American library books » Computers » Approaching Zero by Paul Mungo (best way to read e books .TXT) 📕

Read book online «Approaching Zero by Paul Mungo (best way to read e books .TXT) 📕».   Author   -   Paul Mungo



1 ... 18 19 20 21 22 23 24 25 26 ... 40
Go to page:
for

instance—then, once loaded on to a computer, it searches out other programs to

infect. It is generally harmless in that it never attacks data files, the ones

users actually work on, so it can’t cause serious damage. Its nuisance value

comes in eradicating it: deleting programs and then replacing them can be

timeconsuming.

 

In the meantime, to stop the virus from spreading any farther, the company

decided to shut down the entire network of 1,500 computers, leaving machines

and staff idle. The technical-support specialists estimated that killing the

bug and replacing the programs would take them two or three hours at the most.

But by mid-afternoon they realized that they had underestimated the size of the

job, and arranged to come in over the weekend. In the end, the technical

staff worked for four days, Friday through Monday, before they were satisfied

that all the machines were free of the virus. During that time computers and

staff were inactive, neither processing work in progress nor going ahead with

anything else.

 

The computers worked well for the next three days, but then, at ten A.M. on

Thursday, July 4th, the virus was rediscovered. In a routine scan of one of the

computers with the new antiviral software, one member of a small crew working

over the Independence Day holiday received a big shock: Yankee Doodle was back.

 

The technical specialists, called into the offices from their homes, discovered

to their horror that this time 320 machines had been infected and when they

asked the maker of the antiviral software for an explanation, they were simply

told, “You missed a spot.

 

The company was forced to shut ctown Its Computers again, and again staff and

machinery sat idle while the support staff searched laboriously through every

program on all 1,500 machines. There was no damage: the bug was eradicated and

the programs reinstalled without even a byte of data lost. But the lack of

damage disguised the virus’s real cost in downtime. By the time Yankee Doodle

had been completely eradicated, the company had suffered one week of lost

production, one week in which 1,500 staff were idle, one week of irrecoverable

business. The company never quantified its loss, but it is estimated to run

into the hundreds of thousands of dollars—all from what was purported to be a

harmless virus.

 

Since 1990 virus researchers have pieced together a history of Yankee Doodle.

It was first spotted in 1989 in the United Nations offices in Vienna on a

computer game called Outrun. The game is proprietary, though unauthorized

pirate copies are often passed , around on diskette. Someone, somewhere, is

thought to have infected a copy of the game, accidentally or deliberately, and

the Virus began its travels, first to Vienna, then around the world courtesy of

the United Nations. Though there are known to be fifty-one versions of the

virus, they are all based on one original

prototype. And that program, despite the virus’s all-American name, was written

in Bulgaria.

 

In the same month that the California publishing company was trying to

eradicate Yankee Doodle, a major financial-services house on the other side of

the country was hit by another bug. This one wasn’t a joke; it was deliberately

malicious.

 

The first symptoms appeared when one of the secretaries was unable to print out

a letter she had just entered into her computer. In such cases people usually

follow the same routine: the secretary checked the paper, switched both the

computer and the printer off and on, and then fiddled with the connecting

cables. Still nothing printed out. Finally she rang her company’s

technical-support office.

 

When the specialist arrived, he began running tests on the affected machine.

First he created a new document and tried printing it out, but that didn’t

work. He then guessed that the word-processing program itself was defective,

that one of its files had become corrupted and was preventing the machine from

printing. He went to another computer and copied out the list of program files

used by the company, which showed the names of the programs and their size, in

bytes (or characters). He then compared the files on the problem machine with

the list. Everything matched, except that eight of the files on the affected

computer were slightly larger than on the other. He checked the differences,

and in each case the files on the problem machine were exactly 1,800 bytes

larger.

 

With that information, the specialist knew immediately that the company had

been hit by a virus; he also knew it was 1,800 bytes long and attached itself

to program files. He called his supervisor, who hurried over with a

virus-detection diskette. They inserted it in the infected computer and

instructed it to check the machine for viruses. Program file names appeared

briefly, one by one on the screen, as the virus detector bustled through its

checks, examining each file for known bugs. After five minutes, a message

appeared on the screen: it stated that eighty-three files had been checked and

no virus had been found. In exasperation, the supervisor called the vendor of

the virus-detection program.

 

“It does sound like you’ve got a virus,” the vendor agreed. ‘But if it’s not

getting picked up by our software, then it must be a new virus. Or a new strain

of an old one.”

 

Most virus-detection programs operate by looking for known characteristics of

familiar viruses—in other words, for a string of text or a jumble of

characters that is known to be contained within the program of a previously

discovered bug. Such virus detection kits are, of course, unable to detect new

or modified viruses.

 

At the suggestion of the vendor, the technical-support staff began a search of

one of the infected files, looking for text or messages. Specialized software

is needed to inspect the inside of the program file; during the inspection the

screen displays a jumble of computer code. But within the code the staff saw

two strings of text: EDDIE LIVES … SOMEWHERE IN TIME! said the first. The

second announced: THIS PROGRAM WAS WRITTEN IN THE CITY OF SOFIA

1988—1989 (C) DARK AVENGER.

