From its origin on a computer in Manila, the Philippines, on May 3rd 2000, a new virus, the Love Bug, swiftly and silently wends its way through computer terminals across Asia, Europe, and the United States.
Forging a fibre-optic path across continents faster than you can say, ‘You’ve got mail’, the amorous parasite lands in digital mailboxes waiting to spread its love. Within minutes of its release, e-mail systems are brought to a screeching halt in Silicon Valley, followed by the Pentagon and a number of Internet start-ups in San Francisco. The Love Bug had arrived and nearly everyone had it.
The Love Bug, also known as LoveLetter, spread more rapidly and widely than any electronic virus before. It was downloaded on to 55 million computers, with up to 3 million of these infected and badly affected, say US research firm Computer Economics. In contrast, Melissa–the fastest-moving virus before LoveLetter–hit only about 250,000 computers in March 1999. If you think that computer viruses are growing in speed and number, you’re not wrong. E-mail is the technology that’s helping viruses spread faster than fixes can be produced by the anti-virus research centres.
In 1993, there were 3,200 known viruses in the world. Today, there are more than 50,000 ‘in the wild’. Some 200 new viruses appear each day and each generation is sneakier than the last.
Viruses used to take months or years to spread, but current strains circle the globe in minutes via e-mail. What’s more, the homogeneity of the computing world (with Microsoft’s Windows, Word, and Outlook everywhere) makes it easy for viruses to infect millions of machines in one swoop.
But experts say we haven’t even begun to see the worst that viruses can offer. Future viruses won’t need you to open an attachment or e-mail to begin inflicting harm; they’ll simply be activated when you check your e-mail for new correspondence. Alec Florence, CEO of security software specialist Priority Data says that more recent virus attacks have been ‘socially engineered to appeal to basic human instincts’. The Naked Wife and the Anna Kournikova viruses are two examples where many users felt compelled to click and open the infected attachment because they had an overpowering biological attraction to their alleged content. But as Julian McMenamin, country manager, Symantec says: ?The real bad boys are viruses in the mould of the Naked Wife that delete files on an infected PC or network. Other strains like mass-mailer viruses don’t cause any lasting damage, but are a major inconvenience because they bring down e-mail servers and prevent e-commerce transactions.?
Get smart and fight back
Educating yourself and securing your PC with the right tools can help you avoid trouble. First off, Alec Florence advises individual users to get a good anti-virus software package with weekly or monthly Internet-delivered updates. Florence points individual users to their local computer retail store if they’re looking for a boxed single user anti-virus package. Retailer Compustore sells Symantec’s Norton Antivirus 2001 Personal Edition for £34.98, Network Associate’s McAfee VirusScan Classic for £49.98 and the end-of-line Dr Solomon’s VirusScan for £98.18.
Florence argues that a company requires a much broader defence strategy than the individual user–one that goes beyond installing an anti-virus program on a single desktop PC: ?Anti-virus software only detects the virus once it’s arrived on an employee’s computer, companies need to prevent viruses and worms from getting through the company gateway and onto the network.?
He recommends that companies carry out a risk assessment to see the extent to which viral invasions threaten their business operations. The severity of the threat should dictate the level of precaution to take. A business manager should draw up a set of rules to govern employees’ e-mail usage within the company. Getting infected with a virus is bad enough, but employees also need to be aware that passing on a virus to a client could have dire consequences for their business. As Florence says: ?One mouse click from an irresponsible employee could cause huge damage to a company’s reputation.?
Using a firewall in conjunction with desktop anti-virus software is the best approach for businesses. Florence recommends Axent’s Raptor firewall that retails for £2,040 for a 25 user licence with support included. Filtering software applications that censor incoming items like e-mail, Web pages, block salacious and threatening words and notify a HR manager if an employee is accessing and using the Internet inappropriately, also work well when used with firewall and anti-virus software. Florence suggests that companies look at a filter like Baltimore’s Minesweeper.
Priority Data sells Network Associates’ McAfee VirusScan and Dr Solomons anti-virus software, with the software being tweaked to satisfy the security requirements of corporates and small and medium-sized companies. A ten user licence for the VirusScan Security Suite costs £643 and a 20 user licence costs £1,286.
