💾 Archived View for spam.works › mirrors › textfiles › virus › csvir89.vir captured on 2023-06-16 at 21:01:56.

View Raw

More Information

-=-=-=-=-=-=-

The following text is copyright (c) 1987-1990 CompuServe Magazine
and may not be reproduced without the express written permission of CompuServe.

CompuServe Magazine's Virus History Timeline

CompuServe Magazine is published monthly by the CompuServe Information
Service, the world's largest on-line information service with over 600,000
subscribers worldwide.

If you would like to become a CompuServe subscriber, call
1-800-848-8199 to receive a copy of the CompuServe Information Service
membership kit.


- 1989 -


VIRUS STRIKES UNIVERSITY OF OKLA.

  (Jan. 11)
  Officials at the University of Oklahoma in Norman, Okla., blame a computer
virus for ruining several students' papers and shutting down terminals and
printers in a student lab at the university library.
  Manager Donald Hudson of Bizzell Memorial Library told The Associated Press
that officials have purged the library computers of the virus. He said the
library also has set up extra computers at its lab entrance to inspect students'
programs for viruses before they are used on other computers.
  The wire service said the library's virus probably got into a computer through
a student's disk, but the student may not have known the virus was there. Hudson
said the library's computers are not linked to any off-campus systems. However,
the computers are connected through printers, which he said allowed the virus to
spread.
  --Charles Bowen


"FRIDAY THE 13TH" VIRUS STRIKES

  (Jan. 13)
  Data files and programs on personal computers throughout Britain apparently
were destroyed today by what was termed a "Friday the 13th" computer virus.
  Alan Solomon, managing director of S and S Enterprises, a British data
recovery center, told The Associated Press that hundreds of users of IBM and
compatible PCs reported the virus, which he said might be a new species.
  Solomon, who also is chairman of an IBM users group, told the wire service
that phone lines to the center were busy with calls for help from businesses and
individuals whose computers were struck by the virus.
  "It has been frisky," he said, "and hundreds of people, including a large firm
with over 400 computers, have telephoned with their problems."
  S and S hopes to figure out how the virus operates and then attempt to disable
it. "The important thing is not to panic and start trying to delete everything
in a bid to remove the virus," Solomon said. "It is just a pesky nuisance and is
causing a lot of problems today."
  --Charles Bowen


"FRIDAY THE 13TH" VIRUS MAY BE NEW VERSION OF ONE FROM ISRAEL

  (Jan. 14)
  Investigators think the "Friday the 13th" virus that struck Britain yesterday
might be a new version of the one that stymied computers at the Hebrew
University in Jerusalem on another Friday the 13th last May.
  As reported here yesterday (GO OLT-308), hundreds of British IBM PCs and
compatibles were struck by the virus, which garbled data and deleted files.
  Jonathan Randal of The Washington Post Foreign Service reports the program is
being called the "1,813" variety, because of the number of unwanted bytes it
adds to infected software.
  He says the specialists are convinced the program "is the brainchild of a
mischievous -- and undetected -- computer hacker at Hebrew University."
  Alan Solomon, who runs the IBM Personal Computer User Group near London, told
the Post wire service that 1,813 was relatively benign, "very minor, just a
nuisance or a practical joke."
  Solomon said he and other specialists first noted the virus in Britain several
months ago when it began infecting computers. Solomon's group wrote security
software with it distributed free, so, he said, the virus basically struck only
the unlucky users who didn't take precautions.
  --Charles Bowen



LIBRARY OF CONGRESS VIRUS VICTIM

  (Jan. 27)
  An official with the US Library of Congress acknowledges that the institution
was struck by a computer virus last fall.
  Speaking to a delegation of Japanese computer specialists touring Washington,
D.C., yesterday, Glenn McLoughlin of the library's Congressional Research
Service disclosed that a virus was spotted and killed out of the main catalog
computer system before it could inflict any damage to data files.
  Associated Press writer Barton Reppert quoted McLoughlin as saying, "It was
identified before it could spread or permanently erase any data."
  McLoughlin added the virus was found after personnel logged onto computers at
the library and noticed they had substantially less memory space to work with
than they had expected.
  He said the virus apparently entered the system through software obtained from
the University of Maryland. "We don't know," he said, "whether it was a student
at Maryland, or whether Maryland had gotten it from somebody else. That was
simply the latest point of departure for the software."
  Meanwhile, Reppert also quoted computer security specialist Lance J. Hoffman
of George Washington University as saying the world may be heading toward a
catastrophic computer failure unless more effective measures are taken to combat
viruses.
  Comparing last November's virus assault on the Pentagon's ARPANET network to a
nuclear accident that "could have had very disastrous consequences for our
society," Hoffman told the visitors, "It wasn't Chernobyl yet, it was the Three
Mile Island -- it woke a lot of people up."
  Online Today has been following reports of viruses for more than a year now.
For background files, type GO OLT-2039 at any prompt. And for other stories from
The Associated Press, type GO APO.
  --Charles Bowen



CHRISTMAS VIRUS FROM FRANCE?

   (Jan 30)
   A little noticed software worm, the so-called Christmas Decnet virus, may
have originated from Germany or France. Apparently released at the end of
December, the worm replicated itself only onto Digital Equipment Corp. computers
that were connected to Decnet, a national communications network often accessed
by DEC users.
  At least one system administrator has noticed that the worm collected
identifying information from the invaded terminals and electronically mailed
that information to a nedw?rk`????J??2?ancen T?e ass?mptZ?J??that the French
node collected the information and, subsequently, used it to propagate the worm
throughout the network.
  The so-called German connection came about because of the way the worm
presents text information on invaded terminals. Though written in English, the
worm message is said to contain strong indications of Germanic language syntax.
Predictably, a German "connection" has led to speculation that Germany's Chaos
Computer Club may have had a role in worm's creation.
  --James Moran



SPLIT SEEN ON HOW TO PROSECUTE MAN ACCUSED OF ARPANET VIRUS

  (Feb. 2)
  Authorities apparently are divided over how to prosecute Robert T. Morris Jr.,
the 23- year-old Cornell University graduate student suspected of creating the
virus that stymied the national Arpanet computer network last year.
  The New York Times reports today these two positions at issue:
  -:- US Attorney Frederick J. Scullin in Syracuse, N.Y., wants to offer Morris
a plea bargain to a misdemeanor charge in exchange for information he could
provide. Scullin reportedly already has granted Morris limited immunity in the
case.
  -:- Some in the US Justice Department want Morris charged with a felony in
hopes of deterring similar computer attacks by others. They are angry over
Morris's receiving limited immunity.
  Confirming a report in The Times, a source who spoke on condition of anonymity
told Associated Press writer Carolyn Skorneck the idea of granting Morris
limited immunity has "caused a lot of consternation down here."
  Skorneck notes the 1986 Computer Fraud and Abuse Act makes unlawful access to
a government computer punishable by up to a year in jail and a $250,000 fine. If
fraud is proved, the term can reach 20 years in prison.
  The source told AP, "As far as we're concerned, the legal problem was still
(Morris's) intent." In other words, officials apparently are uncertain whether
Morris had planned to create and spread the virus that infected some 6,000
government computers on the network last Nov. 2.
  As reported earlier, Morris allegedly told friends he created the virus but
that he didn't intend for it to invade the Unix- based computers linked to
Arpanet.
  Skorneck says Mark M. Richard, the Justice Department official who is
considering what charges should be brought in the case, referred questions to
the FBI, which, in turn, declined to discuss the case because it is an ongoing
investigation.
 0H?weverl S??]????? ????-?said he understood the FBI was extremely upset over
the limited immunity granted to Morris.
  Meanwhile, Morris's attorney, Thomas Guidoboni of Washington, D.C., said no
plea bargain had been worked out, "They have not told me," he said, "what
they've recommended, and I've not offered on behalf of my client to plead guilty
to anything. I have told p(Y[?W????t plead guilty to a felony. I'm very
emphatic about that."
  --Charles Bowen



