💾 Archived View for spam.works › mirrors › textfiles › virus › p1.txt captured on 2023-06-16 at 21:03:47.
View Raw
More Information
-=-=-=-=-=-=-
- <CTRL K> OR <CTRL X> ABORTS <CTRL S> SUSPENDS *
SECURITY EXPERTS ARE AFRAID THAT SABOTEURS COULD
INFECT COMPUTERS WITH A "VIRUS" THAT WOULD REMAIN
LATENT FOR MONTHS OR EVEN YEARS, AND THEN CAUSE
CHAOS.
ATTACK OF THE COMPUTER VIRUS
--------------------------------
BY LEE DEMBART
GERM WARFARE-THE DELIBERATE RELEASE OF DEADLY BACTERIA OR VIRUSES-IS A
PRACTICE SO ABHORRENT THAT IT HAS LONG BEEN OUTLAWED BY INTERNATIONAL TREATY.
YET COMPUTER SCIENTISTS ARE CONFRONTING THE POSSIBILITY THAT SOMETHING AKIN TO
GERM WARFARE COULD BE USED TO DISABLE THEIR LARGEST MACHINES. IN A
CIVILIZATION EVER MORE DEPENDENT ON COMPUTERS, THE RESULTS COULD BE DISASTROUS
-THE SUDDEN SHUTDOWN OF AIR TRAFFIC CONTROL SYSTEMS, FINANCIAL NETWORKS, OR
FACTORIES, FOR EXAMPLE, OR THE WHOLESALE DESTRUCTION OF GOVERNMENT OR BUSINESS
MORE: [Y]ES,(N)O,(NS)NON-STOP? ns
RECORDS.
THE WARNING HAS BEEN RAISED BY A UNIVERSITY OF SOUTHERN CALIFORNIA RESEARCHER
WHO FIRST DESCRIBED THE PROBLEM IN SEPTEMBER, BEFORE TWO CONFERENCES ON
COMPUTER SECURITY. RESEARCH BY GRADUATE STUDENT FRED COHEN, 28, SHOWS THAT IT
IS POSSIBLE TO WRITE A TYPE OF COMPUTER PROGRAM, WHIMSICALLY CALLED A VIRUS,
THAT CAN INFILTRATE AND ATTACK A COMPUTER SYSTEM IN MUCH THE SAME WAY A REAL
VIRUS INFECTS A HUMAN BEING. SLIPPED INTO A COMPUTER BY SOME CLEVER SABOTEUR,
THE VIRUS WOULD SPREAD THROUGHOUT THE SYSTEM WHILE REMAINING HIDDEN FROM IT'S
OPERATORS. THEN, AT SOME TIME MONTHS OR YEARS LATER, THE VIRUS WOULD EMERGE
WITHOUT WARNING TO CRIPPLE OR SHUT DOWN ANY INFECTED MACHINE.
THE POSSIBILITY HAS COMPUTER SECURITY EXPERTS ALARMED BECAUSE, AS COHEN
WARNS, THE PROGRAMMING NECESSARY TO CREATE THE SIMPLEST FORMS OF COMPUTER
VIRUS IS NOT PARTICULARLY DIFFICULT. "VIRAL ATTACKS APPEAR TO BE EASY TO
DEVELOP IN A SHORT TIME," HE TOLD A CONFERENCE CO-SPONSORED BY THE NATIONAL
BUREAU OF STANDARDS AND THE DEPARTMENT OF DEFENSE. "[THEY] CAN BE DESIGNED TO
LEAVE FEW IF ANY TRACES IN MOST CURRENT SYSTEMS, ARE EFFECTIVE AGAINST MODERN
SECURITY POLICIES, AND REQUIRE ONLY MINIMAL EXPERTISE TO IMPLEMENT."
COMPUTER VIRUSES ARE APTLY NAMED; THEY SHARE SEVERAL INSIDIOUS FEATURES WITH
BIOLOGICAL VIRUSES. REAL VIRUSES BURROW INTO LIVING CELLS AND TAKE OVER THEIR
HOSTS' MACHINERY TO MAKE MULTIPLE COPIES OF THEMSELVES. THESE COPIES ESCAPE TO
INFECT OTHER CELLS. USUALLY INFECTED CELLS DIE. A COMPUTER VIRUS IS A TINY
COMPUTER PROGRAM THAT "INFECTS" OTHER PROGRAMS IN MUCH THE SAME WAY. THE VIRUS
ONLY OCCUPIES A FEW HUNDRED BYTES OF MEMORY; A TYPICAL MAINFRAME PROGRAM, BY
CONTRAST, TAKES UP HUNDREDS OF THOUSANDS. THUS, WHEN THE VIRUS IS INSERTED INTO
AN ORDINARY PROGRAM, ITS PRESENCE GOES UNNOTICED BY COMPUTER OPERATORS OR
TECHNICIANS.