 

The supervisor phoned the vendor again: “Who the hell is the Dark Avenger?”

 

The short answer, the vendor explained patiently, is that no one knows. The

Dark Avenger is an enigma. Most virus writers remain anonymous, their viruses

appearing, seemingly, out of the ether, without provenance or claimed

authorship, but the Dark Avenger is different: not only does he put his name to

his viruses, he also signals where they were written—Sofia, the capital of

Bulgaria. The Dark Avenger’s viruses began seeping into the West in 1989. They

are all highly contagious and maliciously destructive.

 

“The virus you’ve been hit with is called Eddie, or sometimes the Dark Avenger,

the vendor told the increasingly worried technical-support supervisor. “It must

be a new strain or something. That’s why it wasn’t picked up. Is there any

other text message, a girl’s name?”

 

The supervisor took a closer look at the virus. “I missed it

before. There’s another word here, Diana P. What does this thing do?”

 

“Well, as it’s a new version, the answer is I don’t know. Until we’ve seen a

copy, it’s anybody’s guess.”

 

To discover what a virus actually does, it has to be disassembled, its

operating instructions—the program—taken apart line by line. This is a

difficult and timeconsuming process and can be carried out only by

specialists. In the meantime the technical support staff could only wait and

watch as the virus spread slowly through the company, bouncing from machine to

machine via the network cables that interlinked the company’s 2,200 computers.

 

Viruses like Eddie work by attaching a copy of themselves to an executable

file; whenever an infected program is used, the virus springs into action. It

usually has two tasks: first, to find more files to infect; then, after it has

had enough time to spread its infection to release its payload. It was obvious

that Eddie was spreading so it was already performing its infection task. What

was worrying was what its payload would prove to be.

 

To arrest the spread of the bug, it was decided to turn off all the computers

in the company and wait until the virus could be cleaned out. It was a

difficult decision—it would mean downtime and lost business—but it was a

sensible precaution. It was later discovered that the payload in the Eddie

variant was particularly malicious. When unleashed, it takes occasional

potshots at the hard disk, zapping any data or programs it hits. The effect is

equivalent to tearing a page out of a book at random. The loss of the pages may

not become evident until one can’t be found. But on a computer, if the loss

goes undetected over a period of time, then the backup files, taken as a

security measure in case of problems with the originals, could also have pages

missing. The slow corruption of data is particularly insidious. Any computer

breakdown can cause a loss of data, necessitating some reentry of the affected

transactions since the last backup. But if the backups are also affected, then

the task could become impossible. At worst, the data could be lost forever.

 

In this instance some data was irrecoverably destroyed, even though only sixty

machines were found to be infected. But, in a sense, the company had been

lucky: because Eddie had taken a potshot at a secretary’s word-processing

program and knocked out its print capability, it was discovered fairly early

on. Had it lurked undetected for longer, it could have destroyed even more

data.

 

The process of checking all 2,200 computers in the company took four and a half

days, with a team of twelve people working twelve hours a day. Every executable

file on every hard disk on every machine had to be checked. The team had

special programs to help with the task, but viruses could easily get wrapped up

inside “archived” files—files that are compressed to save computer space—

where they can escape detection. All archived files had to be expanded back to

their full size, checked, and then packed away again. That took time. Also, all

diskettes had to be checked, a nearly impossible task given the difficulty in

finding them: diskettes have a habit of disappearing into black holes in desk

drawers, in briefcases, in storage cupboards.

 

The computer diskette has now assumed the generality of paper as a medium for

storing information. Staff with home computers often carry diskettes to and

from their office, and it makes sense that diskettes containing valuable data

should be stored off-site, as a precaution against problems with the office

computer. But the home PC also encourages the transfer of viruses among families. A student might transfer a virus from college to home; a parent might

transfer a virus from home to office. For the most part, viruses are spread

innocently, but there is now such a large traffic in diskettes that it is

usually impossible to trace the source of an infection.

 

After seven hundred hours of intensive effort, the technicalf support staff

felt confident they had eliminated all traces of Eddie. Their confidence was

short-lived. Within a week Eddie was back. This time they lost a further one

and a half days’ work. (Because it is very difficult to remove all traces of a

virus, 90 percent of victims suffer a recurrence within thirty days.)

After the final bout of Eddie was cleared away, executives of

the company tried to quantify how much the bug’s visit had cost them—not that

any of it would be recoverable from insurance. “We lost $500,000 of business—

really lost business, not orders deferred until we could catch up, but business

that had to be done there and then or it went to a competitor,” said

1 ... 18 19 20 21 22 23 24 25 26 ... 40
Go to page:

Free e-book: «Approaching Zero by Paul Mungo (best way to read e books .TXT) 📕»   -   read online now on website american library books (americanlibrarybooks.com)

Comments (0)

There are no comments yet. You can be the first!
Add a comment