FEDERAL GROUP FIGHTS VIRUSES

  (Feb. 3)
  The Computer Emergency Response Team (CERT) has been formed by the Department
of Defense and hopes to find volunteer computer experts who will help federal
agencies fight computer viruses. CERT's group of UNIX experts are expected to
help users when they encounter network problems brought on by worms or viruses.
  A temporary group that was formed last year after Robert T. Morris Jr.
apparently let loose a bug that infected the Department of Defense's Advanced
Project Agency network (ARPANET), will be disbanded.
  The Morris case has some confusing aspects in that some computer groups have
accused federal prosecutors with reacting hysterically to the ARPANET infection.
It has been pointed out that the so-called Morris infection was not a virus, and
that evidence indicates it was released onto the federal network accidentally.
  CERT is looking toward ARPANET members to supply its volunteers. Among those
users are federal agencies, the Software Engineering Institute and a number of
federally-funded learning institutions. Additional information is available from
CERT at 412/268- 7090.
  --James Moran



COMPUTER VIRUSES HOT ISSUE IN CONGRESS

  (Feb. 3)
  One of the hottest high-tech issues on Capitol Hill is stemming the plague of
computer viruses.
  According to Government Computer News,  Rep. Wally Herger (R-Calif.) has
pledged to reintroduce a computer virus bill that failed to pass before the
100th Congress adjourned this past fall.  The measure will create penalties for
people who inject viruses into computer systems.
  "Unfortunately, federal penalties for those who plant these deadly programs do
not currently exist," said Herger. "As a result, experts agree that there is
little reason for a hacker to even think twice about planting a virus."  (Herger
then later corrected himself saying those who plant viruses are not hackers but
rather criminals.)
  GCN notes that the bill calls for prison sentences of up to 10 years and
extensive fines for anyone convicted of spreading a computer virus. It would
also allow for civil suits so people and businesses could seek reimbursement for
system damage caused by a virus attack.
  If the bill is referred to the Judiciary Committee, as is likely, it stands a
reasonable chance of passage.  Rep. Jack Brooks, a longtime technology
supporter, is the new head of that committee and he has already stated that the
new position will not dampen his high-tech interests.
  -- Cathryn Conroy CONGRESS LOOKS AT ANOTHER COMPUTER PROTECTION BILL

    (Feb. 27)
  The Computer Protection Act (HR 287) is the latest attempt by Congress to
battle computer viruses and other forms of sabotage on the high-tech machines.
  Introduced by Rep. Tom McMillan (D-Md.), the bill calls for a maximum of 15
years in prison with fines of $100,000 to $250,000 for those convicted of
tampering with a computer, be it hardware or software.
  "With the proliferation of various techniques to tamper with computers, we
need to fill the void in federal law to deal with these criminals," said
McMillan.  "This legislation will send the clear signal that infiltrating
computers is not just a cute trick; it's against the law."
  The bill, which has been referred to the Judiciary Committee, is written quite
broadly and is open to interpretation.
  -- Cathryn Conroy



VIRUS CREATOR FOUND DEAD I?!39

  (March 17)
  A Californian who said he and one of his students created the first computer
virus seven years ago as an experiment has been found dead at 39 following an
apparent aneurysm of the brain.
  Jim Hauser of San Luis Obispo died Sunday night or Monday morning, the local
Deputy Coroner, Ray Connelly, told The Associated Press.
  Hauser once said he and a student developed the first virus in 1982, designing
it to give users a "guided tour" of an Apple II. He said that, while his own
program was harmless, he saw the potentially destructive capability of what he
termed an "electronic hitchhiker" that could attach itself to programs without
being detected and sneak into private systems.
  --Charles Bowen



HOSPITAL STRUCK BY COMPUTER VIRUS

   (March 22)
  Data on two Apple Macintoshes used by a Michigan hospital was altered recently
by one or more computer viruses, at least one of which apparently traveled into
the system on a new hard disk that the institution bought.
  In its latest edition, the prestigious New England Journal of Medicine quotes
a letter from a radiologist at William Beaumont Hospitals in Royal Oak, Mich.,
that describes what happened when two viruses infected computers used to store
and re!d)nuclear scans that are taken to diagnose patients' diseases.
  The radiologist, Dr. Jack E. Juni, said one of the viruses was relatively
benign, making copies of itself while leaving other data alone. However, the
second virus inserted itself into programs and directories of patient
information and made the machines malfunction.
  "No lasting harm was done by this," Juni wrote, because the hospital had
backups, "but there certainly was the potential."
  Science writer Daniel Q. Haney of The Associated Press quoted Juni's letter as
saying about three-quarters of the programs stored in0t?e`??j??II@PCs were
infected.
  Haney said Juni did not know the origin of the less harmful virus, "but the
more venal of the two apparently was on the hard disk of one of the computers
when the hospital bought it new. ... The virus spread from one computer to
another when a doctor used a word processing program on both machines while
writing a medical paper."
  Juni said the hard disk in question was manufactured by CMS Enhancements of
Tustin, Calif.
  CMS spokesman Ted James confirmed for AP that a virus was inadvertently put on
600 hard disks last October.
  Says Haney, "The virus had contaminated a program used to format the hard
disks. ... It apparently got into the company's plant on a hard disk that had
been returned for servicing. James said that of the 600 virus-tainted disks, 200
were shipped to dealers, and four were sold to customers."
  James also said the virus was "as harmless as it's possible to be," that it
merely inserted a small piece of extra computer code on hard disks but did not
reproduce or tamper with other material on the disk. James told AP he did not
think the Michigan hospital's problems actually were caused by that virus.
  --Charles Bowen




