The Inhabiters: Computer Viruses Still on the Loose

In a way, I have only myself to blame. I was practicing unsafe computing. I was brazenly downloading files from shady file-transfer-protocol (FTP) sites. I was indiscriminately installing software obtained during one-night stands at universities and tech shows. I was indulging in orgies of bit-swapping.And that was how Antiexe came to inhabit my machine. My computer clanged with the death rattle of reduced memory, and it was only a matter of time before I would have accidentally hit that fatal combination of keys that would have taken any program out, even the operating system. And if my OS went . . . Well, let's just say that only by the grace of God are you reading this now. (I'll let you decide if that's a good thing.) I was not alone. Antiexe is now number one on the list of the top 10 most prominent viruses, compiled by McAfee, a company specializing in antivirus (AV) software (http://www.mcafee.com). Antiexe, the McAfee Web site notes, was discovered somewhere in Russia in January 1995. Sharon Talbott, McAfee's antivirus product manager, can't even guess how many copies are hiding on disks the world over. She points out that Antiexe, like the best viruses, spread far and wide before anyone knew of its existence. A computer virus is a small self-replicating program that embeds itself in larger programs. The "virus" metaphor is apt: These segments of code move and propagate in much the same way real viruses do-by entering through open portals (by modem or disk) and feeding off the host's operating system. Viruses have been around nearly as long as computers themselves. The popular folklore, as reported by the likes of A. K. Dewdney (in his book The Magic Machine) and Robert Slade (History of Computer Viruses: http://www.bocklabs.wisc.edu/~janda/sladehis.html), has it that the precursor of viruses was a game called Core Wars which bored programmers played in the early 60s. Core Wars consisted of placing on a mainframe two competing programs designed to destroy each other; the last one standing won. From Core Wars it was a logical hop to self-replicating viruses with names such as Rabbit and Creeper that continually copied themselves until the host machine froze due to lack of memory. There are literally tens of thousands of viruses floating around these days; Antiexe falls under the subspecies of Master Boot Record (MBR) infectors. Surely antivirus experts must admire how diabolical MBRs truly are. Their virulence is based on a common mistake almost everyone who has ever used a computer has made-forgetting to take a disk out of the disk drive before starting the machine. According to Talbott, Antiexe hides in a disk's master boot record. If a disk is in a drive when the computer is turned on, the computer will read that floppy's MBR before its own hard-drive MBR. When that happens, a NON-SYSTEM DISK error message appears. Most who see this just pop the disk out, start the computer again, and think, No big deal. But by then it's too late! Antiexe has completed its nefarious journey! When the message appears, the virus jumps onto the hard drive's MBR and displaces it with its own bad self. Once lodged there, Antiexe infects-copies itself onto-every new disk the computer formats. The genius of Antiexe is that most users don't notice that it's on their computers for the longest time--I didn't. It may gobble a chunk from your working memory, or eat a few programs, but it remains largely dormant--until the CTRL and BREAK keys are hit simultaneously while it happens to be running, causing the virus to overwrite the first eight sectors of every head and track of the hard drive. Bad news. Antiexe is a particularly difficult virus to cure. After trying numerous freeware AV programs, I was relieved when F-Prot finally took it out as effortlessly as Jackie Chan takes out an army of criminals (http://www.datafellows.com). Plug F-Prot shamelessly? It's the least I can do. But this probably wasn't the last time my Gateway will be stricken with a virus. Ten years ago MBR infectors were cutting edge. Now they are old hat, and many fear the new breed: polymorphic viruses. They are truly the killer bees of the digital world. These viruses change form and hide beneath mazes of encryption. McAfee's Talbott tells me these strains are, for whatever reason, prominent in Third World corporate and government computers. But, oddly enough, Talbott doesn't see polymorphics as a major threat. She predicts much greater havoc will be wrought by a much simpler disease-macroviruses. They are dangerous because they are so simple to construct. No crash courses in Virus Programming (http://lila.uc.pt:8082/~pedro/virus.html) are necessary--it's more like Virus Making for Dummies. Programs such as Microsoft Word and Microsoft Excel (a spreadsheet) make it extremely easy to create miniprograms called macros, which automate series of commands. The trouble with Microsoft's macro language is that it's almost too flexible: Not only can it create macros that automatically kick in on every document opened, but it can execute higher-level commands such as file deletion. Already McAfee has captured more than 50 different macroviruses and countless more variants. "I don't see any way of it slowing down," Talbott says, "because they are so easy to create."

Enjoy this piece?

… then let us make a small request. AlterNet’s journalists work tirelessly to counter the traditional corporate media narrative. We’re here seven days a week, 365 days a year. And we’re proud to say that we’ve been bringing you the real, unfiltered news for 20 years—longer than any other progressive news site on the Internet.

It’s through the generosity of our supporters that we’re able to share with you all the underreported news you need to know. Independent journalism is increasingly imperiled; ads alone can’t pay our bills. AlterNet counts on readers like you to support our coverage. Did you enjoy content from David Cay Johnston, Common Dreams, Raw Story and Robert Reich? Opinion from Salon and Jim Hightower? Analysis by The Conversation? Then join the hundreds of readers who have supported AlterNet this year.

Every reader contribution, whatever the amount, makes a tremendous difference. Help ensure AlterNet remains independent long into the future. Support progressive journalism with a one-time contribution to AlterNet, or click here to become a subscriber. Thank you. Click here to donate by check.

Close