Magazine Archive

Home -> Magazines -> Issues -> Articles in this issue -> View

Virus!

Article from Music Technology, October 1988

The latest scare in the computer world is a series of programs that behave as if they are a human disease. Roly Pickering describes the background to computer viruses and what you con do to protect yourself from them.


Just when you thought it was safe to copy software, news breaks of a virus that infects computers... But what is a computer virus and what can it do to your computer and software?


IMAGINE FOR A moment, a disease that is fatal, is transmitted on contact, and would kill more people than the black death. Ten years ago this scenario would have been a fantasy, today we know it to be "AIDS". Now think again of the plethora of computer equipment you'd like around you, computers to make sound, EQ it, alter it, mix it, record it... Well, suppose that there was another virus that had all the attributes of the first, except that it was fatal to computers, or to the data they stored and processed. This computer virus can be caught, or it can be inherited, but the results are usually the same. You don't notice until it's too late and when there's no escape. With the computer becoming more and more an integral part of the technology of music, so our reliance upon it increases. Reliance that will perhaps cost us dear.

Tomorrow, or maybe the day after, as you put the last touches to your latest masterpiece of musical creativity, the following may happen. The normal screen message disappears and the following flashes up...

Your data is being held to ransom by the "SHASBAH VIRUS"

Unless the following instructions regarding the transfer of funds to the following accounts are carried out to the letter, the data will be destroyed. Upon successful completion of these instructions you will be given a 10-digit code to input.

FAILURE TO DO THIS WILL RESULT IN THE LOSS OF DATA.

YOU HAVE EXACTLY 1 HOUR TO COMPLY

»> any key to continue: <<<


It's no good pulling the plug out, the data would already have been scrambled. It could of course be any program on any computer. Music is only one area that the "techno-terrorists", "electronic extortionists" and other low-life computer sickos could play in; others include Computer Aided Design, DeskTop Publishing, accounting, spreadsheets... Anywhere. The technology already exists that allows it to be done; transfer of money by telephone is commonplace, the writing of a virus only takes about half an hour to plan out.

Even worse than the Shasby virus is the Trojan Horse. This little beauty has the distinction of getting into a computer as a friendly helpful program, doing its job, doing no damage, but getting out with all your passwords. Don't use passwords? Then what if your next No. 1 is recorded on a sequencer with a MIDI setup? How many songs are recorded on sequencers at some time during their evolution? It skips away with what you played, the voices you used, the function settings, the drum samples, the mix, and even the EQ and reverb, enabling the pirate to add some clone vocals and hoist the Jolly Roger.

Getting caught is possible but unlikely. The history of the host software may be as complicated as a four-dimensional Russian doll, with perhaps 300 people involved between conception and selling, double that number with access to the data, and spread over a period of time that could be measured in years. The program might be translated from another machine, assembled on a third, written by several programmers in a language made by someone else from a source code that used routines which were translated from... Anywhere in that chain can be the hidden bomb that could blow up on you.

Still think of this as fantasy? So did the users of one graphics package until it put up the message:

"THE TREE OF EVIL BEARS A BITTER FRUIT, NOW TRASHING HARD DISC."



"The Trojan Horse has the distinction of getting into a computer as a friendly helpful program, doing its job. doing no damage, but getting out with all your passwords."


As a joke, a programmer had added a few lines of code to a graphics program so that when it was loaded it looked to see if the copy being used was an original or a pirate, if it found a pirate, it destroyed the hard disk then printed on screen. The trouble was, the user in question had a real copy and there was a fault in the code that checked for pirates. The company apologised and replaced all the disks that were affected. It's not recorded whether the programmer in question still works for them.

That type of logic bomb has been around since the early '70s in one form or another, with the earliest recorded being a program called the Vampire Worm. It got its name from the fact that it only came out at night, to take advantage of the large American networks of computers that were available. In the morning when humans arrived it would disappear. There was even talk of using the virus to multitask, for maintenance and for useful ends. The logic bomb is usually nasty, in that on a certain date or when a preconceived set of circumstances arise, then the bomb is "detonated" - sometimes years after the timers were set. The Jerusalem Virus was triggered on Friday the 13th. It was defused in time only because of the sense of humour of the programmer, who had ensured that on every Friday or on the 13th of the month the machines involved would slow almost to a halt. Complaints about this from users prompted a search which discovered that the virus was only aimed at the IBM PC, and that it had spread almost right through the IBM community of Israel. Steps were taken to stop users running the machines on the appointed date including taking advertisements out in newspapers and the use of national TV and radio. Even now computer users all over the world set the date in their system to the 14th, returning it to the correct date after midnight - just in case.

