The Virus Physician's Desk Reference


Here are the most common types of computer viruses:

BASIC VIRUS
It's a piece of software code designed to invade computers and networks through e-mail or Internet connections and attach to files or programs or the hard drive, replicating itself. Viruses often present taunting messages, destroy files, or make the computer crash. Example: LoveLetter, in 2000, caused $8 billion in damage globally.

WORM
A worm can spread itself automatically over the network from one computer to the next. Users need not click on e-mail or open a program to get infected. Examples: In early August, Blaster infected more than 1 million computers. Welchia, an antidote to Blaster, crashed computers and clogged networks, too.

TROJAN HORSE
This is malicious code that masquerades as a benign program. These bugs don't replicate, but they are used to open "back doors" in computer systems to allow a hacker to take control or steal confidential data. Example: In July, 2000, QAZ helped hackers view secret source code at Microsoft.

BLENDED THREAT
Viruses that try different ways of infecting and spreading, including basic virus, worm, and Trojan Horse techniques. Many attempt to use peer-to-peer file-sharing and instant messaging for distribution. Example: SoBig, which hit in mid-August, infected one out of two e-mails traveling on the Internet at its peak.

Data: Symantec Corp.

How the SoBig Virus Got So Big


1. Whoever wrote SoBig is one skillful programmer. The virus spread by e-mail and dropped a piece of software -- called a proxy -- into all the machines it infected. That turned them into agents of the virus writer or others.

2. After posting the virus on the Internet, the author tricked people into releasing it -- by getting them to click on attachments. The virus searched for e-mail addresses and then sent e-mail messages to the recipients, who couldn't tell who sent them.

3. Those who got the e-mails and clicked on the attachment got infected, and in turn sent out more e-mails to others. The deluge clogged up networks and slowed computing, forcing people and companies to spend time and money fixing their machines.

4. SoBig proxy software acted like sleeper cells in a terror network. Virus writers and spammers scanned the Internet for infected machines. They posted lists of these addresses on Web sites frequented by spammers and virus writers.

5. Virus writers or spammers could then tap directly into those computers and use them to spread viruses or send out spam to an ever-widening universe of computer users. The end result: SoBig spread faster than any of its virus ancestors.

Data: Trend Micro Inc.

Commentary: Technology: Just Make It Simpler

A huge chunk of the electricity grid fails. The Internet clogs up, and PCs crash. The space shuttle falls to the earth. Complex high-tech systems everywhere appear to be failing, and our society feels increasingly threatened. What is going on? Have we built a high-tech society that is doomed to crash and burn again and again? Can we fix it?

Behind these calamities lies a common flaw: The systems are too complex to manage. Each was created with an enormous number of moving parts that threw off an incredible amount of data that had to be observed, analyzed, and managed. But when things went wrong, people had to react very quickly, perhaps too quickly. They had to communicate with many others, perhaps too many. They had to balance conflicting demands in their decision-making -- efficiency vs. safety, profit vs. costs, science vs. politics -- perhaps too many. Just as the first VCRs had so many features they overwhelmed consumers, our high-tech systems are being designed with far more complexity than we can handle.

We may be making it worse by centralizing and standardizing systems. In an effort to improve efficiencies and cut prices, we are moving toward a single national electricity grid. We already have one standard computer operating system. And while there are many benefits inherent in this kind of integration, it may also be undermining the systems' reliability and security. It is strange for a nation that has thrived on diversity and decentralization to build its economy on the opposite principles. Ironically, our model for the 21st century information society appears to be 19th century industrial society. We are building big centralized systems stuffed with bells and whistles and are inadvertently making America an easier target for economic and political terrorists who can bring down whole swaths of society with one blow.

We are also starving these complex systems of the resources needed to manage them safely. It is important to build in redundancy and backup for when things go wrong. Yet political decisions and market forces prevent a sufficient cushion from being created. The crash of the shuttle is perhaps the best example. Political pressures in the '90s cut NASA's budgets to the bone, even as it was shouldering new responsibilities for building an orbiting space station. Under pressure, NASA managers ignored seven pieces of foam that broke off in flights before one destroyed the Columbia. The electric grid failed in part because insufficient investment had been made in it. The decision to keep the grid regulated while the more lucrative power-generation business was deregulated led to the grid being starved for capital. And computers crashed because Microsoft Corp. put few resources into making software secure and reliable until very recently. There were no countervailing market forces forcing it to do so.

