Approaching Zero by Paul Mungo (best way to read e books .TXT) đź“•
The next day, after his friend in Kentucky had picked up the $687, Fry Guy carried out a second successful transaction, this time worth $432. He would perform the trick again and again that summer, as often as he needed to buy more computer equipment and chemicals. He didn't steal huge amounts of money-- indeed, the sums he took were almost insignificant, just enough for his own needs. But Fry Guy is only one of many, just one of a legion of adolescent computer wizards worldwide, whose ability to crash through high-tech security systems, to circumvent access controls, and to penetrate files holding sensitive information, is endangering our computer-dependent societies. These technology-obsessed electronic renegades form a distinct subculture. Some steal--though most don't; some look for information; some just like to play with computer systems. Together they probably represent the future of our computer-dependent society. Welcome to the com
Read free book «Approaching Zero by Paul Mungo (best way to read e books .TXT) 📕» - read online or download for free at americanlibrarybooks.com
- Author: Paul Mungo
- Performer: -
Read book online «Approaching Zero by Paul Mungo (best way to read e books .TXT) 📕». Author - Paul Mungo
It was shortly thereafter that Version 5 escaped. Like most Bulgarians, Teodor
had to share his computer with colleagues at the Technical Institute; with four
people using one machine, with software copying rampant, and with the casual
transfer of diskettes, it was only a matter of time before one of the bugs
began to propagate out of his control. Within weeks Version 5 had spread
throughout Bulgaria. In less than a year it had reached the West—the first
Eastern virus to jump the Iron Curtain. When the virus was examined,
researchers discovered the text string “Vacsina,” which immediately gave a name
to Version 5.
Meanwhile, Teodor continued experimenting. By December 15, 1988 he had advanced
to Version 8. On this variant the payload—the innocuous beep—now sounded only
when an infected computer was restarted from the keyboard (a “warm reboot”),
allowing it to remain hidden for longer. In the best programming tradition, all
his improvements were duly documented and given version numbers as they
appeared.
Later in December a new Bulgarian virus was discovered. It carried a text
string which said it had been authored by a Vladimir Botchev. The bug was
almost certainly written in response to one of Vesko’s magazine articles: in
November Vesko had stated that it would be “difficult” to write a virus that
could infect all EXE files, including the longer ones, and Vladimir had
presumably seen that as a challenge. His virus appeared less than a month after
the article was published. It employed a novel and technically elegant device
that enabled it to attach itself to any EXE file, no matter what length. After
it infected a file it played the tune “Yankee Doodle”—in celebration, perhaps.
This virus was generally not damaging—its payload was the tune—and because it
was easy to detect, it never spread. But the new bug’s payload was immediately
copied by Teodor in his new variant, Version 18, which appeared on January 6,
1989. This one didn’t beep; instead it played “Yankee Doodle,” which Teodor had
lifted, note for note, straight from Vladimir’s program.
Five days later, Teodor produced Version 21, which could remove the virus from
infected files if a more recent version of this bug attacked the same system.
Then, on February 6, 1989, Version 30 appeared. It incorporated a “detection
and repair” capability, that would warn the virus if it had been modified or
corrupted while replicating. Eerily, it could then fix the damage itself by
changing the corrupted instructions back to their original form. It was a kind
of artificial life, though the repair capability was limited (it could handle
only changes of up to 16 bytes in length).
By the end of February Teodor was on to Version 39 and his virus was now full
of tricks: it could infect EXE files of any size,
it could even evade antiviral software. As soon as it noted the presence of
a detection program, it would detach itself from the infected file and hide
elsewhere in the computer’s memory.
With Version 42, which appeared in March, his virus took on a new role: virus
fighter. The Ping Pong boot-sector virus, which is believed to have been
created at Turin University in Italy, had now reached Bulgaria. Ping Pong (also
called Bouncing Ball) was a joke virus: from time to time it simply sent a dot
careering around the screen, like a ball in a squash court. Teodor’s new virus
could detect Ping Pong and was able to modify it in such a way that, after a
time, it destroyed itself, leaving behind its corpse. He persisted with the
tune “Yankee Doodle” as his payload, but he varied the time and frequency it
would play. One of his next variants was Version 44, which plays the tune every
eight days at 5 P.M. This was the version destined to become the most widely
traveled of all Teodor’s viruses: once again, it escaped from his office
machine, probably on a diskette, and spread through Bulgaria; on September 30,
1989 it was sighted in offices of the United Nations in Vienna; and from there,
now known as Yankee Doodle, it traveled the world. It was this version which
caused mayhem at the California publishing house in July 1991.
Teodor continued to develop his virus. The last variant was Version 50, by
which time it had been given the additional power to detect and destroy the
Cascade bug, which had just arrived in
Bulgaria from Austria. Cascade was another joke virus: it caused the letters on
a computer terminal to fall down and pile up in heaps at the bottom of the
screen to an accompanying clicking noise. After it had finished its
performance, a user could resume his work—though he would need to replace the
letters and words that had fallen from his screen. It wasn’t particularly
damaging, though the operator’s nerves could well have been frayed.
After Version 50 Teodor began to explore some of his other ideas. One was a
joke virus that hopped around a hard disk while challenging the operator to
FIND ME! It was unusual in that it was nearly undetectable: unlike other
viruses, Find Me! wouldn’t infect the boot sector or a program file. It created
its own home within infected systems by stealing the name of an EXE file and
attributing it to a new COM file; this new COM file became its hiding place.