THEN, EACH TIME THE "HOST" PROGRAM RUNS, THE COMPUTER AUTOMATICALLY EXECUTES
THE INSTRUCTIONS OF THE VIRUS-JUST AS IF THEY WERE PART OF THE MAIN PROGRAM. A
TYPICAL VIRUS MIGHT CONTAIN THE FOLLOWING INSTRUCTIONS: "FIRST, SUSPEND
EXECUTION OF THE HOST PROGRAM TEMPORARILY. NEXT, SEARCH THE COMPUTER'S MEMORY
FOR OTHER LIKELY HOST PROGRAMS THAT HAVE NOT BEEN ALREADY INFECTED. IF ONE IS
FOUND, INSERT A COPY OF THESE INSTRUCTIONS INTO IT. FINALLY, RETURN CONTROL
OF THE COMPUTER TO THE HOST PROGRAM."
THE ENTIRE SEQUENCE OF STEPS TAKES A HALF A SECOND OR LESS TO COMPLETE, FAST
ENOUGH SO THAT NO ON WILL BE AWARE THAT IT HAS RUN. AND EACH NEWLY INFECTED
HOST PROGRAM HELPS SPREAD THE CONTAGION EACH TIME IT RUNS, SO THAT EVENTUALLY
EVERY PROGRAM IN THE MACHINE IS CONTAMINATED.
THE VIRUS CONTINUES TO SPREAD INDEFINITELY, EVEN INFECTING OTHER COMPUTERS
WHENEVER A CONTAMINATED PROGRAM IN TRANSMITTED TO THEM. THEN, ON A PARTICULAR
DATE OR WHEN CERTAIN PRESET CONDITIONS ARE MET, THE VIRUS AND ALL IT'S CLONES
GO ON THE ATTACK. AFTER THAT, EACH TIME AN INFECTED PROGRAM IS RUN, THE VIRUS
DISRUPTS THE COMPUTER'S OPERATIONS BY DELETING FILES, SCRAMBLING THE MEMORY,
TURNING OFF THE POWER, OR MAKING OTHER MISCHIEF.
THE SABOTEUR NEED NOT BE AROUND TO GIVE THE SIGNAL TO ATTACK. A DISGRUNTLED
EMPLOYEE WHO WAS AFRAID OF GETTING FIRED, FOR EXAMPLE, MIGHT PLOT HIS REVENGE
IN ADVANCE BY ADDING AN INSTRUCTION TO HIS VIRUS THAT CAUSED IT TO REMAIN
DORMANT ONLY SO LONG AS HIS PERSONAL PASSWORD WAS LISTED IN THE SYSTEM. THEN,
SAYS COHEN, "AS SOON AS HE WAS FIRED AND THE PASSWORD WAS REMOVED, NOTHING
WOULD WORK ANY MORE."
THE FACT THAT THE VIRUS REMAINS HIDDEN AT FIRST IS WHAT MAKES IT SO
DANGEROUS. "SUPPOSE YOUR VIRUS ATTACKED BY DELETING FILES IN THE SYSTEM,"
COHEN SAYS. "IF IT STARTED DOING THAT RIGHT AWAY, THEN AS SOON AS YOUR FILES
GOT INFECTED THEY WOULD START TO DISAPPEAR AND YOU'D SAY 'HEY, SOMETHING'S
WRONG HERE.' YOU'D PROBABLY BE ABLE TO IDENTIFY WHOEVER DID IT." TO AVOID
EARLY DETECTION OF THE VIRUS, A CLEVER SABOTEUR MIGHT ADD INSTRUCTIONS TO THE
VIRUS PROGRAM THAT WOULD CAUSE IT TO CHECK THE DATE EACH TIME IT RAN, AND
ATTACK ONLY IF THE DATE WAS IDENTICAL -OR LATER THAN- SOME DATE MONTHS OR
YEARS IN THE FUTURE. "THEN," SAYS COHEN, "ONE DAY, EVERYTHING WOULD STOP. EVEN
IF THEY TRIED TO REPLACE THE INFECTED PROGRAMS WITH PROGRAMS THAT HAD BEEN
STORED ON BACK-UP TAPES, THE BACK-UP COPIES WOULDN'T WORK EITHER - PROVIDED
THE COPIES WERE MADE AFTER THE SYSTEM WAS INFECTED.