MORE HOSPITALS STRUCK BY VIRUS

  (March 23)
  The latest computer virus attack, this one on hospital systems, apparently was
more far- reaching than originally thought.
  As reported here, a radiologist wrote a letter to the New England Journal of
Medicine detailing how data on two Apple Macintoshes used by the William
Beaumont Hospital in Royal Oak, Mich., was altered by one or more computer
viruses. At least one of the viruses, he said, apparently traveled into the
system on a new hard disk the institution bought.
  Now Science writer Rob Stein of United Press International says the virus --
possibly another incarnation of the so-called "nVIR" virus -- infected computers
at three Michigan hospitals last fall. Besides the Royal Oak facility, computers
at another William Beaumont Hospital in Troy, Mich., were infected as were some
desktop units at the University of Michigan Medical Center in Ann Arbor.
  Stein also quoted Paul Pomes, a virus expert at the Universh?y of Illinois in
Champaign, as saying this was the first case he h?@`?YX.z??J????????
??????5Rh??$Vk???????a computer used for patient care or diagnosis in a hospital.
However, he added such disruptions could become more common as personal
computers are used more widely in hospitals.
  The virus did not harm any patients but reportedly did delay diagnoses by
shutting down computers, creating files of non-existent patients and garbling
names on patient records, which could have caused more serious problems.
  Dr. Jack Juni, the radiology who reported the problem in the medical journal,
said the virus "definitely did affect care in delaying things and it could have
affected care in terms of losing this information completely." He added that if
patient information had been lost, the virus could have forced doctors to repeat
tests that involve exposing patients to radiation. Phony and garbled files could
have caused a mix-up in patient diagnosis. "This was information we were using
to base diagnoses on," he said. "We were lucky and caught it in time."
  Juni said the virus surfaced when a computer used to display images used to
diagnose cancer and other diseases began to malfunction at the 250-bed Troy
hospital last August. In October, Juni discovered a virus in the computer in the
Troy hospital. The next day, he found the same vir?s2in a similar computer in
the 1,200-bed Royal Oak facility.
  As noted, the virus seems to have gotten into the systems through a new hard
disk the hospitals bought, then spread via floppy disks.
  The provider of the disk, CMS Enhancements Inc. of Tustin, Calif., said it
found a virus in a number of disks, removed the virus from the disks that had
not been sent to customers and sent replacement programs to distributors that
had received some 200 similar disks that already had been shipped.
  However, CMS spokesman Ted James described the virus his company found as
harmless, adding he doubted it could have caused the problems Juni described.
"It was a simple non-harmful virus," James told UPI, "that had been created by a
software programmer as a demonstration of how viruses can infect a computer."
  Juni, however, maintains the version of the virus he discovered was a mutant,
damaging version of what originally had been written as a harmless virus known
as "nVIR." He added he also found a second virus that apparently was harmless.
He did not know where the second virus originated.
  --Charles Bowen


GOVERNMENT PLANS FOR ANTI-VIRUS CENTERS

  (March 24)
  Federal anti-virus response centers that will provide authentic solutions to
virus attacks as they occur will be developed by the National Institute of
Standards and Technology, reports Government Computer News.
  The centers will rely on unclassified material throughout the federal
government and provide common services and communication among other response
centers.
  NIST will urge agencies to establish a network of centers, each of which will
service a different use or technological constituency.  They will offer
emergency response support to users, including problem-solving and
identification of resources. GCN notes they will also aid in routine information
sharing and help identify problems not considered immediately dangerous, but
which can make users or a system vulnerable to sabotage.
  A prototype center called the Computer Emergency Response Team is already
operational at the Defense Advanced Research Projects Agency and will serve as a
model for the others.
  Although NIST and the Department of Energy will provide start-up funds, each
agency will have to financially support its response center.
  --Cathryn Conroy



MORRIS "WORM" WAS NEITHER GENIUS NOR CRIMINAL, COMMISSION SAYS

  (April 2)
  A Cornell University investigating commission says 23- year-old graduate
student Robert Morris acted alone in creating the rogue program that infected up
to 6,000 networked military computers last Nov. 2 and 3.
  In addition, the panel's 45- page report, obtained yesterday by The Associated
Press, further concludes that while the programming by the Arnold, Md., student
was not the work of a genius, it also was not the act of a criminal.
  AP says Morris, who is on a leave of absence from Cornell's doctoral program,
declined to be interviewed by the investigating commission.
  Speculating on why Morris cre{?fd the rogue program, the panel wrote, "It may
simply have been the unfocused intellectual meanderings of a hacker completely
absorbed with his creation and unharnessed by considerations of explicit purpose
or potential effect."
  Incidentally, the panel also pointed out what others in the industry observed
last November, that the program technically was not a "virus," which inserts
itself into a host program to reproduce, but actually was a "worm," an
independent program that endlessly duplicates itself once placed in a computer
system.
  As reported, Morris still is being investigated by a federal grand jury in
Syracuse, N.Y., and by the US Justice Department in Washington, D.C.
  AP says the university commission rejected the idea that Morris created the
worm to point out the need for greater computer security. Says the report, "This
was an accidental byproduct of the event and the resulting display of media
interest. Society does not condone burglary on the grounds that it heightens
concern about safety and security."
  The report said, "It is no act of genius or heroism to exploit such
weaknesses," adding that Morris, a first-year student, should have reported the
flaws he discovered, which would "have been the most responsible course of
action, and one that was supported by his colleagues."
  The group also believes the program could have been created by many students,
graduate or undergraduate, particularly if they were aware of the Cornell
system's well-known security flaws.
  The wire service quotes thg?eport`?.????????????j?????Bp?K?????wanted to
spread the worm without detection, but did not want to clog the computers. In
that regard, the commission said Morris clearly should have known the worm would
replicate uncontrollably and thus had a "reckless disregard" for the
consequences.
  However, the Cornell panel also disputed some industry claims that the Morris
program caused about $96 million in damage, "especially considering no work or
data were irretrievably lost." It said the greatest impact may be a loss of
trust among scholars who use the research network.
  AP says the report found that computer science professionals seem to favor
"strong disciplinary measures," but the commission said punishment "should not
be so stern as to damage permanently the perpetrator's career."
  --Charles Bowen


ETHICS STUDY NEEDED IN COMPUTING

  (April 4)
  A Cornell University panel says education is more effective than security in
preventing students from planting rogue programs in research networks.
  As reported earlier, the panel investigated the work of Cornell graduate
student Robert Morris Jr., concluding the 23-year-old Maryland man acted alone
and never intended permanent damage when he inserted a "worm" into a nationwide
research network last November.
  Speaking at a press conference late yesterday in Ithaca, N.Y., Cornell Provost
Robert Barker said, "One of the important aspects of making the report public is
that we can now use it on campus in a much fuller way than we have before."
  United Press International says Cornell has taken steps to improve its
computer security since the incident, but members of the committee noted that
money spent on building "higher fences" was money that could not be spent on
education.
  Barker said Cornell will place a greater emphasis on educating its students on
computer ethics, and might use the recent case as an example, instead of relying
primarily on increased security to prevent similar incidents. Said the provost,
"It was the security of the national systems, and not of Cornell, that was the
problem here."
  As reported, Morris's worm infected up to 6,000 Unix-based computers across
the country. A federal grand jury in Syracuse, N.Y., investigated the case and
Justice Department officials in Washington now are debating whether to prosecute
Morris.
  --Charles Bowen



ILLINOIS STUDIES VIRUS LAW

  (April 15)
  The virus panic in some state legislatures continues as anti- virus
legislation is introduced in Illinois.
  Illinois House Bill 498 has been drafted by Rep. Ellis B. Levin (D-Chicago) to
provide criminal penalties for loosing a so-called computer virus upon the
public.  The bill is similar to one that has been introduced in Congress.
  Rep. Levin's bill provides that a person commits "'computer tampering by
program' when he knowingly: inserts into a computer program information or
commands which, when the program is run, causes or is designed to cause the
loss, damage or disruption of a computer or its data, programs or property to
another person; or provides or offers such a program to another person."
  Conviction under the legislation would result in a felony.  A second
conviction would bring harsher penalties.
  Currently, the bill is awaiting a hearing in the Illinois' House Judiciary II
Committee.  It is expected that testimony on HB 498 will be scheduled sometime
during April.
  --James Moran


