|
|
 |
|
 |
 |
| CONTAGIOUS VIRUS | |
 June 15, 1999 
|
||
|
|
A type of computer infection is spreading through the Internet. "The worm," as it's called, is much like a virus and can erase your hard drive. This time, however, it is designed to come from people you know.
|
|
MARGARET WARNER: Let me interrupt you right there. We have a graphic showing the kind of thing you would get on your computer. And you get a message, essentially, an e-mail from someone, one, that you know and also you just sent an e-mail to this person, correct? So it's perfectly plausible they're answering you back.
DAN SCHRADER: Yes. It seems to be coming from a trusted source. MARGARET WARNER: Yes. DAN SCHRADER: It’s responding to an e-mail that you sent. You have no reason not to trust it. MARGARET WARNER: But if you open the attachment, which they ask, your friend asks you to, then boom. DAN SCHRADER: Yes. The first thing it starts doing is it starts deleting files. Actually, it's worse than deleting files. It overwrites the files with another file of the same name, zero length, and that’s particularly malicious because it's really hard to recover those files. MARGARET WARNER: All right. And then it also, what, sends a copy of itself to anyone who sends you an e-mail? DAN SCHRADER: That's exactly what it does. It sends a copy of itself to anyone who sends you an e-mail. Then, if you're on a computer network, say within a corporation, it will start searching out the network and see if it can copy itself on it other computers within your network using a technology that Microsoft provides in its operating systems called “shares.” |
|||||||||||||
| A worm and a virus. | ||||||||||||||
 MARGARET
WARNER: And let me just interrupt you, because you have made a distinction
between a worm and a virus. Is that the difference, that a virus infects
when you actually send something to someone, whereas a worm is sort of
self-propelling?
DAN SCHRADER: That's exactly the difference. A virus is a program that copies itself within your computer. It infects from one file to another file. A worm copies from one computer to another computer. Now, that's a nice, neat distinction. Unfortunately, the hacker-cracker community hasn't been so neat and they often combine the two. So, we see viruses with worm-like characteristics, worms that are spread as Trojans, a lot of different ways of mixing these different tools. MARGARET WARNER: All right. Richard Smith, how much damage -- why are people so troubled by this? What kind of damage does this cause? Has anyone tried to quantify it in economic terms?
MARGARET WARNER: And is it fair to say that the fact that we're all becoming more and more networked, particularly through the Internet, is making the whole world of computer users just more vulnerable to these? RICHARD SMITH: Yes. Exactly. That's what we're really seeing. The virus writers and the worm writers have really discovered the Internet and are sending around these things via e-mail. So, they get transmitted much quicker than the olden days when things were done by floppy disk. And so the interconnection of the world is really the story here. MARGARET WARNER: So, Dan Schrader, how does one guard against it? How does an individual guard against it; how do companies guard against it? DAN SCHRADER: Well, the answer is the same as we've been saying for the past few years, following safe computing practices -- not opening up file attachments if you don't know why someone sent it to you; not responding to e-mails that you don't know why someone sent it to you. However, in this case, it’s coming from a trusted source. And so the answer is running up-to-date computer software. Unfortunately, this worm was spreading faster than you can update your virus protection products, so we have a problem here. And that is the malicious code is spreading at Internet speed, and it's very hard to stay up to date with it. |
 |
|||||||||||||
| Hiding in file attachments. | ||||||||||||||
|
MARGARET WARNER: You mean, so most of us who work in companies that have computer systems, it runs a sort of computer virus program. But what you're saying is, what, this was just outstripping the ability of those programs to stay up with it? DAN SCHRADER: Sure. The antivirus industry is a reactive industry. We find a malicious bit of code and we find a way of detecting it and curing it, and we distribute that patch, that update to all of our customers. MARGARET WARNER: And that’s, you get that little thing on your screen saying do you want to receive this, is that right? DAN SCHRADER: Exactly. There's a lot of different ways of distributing it. Sometimes it tells the users, sometimes it doesn't. Some products require the users to go up to the vendor’s Web site and to download the latest patch. It’s a lot of different technologies. The point is that it’s reactive. And a lot of end users, a lot of people don't have time or the knowledge to go and update the virus protection products. MARGARET WARNER: So Richard Smith, what's the answer then? RICHARD SMITH: Well, right now really it's a good idea to stay away from file attachments. I mean, you really have to make sure that if someone sends you something that you expect to get it. I took a look at this particular worm and it was a very clever -- it changed the icon also. And I almost opened it up by mistake. MARGARET WARNER: Wow. RICHARD SMITH: So it's -- you have to be very, very careful with file attachments. I think overall there's different kinds of viruses out there. And I think in the operating system level and some of the application areas like in e-mail readers we need to pay more attention to preventing these things. This particular one is a tough one though. MARGARET WARNER: Now, You were credited in many news reports as having helped track done the creator of the last very tough virus, Melissa. How hard is it to track down, how hard will it be to track down who did this is this and how do you do it?
