquired a fearsome reputation. Maariv, one of Israel’s
leading daily newspapers, heralded its discovery with an article on January 8,
1988, that warned, “Don’t use your computer on Friday the 13th of May this
year! On this day, the Israeli virus which is running wild will wake up from
its hibernation and destroy any information found in the computer memory or on
the disks.”
The report was somewhat exaggerated. It wasn’t true that Jerusalem could
destroy “any information found in the computer memory or on the disks,” as it
had been written to delete only programs that were used on Friday the 13th. In
practice, few users suffered any real damage. Most operators would delete the
virus as soon as they saw the little box appear on the screen and noticed the
system slow down—which generally happened about half an hour after the virus
had infected a computer.
While Jerusalem may not have been as destructive as its publicity suggested, it
was exceptionally virulent and spread quickly and widely. Unlike most previous
viruses, Jerusalem could infect nearly any common program file, which gave it
more opportunity to travel. (By contrast, the Pakistani virus, Brain, could
only infect the boot sector on specific diskettes, and Lehigh could only infect
one particular type of program file.)
Jerusalem’s propagation rate was phenomenal. From Israel it spread quickly to
Europe and North America, and a year after its discovery in Israel it had
become the most common virus in the world. In 1989 it was said to have been
responsible for almost 90 percent of all reported incidents of viral infection
in the United States.
Because Tippett’s predictions were based on the propagation rate of this
particularly infectious bug, they probably overstated the potential growth
rate of viruses. One of the peculiarities of viruses that Tippett overlooked
is that most remain localized, causing infection on a limited number of
machines, sometimes on just a single site. So far only about fifty viruses
have propagated rapidly and spread from their spawning ground to computers
throughout the world. The rate of propagation seems to be a matter of luck.
Through an unpredictable combination of circumstance and chance, some viruses
are destined to wither away in parochial isolation, while others achieve a sort
of international notoriety. There seems little logic to which remain localized
and which propagate.
In March 1989 a new virus was discovered in the United States, which was
reported to have come to North America via Venezuela. Its payload was simple:
it displayed the words Den and Zuk, converging from separate sides of the
computer screen. The word Zuk was followed by a globe resembling the AT&T
corporate logo. Inevitably, the virus became known as Den Zuk.
The bug was found to be relatively harmless. Like Brain, it nestled in the boot
sector of infected diskettes, but changed their volume labels to “Y.C.I.E.R.P.”
Its payload was set to trigger after what is known as a warm reboot—restarting
the computer
from the keyboard without using the power switch. Warm reboots are generally
employed when the computer has frozen, or stopped—a fairly uncommon
occurrence, so the payload wasnt triggered very often.
An Icelandic virus researcher, Fridrik Skulason, surmised that the character
string “Y.C.I.E.R.P” could be an amateur radio call sign. He looked up the sign
in the International Callbook and found that it was attributed to an operator
in Bandung, a city on the island of Java, in Indonesia. Skulason wrote to the
operator, Denny Ramdhani, who replied with a long and detailed letter. He was,
he admitted, the author of Den Zuk: “Den” was an allusion to his first name;
“Zuk” came from his nickname, Zuko, after Danny Zuko, the character played by
John Travolta in the film Grease. He had written the virus in March 1988, when
he was twenty-four, “as an experiment.” He wanted, he said, “to ‘say hello’ to
other computer users in my city. I never thought or expected it to spread
nationwide and then worldwide. I was really surprised when my virus attacked
the U.S.A.”
If Denny was surprised, the computer industry was flabbergasted. Den Zuk was
neither a particularly infectious bug, nor was it grown in a locale that could
be said to be within the communication mainstream. Bandung, for all of its
exotic charm, is not a city normally associated with high-technology
industries. Denny’s virus traveled simply because it got lucky.
Viruses are unguided missiles, so it seems almost as likely that a bug launched
from an obscure Indonesian city will hit targets in North America as one set
off from, say, Germany. Nor is the sophistication of the bug any arbiter of its
reach: Den Zuk was a simple virus, without any real pretension to what is known
as an infection strategy.
The universality of the
Comments (0)