ERRORS, NOT CRACKERS, MAIN THREAT

  (April 28)
  A panel of computer security experts has concluded that careless users pose a
greater threat than malicious saboteurs to corporate and government computer
networks.
  Citing the well-publicized allegations that Cornell University graduate
student Robert T. Morris Jr. created a worm program last November that swept
through some 6,000 networked systems, Robert H. Courtney Jr. commented, "It was
a network that no one attempted to secure."
  According to business writer Heather Clancy of United Press International,
Courtney, president of Robert Courtney Inc. computer security firm, said the
openness of Internet was the primary reason it was popular among computer
crackers, some of whom are less talented or more careless than others.
  "People making mistakes are going to remain our single biggest security
problems," he said. "Crooks can never, ever catch up."
  Sharing the panel discussion in New York, Dennis D. Steinauer, a computer
scientist with the National Institute for Standards and Technologies, added that
network users should not rely only on technological solutions for security
breaks.
  "Not everyone needs all security products and mechanisms out there," he said.
"The market is not as large as it is for networking equipment in general." He
added that a standard set of program guidelines, applicable to all types of
networks, should be created to prevent mishaps. "There has been a tremendous
amount of work in computer (operating) standards. The same thing is now
happening in security."
  Fellow panelist Leslie Forman, AT&T's division manager for the data systems
group, said companies can insure against possible security problems by training
employees how to use computers properly and tracking users to make sure they
aren't making potentially destructive errors. "It's not a single home run that
is going to produce security in a network," she said. "It's a lot of little
bunts."
  --Charles Bowen


EXPERTS TESTIFY ON COMPUTER CRIME

  (May 16)
  Electronic "burglar alarms" are needed to protect US military and civilian?
qomputer systems, Clifford Stoll, an astronomer at the Harvard- Smithsonian
Center for Astrophysics, told a Senate Judiciary subcommittee hearing on
computer crimes, reports United Press International.
  Stoll was the alert scientist who detected a 75-cent accounting error in
August 1986 in a computer program at Lawrence Berkeley Laboratory that led him
to discover a nationwide computer system had been electronically invaded by West
Germans.
  "This was a thief stealing information from our country," he said. "It deeply
bothers me that there are reprobates who say, `I will steal anything I can and
sell it to whoever I want to.' It opened my eyes."
  Following his discovery, Stoll was so immersed in monitoring the illegal
activity that he was unable to do any astronomy work for a year.
  "People kind of look at this as a prank," Stoll said. "It's kind of funny on
the one hand. But it's people's work that's getting wiped out."
  The West German computer criminals, who were later determined to have been
working for Soviet intelligence, searched the US computer network for
information on the Strategic Defense Initiative, the North American Defense
Command and the US KH-11 spy satellite.  They also withdrew information from
military computers in Alabama and California, although no classified information
was on any of the computer systems.
  William Sessions, FBI director, also appeared before the Senate subcommittee
and said the bureau is setting up a team to concentrate on the problem.
  He explained that computer crimes are among "the most elusive to investigate"
since they are often "invisible."  The FBI has trained more than 500 agents in
this area.
  UPI notes that Sessions agreed to submit his recommendations to Sen. Patrick
Leahy (D-Vt.), the subcommittee chairman, for new laws that could be used to
protect sensitive computer networks from viruses. Currently, there are no
federal laws barring computer viruses.
  The FBI is working with other federal agencies to assess the threat of such
crimes to business and national security.
  William Bayes, assistant FBI director, told the senators he likens a computes?
to a house with locks on the door.  He explained that he has placed a burglar
alarm on his computer at Berkeley, programming it to phone him when someone
tries to enter it.  He said more computer burglar alarms may be needed.
  -- Cathryn Conroy


MASS. CONSIDERS NEW INTRUSION LAW

  (May 21)
  In Boston, a state senator has offered a bill that would make it a violation
of Massachusetts law to enter a computer without authorization. It also would
level penalties against those caught planting so-called computer "viruses."
  Sen. William Keating, the bill's sponsor, told The Associated Press his
measure considers this new category of crime to be analogous to breaking into a
building.
  "It's an attempt," Keating added, "to put on the statutes a law that would
penalize people for destruction or deliberate modification or interference with
computer properties. It clarifies the criminal nature of the wrongdoing and, I
think, in that sense serves as a deterrent and makes clear that this kind of
behavior is criminal activity."
  The senator credits a constituent, Elissa Royal, with the idea for the bill.
Royal, whose background is in hospital administration, told AP, "I heard about
(computer) viruses on the news. My first thought was the clinical pathology
program. Our doctors would look at it and make all these decisions without
looking at the hard copy. I thought, what if some malevolent, bright little
hacker got into the system and changed the information? How many people would be
injured or die?"
  Keating's bill would increase penalties depending on whether the attacker
merely entered a computer, interfered with its operations or destroyed data. In
the most serious case, a person found guilty of knowingly releasing a virus
would be subject to a maximum of 10 years in prison or a $25,000 fine.
  AP says the bill is pending in committee, as staff members are refining its
language to carefully define the term "virus."
  --Charles Bowen


COMPUTER VACCINE MARKET THRIVES ON USER FEAR

  (May 23)
  The computer protection market is thriving. The reason? Fear. Fear of the
spread of computer viruses and worms has caused a boom in products that are
designed to protect unwitting users from the hazards of high- tech diseases.
  According to the Dallas Morning News, there is a surging cottage industry
devoted to creating "flu shots" and "vaccines" in the form of software and
hardware; however, many of these cures are nothing more than placebos.
  "There's a protection racket springing up," said Laura A. DiDio, senior editor
of Network World, the trade publication that sponsored a recent executive
roundtable conference in Dallas on "Network Terrorism."
  Last year alone, American businesses lost a whopping $555.5 million, 930 years
of human endeavor and 15 years of computer time from unauthorized access to
computers, according to statistics released by the National Center for computer
Crime Data in Los Angeles, Calif.
  The most difficult systems to protect against viruses are computer networks
since they distribute computing power throughout an organization. Despite the
threat, sales are thriving.  Market Intelligence Research says sales of ??sonalM
com?ut???5??????q??equipment grew 50 percent last year and are expected to
grow another 41 percent this year to $929.5 million.
  Meanwhile, the Computer Virus Industry Association says that the number of
computer devices infected by viruses in a given month grew last year from about
1,000 in January to nearly 20,000 in November and remained above 15,000 in
December.
  -- Cathryn Conroy



