The New York Times, September 4, 1995, pp. 1, 38. Computers Beware! New Type of Virus Is Loose on the Net Security agencies are identifying an average of 3 to 5 new viruses a day. By Peter H. Lewis A new and deceptively simple type of computer virus, one that can sneak past security devices by hitching rides on electronic mail and other common Internet files, is causing deep concern among computer security officials around the world. Only one virus of the new type has been spotted, and so far there are no official reports of damage to corporate or private computer data. But that virus is in widespread circulation and has used up countless hours of productivity as workers try to eliminate the virus and improve computer security. The new virus takes advantage of a trend to embed miniature programs, known in the industry and among computer enthusiasts as macros, in common data files like electronic mail or spreadsheets that can be sent over computer networks. Such documents are typically ignored by antivirus software and network hardware barriers, known as fire walls. Computer viruses are small programs that are written deliberately to be spread from one computer to another, typically by hiding within a legitimate program that the computer executes, or runs, from a dlskette. Of the estimated 6,000 viruses that have been identified to date, most are benign, and only a few hundred have been identified "in the wild," or in general circulation. But some viruses are intended to be destructive. A few are intended to propagate rapidly, like cancer cells, eventually choking and shutting down a computer system. Others are more insidious, corrupting the data in a computer or on a computer network, or erasing all the data by reformatting the hard disk drlve. So far, the new virus is limited to word-processlng documents made in the Microsoft Word program for Windows 95 and other operating systems. But the virus could easily be adapted to other types of documents, the experts sald. The virus was first identified last month and has spread around the world via the Internet. "By its design, it does not have a malicious payload," said Sarah Gordon, a computer-virus expert at Command Software Systems in Jupiter, Fla., who has examined the latest virus. "It would be fairly trivial, however, to modify the virus to cause damage." The virus announces itself by flashing an innocuous message on the screen consisting of the numeral 1 and a click box, and later it makes it difficult for users to save their documents. Those who thoroughly examine the virus will see a message that says, "That's enough to prove my point." The author of the virus is unknown. "At the moment, it doesn't deserve to be called an emergency," said Steven White, a virus expert at an I.B.M. research laboratory in Yorktown Heights, N.Y. Mr. White said antivirus software developed in recent weeks could easily detect and eradicate the rogue programs from most systems. But Mr. White and other experts say the potential threat from future malicious forms of the virus is significant, especially as millions of people and thousands of businesses connect their computers to the Internet and other on-line networks. "I think it will be an extraordinarily serious problem over the next few years," said Eric Schmidt, chief technical officer at Sun Microsystems Inc. "If you believe the theory that nearly all personal computers will be on corporate networks or online services in the next two or three years, then this is a problem that could touch all PC users worldwide." "In other words," Mr. Schmidt said, "it could affect a couple of hundred million people." Sandy Sparks, director of the Computer Incident Advisory Capability at the Lawrence Livermore National Laboratories, which monitors computer security for all Government agencies, said viruses had a greater potential today to cause serious economic, political and social harm. "Not only are the networks growing exponentially, but so is our dependence on them," Ms. Sparks said. There are other factors of the new viruses that are cause for concern. For example, while earlier viruses typically were carried from computer to computer on infected diskettes, which meant it often took weeks or years to spread around the world. The new type of virus can travel around the world by the Internet in days, or even minutes. Also, traditional viruses typically affect only specific computer operating systems. The new ones are "cross platform," so a single virus can affect many different types and brands of computers, regardless of the operating system software each one uses. And in their efforts to make computers easier to use, software makers have developed point-and-click "icons" and "intelligent agents" that perform actions automatically. These icons and agents, which roam computer networks gathering information for the user, are particularly vulnerable to viruses. "We're doing more and more things automatically, and that automatically gets us into trouble," said Ms. Sparks, the Government computer security expert. The ability to gather and automatically execute files from the World Wide Web, an Internet service that is increasingly important to businesses hoping to conduct electronic commerce, is especially troublesome, the experts say. New virus-making "tool kits" circulating in the computer underground make it easier for even novice computer users to write viruses. As a result, security agencies are identifying an average of three to five new viruses a day, as opposed to the older rate of three to five a month. To be effective, antivirus programs must be updated frequently. Experts say many people installed antivirus programs several years ago, at the time of the highly publicized Michelangelo virus scare, and have not upgraded since then. Adding to the worries is the fact that millions of new computer users are relatively unsophisticated in technology, and do not understand the basics of virus protection. Software makers, meanwhile, contend that adding robust virus-prevention technology to common programs would be expensive and add too much complexity for most users. "I'm not at the point of being terribly worried, but I'm troubled," said Eugene Spafford, assistant professor of computer science at Purdue University and director of a national computer security task force. "I'm troubled by the presence of these viruses and the fact that there are products like the Microsoft Network or Microsoft Word that don't appear to have safety features built in." On the positive side, Mr. Spafford and other experts said, antivirus software is getting more sophisticated all the time, awareness of the virus threat is growing, and the rapid switch away from the 15-year-old DOS operating system has rendered many older viruses extinct. Also, researchers are trying to harness computer networks to work against computer viruses, even as the networks ease their spread. For inspiration, they are looking to the human immune system. One project under way at I.B.M.'s Yorktown Heights center is actually called the automated immune system. It would functlon on computer networks in much the same way as the human autoimmune system does to challenge, and destroy, potentially harmful invaders. "The intent of the system is to discover a never previously seen computer virus," Dr. White said, "and have that virus captured and automatically sent back by network to computers in our library. We, could then determine how to detect and disinfect it, and send back an antivirus routine to the affected system." Mr. Schmidt of Sun says that while the antivirus forces are getting better all the time, so are the virus writers. "There are criminals in the world. and some of them are programmers," he said. "With computer networks, they have an amplifying effect that they've never had before. If I were a criminal with a gun, I might attack one person. But with a computer network, I can attack a million people at a time. It's like an atomic bomb." To avert a potential disaster, Mr. Schmidt has enlisted three of the world's top computer security experts, including Tsutomo Shimomura, who tracked down the fugitive computer programmer Kevln Mitnick earlier this year; Dan Farmer, who wrote a program called Satan, meant to find security flaws in any computer system linked to the Internet, and Whitfield Diffie, the co-author of one of the world's leading computer security programs. Their mission is to try to break into Sun's own computer systems, to determine if they are vulnerable and how they can be protected. Ms. Sparks and other experts said the new virus might actually turn out to be valuable if it caused wider discussion of computer security issues. "We are, all of us, being drawn into the electronic world, and we can't stop it," Ms. Sparks said. "It's like being given a car without anyone telling you how to drive it, and you don't have a road map. We're driving blind, technically."