[AI] A quarter century of tech bugs

sanjay ilovecold at gmail.com
Sat Jul 28 07:06:44 EDT 2007


The first one was a prank. Now, viruses want your wallet.
By Chris Gaylord | Staff writer of The Christian Science Monitor

In 1982, the only computer virus people had to worry about was something of a poet. Once the mischievous code lodged itself 

into an Apple II computer, the
virus spouted verse:

"It will get on all your disks/ It will infiltrate your chips/ Yes it's Cloner!" the bardic virus displayed on screens every 

50th time the machine started
up. "It will stick to you like glue/ It will modify RAM too/ Send in the Cloner!"

If only today's computer viruses were so benign.

Twenty-five years later, the worms, bots, and other "malware" that sneak onto computers are far more than mere annoyances. 

They swindle users, overwhelm
networks, and cause billions of dollars in damage each year.

Such a future was unimaginable to Richard Skrenta when he programmed that first virus back in 1982. He was 15 at the time. 

Calling his code the "Elk Cloner"
-­ after the elk head trophy that hung in his father's study -­ the ninth-grader released the program as a practical joke.

The code infected operating systems, then spread to floppy disks, then contaminated other operating systems, and copied 

itself to other floppies.

It infected his friend's computers, as intended. But before long, the poem popped up on his math teacher's computer, and 

later on the computers of complete
strangers.

"I realized that it would spread, but my imagination didn't picture it spreading all around the world," says Mr. Skrenta, who 

last month stepped down as
CEO of the social networking site Topix.net to pursue other start-ups. He seems to get a kick out of reporters still asking 

questions about his little
prank 25 years later.

"What you have to remember is that there were no laws against this kind of thing," he says. "The idea of the evil hacker 

didn't even exist at the time."

But as more programmers thought up wicked malware, media attention followed.

There was the infamous "Morris worm" that wiggled through the nascent Internet in 1988. Programmed by a Cornell University 

student, the worm clogged systems
across the country and cost researchers up to $10 million in lost time as they weeded out the self-replicating code.

Then came the "Michelangelo virus," a ticking-bomb program that threatened to erase thousands of hard drives simultaneously 

on March 6, 1992. Like the Y2K
bug that followed, however, Michelangelo scared more people than it hurt.

These early codes and the scores that came in between had a much different goal than today's crop of malware. They were 

designed to vandalize, earn bragging
rights, and tinker with new technology. It was a time of hobbyists, says Zulfikar Ramzan, a senior principal researcher at 

the computer security firm Symantec
in Cupertino, Calif.

But around 2001, the trend shifted. Amateur-made viruses gave way to a new breed - one that was more evolved, relied on 

stealth, and targeted your wallet.

New schemes, new virus vocabulary

So what changed? For one, a growing number of Americans started to use the Internet for banking, shopping, and advertising. 

Once real money started flying
through cyberspace, hackers began to devise nefarious business plans.

"It used to be that most of the new malware we discovered appeared during nights and weekends - when hobbyists would have 

time to work on them," Mr. Ramzan
says. "Nowadays, the virus writers are more active during office hours."

Hackers no longer want to share poetry or wipe your hard drive clean. After all, if a virus erases disks, it erases itself - 

and the opportunity to take
advantage of unsuspecting computer users would be lost.

Now viruses can infect computers and the user might never know. Digital beasties such as "rootkits" burrow deep into 

operating systems. "Spyware" lurks
behind the scenes, quietly sending passwords or other data to hackers. "Bots" can even allow hackers to take over systems. 

Once "bot herders" lasso enough
computers, they can order thousands of hijacked machines to stampede networks, overwhelming websites and possibly 

blackmailing the companies that run them.

Bots in particular are hard to track down because they are often international in scope, says Dave Marcus, security research 

and communications manager
for McAfee's antivirus lab in Santa Clara, Calif. A herder can operate in Romania, commandeer a computer in China, and then 

attack a network in the United
States.

In fact, he says, 80 to 90 percent of all spam comes from infected machines.

Another major change from the hobbyist phase to today's era of full-time criminal coders: sheer volume.

In 2002, McAfee's antivirus team found 100 new malware designs each week, says Mr. Marcus. Now, the Internet snoopers 

discover 125 to 175 new codes every
day.

Hackers caused $13.3 billion in damages last year, according to a report released last month by Computer Economics, a digital 

research firm in Irvine, Calif.
But thanks to wider adoption of security software, that number is down from $17.5 billion in 2004.

One challenge in fighting malware is that current antivirus measures are still largely reactive. Once a company spots a 

problem, it can take days or weeks
to plug the hole - plenty of time for viruses to slip in.

Of course, the biggest problem is not the computer's defenses, it's the people using the machines, says Richard Ford, 

director of the Center for Security
Science at the Florida Institute of Technology in Melbourne, Fla.

"Humans are always going to be the weakest link," he says. "If a hacker can convince you to download a malicious file or, 

better yet, trick you into deleting
good files, then it doesn't matter what precautions you have in place."

A future threat: cellphone viruses

Antivirus experts agree that it's just a matter of time before cellphone viruses reach US shores. They already exist in 

England and Japan, where mobile
phones play a bigger role in everyday life.

"One thing protecting Americans now is that there is no dominant cellphone standard," unlike on computers, where Microsoft 

Windows enjoys a 90 percent market
share, says Ramzan. However, "I wouldn't be surprised if something came up soon to attack the BlackBerry."

Earlier this week, a team of security advocates claimed to have cracked Apple's month-old iPhone, allowing hackers to swipe 

personal information from users.

The development is a sign that computer viruses will stalk networks long after this silver anniversary fades.

"Fifty years from now we'll still be plugging away," says McAfee's Marcus. "But let me say this: We're at the front lines of 

this fight, and even though
there is so much that we deal with, even we don't think it's doomsday."



More information about the AccessIndia mailing list