Approaching Zero, Paul Mungo [good summer reads TXT] 📗
- Author: Paul Mungo
- Performer: -
Book online «Approaching Zero, Paul Mungo [good summer reads TXT] 📗». Author Paul Mungo
his adversary: hatred, tinged with a measure of respect.
On several occasions, Vesko says, he has tried to smoke out the virus writer.
Once Vesko announced that he had carefully analyzed two viruses attributed to
the Dark Avenger: the Number of the Beast and Eddie. He said that, in his view,
they could not possibly be the work of the same writer. One was clever, the
work of a professional, the other sloppy, the work of an amateur. Furthermore,
he said that he intended to present his evidence at a lecture that would be
held in Sofia. He guessed that the Dark Avenger would appear, if only to hear
what Vesko had to say about his programs.
The meeting was well attended, particularly for a cold Friday night in early
December. Vesko presented his evidence. Number of the Beast, he said, was
obviously written by an extremely skilled specialist whose style contrasted in
every way with the poor quality of Eddie. He watched the audience during his
presentation, Vesko says, looking for someone who might be the Dark Avenger;
during the questions and discussion afterwards he listened for anyone defending
the programming of Eddie. He saw and heard nothing that gave him any clues.
But two days after the lecture he received a letter from the Dark Avenger.
According to the letter, the virus writer had attended the meeting. Vesko
published his comments in the magazine Komputar za was. “The author of the
Eddie virus is writing to you,” the Dark Avenger began. “I have been reading
your pieces of stupidity for quite a long time but what I heard in your lecture
was, to put it boldly, the tops.” The virus writer went on to complain about
Vesko’s critique of his programming skills. Then he added:
“I will tell you that my viruses really destroy information but, on the other
hand, I don’t turn other people’s misfortunes into money. Since you [get paid
to] write articles that mention my programs, do you not think I should get
something?”
Virus writing is not a lucrative field. The Dark Avenger had once before
alluded to getting paid for his skills, in a message to a local bulletin board
operator, when he had suggested, none too hopefully, that “maybe someone can
buy viruses.” So far as is known, he has never sold any of his bugs.
In 1990 Vesko put together a psychological profile of the Dark Avenger, a
compilation of all the known facts about him: his taste in music, his favorite
groups, his supposed interest in the Princess of Wales, his need for money and
so on. From his letter Vesko gleaned he had been a student at Sofia University
and, from sarcastic remarks he had made about Vesko’s engineering degree, that
he was either a mathematics or science student (there is a traditional rivalry
between engineering and the other two faculties). He sent the profile to seven
former students at the university, asking if they knew anyone who fitted the
criteria. All seven replied, Vesko says, and all seven mentioned the same name-
-that of a young man, then twenty-three, a programmer in a small, private
software house in Sofia.
Vesko didn’t turn him in. Even had he wanted to, there was little point:
writing viruses is not illegal in Bulgaria.
Inevitably there are people in the computer underworld who use their skills to
make money—legally or illegally. Hacking into suppliers to steal goods, or
looting credit card companies, has become established practice. But there seems
to be little commercial potential in viruses—unless it becomes part of a scam.
In December 1989 the first such scam appeared. The virus was used as a
blackmail weapon to frighten computer users into paying for protection. Jim
Bates, a freelance computer security consultant, was one of the first to
examine the blackmail demand delivered on an apparently ordinary computer
diskette. He had received a call earlier that day from Mark Hamilton, the
technical editor of a British computer magazine called PC Business World. Mark
had sounded worried: “There’s apparently been a trojan diskette sent out to PC
Business World customers. We don’t know anything about it. If we send you a
copy, can you look into it?”
Jim runs his little business from his home in a commuter suburb ith the
misleadingly bucolic name of Wigston Magna, near ~icester, in the English
Midlands. Though he had other work to at the time, he agreed to “look into it”-
-which meant, effecvely, disassembling the bug. It would be a timeconsuming
task. “What does it do?” he asked.
“We don’t know. It may be some sort of blackmail attempt.”
To Jim, the concept of viral blackmail sounded unlikely. As far as he knew, no
one had ever made a penny out of writing virUses. It was said that if there was
any money in writing bugs, Bulgaria would be one of the richest countries in
Europe; but instead it remained one of the poorest.
At 5:30 that afternoon, December 12,1989, the package from PC Business World
arrived. As promised, it contained a diskette, of the sort sent out to the
magazine’s readers; it also contained a copy of a blue instruction leaflet that
had accompanied the diskette.
Jim examined the leaflet closely. “Read this license agreement carefully [and]
if you do not agree with the terms and conditions … do not use the
software,” it began. It then stated that the program on the diskette was leased
to operators for either 365 uses at a price of $189, or the lifetime of their
hard disk at a price of $389. “PC Cyborg Corporation,” it continued, “also
reserves the right [sic] to use program mechanisms to ensure termination of the
use of the program [which] will adversely affect other program applications.”