MORRIS SUSPENDED FROM CORNELL

  (May 25)
  Robert T. Morris, the 23-year-old graduate student whose "worm" program
brought down some 6,000 networked government and scientific computers last
November, has been suspended from Cornell University.
  The New York Times reported today Cornell officials have ruled that Morris, a
first-year graduate student, violated the school's Code of Academic Integrity.
  The paper quoted a May 16 letter to Morris in which Alison P. Casarett, dean
of Cornell's graduate school, said the young man will be suspended until the
beginning of the 1990 fall semester. Casarett added that if Morris wants to
reapply, the decision to readmit him will be made by the graduate school's
computer science faculty.
  The Times says the letter further states the decision to suspend Morris was an
academic ruling and was not related to any criminal charges Morris might face.
  No criminal charges have been levied against Morris so far. A federal grand
jury earlier forwarded its recommendations to the US Justice Department, but no
action has been taken.
  As reported last month, a Cornell University commission has said Morris'
action in creating and accidentally releasing the worm program into the ARPANET
system of Unix-based computers at universities, private corporations and
military installations was "a juvenile act that ignored the clear potential
consequences."
  While the Morris worm did not destroy data, it forced the shut- down of many
of the systems for up to two days while they were cleared of the rogue program.
  --Charles Bowen


PENDING COMPUTER LAWS CRITICIZED

  (June 18)
  Computer attorney Jonathan Wallace says that the virus hystY?ZX??????hasn't
quieted down and that legislation that will be reintroduced in Congress this
year is vague and poorly drafted.
  Noting that at least one state, New York, is also considering similar
legislation, Wallace says that legislators may have overlooked existing laws
that apply to "software weapons."  In a newsletter sent out to clients, Wallace
notes p(X?????the Electronic Communications Privacy Act (ECPA) and the
Computer Fraud and Abuse Act (CFAA) cover the vast majority of software crimes.
  Wallace points out that both the ECPA and the CFAA already impose criminal
penalties on illegal actions.  Even the Senate Judiciary Committee has refutted
the idea that more federal laws are needed. "Why don't we give existing laws a
chance to work, before rushing off to create new ones," Wallace asks.
  Wallace is the editor of Computer Li?!Letter and is an Assistant System
Administrator on CompuServe's Legal Forum (GO LAWSIG).
  --James Moran


NEW VIRUS HITS THAI COMPUTERS

  (June 27)
  A newspaper in Bangkok is reporting that a new computer virus, said to be the
most destructive yet discovered, has struck computer systems in Thailand.
  According to the Newsbytes News Service, computer security specialist John
Dehaven has told The Bangkok Post, "This is a very subtle virus that can lay
dormant, literally, for years."
  The wire service says that two Thai banks and several faculties at
Chulalongkorn University were hit by the rogue program -- called the "Israeli
virus," because it was first detected there -- at the beginning of last month.
Newsbytes says the infection spreads quickly through any computer once it is
activated.
  --Charles Bowen



CONGRESS STUDIES COMPUTER VIRUSES

  (July 21)
  The Congress is taking a hard look at a new report that says major computer
networks remain vulnerable to computer viruses that are capable of crippling
communications and stopping the nation's telecommunications infrastructure dead
in its tracks.
  Rep. Edward Markey (D-Mass.), chairman of the House telecommunications
subcommittee, told a hearing earlier this week that federal legislation may be
needed to ease the threats posed by computer viruses.
  "The risk and fear of computer-based sabotage must be reduced to an acceptable
level before we can reasonably expect our national networks to accomplish the
purposes for which they were created," Markey said during a hearing Wednesday on
the new congressional study.
  "We must develop policies that ensure (network's) secure operation and the
individuals' rights to privacy as computer network technologies and applications
proliferate," he added.
  The report by the General Accounting Office examined last year's virus attack
that shut down the massive Internet system, which links 60,000 university,
government and industry research computers.
  The GAO found that Internet and other similar systems remain open to attack
with much more serious results than the temporary shutdown experienced by
Internet.
  The GAO warned that the Internet virus, a "worm" which recopied itself until
it exhausted all of the systems available memory, was relatively mild compared
to other more destructive viruses.
  "A few changes to the virus program could have resulted in widespread damage
and compromise," the GAO report said.
  "With a slightly enhanced program, the virus could have erased files on
infected computers or remained undetected for weeks, surreptitiously changing
information on computer files," the report continued.
  The GAO recommended the president's science advisor and the Office of Science
and Technology Policy should take the lead in developing new security for
Internet.
  In addition, the report said Congress should consider changes to the Computer
Fraud and Abuse Act of 1986, or the Wire Fraud Act, to make it easier to bring
charges against computer saboteurs.
  Joining in sounding the alarm at the hearing was John Landry, executive vice
president of Cullinet Software of Westwood, Mass., who spoke on behalf of
ADAPSO.
  "The range of threats posed by viruses, worms and their kin is limited only by
the destructive imagination of their authors," Landry said. "Existing computer
security systems often provide only minimal protection agaif?u a determined
attack."
  Landry agreed the Internet attack could have been much worse. He said viruses
have been found that can modify data and corrupt information in computers by
means as simple as moving decimal points one place to the left or right.
  One recently discovered virus, he said, can increase disk access speed,
resulting in the wearing out of disk drives. They also have been linked to
"embezzlement, fraud, industrial espionage and, more recently, international
political espionage," he said.
  "Virus attacks can be life threatening," Landry said, citing a recent attack
on a computer used to control a medical experiment. "The risk of loss of life
resulting from infections of airline traffic control or nuclear plant monitoring
systems is easily imaginable," he said.
  Landry said ADAPSO endorses the congressional drive toward tightening existing
law to ensure that computer viruses are covered along with other computer
abuses.
  --J. Scott Orr



GLOSSARY OF VIRUS-RELATED TERMS

  (July 21)
  Until last year's computer virus attack on the massive Internet network made
headlines, computer sabotage attracted little attention outside computer and
telecommunications circles.
  Today "computer virus" has become a blanket term covering a wide range of
software threats.
  ADAPSO, the computer software and services industry association, believes the
term has been thrown around a little too loosely. Here, then, is ADAPSO's
computer virus glossary:
  -:- COMPUTER VIRUS, a computer program that attaches itself to a legitimate,
executable program, then reproduces itself when the program is run.
  -:- TROJAN HORSE, a piece of unauthorized code hidden within a legitimate
program that, like a virus, may execute immediately or be linked to a certain
time or event. A trojan horse, however, does not self-replicate.
  -:- WORM, an infection that enters a computer system, typically through a
security loophole, and searches for idle computer memory. As in the Internet
case, the worm recopies itself to use up available memory.
  -:- TRAPDOOR, a program written to provide future access to computer systems.
These are typical entryways for worms.
  -:- TIME BOMB, a set of computer instructions entered into a system or piece
of software that are designed to go off at a predetermined time. April Fool's
Day and Friday the 13th have been popular times for time bomb's to go off.
  -:- LOGIC BOMB, similar to a time bomb, but linked instead to a certain event,
such as the execution of a particular sequence of commands.
  -:- CHAOS CLUB, a West German orc!?ization that some have alleged was fn?med
to wreak havoc on computer systems through the use of viruses and their kin.
  --J. Scott Orr



