June 15, 1999
A type of computer infection is spreading through the Internet. "The worm," as it's called, is much like a virus and can erase your hard drive. This time, however, it is designed to come from people you know.
MARGARET WARNER: The worm in question is the third major computer bug to sweep through cyberspace this year. It's officially known as "Worm.Explore.Zip," and it's spread through e-mail. Since last week, the bug has infected tens of thousands of computers in more than a dozen countries, destroying files as it goes. Major U.S. companies, like Boeing and General Electric, were hit. And some were forced to shut down their e-mail networks temporarily to guard against spreading the infection. Here to explain the new bug and its implications are Dan Schrader, vice president of new technology at Trend Micro Inc., the country's third largest maker of antivirus software, and Richard Smith, president of Phar Lap Software, who helped identify the creator of another major virus this year, known as Melissa. And, Dan Schrader, starting with you, how did this virus spread so fast? How does it work?
DAN SCHRADER, Vice President, New Technology, Trend Micro Inc.: Well, it's a mystery how fast it spread. It showed up in Israel earlier this week, last week, bounced around Israel for a few days and then Thursday suddenly broke out, and we started hearing reports around the world. It's not really a virus. It's a type of computer program called a worm; that's a program that makes copies of itself from one computer to another. It spreads in two ways: First, it responds to e-mails. If you're infected and you receive an e-mail, it will respond to the e-mail, sending a note back to the person who sent it to you, including the infected file.
MARGARET WARNER: Let me interrupt you right there. We have a graphic showing the kind of thing you would get on your computer. And you get a message, essentially, an e-mail from someone, one, that you know and also you just sent an e-mail to this person, correct? So it's perfectly plausible they're answering you back.
DAN SCHRADER: Yes. It seems to be coming from a trusted source.
MARGARET WARNER: Yes.
DAN SCHRADER: Its responding to an e-mail that you sent. You have no reason not to trust it.
MARGARET WARNER: But if you open the attachment, which they ask, your friend asks you to, then boom.
DAN SCHRADER: Yes. The first thing it starts doing is it starts deleting files. Actually, it's worse than deleting files. It overwrites the files with another file of the same name, zero length, and thats particularly malicious because it's really hard to recover those files.
MARGARET WARNER: All right. And then it also, what, sends a copy of itself to anyone who sends you an e-mail?
DAN SCHRADER: That's exactly what it does. It sends a copy of itself to anyone who sends you an e-mail. Then, if you're on a computer network, say within a corporation, it will start searching out the network and see if it can copy itself on it other computers within your network using a technology that Microsoft provides in its operating systems called shares.
|A worm and a virus.|
WARNER: And let me just interrupt you, because you have made a distinction
between a worm and a virus. Is that the difference, that a virus infects
when you actually send something to someone, whereas a worm is sort of
DAN SCHRADER: That's exactly the difference. A virus is a program that copies itself within your computer. It infects from one file to another file. A worm copies from one computer to another computer. Now, that's a nice, neat distinction. Unfortunately, the hacker-cracker community hasn't been so neat and they often combine the two. So, we see viruses with worm-like characteristics, worms that are spread as Trojans, a lot of different ways of mixing these different tools.
MARGARET WARNER: All right. Richard Smith, how much damage -- why are people so troubled by this? What kind of damage does this cause? Has anyone tried to quantify it in economic terms?
RICHARD SMITH, President, Phar Lap Software: Well, it's deleting people's document files and spreadsheet files and programming files. So it's stuff that you work on every day. And if you don't have backup, it could take, you know, many, many months to reproduce this information. It's particularly nasty in that respect. It goes after people's individual work. And it also -- the way that it deletes files, as Dan was talking about, overwrites them. So, if it deleted a more simple way, there could have been recovery tools to get it. But it doesn't look like that's possible. So, putting economic value on this is tough because you're looking at people's time and effort. But it can be very, very - you know -- it's just mean frankly because it could be individual's work, somebody's writing a novel or it could be a business plan. It's really hard to say put a dollar figure on it. But it's very nasty.
MARGARET WARNER: And is it fair to say that the fact that we're all becoming more and more networked, particularly through the Internet, is making the whole world of computer users just more vulnerable to these?
RICHARD SMITH: Yes. Exactly. That's what we're really seeing. The virus writers and the worm writers have really discovered the Internet and are sending around these things via e-mail. So, they get transmitted much quicker than the olden days when things were done by floppy disk. And so the interconnection of the world is really the story here.
