TITLE: Virus Wars: A Serious Warning
FROM: PC Magazine
DATE: February 29, 1988
by: John C. Dvorak
-----------------------------------------------------------------------
A new computer virus is infecting microcomputers around the world.
Where is the utility that will prevent our PCs from becoming victims in
this epidemic?
-----------------------------------------------------------------------
A computer virus (sometimes called a Trojan horse or a worm) is a
small and sinister piece of software code that literally infects your
machine. It is inserted into a public-domain or bootleg program and,
when the program is used, the virus code is alerted and rewrites itself
into something in your system and typically (and eventually) calls a
hard disk routine and tells the disk to erase itself. Computer
sabotage. It's getting worse and we should all be aware of it. On the
West Coast a battle wages where Apple Macintosh users and IBM PC users
are loading software with viruses to "attack" their foe: a user of the
other kind of machine.
THE LEHIGH VIRUS
Meanwhile, one virus has made headlines. It was released at Lehigh
University. Here's an excerpt from a memo sent out over UseNet from
Kenneth R. van Wyk, User Services Senior Consultant, Lehigh University
Computing Center. It describes the virus that was set loose just
before Thanksgiving last year and is now floating around the world.
"Last week, some of our student consultants discovered a virus
program that's been spreading rapidly throughout Lehigh University. It
has the chance of spreading much farther than just our University. We
had no idea where the virus started, but some users have told me that
other universities have recently had similar problems.
"The virus itself is contained in the stack space of COMMAND.COM.
When a PC is booted from an infected disk, all a user need do to spread
the virus is to access another disks via TYPE, COPY, DIR, etc. If the
other disk contains COMMAND.COM, the virus code is copied to the other
disk. Then, a counter is incremented on the parent. When this counter
reaches a value of 4, and and every disk in the PC is erased
thoroughly. The boote the FAT tables, etc.
All Norton's horses couldn't put it back together again. This affects
both floppy and hard disks. Meanwhile, the four children that were
created go on to tell four friends, and then they tell four friends,
and so on, and so on.
"Detection: while the virus appears to be very well written, the
author did leave behind a couple footprints. First, the write date of
COMMAND.COM changes. Second, if there's a write protect tab on an
uninfected disk, you will get a WRITE PROTECT ERROR. So, boot up from a
suspected virus'd disk and access a write-protected disk--if an error
comes up, then you're sure. Note that the length of COMMAND.COM Does
not get altered.
"I urge anyone who comes in contact with publicly accessible disks to
periodically check their own disks. Also, exercise safe computer--
always wear a write protect tab.
"This is not a joke. A large percentage of our public site disks has
been gonged by this virus in the last couple days."
The mainstream computer magazines seldom discuss these destructive
little gags, even though there are plenty of them. PC users must make
themselves aware of these things. If a virus program got into a
corporation and started eating hard disks, you can be sure that the
next time someone brought in some software from home, it would quickly
be confiscated. This kind of thing only encourages MIS departments to
take total control of the microcomputer installation. Remember, that
most talented of the hackers love to design programs like this just to
harass the average PC user.
We need some utilities that check the integrity of our computer
systems. Of course, these programs would be quickly defeated by some
maniac who would find the loophole in the algorithm, and the integrity
checker would have to be forever updated. (Sounds like a money-maker!)
Some say that the solution to these sick jokes is to perpetually back
up the hard disk like a good little boy. Great. I back up my hard
disk once a year whether it needs it or not. So what am I (and most
users) supposed to do in between times?
All you can do is be careful and know that someone out there is about
to make your life miserable if you're not prudent.
Viruses seem to be a very hot item these days as I've explained in previous
issues of TNS. Besides the many articles on viruses that have been published
(many of which are in previous issues of TNS or future issues) I have seen
several news reports on the dangers of computer viruses. All of this hysteria
has been caused by a few incidents at several universities here and Hebrew
University. Other tensions are still around because of the Chaos Computer
break-ins in NASA's SPAN network.