It's not only the mega mainframes and IBM that have had virus troubles; the Atari, Apple, Tandy and Amiga (with the infamous "...something wonderful has happened, your Amiga is alive" message followed by the destruction of all files) have suffered from examples of what an idiot, (they're not "hackers"), can do with an assembler package. As vaccines are brought out to warn you of the presence of a virus, or to stop the virus doing the naughties to your add-ons, so the virus types mutate around them - even to the point of hiding in a vaccine program. If you ran what you thought was Flushot 4 you would have got more than you bargained for. Flushot 1, 2 and 3 were useful programs warning you of impending doom, the author of which countered the virus-infested Flushot 4 with Flushot+, which carries the immortal words of warning to the interloper:

"GO ON SLIME BUCKET, MAKE MY DAY"

Some of the more recent viruses approach almost human levels of deceit. One example, called the Brain virus, from Lehore in Pakistan, is smarter than the average virus, in that where you would normally look for the virus to appear on a disk directory, this one doesn't; it hides instead amongst the data that should be on the disk, telling you that there is no virus, just a couple of bad sectors - which is, of course, where it resides. It can modify itself and looks for innoculation "bytes". As yet it's not known what it does other than marking the disk - when it's nearly full of data, of course - "Copyright Brain".

To get some idea of how fast a virus can spread, a programmer at the technical university of Clausthal, near Hanover in Germany, wrote a program in REXX, an IBM command language, as a seasonal joke. It was called "Christma" and what it did was to show a pretty Christmas card on screen. Meanwhile it was looking at two files known as Names and Netlog. The first contains the names of your regular correspondents, the other a list of all recent incoming and outgoing mail. Armed with this information the virus then sends a copy of itself to all listed users before deleting itself.

On December 9th, the programmer sent a copy of this to his friends. They ran it and saw the Christmas card. It duly sent a copy of itself to all their friends. The university was on the European Academic Research Network, (EARN) which is linked via the Montpelier Bitnet to the USA, both of which have automatic diallers (Listservs) to distribute information to thousands of users worldwide. These also have Names and Netlog files. The speed with which the virus spread was increasing.

By Friday the 11th December, a task force was set up. Sites were being isolated and hunter-killer viruses were sent along the same routes after the Christmas card virus, in a desperate bid to stop it, but by now it had spread further afield. Off Bitnet is VNET, IBM's own personal network - and IBM staff kept very long name files. The virus was perfectly at home on VNET as the IBM and the mainframes both used the same language. The entire network was shut down for 72 hours and the electronic side of corporate communications stopped while the virus was purged.

There are already reports from IBM programmers in Lancashire that they are seeing a so-called "virus" for the DX7. Called the MIDI Virus, it shows all the signs of being a virus, and flashes "Gotcha!" on the DX while gurgling noises come from the synth. However it isn't a virus at all, just a spin-off from them, relying upon system exclusive messages to get at the synth. It doesn't care whether it's five thousand miles or a two-foot MIDI lead away, it all looks just the same to a virus.



"The Vampire Worm came out at night to take advantage of large American networks of computers - in the morning when humans arrived it would disappear."


The sickos don't even have to damage data or the machine to screw up a system. Putting in garbage will do it just as well as a killer virus - and it's happened to at least one large company already.

An employee of a large multinational company left a little program called Creeper in the mainframe at his company headquarters that checked every month to see if his name was still on the payroll. If it was, all well and good. If not, it would deposit 400 bytes of rubbish in a system that held over 300 million. These 400 bytes would double every 24 hours. One month his name was missing, so it duplicated itself and went back to sleep. He had been fired. After ten days, strange hold-ups and mistakes were occurring in parts of the system. After 14 days the whole system had ground to a halt, paralysed by Creeper. The company created emergency workspace and wrote another virus into it called Reeper, whose only purpose was to kill Creeper. For days the viruses fought it out, with one, then the other gaining the upper hand, until Reeper won. The company had almost gone bankrupt during the proceedings.

Taking Precautions



EVEN IF YOU only buy original software and never let your computer talk to strange computers, never run any software that you haven't run before, and never borrow or loan any software, there is still no guarantee that it can't happen to you. Viruses generally use the ability of computers to talk to one another to spread across great distances, and the inability of them to do anything other than blindly follow instructions to infect any other program that it or the host comes into contact with. The ultimate aim is "damage or destroy". They are as deadly as any human virus - all you need is one program hiding the harbinger of doom and by the time you have found out, it's infected all your others.

Some of the nastier strains about have other ideas on how to do the maximum damage. Apart from scrambling data, there are those that will either repeatedly knock the read/write head of the hard disk against the stops to bend them (which can be more efficient than a blow torch in converting hard drives to instant scrap metal) or follow the classic route of the Commodore PET Poke, where, by putting a specific number into a specific address in the computer memory, it is possible to up the clock rate of that computer to a point where the chip itself overheats and fries. This has come back as the Sizzle virus, but just as nasty and with the same effect.