MARGARET WARNER: So, Dan Schrader, how does one guard against it? How does an individual guard against it; how do companies guard against it?
DAN SCHRADER: Well, the answer is the same as we've been saying for the past few years, following safe computing practices -- not opening up file attachments if you don't know why someone sent it to you; not responding to e-mails that you don't know why someone sent it to you. However, in this case, its coming from a trusted source. And so the answer is running up-to-date computer software. Unfortunately, this worm was spreading faster than you can update your virus protection products, so we have a problem here. And that is the malicious code is spreading at Internet speed, and it's very hard to stay up to date with it.
|Hiding in file attachments.|
MARGARET WARNER: You mean, so most of us who work in companies that have computer systems, it runs a sort of computer virus program. But what you're saying is, what, this was just outstripping the ability of those programs to stay up with it?
DAN SCHRADER: Sure. The antivirus industry is a reactive industry. We find a malicious bit of code and we find a way of detecting it and curing it, and we distribute that patch, that update to all of our customers.
MARGARET WARNER: And thats, you get that little thing on your screen saying do you want to receive this, is that right?
DAN SCHRADER: Exactly. There's a lot of different ways of distributing it. Sometimes it tells the users, sometimes it doesn't. Some products require the users to go up to the vendors Web site and to download the latest patch. Its a lot of different technologies. The point is that its reactive. And a lot of end users, a lot of people don't have time or the knowledge to go and update the virus protection products.
MARGARET WARNER: So Richard Smith, what's the answer then?
RICHARD SMITH: Well, right now really it's a good idea to stay away from file attachments. I mean, you really have to make sure that if someone sends you something that you expect to get it. I took a look at this particular worm and it was a very clever -- it changed the icon also. And I almost opened it up by mistake.
MARGARET WARNER: Wow.
RICHARD SMITH: So it's -- you have to be very, very careful with file attachments. I think overall there's different kinds of viruses out there. And I think in the operating system level and some of the application areas like in e-mail readers we need to pay more attention to preventing these things. This particular one is a tough one though.
MARGARET WARNER: Now, You were credited in many news reports as having helped track done the creator of the last very tough virus, Melissa. How hard is it to track down, how hard will it be to track down who did this is this and how do you do it?
RICHARD SMITH: Okay. Well, this particular virus is going to be tougher to track down than Melissa. Melissa was a Word document. And it turns out that Microsoft Word leave as lot of personal information in files. So anybody who writes macro viruses is probably going to be discovered because their name is in the files or identifying numbers. This particular virus is sent out as an executable though, and Ive looked at it, and theres very little --
MARGARET WARNER: I'm sorry you have to explain that. What's an executable?
RICHARD SMITH: Well, like a program file. Its like a program, a regular program file, a regular program that's sent. And there's no -- doesn't appear to be any kind of information about who wrote it in there. I think the -- probably the key to locating this person will be to try to find the first infection, which I call infection zero -- possibly over in Israel -- to find the person, the author, who sent the worm to the first victim. And that might be some of the anti-virus companies who got -- first heard about this worm -- they'd be the one that maybe could help track this down.
|Preventing virus outbreaks.|
MARGARET WARNER: Dan Schrader?
DAN SCHRADER: Well, I agree that it's going to be the way to track this particular bit of code down. Unfortunately, the virus writing community has gotten to be very good at hiding their tracks. We got lucky in the case of the Melissa virus. I don't know if we will now. But I think the solution to this is going to be integrating virus protection into the infrastructure of the Internet. We need to have people calling their ISP's and saying --
MARGARET WARNER: I'm sorry, ISP's?
DAN SCHRADER: Their Internet service providers, the people who actually give them the connection to the Internet and say, okay, I'm paying $20 a month, give me a virus-free connection. And when we start getting that, we'll be able to contain these problems much, much faster.
MARGARET WARNER: So, you mean, make it system-wide, rather than within the individual companies or certainly the individual user?
DAN SCHRADER: Yes. Any security expert will tell you if you're relying on the end user to update his software or follow safe practices, your security is going to be vulnerable. You need to build security into the infrastructure of the organization. If it's a company, you should have virus protection as part of the e-mail system. If it's an individual, then they should be getting their Internet connection from a company that provides a virus-free Internet connectivity.
MARGARET WARNER: All right. Well, thank you Dan Schrader and Richard Smith, thanks very much.
RICHARD SMITH: Thank you.
DAN SCHRADER: Thank you.