MARGARET WARNER: I'm sorry you have to explain that. What's an executable? RICHARD SMITH: Well, like a program file. It’s like a program, a regular program file, a regular program that's sent. And there's no -- doesn't appear to be any kind of information about who wrote it in there. I think the -- probably the key to locating this person will be to try to find the first infection, which I call infection zero -- possibly over in Israel -- to find the person, the author, who sent the worm to the first victim. And that might be some of the anti-virus companies who got -- first heard about this worm -- they'd be the one that maybe could help track this down. |
 |
|||||||||||||
| Preventing virus outbreaks. | ||||||||||||||
|
MARGARET WARNER: Dan Schrader?
MARGARET WARNER: I'm sorry, ISP's? DAN SCHRADER: Their Internet service providers, the people who actually give them the connection to the Internet and say, okay, I'm paying $20 a month, give me a virus-free connection. And when we start getting that, we'll be able to contain these problems much, much faster. MARGARET WARNER: So, you mean, make it system-wide, rather than within the individual companies or certainly the individual user? DAN SCHRADER: Yes. Any security expert will tell you if you're relying on the end user to update his software or follow safe practices, your security is going to be vulnerable. You need to build security into the infrastructure of the organization. If it's a company, you should have virus protection as part of the e-mail system. If it's an individual, then they should be getting their Internet connection from a company that provides a virus-free Internet connectivity. MARGARET WARNER: All right. Well, thank you Dan Schrader and Richard Smith, thanks very much. RICHARD SMITH: Thank you. DAN SCHRADER: Thank you. |
||||||||||||||
 |
        |
|
| Support the kind of journalism done by the NewsHour...Become a member of your local PBS station. | ||
| ||
| PBS Online Privacy Policy Copyright ©1996- MacNeil/Lehrer Productions. All Rights Reserved. | ||
| ||
MARGARET
WARNER: The worm in question is the third major computer bug to sweep
through cyberspace this year. It's officially known as "Worm.Explore.Zip,"
and it's spread through e-mail. Since last week, the bug has infected
tens of thousands of computers in more than a dozen countries, destroying
files as it goes. Major U.S. companies, like Boeing and General Electric,
were hit. And some were forced to shut down their e-mail networks temporarily
to guard against spreading the infection. Here to explain the new bug
and its implications are Dan Schrader, vice president of new technology
at Trend Micro Inc., the country's third largest maker of antivirus
software, and Richard Smith, president of Phar Lap Software, who helped
identify the creator of another major virus this year, known as Melissa.
And, Dan Schrader, starting with you, how did this virus spread so fast?
How does it work?
DAN
SCHRADER, Vice President, New Technology, Trend Micro Inc.: Well, it's
a mystery how fast it spread. It showed up in Israel earlier this week,
last week, bounced around Israel for a few days and then Thursday suddenly
broke out, and we started hearing reports around the world. It's not
really a virus. It's a type of computer program called a worm; that's
a program that makes copies of itself from one computer to another.
It spreads in two ways: First, it responds to e-mails. If you're infected
and you receive an e-mail, it will respond to the e-mail, sending a
note back to the person who sent it to you, including the infected file.
RICHARD
SMITH, President, Phar Lap Software: Well, it's deleting people's document
files and spreadsheet files and programming files. So it's stuff that
you work on every day. And if you don't have backup, it could take,
you know, many, many months to reproduce this information. It's particularly
nasty in that respect. It goes after people's individual work. And it
also -- the way that it deletes files, as Dan was talking about, overwrites
them. So, if it deleted a more simple way, there could have been recovery
tools to get it. But it doesn't look like that's possible. So, putting
economic value on this is tough because you're looking at people's time
and effort. But it can be very, very - you know -- it's just mean frankly
because it could be individual's work, somebody's writing a novel or
it could be a business plan. It's really hard to say put a dollar figure
on it. But it's very nasty.
DAN
SCHRADER: Well, I agree that it's going to be the way to track this
particular bit of code down. Unfortunately, the virus writing community
has gotten to be very good at hiding their tracks. We got lucky in the
case of the Melissa virus. I don't know if we will now. But I think
the solution to this is going to be integrating virus protection into
the infrastructure of the Internet. We need to have people calling their
ISP's and saying --