Forwarded From: William Knowles <erehwon@kizmiaz.dis.org>
(April 28, 1999 12:46 a.m. EDT http://www.nandotimes.com) - Even the most
stout-hearted hard drive would shudder. Copies of more than 43,000
computer viruses are kept under lock and key at the Malicious Code
Laboratory in rural Pennsylvania, a facility operated by a company that
has become the equivalent of the World Health Organization for the data
processing industry.
"That lab in Carlisle, Pa., has good physical security. You cannot get in
without a key card," assures Roger Thompson, the affable, Australian-born
technical director for malicious code research for the firm.
His company - ICSA Inc., which has its headquarters in a Washington, D.C.,
suburb - uses the pernicious software to test and certify dozens of
commercial security programs that corporations and individuals hope will
protect them from malicious hackers.
Thompson said the list of known viruses grows by about 1,000 a month, but
many of these are simple modifications of older viruses.
"Of all of the thousands of viruses we've identified, only about 150
actually get onto very many people's computer desktops. And maybe another
500 or so make it to localized outbreaks," Thompson said.
The reason, despite tremendous media hype, is that computer viruses
generally have a hard time proliferating. Writers of virus programs have a
hard time designing a bug that will attack most personal computers because
of the incredible diversity of software that computers use.
"There are a few viruses that we call Win32-infectors, because they attack
the Windows operating system itself. But these are very hard to write, so
we don't see many of them," Thompson said.
Instead, virus authors rely upon "macro" programs that attach to specific
kinds of software.
"We've identified about 4,000 macro viruses that attach themselves to
Microsoft Office products. The reason these guys do this is they want
their viruses to spread, so they pick popular software," Thompson said.
Police arrested David L. Smith, 30, of Aberdeen Township, N.J., last month
and charged him with authorship of the "Melissa" virus, which disrupted
e-mail systems for several large companies, including Charles Schwab & Co.
"Melissa wasn't overly bright. It only targeted Microsoft Mail, which
isn't all that popular. But the guy found a good way to get his virus to
spread," Thompson said.
The program gummed up e-mail systems by sending out thousands of versions
of itself, as well as pornographic Web site passwords and addresses.
Despite its simplicity and the severe limitations on the kinds of software
it attacks, Melissa received enough news coverage to accelerate security
concerns for businesses that increasingly rely upon the Internet.
"We are now a wired world," said Laurie W. Wagner, senior vice president
for marketing at ICSA. "So security has become an issue for everyone, from
simple consumer marketing to business-to-business transfer of critical
information."
Wagner said anti-virus programs and other software designed to protect
computer equipment are expected to grow from a $5 billion industry in 1997
to $25 billion by 2003. That's a lot of money in order to stop a handful
of bored and mostly youthful mischief-makers.
"A lot of them truly are kids," Thompson said. "I've met one guy who used
to be known as 'Storm-Bringer' who has come across from the dark side. He
was an intelligent young man who just decided to grow up. It was clear
that this (virus writing) was something he did just because he knew how."
Measures to defeat "hackers" - computer enthusiasts who delight in gaining
access to private, often sensitive, computer files using telephone lines
or the Internet - are also becoming big business. Internet security
services alone are projected to grow from a $4.6 billion market in 1996 to
$11.6 billion within three years.
ICSA computers at its Reston, Va., headquarters endlessly look for ways
that hackers could break into corporate data systems. Once identified,
these "back doors" are either closed or given "firewall" software
protection to prevent unwanted outside access across the Internet.
"Frequently, we find a lot of undocumented Web addresses that companies
didn't know about," Wagner said. Hackers can gain access to an entire
computer system through an unprotected site on the Web.
"We conducted a scan for one company that had more than 1,000 undocumented
sites," she said. "They were pretty surprised."
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
Received on Thu Apr 29 08:52:28 1999