MORRIS INDICTED IN WORM INCIDENT

  (July 27)
  A federal grand jury has indicted the 24-year-old Cornell University graduate
student who is alleged to have released a "worm" program that temporarily
crippled the massive Internet computer network last November.
  Robert Tappan Morris of Arnold, Md., becomes the first person to be indicted
under the federal Computer Fraud and Abuse Act of 1986 in connection with the
spread of a computer virus.
  In convicted, Morris faces a maximum sentence of five years in federal prison
and a $250,000 fine. Morris' attorney, Thomas A. Guidoboni, said his client will
fight the charges.
  The virus, a worm that sought out unused memory throughout the system and
recopied itself to fill the vacant space, infected at least 6,000 computers
nationwide. Internet is an unclassified, multinetwork system connecting 500
networks and more than 60,000 computers around the world.
  The indictment, handed up yesterday in Syracuse, N.Y., charges Morris
"intentionally and without authorization, accessed ... federal interest
computers."
  The action, the indictment continued, "prevented the authorized use of one or
more of these federal interest computers and thereby caused a loss to one or
more others of a value aggregating $1,000 or more."
  The indictment said the illegally accessed computers included those at the
University of California at Berkeley, the Massachusetts Institute of Technology,
the National Aeronautics and Space Administration, Purdue University and the US
Air Force Base Logistics Command at Wright Paterson Air Force Base in Dayton,
Ohio.
  "Mr. Morris will enter a plea of not guilty and contest the charge against
him," Guidoboni said. He said his client "looks forward to his eventual
vindication and his return to a normal life."
  Morris, a Harvard graduate and computer science graduate student at Cornell,
is about to begin a one-year suspension from Cornell that stemmed from the
incident. His father is chief computer scientist for the National Computer
Security Center near Baltimore.
  The indictment comes less than a week after the General Accounting Office
found that Internet and other similar systems remain open to attack with much
more serious results than the temporary shutdown experienced last year.
  The GAO warned the Internet virus was relatively mild compared to other more
destructive viruses. It went on to recommend the President's Science Advisor and
the Office of Science and Technology Policy take the lead in developing new
security for Internet.
  In addition, the report said Congress should consider changes to the Computer
Fraud and Abuse Act, or the Wire Fraud Act, to make it easier to bring charges
against computer saboteurs.
  The GAO said the Internet worm spread largely by exploiting security holes in
system software based on the Berkeley Software Distribution Unix system, the
most commonly used operating system on Internet.
  The report from the GAO said the virus moved with startling speed. It was
first detected at 9 p.m. on Nov. 2. Within an hour it had spread to multiple
sites and by the next morning had infected thousands of systems.
  According to GAO, the virus had four methods of attack. It used:
  -:- A debugging feature of the "Sendmail" utility program to allow the sending
of an executable program. After issuing a debug command, the virus gave orders
to copy itself.
  -:- A hole in another utility program -- "Fingerd," which allows users to
obtain public information about other users -- to move on to distant computers.
  -:- Different methods to guess at user passwords. Once successful, the virus
"masqueraded" as a legitimate user to spread and access other computers.
  -:- "Trusted host" features to spread quickly though local networks once one
computer was penetrated.
  --J. Scott Orr




RESEARCHER UNCOVERS OCT. 12 VIRUS

  (July 31)
  An official with a British firm that markets anti-virus software says the
company has uncovered a new virus called "Datacrime" is set to attack MS-DOS
systems starting O?t< 12.
  Dr. Jan Hruska of Sophos UK tells Computergram International the virus
apparently appends itself to .COM (command) files on MS-DOS systems.
  "Operating on a trigger mechanism," CI says, "the virus reformats track 0 of
the hard disk on or after Oct. 12. It has no year check and so will remain
active from Oct. 12 onwards destroying or losing programs and data."
  Hruska told the publication this is a relatively new virus and that its
encrypted form reveals its name ("Datacrime") and its date of release, last
March 1.
  Sophos markets a program called Vaccine version 4 designed to detect known
viruses.
  --Charles Bowen



MORRIS TO PLEAD INNOCENT

  (Aug. 2)
  Robert T. Morris Jr., the former Cornell University graduate student who was
indicted last week by a federal grand jury, will plead innocent in federal court
to charges he planted a computer worm that wrecked havoc with some 6,000
computers nationwide, reports United Press International.
  As reported, the 24-year-old Arnold, Md., resident was indicted by the grand
jury on charges of breaking a federal statute by gaining unauthorized access to
a nationwide computer network and causing damage in excess of $1,000.
  Both federal investigators and a Cornell University panel claim Morris created
the computer worm, which spread from the Cornell campus in Ithaca, N.Y., on Nov.
2 to computers around the country, notes UPI.
  The worm infiltrated a Department of Defense computer system and forced many
federal and university computers to shut down.  The exact amount of damage has
not been determined.
  If convicted, Morris could be sent to prison for five years and fined up to
$250,000.  In addition, the judge could order him to make restitution to those
who were adversely affected by the incident.
  -- Cathryn Conroy



NIST FORMS COMPUTER SECURITY NETWORK

  (Aug. 3)
  The National Institute of Standards and Technology is working with other
federal agencies to establish a government-wide information network on security
incidents and issues, reports Government Computer News.
  Organized by NIST's Computer Security Division, the network would supply the
latest information to agencies on security threats, develop a program to report
and assess security incidents as well as offer assistance.
  Dennis Steinauer, evaluation group manager of the Computer Security Division,
said the plan is a response to the communications problems federal agencies
suffered during last November's worm attack on Internet b9 Jornell University
graduate student Robert T. Morris Jr.
  In addition to NIST, the departments of Energy, Justice and Transportation as
well as the National Science Foundation and NASA are participating in the
project, which calls for each agency to organize a security incident response
and resource center.
  NIST's network would connect the centers electronically, allowing them to
communicate with one another. Steinauer said he wants to set up a master
database of contacts, phone numbers and fax numbers to ensure communications.
  One aspect of the plan calls for each center to become expert in some specific
area of the technology, such as personal computers, local area networks or
multiuser hosts.
  "The answer is not some monolithic, centralized command center for
government," Steinauer told GCN.  "Problems occur in specific user or technology
communities, and we see the solutions evolving where the reaction is by people
who know the user community and the environment."
  He explained that the Computer Security Act has helped increase security
awareness within the government, but the emergence of computer viruses, worms
and other sophisticated threats has demonstrated the need for more advanced
security tools.
  -- Cathryn Conroy


AUSTRALIAN CHARGED WITH CRACKING

  (Aug. 14)
  Australia is reporting its first computer cracking arrest. A Melbourne student
is charged with computer trespass and attempted criminal damage.
  Authorities allege 32-year-old Deon Barylak was seen loading a personal
computer with a disk that was later found to possess a computer virus.
  "Fortunately, it was stopped before it could spread, which is why the charge
was only attempted criminal damage," senior detective Maurice Lynn told Gavin
Atkins for a report in Newsbytes News Service.
  The wire service said Barylak could face a maximum of 100 years' jail and a
fine.
  Also police expect to make further arrests in connection with the case.
Authorities said Barylak also faces charges of possessing computer equipment
allegedly stolen from a community center.
  --Charles Bowen


INTERNET VIRUS BACK?