So far, Jim thought, it read much like a normal software licensing agreement,
except for the warning that the program might “adversely effect other program
applications.”
But farther down in the small print on the leaflet was a paragraph that made
him sit up. “You are advised of the most serious consequences of your failure
to abide by the terms of this agreement: your conscience may haunt you for the
rest of your life … and your computer will stop functioning normally
[authors’ italics].”
This, Jim thought, was carrying the concept of a licensing agreement too far.
Licensing software was a perfectly acceptable business practice, as was making
threats that unauthorized users of their products would be prosecuted for
“copyright infringement.” They never threatened to punish unauthorized users by
damaging their computers.
Even more unusual, the diskette had been sent out like junk mail, unrequested,
to computer users around Great Britain, inviting them to run it on their
machines. Whoever had distributed the diskettes had obviously purchased PC
Business World’s mailing list, which the magazine routinely rented out in the
form of addressed labels. The magazine had seeded its list with names and
addresses of its own staff, an ordinary practice that allows the renter to
check that its clients aren’t using the list more often than agreed. These
seeded addresses had alerted the magazine to the existence of the diskette. If
the publication had received copies from its seeded addresses, so had some
seven thousand others on the mailing list. And Jim knew that many of these
would have loaded the program without reading the blue leaflet—which was, in
any case, printed in type so small that it was almost unreadable. Anyone who
had already run the diskette, Jim thought, could well be sitting on a time
bomb.
Later that evening an increasingly anxious Mark Hamilton phoned again: “We’re
now getting reports that this disk has been found in Belgium, Paris, Germany,
Switzerland, Scandinavia, and Italy. Can you do anything with it?”
In fact, Jim was already working on an antidote. He had loaded the diskette on
an isolated test computer in his upstairs office and had discovered that it
contained two very large executable files: an “Install” program and an “AIDS”
program. Jim had previously attempted to run the AIDS file on its own, but
after a few seconds it aborted, displaying the message: “You must run the
Install program before you can use the AIDS program.”
He followed the instructions, warily loading up Install. It beeped into life,
the light on the hard disk flickering off and on. When the installation was
finished, Jim looked at the hard disk, using software designed to see all of
the files listed in the computer’s various directories. The software also
allowed him to see any “hidden” files, those generally concealed from casual
inspection to prevent them being deleted accidentally. There are always two
hidden operating system files on a hard disk; but now, after running the
Install program, there was suddenly a whole series of them, none of them named.
He decided to have a look at the hidden files, using another
special program. This software went right into the heart of the files,
penetrating the binary code, the building blocks of programs. It presented the
contents on a vertically split screen: the left side displaying the files in
computer code, the right in ordinary text. Jim went through them page by page.
He discovered that the hidden files contained a counter, which kept track of
the number of times the computer was turned on. After ninety startups the
hidden files would spring to life and attack the computer’s hard disk,
encrypting working files and hiding programs. Without access to programs and
data, the system would be unusable.
The diskette Jim realized, was a huge trojan horse, a malicious piece of
software that entered a system in the guise of something useful, then unleashed
its payload. In this case the “useful” component was the “AIDS information”
file; the payload was the scrambling of the hard disk.
Curiously, Jim found that the program had been written to behave almost like
the real AIDS virus. It was opportunistic, just like its biological
counterpart; it spread its infection slowly; and was ultimately fatal to its
hosts. Whoever wrote the program must have been casually interested in AIDS,
though perhaps he didn’t know a great deal about the subject. Switching to the
AIDS information file, Jim read through the material it offered, which
described itself as “An interactive program for health education on the disease
called AIDS…. The health information provided could save your life…. Please
share this program diskette with other people so that they can benefit from it
too.”
The program offered “up-to-date information about how you can reduce the risk
of future infection, based on the details of your own lifestyle and history.”
It required a user to answer thirtyeight questions—sex, age, number of sexual
partners since 1980, medical history, sexual behavior, and so on—and according
to the user’s answers it provided “confidential advice,” most of which was
eccentric and misleading: “Scientific studies show that you cannot catch AIDS
from insects,” and “AIDS can be prevented by avoiding the virus” were two of
the less helpful comments. Others included, “Danger: Reduce the number of your
sex partners now!” “You are advised that your risk of contracting AIDS is so
large that it goes off the chart of probabilities.” “Buy condoms today when you
leave your office.” “Insist that your sex partner be mutually faithful to the
relationship.” “Casual kissing appears to be safe. Open-mouth kissing appears
to be more dangerous. It is that which follows open-mouth kissing that is most
risky.” “The AIDS virus may appear in small quantities in the tears of an
infected person.”
The AIDS trojan, as it had quickly become named, also produced a variety of
messages demanding payment for the license. In certain cases, if the computer
was
Comments (0)