THE IDEA OF VIRUS-LIKE PROGRAMS HAS BEEN AROUND SINCE AT LEAST 1975, WHEN THE
SCIENCE FICTION WRITER JOHN BRUNNER INCLUDED ONE IN HIS NOVEL `THE SHOCKWAVE
RIDER'. BRUNNER'S "TAPEWORM" PROGRAM RAN LOOSE THROUGH THE COMPUTER NETWORK,
GOBBLING UP COMPUTER MEMORY IN ORDER TO DUPLICATE ITSELF. "IT CAN'T BE
KILLED," ONE CHARACTER IN THE BOOK EXCLAIMS IN DESPERATION. "IT'S
INDEFINITELY SELF-PERPETUATING AS LONG AS THE NETWORK EXISTS."
IN 1980, JOHN SHOCH AT THE XEROX PALO ALTO RESEARCH CENTER DEVISED A
REAL-LIFE PROGRAM THAT DID SOMEWHAT THE SAME THING. SHOCH'S CREATION, CALLED A
WORM, WRIGGLED THROUGH A LARGE COMPUTER SYSTEM LOOKING FOR MACHINES THAT WERE
NOT BEING USED AND HARNESSING THEM TO HELP SOLVE A LARGE PROBLEM. IT COULD
TAKE OVER AN ENTIRE SYSTEM. MORE RECENTLY, COMPUTER SCIENTISTS HAVE AMUSED
THEMSELVES WITH A GLADIATORIAL COMBAT, CALLED CORE WAR, THAT RESEMBLES A
CONTROLLED VIRAL ATTACK. SCIENTISTS PUT TWO PROGRAMS IN THE SAME COMPUTER,
EACH DESIGNED TO CHASE THE OTHER AROUND THE MEMORY, TRYING TO INFECT AND KILL
THE RIVAL.
INSPIRED BY EARLIER EFFORTS LIKE THESE, COHEN TOOK A SECURITY COURSE LAST
YEAR, AND THEN SET OUT TO TEST WHETHER VIRUSES COULD ACTUALLY DO HARM TO A
COMPUTER SYSTEM. HE GOT PERMISSION TO TRY HIS VIRUS AT USC ON A VAX COMPUTER
WITH A UNIX OPERATING SYSTEM, A COMBINATION USED BY MANY UNIVERSITIES AND
COMPANIES. (AN OPERATING SYSTEM IS THE MOST BASIC LEVEL OF PROGRAMMING IN A
COMPUTER; ALL OTHER PROGRAMS USE THE OPERATING SYSTEM TO ACCOMPLISH BASIC
TASKS LIKE RETRIEVING INFORMATION FROM MEMORY, OR SENDING IT TO A SCREEN.)
IN FIVE TRIAL RUNS, THE VIRUS NEVER TOOK MORE THAN AN HOUR TO PENETRATE THE
ENTIRE SYSTEM. THE SHORTEST TIME TO FULL INFECTION WAS FIVE MINUTES, THE
AVERAGE HALF AN HOUR. IN FACT, THE TRIAL WAS SO SUCCESSFUL THAT UNIVERSITY
OFFICIALS REFUSED TO ALLOW COHEN TO PERFORM FURTHER EXPERIMENTS. COHEN
UNDERSTANDS THEIR CAUTION, BUT CONSIDERS IT SHORTSIGHTED. "THEY'D RATHER BE
PARANOID THAN PROGRESSIVE," HE SAYS. "THEY BELIEVE IN SECURITY THROUGH
OBSCURITY."
COHEN NEXT GOT A CHANCE TO TRY OUT HIS VIRUSES ON A PRIVATELY OWNED UNIVAC
1108. (THE OPERATORS HAVE ASKED THAT THE COMPANY NOT BE IDENTIFIED.) THIS
COMPUTER SYSTEM HAD AN OPERATING SYSTEM DESIGNED FOR MILITARY SECURITY; IT WAS
SUPPOSED TO ALLOW PEOPLE WITH LOW-LEVEL SECURITY CLEARANCE TO SHARE A COMPUTER
WITH PEOPLE WITH HIGH-LEVEL CLEARANCE WITHOUT LEAKAGE OF DATA. BUT THE
RESTRICTIONS AGAINST DATA FLOW DID NOT PREVENT COHEN'S VIRUS FROM SPREADING
THROUGHOUT THE SYSTEM - EVEN THOUGH HE ONLY INFECTED A SINGLE LOW-SECURITY
LEVEL SECURITY USER. HE PROVED THAT MILITARY COMPUTERS, TOO, MAY BE
VULNERABLE, DESPITE THEIR SAFEGUARDS.