Predominantly, anti-virus software manufacturers and distributors go for the high-end corporate market. Reflex Magnetics sells Command Antivirus products but it targets high-end users on large networks. Another Irish distributor Renaissance does Sophos Antivirus, but it is firmly designed to fit into a corporate network. Sophos is available to individual and small business users but it’s much more expensive than the McAfee VirusScan or Norton equivalent. The McAfee and Norton products are available for between £30 and £50 while Sophos Antivirus as a single Web download retails for £152 and on CD ROM for £300.
Dad’s army
Both home and business users can defend themselves from viral and worm infestations by disabling macros in applications; by downloading patches for software holes; by installing a good virus scanner and by getting weekly updates to the scanner to catch the latest culprits. But true immunity to viruses doesn’t exist. Just as it’s hard to stop a crime before it happens, it’s difficult to halt a virus before it damages at least a few computers.
The next generation
The exact future of viruses is difficult to predict, but they will certainly become more virulent and harder to combat. New technologies and software flaws continue to make the spread of viruses easier, and anti-virus techniques must evolve to keep up.
Fred Cohen, the security expert who coined the term ?computer virus? in 1983, says that the nature of viruses will continue to evolve. ?It’s unlikely that anyone will create a virus that will spread to every computer system in the world and destroy everything,? he says. ?But more-sophisticated viruses would be better targeted and would have much more longevity.? He describes a future virus that once it entered a system would spawn sub-variants, which would in turn spawn their own variants, each affecting the computer in different ways. Detecting and eliminating all of the offspring of such a virus would be difficult.
We’ve already seen one type of advanced virus that’s bound to proliferate in the future. This variety–the Bubbleboy and Kak are examples–comes embedded in e-mail text and activates without users’ opening an attachment. A combination worm and virus, it contains HTML coding that exploits a vulnerability in Outlook and Internet Explorer 5x. Once you open the e-mail message, the code copies the virus onto your system–in the case of Kak, into the Windows start-up folder. The next time you launch Windows, the virus delivers its payload.
Recently discovered vulnerabilities in Outlook and Outlook Express would allow some viruses to go a step further–infecting your machine even before you read the message. No such virus currently exists, but a specimen like this could launch the minute you checked your e-mail. You can download a patch for the Outlook flaw (www.microsoft.com), but more vulnerabilities of this type are bound to crop up again.
The future of viruses, however, doesn’t lie in destroying data but in capturing it.
Beware of geeks bearing gifts
Experts expect to see more Trojan horses that use ingenious methods to get into a victim’s system, for instance, a virus/Trojan horse that comes disguised as an electronic invitation or greeting card. Click on a hyperlink in the e-mail and you’re sent to a Website where rogue code instructs your system to upload files silently to a remote site on the Internet. Experts also anticipate seeing more viruses for the Linux operating system as a growing user base makes it a more attractive target for virus writers.
In September 2000, the first virus for a handheld appeared, the Phage virus, which targets the Palm operating system. Though not yet in the wild, Phage infects and destroys all applications on a Palm and can spread when the user shares apps via syncing or beaming. Anti-virus software manufacturers have already developed products to scan PDAs for malicious code.
While individual users and corporations face increased risks from viruses and Trojan horses, the biggest threat, experts say, lies in the potential for malicious code to be used in cyberterrorism.
Future deterrence
Anti-virus software programs use two approaches to spot viruses: scanning and heuristics. Scanning looks for signatures, recognisable strings of code that identify a known virus or variant. Heuristics look for abnormal activity, such as a program that attempts to write to your Windows Registry. If your anti-virus software is up-to-date, known viruses will get zapped before they can harm your system. Most manufacturers update the signatures they scan on a weekly basis, but during rabid outbreaks updates may be post two or three times a day.
However, new viruses have the potential to spread faster than humans can respond. At present, it takes anti-virus manufacturers one to hours to scan and examine a virus, produce an antidote and deploy it to users. But it takes only a few seconds for a virus like LoveLetter to spread from Tel Aviv to Termonfeckin. So what’s a user to do?
