Virus attacks expected to rise as world grows more connected

WASHINGTON -- A new generation of destructive computer viruses like the ExploreZip "worm" that struck last week exposes the vulnerability of an increasingly networked society.

While diligent computer users can protect their data, experts said, the prospect is for more widespread and frequent disruptions.

The new virus, which is spread through e-mail attachments, is the third major bug to sweep through cyberspace since late March, when the Melissa virus overwhelmed systems with floods of messages. An even more damaging virus named Chernobyl struck in late April, but it did most of its harm overseas. ExploreZip, experts say, combines Melissa's propensity to spread easily with Chernobyl's vicious payload. It may have infected hundreds of thousands of personal computers, forcing many firms to unplug their Web servers from the Internet and disrupting communications and commerce across the planet. "There's a proliferation of these viruses," said Tommy Wald, president of Netforce Technologies in Austin, which specializes in data recovery. "What's complicating it even more is that they're getting even more sophisticated. They're hard to recover at times, and it seems they're getting harder to detect." "There's literally hundreds of viruses being created every month," Wald said. "A lot of it is the hacker-types that have nothing else to do with their time and just want to see how good they are. The biggest reason behind it is notoriety and ego." With the rapid spread of computer technology through the business world and into American homes, the number of virus writers has grown dramatically. Anyone who has taken a basic computer class can adapt a virus and add his -- or rarely, her -- name to it. What kind of people write such software bugs, and why do they do it? Virus writers "are in love with doing harm for its own sake," said Bruce Sterling, the author of Hacker Crackdown, a study of the subculture. "They poison the digital wells and the flowing rivers. They believe that information ought to be poisonous and should hurt other people. Internet people build the networks for the sake of the net, and that's a fine and noble thing. But virus people vandalize computers and nets for the pure nasty love of the wreckage." And yet not every virus writer can be labeled as an evil, technophobic prodigy. The author of the Melissa virus turned out to be David L. Smith, 30, of Eatontown, N.J., a highly regarded programmer for an AT&T subcontractor. Steven Altman, Smith's attorney, says his client never intended to do harm, and that he has been wrongfully portrayed as a dangerous computer hacker and has been victimized by Washington's crackdown on high-tech crimes. "The computer world is a world where people do things, experimental things, just about every day," Altman said. "Nothing he did, or intended to do, had a premeditated or wrongful intent." It is not a crime to write a virus. Rather, the criminal offense is to damage someone else's computer or the data stored on it, or to incite others to spread viruses. Sarah Gordon, a British researcher who has written extensively on the subject, said that "while many virus writers are motivated by bad or even criminal intentions and desires, it is dangerous to assume that this is true of every person who ever writes a program that can be classified as a virus." However diverse the group of virus writers may be, the rapid rise of the Internet has vastly enlarged their ability to cause serious damage. Even some of the Internet's greatest champions now question whether this increasingly powerful tool is truly safe. In the pre-networked era of the early 1980s, many stand-alone users of personal computers failed to take software viruses very seriously. One computer pioneer argued at the time that most reported virus incidents were an urban myth, like alligators in New York City sewers. At a time when most computers were self-contained universes, one simply rebooted the machine to execute an anti-virus program that searched for bugs and quashed them. But in the networked world, protection is more difficult. Modern computer viruses can attack your computer without your even knowing it, warned Jeff Carpenter, team leader at the Computer Emergency Response Team, at Carnegie Mellon University's Software Engineering Institute. "They are introduced," Carpenter noted, "when you take some action, such as opening up a document, executing a file or a program you obtained somewhere... when you double-click on an e-mail attachment or on an infected floppy disk." In the ExploreZip incident, the FBI issued a warning against opening any suspicious e-mail attachments. Like common cold germs, today's Internet-borne computer viruses come in many mutations. Some are simply annoying, while others can be embarrassing or highly destructive. Software experts sort malicious bugs into categories known as Trojan horses, viruses and worms. ExploreZip has hit the jackpot by showing characteristics of all three. Like a Trojan horse, it masquerades as an innocent program: a self-extracting compressed-document file that relies on a user to launch it. Like a virus, ExploreZip finds a home on a target system, restarting itself whenever the system reboots. And like a worm, the program uses network facilities to propagate itself without relying on further user action.

Copyright 1999
Provided by ProQuest Information and Learning Company. All rights Reserved.