************************************************************** * * * CYBERSPACE * * A biweekly column on net culture appearing * * in the Toronto Sunday Sun * * * * Copyright 1999 Karl Mamer * * Free for online distribution * * All Rights Reserved * * Direct comments and questions to: * * * * * ************************************************************** Ever since the Michelangelo virus hype of the early '90s, I cringe whenever the popular media picks up on a virus scare. These scares always generate a bothersome amount of email forwarded to me from people who barely know how to trim multiple levels of quote symbols. People, right before my lunch, will come running into my office waving floppy disks with anti-virus software they got from their cousin who downloaded it from a virus-infested school computer and expect me to install it then and there while they look over my shoulder. The "cure" is sometimes worse than the virus, particularly when you practise safe computing. I scan everything and I don't launch EXE or DOC files from untrusted sources (i.e., clueless people). The recent Melissa virus scare was a bit troublesome. The virus is spread via a Microsoft Word document attached to an email. If you open the document, a Word macro reads your personal email address book and forwards copies of itself to the first 50 people on the list. The virus inserts the infected person's name after the subject line "Important message from". Though I never received it, the Melissa virus may have been one that would slip under my mental and visceral anti-virus radar. A lot of people I get regular emails from I still wouldn't consider a trusted source. There are one or two I might trust enough to open a Word document. Of course, those same people are expressive enough with language that they'd never use an open ended subject like "Important message". They'd write something like "I'll buy lunch today" or "Must cancel on you for Swan Lake". I detest meaningless subject lines so much that my home email account automatically trashes anything with "read this" in the subject line. That I like you is reason enough for me to read your email. Don't beg. The Melissa virus was, thankfully, not destructive, just malicious. The danger was in its self-replicating nature. In computer parlance, a virus like Melissa is known as a "worm". As it replicates, it worms its way through the network until every infected system's resources get locked up doing nothing but trying to replicate the worm and pass it on. Melissa 's actual coding wasn't particularly clever. Word macros are not difficult to write. The cleverest virus to ever infect the Internet, and probably the first time the word "Internet" was widely used by main stream media, was the worm (know by many as "The Great Worm") created by Robert Morris, Jr. in 1988. Morris was a graduate student at Cornell. On November 2, 1988 Morris "accidentally" released a computer virus onto the net. Once a computer was infected, it began endlessly replicating the virus and transmitting copies to other computers via email. The worm quickly ate up processor time and brought the net to a screeching halt. A cure for Morris' virus was quickly devised. Unfortunately, the only way to widely disseminate the solution was via email, the very thing the worm was attacking. Doh! Many system administrators disconnected their sites from the net until the worm was completely eradicated. Unlike the Melissa virus which exploits individual carelessness, the Great Worm exploited a little known security hole in a Unix email utility. "Security through obscurity" is pretty cost effective until word gets out. In 1988, the list of possible suspects for the Great Worm was pretty narrow. Unix security expert and author of /The Cuckoo's Egg/ and /Silicon Snake Oil/ Clifford Stoll was fingered initially. Suspicion eventually turned to Morris, a young man in a rather unique position. Morris Jr. was no ordinary computer science student. His dad, Morris Sr., was the chief scientist at the National Security Agency's National Computer Security Center. Morris Jr.'s first encounters with breaking security came when his dad brought home one of the original World War II era Enigma cryptographic machines. As a teenager, Morris had an account at Bell Labs and was able to hack the network, giving himself access to system administrator commands. Morris was eventually smoked out, do to the partially efforts of his father, and sentenced to 3 years probation. He went on to complete a Ph.D. at Harvard. Morris has kept a low profile since his conviction. You can view his own personal web page at www.eecs.harvard.edu/~rtm. Despite being behind a major landmark in net history, Morris makes no mention on his page of the Great Worm of '88.