Attack of the Computer Virus, by Lee Dembart


Security experts are afraid that sabateurs could
infect computers with a “virus” that would remain
latent for months or even years, and then cause

Attack of the Computer Virus

By Lee Dembart

Germ warfare-the deliberate release of deadly bacteria or viruses-is a
practice so abhorrent that it has long been outlawed by international treaty.
Yet computer scientists are confronting the possibility that something akin to
germ warfare could be used to disable their largest machines. In a
civilization ever more dependent on computers, the results could be disastrous
-the sudden shutdown of air traffic control systems, financial networks, or
factories, for example, or the wholesale destruction of government or business

The warning has been raised by a University of Souther California reasercher
who first described the problem in September, before two conferences on
computer security. Research by graduate student Fred Cohen, 28, shows that it
is possible to write a type of computer program, whimsically called a virus,
that can infiltrate and attack a computer system in much the same way a real
virus infects a human being. Slipped into a computer by some clever sabateur,
the virus would spread throughout the system while remaining hidden from it’s
operators. Then, at some time months or years later, the virus would emerge
without warning to cripple or shut down any infected machine.

The possibility has computer security experts alarmed because, as Cohen
warns, the programming necessary to create the simplest forms of computer
virus is not particularly difficult. “Viral attacks appear to be easy to
develop in a short time,” he told a conference co-sponsored by the National
Bureau of Standards and the Department of Defense. “[They] can be designed to
leave few if any traces in most current systems, are effective against modern
security policies, and require only minimal expertise to implement.”

Computer viruses are aptly named; they share several insidious features with
biological viruses. Real viruses burrow into living cells and take over their
hosts’ machinery to make multiple copies of themselves. These copies escape to
infect other cells. Usually infected cells die. A computer virus is a tiny
computer program that “infects” other programs in much the same way. The virus
only occupies a few humdred bytes of memory; a typical mainframe program, by
contrast, takes up hunreds of thousands. Thus, when the virus is inserted into
an ordinary program, its presence goes unnoticed by computer operators or

Then, each time the “host” program runs, the computer automatically ececutes
the instructions of the virus-just as if they were part of the main program. A
typical virus might contain the following instructions: “First, suspend
execution of the host program temporarily. Next, search the computer’s memory
for other likely host programs that have not been already infected. If one is
found, insert a copy of these instructions into it. Finally, return control
of the computer to the host program.”

The entire sequence of steps takes a half a second or less to complete, fast
enough so that no on will be aware that it has run. And each newly infected
host program helps spread the contagion each time it runs, so that eventually
every program in the machine is contaminated.

The virus continues to spread indefinately, even infecting other computers
whenever a contaminated program in transmitted to them. Then, on a particular
date or when certain pre-set conditions are met, the virus and all it’s clones
go on the attack. After that, each time an infected program is run, the virus
disrupts the computer’s operations by deleting files, scrambling the memory,
turning off the power, or making other mischief.

The sabateur need not be around to give the signal to attack. A disgruntled
employye who was afaid of getting fired, for example, might plot his revenge
in advance by adding an insruction to his virus that caused it to remain
dormant only so long as his personal password was listed in the system. Then,
says Cohen, “as soon as he was fired and the password was removed, nothing
would work any more.”

The fact that the virus remains hidden at first is what makes it so
dangerous. “Suppose your virus attacked by deleting files in the system,”
Cohen says. “If it started doing that right away, then as soon as your files
got infected they would start to disappear and you’d say ‘Hey, something’s
wrong here.’ You’d probably be able to identify whoever did it.” To avoid
early detection of the virus, a clever sabateur might add instructions to the
virus program that would cause it to check the date each time it ran, and
attack only if the date was identical -or later than- some date months or
years in the future. “Then,” says Cohen, “one day, everything would stop. Even
if they tried to replace the infected programs with programs that had been
stored on back-up tapes, the back-up copies wouldn’t work either – provided
the copies were made after the system was infected.

The idea of viruslike programs has been around since at least 1975, when the
science fiction writer John Brunner included one in his novel `The Shockwave
Rider’. Brunner’s “tapeworm” program ran loose through the computer network,
gobbling up computer memory in order to duplicate itself. “It can’t be
killed,” one charachter in the book exclaims in desperation. “It’s
indefinately self-perpetuating as long as the network exists.”

In 1980, John Shoch at the Xerox Palo Alto research center devised a
real-life program that did somewhat the same thing. Shoch’s creation, called a
worm, wriggled through a large computer system looking for machines that were
not being used and harnessing them to help solve a large problem. It could
take over an entire system. More recently, computer scientists have amused
themselves with a gladitorial combat, called Core War, that resembles a
controlled viral attack. Scientists put two programs in the same computer,
each designed to chase the other around the memory, trying to infect and kill
the rival.

Inspired by earlier efforts like these, Cohen took a security course last
year, and then set out to test whether viruses could actually do harm to a
computer system. He got permission to try his virus at USC on a VAX computer
with a Unix operating system, a combination used by many universities and
companies. (An operating system is the most basic level of programming in a
computer; all other programs use the operating system to accomplish basic
tasks like retrieving information from memory, or sending it to a screen.)

In five trial runs, the virus never took

Leave a Reply

Your email address will not be published. Required fields are marked *