It was a clever trick. Teodor knew that on computers with two files of the same
name the COM file is always loaded prior to the EXE file. So his little bug
would get to the screen first, to taunt the operator with “Find Me!” messages.
If the operator looked at his list of files he might notice that he had an
extra COM file with the same name as one of his EXE files, but he generally
wouldn’t realize the significance. Even if he did, the bug would probably be
one step ahead of him. From time to time, Find Me! would create a new COM file
(always with the same name as an EXE file) and transfer itself to a new home,
deleting the old one as it did so. In that way it continued to hop around the
hard disk, usually well ahead of the increasingly irritated operator. It was
possible to remove the bug completely, but it invariably took a few manhours of
frustrating chasing.
Teodor also experimented with “stealth” viruses—silent, deadly, and almost
undetectable bugs that evade antiviral software in much the same way that the
Stealth plane evades radar detection. Stealth technology has been exploited by
virus writers since 1986 (the Pakistani Brain virus has some stealth capability
in that it is able to camouflage its presence on the boot sector), but Teodor’s
was the first that could add itself to a program file without, apparently,
increasing the length of the file. Of course it was only an illusion: the virus
would simply deduct its own length from the infected file whenever it was being
examined.
With his stealth bug Teodor had more or less reached the pinnacle: there was
little he could do to improve the programming of his latest virus except,
perhaps, to add a destructive payload. But, for Teodor, destruction of data or
programs was never the point. He wrote viruses as an intellectual challenge.
None of his viruses had ever been intentionally damaging, though he had become
aware that they could cause collateral losses. He had also realized that a
completely harmless virus was an impossibility. All viruses, by their mere
presence on a computer, can accidentally overwrite data or cause a system to
crash. And the most dangerous of all, he thought, was an undetectable virus
that could spread unstoppably, causing collateral damage without the operators
even being aware they were under attack.
In 1989 Teodor decided to retire from virus writing. His own career up until
then had, curiously, mirrored his friend Vesko’s. While Teodor wrote viruses,
Vesko wrote about them; as Teodor became more proficient at writing bugs, Vesko
became more accomplished at analyzing them. By 1989 Vesko had become Bulgaria’s
most important virus researcher and a major contributor to Western literature
on the subject. He had been invited to submit papers and to lecture at Western
European computer security conferences: he was recognized as an authority on
viruses, particularly those from Eastern Europe.
Vesko’s reputation was due, in a large part, to having been in the right place
at the right time. First, there were his friend Teodor’s bugs. Teodor would
often pass on the programming code to Vesko for analysis, who would then report
on their capabilities in the local press and in Western journals. It was a
convenient arrangement, and the resulting publicity would encourage other
writers. Eventually, what became known as the Bulgarian virus factory started
to pump out bug after bug, each more dangerous
than the last, and Vesko was there to record it. He was in the eye of the
storm, collecting viruses from all over Bulgaria as they spread from computer
to computer. By 1991 he was reporting two new locally grown viruses each week.
In a country with so many bugs flying around, it was inevitable that Bulgarian
computers would become overrun. Most computers in the country had been hit at
least once; many had been hit with multiple viruses at the same time. Because
Vesko was the country’s leading authority on the malicious programs, he was
eventually given responsibility for coordinating Bulgaria’s effort to fight
them off. He was constantly on call. Days he worked in his office in the
Bulgarian Academy of Sciences, where he was given the dour title of Assistant
Research Worker Engineer. Weekends and nights he continued the fight from his
own cramped room on a borrowed Bulgarian clone of an IBM PC. He dealt with ten
to twenty phone calls each day from institutions or firms that had been
attacked by viruses.
By then the Bulgarian virus factory was in full production. It was no longer a
matter of Vesko and his friend Teodor, one a researcher, the other a virus
writer. Bulgaria had spawned some of the most skilled and prolific virus
writers in the world.
In Plovdiv, Bulgaria’s second largest town, a student named Peter Dimov
produced a series of viruses “as revenge against his tutor” and another two “in
tribute” to his girlfriend, Nina (it is not known if she was pleased). One of
Peter’s ambitions was to write the world’s smallest virus: his first came to
under 200 bytes. Later he wrote one only 45 bytes long. For a few weeks it was
the shortest virus known—until another Bulgarian programmer produced one that
was just 30 bytes. Peter was also the author of the first Bulgarian boot-sector
virus as well as two ominous-sounding bugs that he called Terror and Manowar.
But despite their names, neither was particularly damaging. In total, Peter
wrote around twenty-five viruses.
In Varna, on the Black Sea, two students at the Mathematics Gymnasium (Upper
School), Vasil Popov and Stanislav Kirilov, produced a series of viruses and
trojans. Their most dangerous, called Creeping Death (or DIR-2), was reported
to be able to infect all the files on a hard disk within minutes.
Lubomir Mateev, then a twenty-three-yearold university student, and his friend
Iani Brankov wrote a virus together to embarrass their professor when they were
studying at Sofia University. Their first bug was programmed to make a
shuffling noise while he was lecturing that sounded like the rustling of paper.
This virus and a subsequent variant (which borrowed the bouncing-ball payload
from Ping Pong) became known as Murphy 1 and Murphy 2. Highly infectious, they
spread throughout Bulgaria and reached the West in 1991.
Many other programmers and students took a stab
Comments (0)