Some anti-virus companies have begun to adopt automated scan-and-send systems. If their program detects strange code, even though it doesn?t match a known virus, the code is sent to the anti-virus manufacturer for evaluation. But Symantec has taken the process a step further with its closed-loop technology, included in corporate anti-virus packages distributed to clients. The result of a 12-year project developed at IBM’s Thomas J. Watson Centre under the name Digital Immune System (DIS), the program automates detection and antidote distribution in a way not previously attempted. Ultimately, it aims to compress a process that currently takes up to four hours into 30 minutes.
Here’s how DIS works. When local scanning software detects suspect activity on a computer, it quarantines the code and sends it to a series of servers, where other software attempts to create a definition for the virus. If the software succeeds, the system delivers the definition to every Symantec client using the system, thus protecting clients who haven’t received the virus yet. If the servers fail, Symantec researchers on call around the clock step in to create a definition and return it down the chain. Eventually, the automated update process will be tied to Symantec’s LiveUpdate feature, so individual users not on a corporate plan can get new definitions as well.
Critics worry, however, that this process may give anti-virus software too much power over your PC. Fred Cohen sees serious potential consequences in authorising a centralised system to pull files, including those that may be misidentified as viruses, from a client’s computer and then depositing unfamiliar code from a remote server onto the client’s system. If a hacker were to infiltrate the flow of information back to the client’s computer and insert malicious code in it, Cohen says, there would be nothing in place to stop the code from infecting the machine.
Symantec says that the program lets the system administrators choose to view every file going out and coming in, although doing so would slow the rapid response time that is the program’s most significant selling point. And points out that transferring the information through a secure Web protocol such as HTTPS would ensure that no one could view or alter files in transit.
The origin of virus species
Though most of the computing public has become aware of viruses only in the last five years, they’ve been around since the 1960s. Early versions existed only as test programs in research facilities. In the late 1980s, a handful of viruses were unleashed by individuals, but these infected primarily university machines and research centres. They travelled slowly via the ?sneaker net?–that is, through infected floppies. By the mid-1990s, however, two developments revolutionised virus writing.
Just as airplanes and international travel accelerated the spread of biological viruses worldwide, the Internet and e-mail served to provide convenient vehicles for fast-acting computer viruses that could contaminate hundreds of thousands of machines all around the world. And in 1995, Microsoft introduced WordBasic, a text-based programming language for writing macro commands that vastly simplified the writing of viruses.
The arrival of macros meant that almost anyone could slap together a command telling a computer what to do, embed it in an e-mail attachment, and send it off. The minute a user opened the attached document, the macro was execute and the virus infected the system, ready to deliver its payload.
The first macro viruses appeared in 1995. By 1998 there were more than a thousand of them. But the speed at which these viruses spread was still tied to how often people shared infected floppy disks or e-mail attachments. If a user didn’t pass the disk or attachment along to someone else, the virus couldn’t spread. In 1998, however, the Melissa virus arrived, and suddenly the user was no longer an important factor in the equation.
Melissa’s contribution
Melissa arrived as an e-mail attachment. As soon as the recipient clicked on the attachment, the virus used Outlook to mail itself to the first 50 entries in the recipient’s address book. Melissa also infected the user’s Word document template, so any document created thereafter would be infected and mailed to the first 50 addresses as well. The virus began to spread on a Friday and by the next Monday it had reached some 250,000 computers, causing companies to close their mail systems and the US feds to launch an investigation. One company reportedly received 32,000 copies of the virus in less than an hour.
A year later, LoveLetter did Melissa one better by mailing itself to every address in a user’s Outlook book. As administrators scrambled to shut down infected e-mail systems, they found an average of 600 copies of the virus jamming each user’s out-box.
Although the Melissa and LoveLetter viruses were fast moving and fairly annoying, neither destroyed users’ hard drives or rendered systems inoperable.
Unlike its predecessor, which infected documents but did not damage operating systems, NewLove corrupted system files, rendering infected computers inoperable. This, combined with the swift spreading capability of LoveLetter, would have resulted in widespread destruction–if it had worked.
Subscribers 0
Fans 0
Followers 0
Followers