  (Sept. 4)
  Apparently, neither the threat of criminal sanctions nor the hazards of
investigation by the FBI is enough to keep the Internet computer communications
network secure from intrusion. The Department of Defense agency responsible for
monitoring Internet security has issued a warning that unauthorized system
activity recently has been detected at a number of sites.
  The Computer Emergency Response Team (CERT) says that the activity has been
evident for some months and that security on some networked computers may have
been compromised.  In a warning broadcast to the Internet, CERT says that the
problem is spreading.
  Internet first came to general attention when a came to much of the computing
communities attention when a 23-year-old Cornell University student was said to
be responsible for inserting a software "worm" into the network.  The Department
of Defense's Advanced Project Agency network (ARPANET) also was infected and
CERT was formed to safeguard networks used or accessed by DoD emplyees and
contractors.
  In its warning about recent intrusions, CERT says that several computers have
had their network communications programs replaced with hacked versions that
surreptitiously capture passwords used on remote systems.
  "It appears that access has been gained to many of the machines which have
appeared in some of these session logs," says a broadcast CERT warning. "As a
first step, frequent telnet [communications program] users should change their
passwords immediately.  While there is no cause for panic, there are a number of
things that system administrators can do to detect whether the security on their
machines has been compromised using this approach and to tighten security on
their systems where necessary."
  CERT went on to suggest a number of steps that could be taken to verify the
authenticity of existing programs on any individual UNIX computer.  Among those
was a suggestion to reload programs from original installation media.
  --James Moran


AIR FORCE WARNS ITS BASES OF POSSIBLE "COLUMBUS DAY VIRUS"

  (Sept. 10)
  The US Air Force has warned its bases across the country about a possible
computer virus reportedly set to strike MS-DOS systems Oct. 12.
  Warning of the so-called "Columbus Day virus" was issued by the Air Force
Communications Command at Scott Air Force Base, Ill., at the request of the
Office of Special Investigations.
  OSI spokesman Sgt. Mike Grinnell in Washington, D.C., told David Tortorano of
United Press International the advisory was issued so computer operators could
guard against the alleged virus. "We're warning the military about this,"
Grinnell said, "but anybody that uses MS-DOS systems can be affected."
  As reported here July 31, Dr. Jan Hruska, an official with a British firm
called Sophos UK, which markets anti-virus software, said his company had
uncovered a new virus called "Datacrime." Hruska told Computergram International
at the time that the virus apparently appends itself to .COM (command) files on
MS-DOS systems.
  Said CI, "Operating on a trigger mechanism, the virus reformats track 0 of the
hard disk on or after Oct. 12. It has no year check and so will remain active
from Oct. 12 onwards destroying or losing programs and data." Hruska told the
publication this was a relatively new virus and that its encrypted form revealed
its name ("Datacrime") and its date of release, last March 1.
  Meanwhile, Air Force spokeswoman Lynn Helmintoller at Hurlburt Field near Fort
Walton Beach, Fla., told UPI that computer operators there had been directed to
begin making backup copies of files on floppy disks just in case. She said the
warning was received at the base Aug. 28.
  Staff Sgt. Carl Shogren, in charge of the small computer technology center at
Hurlburt, told Tortorano no classified data would be affected by the possible
virus attack because the disks used for classified work are different from those
that might be struck.
  UPI quoted officials at Scott Air Force Base as saying the warning was sent to
every base with a communications command unit, but that they did not know how
many bases were involved.
  --Charles Bowen


COMPUTER VIRUSES PLAGUE CONGRESS

  (Sept. 11)
  Although Congress recently passed the Computer Security Act to force federal
agencies to guard against high-tech break- ins and computer viruses, the
legislators may soon realize they made a costly mistake. The law applies to all
federal agencies -- except Congress itself.  And according to Government
Computer News, Capitol Hill has been the victim of several recent virus attacks.
  One virus, for instance, emerged about a year ago in the Apple Macintosh
computers of several House offices causing unexplained system crashes.  A steep
bill of some $100,000 was incurred before experts were confident the plague, now
known as Scores, was stopped. However, it does still lurk in the depths of the
computers, notes GCN, causing occasional malfunctions.
  Dave Gaydos, Congress' computer security manager, says the sources of many
viruses may never be known, since some 10,000 programmers are capable of
producing them.
  Capitol Hill legislators and staff members are only now becoming aware of the
potential danger of viruses as more offices are exploring ways to connect with
online database services and with each other through local area networks.
  GCN reports that last February, a California congressional office was the
victim of a virus, caught while using a so-called vaccine program meant to
detect intruders into the system.
  "I used to laugh about viruses," said Dewayne Basnett, a systems specialist on
Capitol Hill.  "But now when you ask me about them, I get very angry.  I think
of all the time and effort expended to repair the damage they do."
  According to GCN, many of the 3,000 House employees with computers are
ignorant of the risks and unable to take basic precautions. Although various
computer specialists are trying to inform Hill users of computer security issues
and offer training sessions, there is no broad support from the legislators
themselves for such actions.
  "We are working to alert people to the dangers," said Gaydos, "but it may take
an incident like a destructive virus to move [Congress] to take precautions."
  -- Cathryn Conroy



VIRUS HITS AUSTRALIA

  (Sept. 12)
  Australian authorities are said to be confused about the origin of a supposed
computer virus that has been making the rounds of computer installations in the
South Pacific.  An Australian newspaper, The Dominion, says that sensitive data
in Defense Department computers has been destroyed by the virus.
  Dubbed the Marijuana virus because of the pro-drug message that is displayed
before any data is erased, it is thought that the misbehaving bug originated in
New Zealand.  Some have even suggested that the program was purposely introduced
into Australian Defense computers by agents of New Zealand, a contention that a
Defense Department spokesman branded as "irresponsible."  The two South Pacific
nations have had strong disagreements about defense matters, including recent
joint maneuvers in the area by Australian and US forces.
  A more likely explanation for the intrusion into Defense computers is the
likelihood that Australian security specialists were examining the virus when
they inadvertently released it into their own security system. The Marijuana
virus is known to have been infecting computers in the country for at least
three months and its only known appearance in government computers occurred in a
Defense sub-department responsible for the investigation and prevention of
computer viruses.
  --James Moran



VIRUS THREAT ABSURDLY OVERBLOWN, SAY EXPERTS

  (Sept. 18)
  The so-called "Columbus Day Virus" purportedly set to destructively attack
MS-DOS computers on Oct. 13 has computer users -- including the US military --
scampering to protect their machines.  But according to The Washington Post, the
threat is absurdly overblown with less than 10 verified sightings of the virus
in a country with tens of millions of computers.
  "At this point, the panic seems to have been more destructive than any virus
itself," said Kenneth R. Van Wyk, a security specialist at Carnegie-Mellon
University's Software Engineering Institute, who has been taking some 20 phone
calls daily from callers seeking advice on the subject.
  Bill Vance, director of secure systems for IBM Corp., told The Post, "If it
was out there in any number, it would be spreading and be more noticeable."
  He predicted Oct. 13 is not likely to be "a major event."
  As reported in Online Today, this latest virus goes by several names,
including Datacrime, Friday the 13th and Columbus Day.  It lies dormant and
unnoticed in the computer until Oct. 13 and then activates when the user turns
on the machine. Appending itself to .COM (command) files, the virus will
apparently reformats track 0 of the hard disk.
  The Post notes that the federal government views viruses as a grave threat to
the nation's information systems and has set in motion special programs to guard
computers against them and to punish those who introduce them.
  Centel Federal Systems in Reston, Va., a subsidiary of Centel Corp. of
Chicago, is taking the threat seriously, operating a toll-free hotline staff by
six full-time staff members.  More than 1,000 calls have already been received.
  Tom Patterson, senior analyst for Centel's security operations, began working
on the virus five weeks ago after receiving a tip from an acquaintance in
Europe.  He said he has dissected a version of it and found it can penetrate a
number of software products designed to keep viruses out.
  Patterson told The Post that he found the virus on one of the machines of a
Centel client. "The virus is out there. It's real," he said.
  Of course, where there's trouble, there's also a way to make money. "The more
panicked people get," said Jude Franklin, general manager of Planning Research
Corp.'s technology division, "the more people who have solutions are going to
make money."
  For $25 Centel is selling software that searches for the virus. Patterson
said, however, the company is losing money on the product and that the fee only
covers the cost of the disk, shipping and handling. "I'm not trying to hype
this," he said. "I'm working 20-hour days to get the word out."
  -- Cathryn Conroy