Some viruses can be amusing: in one the "cookie monster" appears on screen, demands a cookie, and if you don't give it one, starts eating the screen characters. If you type "Cookie", it politely says "thank you" and disappears. There is an Apple virus that, if an Appletalk card is fitted, gives a one-in-16 chance of you hearing "don't panic" coming from the speaker. Most unnerving.

No one anti-virus programme will protect you, just as no one set of procedures will be watertight. The best that is available today is to know your enemy. Invest £50 in a modem, and find a good free bulletin board to call. After a while you'll wonder how you ever managed without one. Most of the Sysops (bulletin board system operators) are very experienced in the weeding out of suspect software and callers, not allowing software to be loaded until it is checked. The more established Sysops can call on a range of experienced users to dissect and analyse the best-hidden and most discreet programs. They can also supply the latest news on the most effective method to combat the recent moves by the virus aimed at your machine. You should find users with experience in every field, not only in computing, MIDI and music. You'll also get the latest in PD and Shareware programs down the phone at a fraction of the normal cost. (As little as 60p/100K of software, dependant upon speeds). A lot of computer-related companies are involved in Bulletin Boards for user support, or sponsor bulletins on existing boards.

Most of the Shareware and PD authors are on a Bulletin Board somewhere, with most authors putting the details into the information on the program itself. If you're using a board that has an electronic mail connection to America, Japan or Australia you can ask for all the help you need with a program, for the cost of a local call. Whatever you spend you'll recoup the outlay in assistance, advice and practical help very quickly.

If it's only a matter of time before a virus of one sort or another contacts everybody, it's in your own interest that you know what they can do and what you can do to combat them. Music programs and data are an ideal breeding ground for the data-corrupting viral strains, and the effects that other areas have felt could be here next.



"After ten days strange hold-ups and mistakes were occurring in parts of the system; after 14 days the whole system had ground to a halt, paralysed
by Creeper."


There are various commercial service and software packages available to protect you and your equipment from damage, or to repair damage that has already been done. But before you spend your hard-earned cash, remember that no one thing can protect you from all the viruses that existed yesterday, let alone today's and tomorrow's.

Being careful is cheap and effective. These are some of the precautions that will help you to help yourself.

1. Write protect all your disks.

2. Get a modem, find a bulletin board.

3. Do not use pirate software.

4. If possible, use software that has been checked by someone you trust, and who knows what to look for.

5. At the first sign of something unusual, switch off.

6. If you're using a program you're unsure of, disinfect by turning the computer off and counting to 50 after you've used it. If there is a virus, you won't pass it on to any of your other disks.

These simple steps won't stop every possible attack on every computer, but they will stop most of them or, at least, minimise the risk to your computer and your data. Virus rumours are easier to start than stop, so the next time your computer crashes, don't assume you've got a virus - there's more chance it's a bug. There are also "joke" programs about that are not viral at all.

However, if your synth won't stop playing the birdie song in 23/17 on a rubber triangle patch, and you don't have a sequencer, you can immediately discount the joke. You just might have captured the very rare Bird virus.

The analogy of a computer virus to that of "AIDS", here at least, is to assist in education, not scaremonger or in any way trivialise the illness called AIDS. The way in which both viruses spread, although not how, are similar. The methods of defeating them are again similar enough to illustrate the point. You can still enjoy "safe computing".

Thanks to the users and Sysop of the Crystal Tower (Contact Details) for help given In the preparation of this article.


More with this topic


Browse by Topic:

Computing



Previous Article in this issue

JL Cooper Mix Mate

Next article in this issue

Bass Studies


Publisher: Music Technology - Music Maker Publications (UK), Future Publishing.

The current copyright owner/s of this content may differ from the originally published copyright notice.
More details on copyright ownership...

 

Music Technology - Oct 1988

Topic:

Computing


Feature by Roly Pickering

Previous article in this issue:

> JL Cooper Mix Mate

Next article in this issue:

> Bass Studies


Help Support The Things You Love

mu:zines is the result of thousands of hours of effort, and will require many thousands more going forward to reach our goals of getting all this content online.

If you value this resource, you can support this project - it really helps!

Donations for July 2024
Issues donated this month: 14

New issues that have been donated or scanned for us this month.

Funds donated this month: £20.00

All donations and support are gratefully appreciated - thank you.


Magazines Needed - Can You Help?

Do you have any of these magazine issues?

> See all issues we need

If so, and you can donate, lend or scan them to help complete our archive, please get in touch via the Contribute page - thanks!

If you're enjoying the site, please consider supporting me to help build this archive...

...with a one time Donation, or a recurring Donation of just £2 a month. It really helps - thank you!
muzines_logo_02

Small Print

Terms of usePrivacy