Computer viruses are as dangerous as their health-threatening equivalents and the focus of one of the world’s largest software industries, writes David Shapshak
The word “virus” originally comes from Middle English and was used to denote snake poison. Filtered through Latin where it meant “slimy, liquid, poison” it arrived in English to describe the sub- microscopic particles that carry an infection-causing disease.
In the last decade, however, the first mention of the word virus almost always triggers its most common association: a computer virus.
The last few years have allowed ample fertile breeding ground for these malicious little bits of code that have caused so much devastation.
Virus detecting software is big business, which has become ever increasingly allied to computer security.
Last year alone there were several virulent virus attacks that broke the infection records set in 2000.
The biggie in 2001 was called Code Red and, prior to September 11, even solicited a warning from the FBI as a grave threat to the national infrastructure of the United States. The two strains of Code Red cost an estimated $2,5-billion, says Rob Clyde, chief technical officer for Symantec, one of the largest antivirus software companies.
He warns that these attacks by “hackers”, the name for programmers who write and spread the malicious computer code, are growing faster than the Internet’s own growth rate.
Indeed, after that fateful Tuesday when two hijacked airplanes crashed into New York’s Twin Towers, warnings abounded of a “digital Pearl Harbour” a virus onslaught that would topple America’s computer network by overloading it.
Viruses spread at an alarming rate. More than 2000 computers a minute fell prey to Code Red when it first struck. In just 14 hours it spread from a few dozen sites to nearly 360000 and infected an estimated one million computers.
The Nimda virus, which is known as a worm because it doesn’t need human intervention to spread, infected more than 2,2-million servers and PCs in a 24-hour period.
The cost of downtime and cleaning up Code Red was $2,6-billion and for Nimda was $531-million, according to a Symantec white paper that quotes figures from research firm Computer Economics.
Code Red damage followed that of 2000’s Love Bug, which was previously considered the most costly virus. This came close on the heels of the Melissa virus of 1999, which cost $1-billion.
The estimates of how much viruses could cost usually run into tens to hundreds of million dollars. Computer Economics projected last September that virus and worm attacks this year would cost $10,7-billion. But what these figures don’t show is the extent of lost time and data and immense frustration to ordinary users.
A number of viruses are malicious in that they are destructive to computers, such as the Love Bug that targeted image files. But others, much like the flu, which can be tamed by a variety of treatments, merely incapacitate computers and, once infected, send out multiple e-mails to people in the contacts books of a Microsoft e-mail package. E-mail viruses, which make up 90% of all viruses, are mostly hidden in files attached to the actual message and do their damage once they are opened.
There have been many suggestions on how simply to avoid a virus by not opening any attachments, especially from someone you do not know. Another is only to send plain text messages, not the fancy HTML versions whose popularity has mirrored that of the rise of e-mail itself.
However, there is a much more malicious type of worm attack, known as a “blended threat”, which Clyde says will be the major virus trend for the coming years.
These worms propagate themselves by more than one means. They exploit security flaws in Internet software, be it e-mail packages like the Love Bug and Melissa, or Microsoft’s popular Internet Information Server (IIS) like Code Red and Nimda. Microsoft was quick to release a patch once these were discovered but the damage had been done.
What many of these worms do is cause a denial of service attack, such as the original Code Red, which attacked the White House web server among others, says Clyde. “Code Red II has a different payload that allows the hacker to have full remote access to the web server.”
One of the worst denial of service attacks happened when the virus was pre-hidden on a range of computers and launched itself at some of the most popular websites, including eBay, Yahoo and Amazon. By sending out millions of bogus requests, it overloads the servers and keeps them from performing their tasks, locking out real users.
“To proactively prevent these blended threats requires security practices in addition to the traditional ones,” says Clyde, but warns that “one of the primary reasons for the exponential growth is the more than 30000 hacker-oriented websites. Essentially, we have seen the democratisation of hacking.”
“Hackers are sharing information and the new breed of attacks are standing on the shoulders of other attacks,” he says of worms like Nimda.
Indeed, one demonstration of the extent of hacking was the Honeypot project, in which a virgin network of computers was set up on the Internet as a “honeypot”.
“The results are terrifying,” wrote Observer computer columnist John Naughton. “They suggest that any computer with a persistent Internet connection is scanned for weaknesses on average 17 times a day. A common home user set-up, with Windows 98 and file sharing enabled, was hacked five times in four days. And the fastest time for a server being hacked was 15 minutes after plugging it into the network!”
Naughton quotes security expert Bruce Schneier, who said: “The moral of all of this is that there are a staggering number of people out there trying to break into your computer network, every day of the year, and that they succeed surprisingly often. It’s a hostile jungle out there and network administrators who don’t take drastic measures to protect themselves are toast.”
Often accused as the cause for the spread of viruses because they propagate on its software, Microsoft has countered the security weaknesses of Outlook and Outlook Express with downloadable patches, that plug, as it were, the breaches.
One patch renders the software much safer, but is often not downloaded (http://office.microsoft.com/ Downloads/2000/Out2ksec.aspx), the Redmond firm admitted to Wired.com; although it has been built in the latest versions of Windows XP and Office XP.
Bill Gates realised the common perception that his software is to blame was ruining Microsoft’s chances of evolving its business model from being the maker of software to the seller of web services, under the .NET banner. His “Trustworthy Computing” initiative is aimed at eradicating the perception of computing being less reliable than electricity or water.
“Eventually, our software should be so fundamentally secure that customers never even worry about it,” he wrote in an e-mail earlier this year that was widely considered to signal a new era in secure computing.
But he honestly stated: “No Trustworthy Computing platform exists today. It is only in the context of the basic redesign we have done around .NET that we can achieve this.”
Additional reporting by ITweb