SICK SOFTWARE INFECTS 100 HOSPITALS NATIONWIDE

  (Sept. 20)
  When a hospital bookkeeping computer program could not figure out yesterday's
date, some 100 hospitals around the country were forced to abandon their
computers and turn to pen and paper for major bookkeeping and patient admissions
functions, reports The Washington Post.
  Although there was no permanent loss of data or threat to treatment of
patients, the hospital accounting departments found themselves at the mercy of a
software bug that caused major disruptions in the usual methods of doing
business.
  The incident affected hospitals using a program provided by Shared Medical
Systems Corp. of Pennsylvania. The firm stores and processes information for
hospitals on its own mainframe computers and provides software that is used on
IBM Corp. equipment.
  According to The Post, the program allows hospitals to automate the ordering
and reporting of laboratory tests, but a glitch in the software would not
recognize the date Sept. 19, 1989 and "went into a loop" refusing to function
properly, explained A. Scott Holmes, spokesman for Shared Medical Systems.
  The firm dubbed the bug a "birth defect" as opposed to a "virus," since it was
an accidental fault put into the program in its early days that later threatened
the system's health.
  At the affected hospitals around the country, patients were admitted with pen
and paper applications.  Hospital administrators admitted the process was slower
and caused some delay in admissions, but patient care was never compromised.
  -- Cathryn Conroy


ARMY TO BEGIN VIRUS RESEARCH

  (Sept. 21)
  Viruses seem to be on the mind of virtually every department administrator in
the federal government, and the US Army is no exception.  The Department of the
Army says it will begin funding for basic research to safeguard against the
presence of computer viruses in computerized weapons systems.
  The Army says it will fund three primary areas of research: computer security,
virus detection and the development of anti-viral products. Research awards will
be made to US businesses who are eligible to participate in the Small Business
Innovation Research (SBIR) program.
  The Army program, scheduled to begin in fiscal year 1990, is at least
partially the result of Congressional pressure.  For some months, Congressional
staffers have been soliciting comments about viruses and their potential effect
on the readiness of the US defense computers.
  Small businesses who would like to bid on the viral research project may
obtain a copy of Program Solicitation 90.1 from the Defense Technical
Information Center at 800/368-5211.
  --James Moran



SO-CALLED "DATACRIME" VIRUS REPORTED ON DANISH POSTGIRO NET

  (Sept. 22)
  The so-called "Datacrime" virus, said to be aimed at MS-DOS system next month,
reportedly has turned up on the Danish Postgiro network, a system of 260
personal computers described as the largest such network in Scandinavia.
  Computergram International, the British newsletter that first reported the
existence of the Datacrime virus back in July, says, ""Twenty specialists are
now having to check 200,000 floppy disks to make sure that they are free from
the virus."
  Datacrime is said to attach itself to the MS-DOS .COM files and reformats
track zero of the hard disk, effectively erasing it. However, as reported, some
experts are saying the threat of the virus is absurdly overblown, that there
have been fewer than 10 verified sightings of the virus in a country with tens
of millions of computers.
  --Charles Bowen



IBM RELEASING ANTI-VIRUS SOFTWARE

  (Oct. 4)
  In a rare move, IBM says it is releasing a program to check for personal
computer viruses in response, in part, to customer worries about a possible
attack next week from the so-called "Datacrime" virus.
  "Up until the recent press hype, our customers had not expressed any
tremendous interest (in viruses) over and above what we already do in terms of
security products and awareness," Art Gilbert, IBM's manager of secure systems
industry support, told business writer Peter Coy of The Associated Press.
  However, reports of a "Datacrime" virus, rumored to be set to strike MS-DOS
systems, have caused what Coy describes as "widespread alarm," even as many
experts say the virus is rare and a relatively small number of PCs are likely to
be harmed.
  IBM says it is releasing its Virus Scanning Program for MS-DOS systems that
can spot three strains of the Datacrime virus as well as more common viruses
that go by names such as the Jerusalem, Lehigh, Bouncing Ball, Cascade and
Brain.
  The $35 program is available directly from IBM or from dealers, marketing
representatives and remarketers and, according to Gilbert, will detect but not
eradicate viruses. Gilbert added that installing a virus checker is not a
substitute for safe-computing practices such as making backup copies of programs
and data and being cautious about software of unknown origin.
  Meanwhile, virus experts speaking with Coy generally praised IBM's actions.
  "It's about time one of the big boys realized what a problem this is and did
something about it," said Ross Greenberg, a New York consultant and author of
Flu-Shot Plus. "To date, all the anti-virus activity is being done by the mom
and pops out there."
  In addition, Pamela Kane, president of Panda Systems in Wilmington, Del., and
author of a new book, "Virus Protection," called the move "a very important and
responsible step."
  As noted, experts are differing widely over whether there is truly a threat
from the Datacrime virus. The alleged virus -- also dubbed The Columbus Day
virus, because it reportedly is timed to begin working on and after Oct. 12 --
supposedly cripples MS-DOS- based hard disks by wiping out the directory's
partition table and file allocation table.
  Besides the IBM virus scanning software, a number of public domain and
shareware efforts have been contributed online, collected on CompuServe by the
IBM Systems/Utilities Forum (GO IBMSYS). For more details, visit the forum, see
Library 0 and BROwse files with the keyword of VIRUS (as in BRO/KEY:VIRUS).
  --Charles Bowen



DUTCH COMPUTERISTS FEAR 'DATACRIME' VIRUS

  (Oct. 7)
  The "Datacrime"/Columbus Day virus, which is being widely down-played in the
US, may be much more common in the Netherlands. A Dutch newspaper reported this
week the virus had spread to 10 percent of the personal computers there.
  "Those figures are possibly inflated," police spokesman Rob Brons of the Hague
told The Associated Press. Nonetheless, police are doing brisk business with an
antidote to fight the alleged virus. Brons said his department has sold
"hundreds" of $2.35 floppy disks with a program that purportedly detects and
destroys the virus.
  As reported, Datacrime has been described as a virus set to destroy data in
MS-DOS systems on or after Oct. 12. AP notes that in the US there have been
fewer than a dozen confirmed sightings of the dormant virus by experts who
disassembled it.
  The wire service also quotes Joe Hirst, a British expert on viruses, as saying
some now believe the virus was created by an unidentified Austrian computerist.
He added that as far as he knew the Netherlands was the only European country in
which the virus had been spotted.
  --Charles Bowen