VIRUS-L Digest Monday, 5 Dec 1988 Volume 1 : Issue 33

VIRUS-L Digest Monday, 5 Dec 1988 Volume 1 : Issue 33

Today's Topics:
Media (virus) humor vs. disinformation
RE: prosecution of Mr. Morris
Computer Virus Eradication Act of 1988
Morris and the worm
Internet Worm report available in ASCII format now
Virus Conference (Arlington, Virginia)

---------------------------------------------------------------------------

Date: Mon, 5 Dec 1988 9:41:18 EST
From: Ken van Wyk <[email protected]>
Subject: Media (virus) humor vs. disinformation

This weekend, a friend of mine gave me some political cartoons that he
had found in some publications (I don't know which ones). The
cartoons were somewhat amusing, but certainly showed that there must
still be quite a lot of confusion in the media as to what a virus even
is. For example, two robots (which beared no resemblance to, say, a
PUMA robot...) were shown - one says to the other, "Oh, I'll be ok,
it's just a virus that I picked up from a computer." In another, a
military defense system is shown with a large screen saying something
like:

WARNING: INCOMING MISSILES
TARGET: MIX EGG WHITES UNTIL FLUFFY

All the while, two generals are saying, "Must be a virus". (This
isn't verbatim, but that's the jist of it.) Also, in a third cartoon,
a computer operator is saying something like, "the vote tallying
computer is infected by a virus, we'll have to hold the election over
again".

My reaction - Oh no.

Ken

------------------------------

Date: Mon, 5 Dec 88 08:18 CDT
From: [email protected]
Subject: RE: prosecution of Mr. Morris

On the subject of the prosecution of Mr. Morris, and virus
perpetrators in general, a lot has been said regarding the man-hours
required to clean up the mess, and equate that to a dollar cost.
However, nobody has rationalized that equation. In other words, would
the system maintainers have been doing if they hadn't been getting rid
of the worm? What was the actual value of computer time lost? If
schedules were slipped due to computer unavailability, what was the
cost associated with that? Who were the real money losers? Granted,
any way you slice the pie, the U.S. government is probably going to
come out the biggest loser, whether it's due to government employees
cleaning up a government owned computer, or contractor employees doing
the same on a cost plus contract. However, I feel the calculation of
the actual dollars lost may be a lot more elusive than simply
multiplying dollars by hours, and in the Morris case could be much
larger or much smaller than the $20 million estimation being bandied
about.

Malcolm Petcher
Texas Instruments, Inc.
"The opinions are my own. The facts are gospel."

------------------------------

Date: Mon, 5 Dec 88 11:11:06 EST
From: Don Alvarez <[email protected]>
Subject: Computer Virus Eradication Act of 1988

I just received a copy of HR-5061, a new bill being introduced
in the House by Wally Herger (R-CA) and Robert Carr (D-Mich.).
The text of the bill is included below (see disclaimer).

It sounds to me like there are some subscribers to VIRUS-L
who's background is more criminal law than computer science,
perhaps some of you could help the rest of us out with a little
commentary. Would this bill be helpful to you? Do you think
you would be able to get a conviction with it? Do you think
you would be able to recover your damages with it (and how would
you go about defining those damages if you were to use the law)?

If people are interested in sending their comments to the
authors, I include the name and address of the legislative
aide who has been working on this bill. If people would like
to e-mail their comments, you can send them to me and I will
mail them to him in a packet (be sure to include your name and
normal postal mail adress, as congress isn't on the net).

Happy trails,
Don Alvarez
[email protected]

- ------Start of Bill

100th Congress 2D Session H.R. 5061
To amend title 18, United States Code, to provide penalties for persons
interfering with the operations of computers through the use of programs
containing hidden commands that can cause harm, and for other purposes.

IN THE HOUSE OF REPRESENTATIVES July 14, 1988
Mr. Herger (for himself and Mr. Carr) introduced the following bill;
which was referred to the Committee on the Judiciary

A BILL
To ammend title 18, United States Code, to provide penalties for persons
interfering with the operations of computers through the use of programs
containing hidden commands that can cause harm, and for other purposes.

1 Be it enacted by the Senate and House of Representa-
2 tives of the United States of America in Congress assembled,
3 SECTION 1. SHORT TITLE.
4 This Act may be cited as the "Computer Virus Eradica-
5 tion Act of 1988".