In his book Inviting Disaster: Lessons from the Edge of Technology, James R. Chiles reminds us that all complex systems, by their very nature, are destined to fail at some point. The key is being able to manage the failures early so that they do not grow. If the failure goes unnoticed or is ignored, if it swamps those in charge or links to a wider network and spreads quickly, then it is likely to become a major event, perhaps even a catastrophe.

There is a better way. Design systems that give people adequate time to manage failure. Make them diverse and flexible enough so that parts of a system continue to operate when something goes down. Invest enough resources to have backup that keeps critical functions running when emergencies occur. In effect, provide enough flex in the system to allow human beings the time to manage properly.

Monocultures in nature die because they are too fragile. That's the lesson we should take away from recent events. We don't have a technology problem per se. We need to use markets and the political process to design systems that are within human limits to manage and defend them.

By Bruce Nussbaum

Commentary: From Open Doors to Gated Communities

No introductions are needed. You already know the Nigerian with the overflowing bank account and the loudmouthed financier offering dirt-cheap mortgages. The guy in the lab coat? His miracle pills and organ enhancements are old news. Thanks to a flood of junk e-mail, or spam, messages from this dubious crowd now account for 50% of all electronic mail. In clogging up the Internet, spam is rapidly turning e-mail into an annoyance and eroding productivity as workers are forced to sift through scores or even hundreds of messages. src="http://www.businessweek.com/sponsors/clear.gif" border=0>

And it's getting worse. Sophisticated spammers are unleashing viruses that turn undefended computers into spamming machines. Hackers are also using the same technique for mass-mailings of dangerous viruses and worms. They are "gravitating toward e-mail," says Linda Beck, executive vice-president for operations at Internet service provider EarthLink Inc. As a result, the global e-mail system, one of the most prodigious productivity tools of the Digital Age, is under siege.

What can be done? Ask anyone in Washington or Silicon Valley, and you'll hear answers. New laws, new filters, you name it. But each one has flaws. None promises lasting relief. Increasingly, it appears that to master spam and reclaim electronic mail as a trusted communications medium, the entire e-mail system must be rethought. This will entail important sacrifices, ones that are bound to rob e-mail of its freedom, breadth, and spontaneity. Drastic measures are bound to run up against fierce resistance. But that may well melt away in the coming year as the spam crisis mounts.

It's bound to intensify as spammers hurdle every obstacle thrown in their way. Consider filters. In early jousts, filters blocked messages advertising, say, Viagra. Spammers responded with V!agra. Tighter filters establish so-called white lists. These instruct PCs to accept messages only from approved senders. But now, in the age of virus-powered spam, junk mail is likely to come straight from the computers of close friends and colleagues. Brace yourself for V!agra pitches from Mom.

Don't count on much help from Washington. Earlier this year, Congress debated tough measures. This sparked an outcry from legitimate marketers, who rely on the Internet to communicate with customers and suppliers. For now, the modest bills under deliberation would make it illegal for spammers to hide their return addresses or falsify their identities. Spammers, however, are expected to pay little heed to these or any other laws. And if the estimated 300 spammers who dominate the field feel too much pressure from the Federal Trade Commission, they can always move more operations overseas, a process already under way. Effective global agreements regulating spam are years away at best.

This means that companies and individuals alike may well have to refashion e-mail. To stem the tide of spam, look for the wide-open e-mail system of today to subdivide into millions of mini, self-contained networks, each serving its own trusted circle. For starters, companies can be expected to tighten controls on their private networks, known as intranets. If the Internet has been a Leave It to Beaver neighborhood with doors unlocked to all, spam will turn it into a constellation of gated communities with no-nonsense digital guards at the entrance. "We're entering a new era," says Aviel Rubin, technical director at Information Security Institute at Johns Hopkins University. "More extreme measures are needed."

Even these gated communities will require ever-tougher anti-spam technology -- and that is bound to slow communications. In an era of virus-generated mail, for example, it will be crucial to distinguish between machine- and human-generated mail. Perhaps the sender will have to answer a question to gain access to your inbox.

Slow and painful? You bet. And a nightmare for e-merchants whose machines send millions of e-mails. Plenty of inconvenient adjustments are ahead en route to this new world. But with spammers spewing viruses and come-ons by the billions, building a tough new Internet may be the only choice.

By Stephen Baker
With Lorraine Woellert in Washington