THE PROBLEM OF VIRAL SPREAD IS COMPOUNDED BY THE FACT THAT COMPUTER USERS
OFTEN SWAP PROGRAMS WITH EACH OTHER, EITHER BY SHIPPING THEM ON TAPE OR DISK
OR SENDING THEM OVER A TELEPHONE LINE OR THROUGH A COMPUTER NETWORK. THUS, AN
INFECTION THAT ORIGINATES IN ONE COMPUTER COULD EASILY SPREAD TO OTHERS OVER
TIME - A HAZARD THAT MAY BE PARTICULARLY SEVERE FOR THE BANKING INDUSTRY, WHERE
INFORMATION IS CONSTANTLY BEING EXCHANGED BY WIRE. SAYS COHEN, "THE DANGER IS
THAT SOMEBODY WILL WRITE VIRUSES THAT ARE BAD ENOUGH TO GET AROUND THE
FINANCIAL INSTITUTIONS AND STOP THEIR COMPUTERS FROM WORKING."
MANY SECURITY PROFESSIONALS ALSO FIND THIS PROSPECT FRIGHTENING. SAYS JERRY
LOBEL, MANAGER OF COMPUTER SECURITY AT HONEYWELL INFORMATION SYSTEMS IN
PHOENIX, "FRED CAME UP WITH ONE OF THE MORE DEVIOUS KINDS OF PROBLEMS AGAINST
WHICH WE HAVE VERY FEW DEFENSES AT PRESENT." LOBEL, WHO ORGANIZED A RECENT
SECURITY CONFERENCE SPONSORED BY THE INTERNATIONAL FEDERATION FOR INFORMATION
PROCESSING -AT WHICH COHEN ALSO DELIVERED A PAPER- CITES OTHER POTENTIAL
TARGETS FOR ATTACK: "IF IT WERE AN AIR TRAFFIC CONTROL SYSTEM OR A PATIENT
MONITORING SYSTEM IN A HOSPITAL, IT WOULD BE A DISASTER."
MARVIN SCHAEFER, CHIEF SCIENTIST AT THE PENTAGON'S COMPUTER SECURITY CENTER,
SAYS THE MILITARY HAS BEEN CONCERNED ABOUT PENETRATION BY VIRUS-LIKE PROGRAMS
FOR YEARS. DEFENSE PLANNERS HAVE PROTECTED SOME TOP-SECRET COMPUTERS BY
ISOLATING THEM, JUST AS A DOCTOR MIGHT ISOLATE A PATIENT TO KEEP HIM FROM
CATCHING COLD. THE MILITARY'S MOST SECRET COMPUTERS ARE OFTEN KEPT IN
ELECTRONICALLY SHIELDED ROOMS AND CONNECTED TO EACH OTHER, WHEN NECESSARY, BY
WIRES THAT RUN THROUGH PIPES CONTAINING GAS UNDER PRESSURE. SHOULD ANYONE TRY
TO PENETRATE THE PIPES IN ORDER TO TAP INTO THE WIRES, THE DROP IN GAS
PRESSURE WOULD IMMEDIATELY GIVE HIM AWAY. BUT, SCHAEFER ADMITS, "IN SYSTEMS
THAT DON'T HAVE GOOD ACCESS CONTROLS, THERE REALLY IS NO WAY TO CONTAIN A
VIRUS. IT'S QUITE POSSIBLE FOR AN ATTACK TO TAKE OVER A MACHINE."
HONEYWELL'S LOBEL STRONGLY BELIEVES THAT NEITHER COHEN NOR ANY OTHER
RESPONSIBLE EXPERT SHOULD EVEN OPEN A PUBLIC DISCUSSION OF COMPUTER VIRUSES.
"IT ONLY TAKES A HALFWAY DECENT PROGRAMMER ABOUT HALF A DAY OF THINKING TO
FIGURE OUT HOW TO DO IT," LOBEL SAYS. "IF YOU TELL ENOUGH PEOPLE ABOUT IT,
THERE'S GOING TO BE ONE CRAZY ENOUGH OUT THERE WHO'S GOING TO TRY."
COHEN DISAGREES, INSISTING THAT IT IS MORE DANGEROUS `NOT' TO DISCUSS AND
STUDY COMPUTER VIRUSES. "THE POINT OF THESE EXPERIMENTS," HE SAYS, "IS THAT IF
I CAN FIGURE OUT HOW TO DO IT, SOMEBODY ELSE CAN TOO. IT'S BETTER TO HAVE
SOMEBODY FRIENDLY DO THE EXPERIMENT, TELL YOU HOW BAD IT IS, SHOW YOU HOW IT
WORKS AND HELP YOU COUNTERACT IT, THAN TO HAVE SOMEBODY VICIOUS COME ALONG AND
DO IT." IF YOU WAIT FOR THE BAD GUYS TO CREATE A VIRUS FIRST, COHEN SAYS, THEN
BY THE TIME YOU FIND OUT ABOUT IT, IT WILL BE TOO LATE.
11 MINUTES LEFT
BULLETIN # 1 THRU 32, L)IST, PRESS [ENTER] TO CONTINUE?