- -------Page 2

1 SECTION 2. TITLE 18 AMENDMENT.
2 (a) IN GENERAL.- Chapter 65 (relating to malicious
3 mischief) of title 18, United States Code, is amended by
4 adding at the end the following:
5 "S 1368. Disseminating computer viruses and other harm-
6 ful computer programs
7 "(a) Whoever knowingly-
8 "(1) inserts into a program for a computer infor-
9 mation or commands, knowing or having reason to be-
10 lieve that such information or commands will cause
11 loss to users of a computer on which such program is
12 run or to those who rely on information processed on
13 such computer; and
14 "(2) provides such a program to others in circum-
15 stances in which those others do not know of the inser-
16 tion or its effects;
17 or attempts to do so, shall if any such conduct affects
18 interstate or foreign commerce, be fined under this title or
19 imprisoned not more than 10 years, or both.
20 "(b) Whoever suffers loss by reason of a violation of
21 subsection (a) may, in a civil action against the violator,
22 obtain appropriate relief. In a civil action under this section,
23 the court may award to the prevailing party a reasonable attor-
24 ney's fee and other litigation expenses.".

- --------Page 3

1 (b) CLERICAL AMENDMENT.- The table of sections at
2 the begining of chapter 65 of title 18, United States Code,
3 is amended by adding at the end the following:
"1368. Disseminating computer viruses and other harmful computer programs.".

- --------End of Bill

>>>>NOTE: The above text was typed in by hand from a printed copy of HR5061
>>>> received from Mr. Herger's office. I have no experience with
>>>> legal docu>> errors which could affect the nature of the bill. Neither
>>>> I nor my employer (MIT Center for Space Research) make any claims
>>>> as to the accuracy of the text. For an official copy of the
>>>> bill, please contact:
>>>>
>>>> Mr. Doug Riggs
>>>> 1108 Longworth Bldg
>>>> Washington D.C. 20515

+ ----------------------------------------------------------- +
| Don Alvarez MIT Center For Space Research |
| [email protected] 77 Massachusetts Ave 37-618 |
| (617) 253-7457 Cambridge, MA 02139 |
+ ----------------------------------------------------------- +

------------------------------

Date: Mon, 5 Dec 88 14:01:15 CST
From: Kevin Trojanowski <[email protected]>
Subject: Morris and the worm

Something I've noticed in the many notes present within this group --
most, if not all, of them discuss the Novemberm, or
has been convicted beyond a reasonable doubt. Let us remember that in
this country, it's innocent until proven guilty, not guilty as soon as
the FBI arrests you.

If you've not read the Worm analysis, I suggest doing so. It provides
an interesting insight into the possibility that Morris may not have
written the worm, or may not have done so alone. It cites examples of
poor coding, inconsistent coding, and poor algorithmic use.

- -Kevin Trojanowski
[email protected]

------------------------------

Date: Mon, 5 Dec 1988 15:43:52 EST
From: Ken van Wyk <[email protected]>
Subject: Internet Worm report available in ASCII format now

A hearty thanks to Len Levine who has (painstakingly, no doubt) taken
the PostScript file of Gene Spafford's report on the Internet worm and
converted it to straight ASCII text (well, PostScript is ASCII, but
not very readable to most of us...)!

So, my U.S. mail distribution of the file can now include eitherk (360k or 1.2 meg MS-DOS),
and I'll mail it back to you. If you want both the PS and the DOC
file, send two 360k disks or one 1.2 meg disk. Oh yeah, first e-mail
me a request for my postal address.

Thanks again, Len!

Ken

------------------------------

From: [email protected]
Date: Mon, 5 Dec 88 16:16:54 est
Subject: Virus Conference (Arlington, Virginia)

A flyer about a virus conference just came across my desk, and I was
wondering if anyone else has heard about it and is considering
attending. Entitled "Preventing and Containing Computer Virus
Attacks", it takes place January 30-31, in Arlington, VA. Speakers
include Representative Wally Herger (R-CA), a special agent from the
FBI, John Landry (ADAPSO virus committee chairman), Patricia Sission
from NASA, as well as a collection of attorneys and business folk.
Conference is chaired by Dave Douglass, no info provided.

Have you heard anything about any of these people? Or any info that
would help 4550 Montgomery Avenue
Suite 700N
Bethesda, MD 20814-3382

I've had such mixed success with seminars and conferences that I tend to
get jumpy when I see one that I might want to attend.

- - Gregg

___________________________________________________________________________
Gregg TeHennepe | BITNET: gateh@conncoll
Minicomputer Specialist | Phone: (203) 447-7681
Academic Computing and User Services
Connecticut College
New London, CT 06320

------------------------------

End of VIRUS-L Digest
*********************
Downloaded From P-80 International Information Systems 304-744-2253