On July 9th, Bob, Ph.D. Nuclear wrote *snip*
7. It's been recently reported that over 130 different computer viruses have been detected that are programmed to activate on midnight of the rollover. Has the US Government assessed the possible impact of this "cyberattack"? *end snip*

Who has recently reported this? Is there a link or other reference?

Always curious,
Berry

-- Berry Picker (BerryPicking@yahoo.com), July 11, 1999

Answers

Y2K Computer Viruses

http://www.csis.org/html/y2kw9.html Y2K Risk Assessment Task Force:

Chairman: Sam Nunn, former U.S. Senator

Vice Chairmen:

Bradley D. Belt, Director, International Finance and Economic Policy

Arnaud de Borchgrave, Director, Global Organized Crime

William Garrison, Director, International Communications The Melissa virus and the Chernobyl virus recently demonstrated how easy it is to disrupt a system and cause millions of dollars worth of damage. They are only the tip of the iceberg. There are more than a hundred millennium viruses being developed, while all the effort around the Year 2000 computer problem is focusing on changing the date fields in mission critical systems. The impact of the Melissa virus and the Chernobyl virus pales in comparison to the impact that these millennium viruses could have, especially if they all hit at the same time.

Security expertise and communications engineering knowledge has virtually become second nature to today's computer savvy youth. As a result, the quality and the sophistication of simple viruses has significantly increased. Witness the Melissa virus, a simply coded virus which was totally benign it its nature. But, its sophisticated concept of carrier broadcast, which allows a virus to replicate itself and spread rapidly through a system, ultimately created an atmosphere of panic.

More recently, the Chernobyl virus wreaked havoc in the Middle East and Asia as well as some European countries. This virus, which was set to activate on the anniversary of the Chernobyl incident, attempts to corrupt the data on the hard drive, while at the same time tampering with the boot up (BIOS) program, without which the computer can not be turned on. South Korea for instance, estimates that up to 15 percent of all its computers may have been affected causing damage of up to $250 million. Other areas of the world also suffered extensive damage. The United States, on the other hand, has remained largely unaffected. The reason for this is that experts in the United States have known about the Chernobyl virus for nearly a year and were able to make preparations by updating the anti-virus software and by being vigilant.

The same can not be said about millennium viruses. There is very little, easily accessible public information on them, making it difficult to assess the threat. But, the problem must be taken seriously. As Jeremy Phillips, President of PS Technologies, points out, "anybody who has ever worked with viruses will understand why these viruses are not widely known. Simply, a virus is not usually known about until it strikes for the first time. As these viruses are specifically coded not to activate until the computer clock is either 00 or 2000, there is no reason to suspect that they exist. However, they do."

According to Mr. Phillips, there are more than 130 computer viruses that are set to activate at the stroke of midnight 2000. Most of these viruses are harmless, falling into the "nuisance category." A number of the known viruses (10-12), on the other hand, are designed with specific malicious intent. If these viruses all strike at the same, time they have the potential to make a bad situation worse. Systems administrators, already stressed with ensuring the seamless Y2K roll-over, may be pushed to a breaking point increasing the probability of human error and widespread system failures. What do some of these millennium viruses do?

Benign Viruses:

As stated earlier, most of the millennium viruses are, according to tradition, child-like and non-malicious in their intent. One virus, for instance, creates a picture on your screen of death holding a new-born baby with the numbers "2000"over his head. Seventeen other viruses just display the number "2000" on the screen, and then have it explode in confetti. Although potentially very annoying, these types of viruses cause no lasting damage and are easily removed.

Malicious Viruses:

The most dangerous "strains" of millennium viruses are being developed by groups that are small, well financed, and located outside of the United States. In some cases, the programmers who design the viruses have set up companies in neutral countries that do software/computer consulting. Profits from their legitimate activities are then used to finance more nefarious projects.

The malicious millennium viruses, if left unchecked, could cause serious damage to various areas of the international infrastructure, especially the international telecommunications infrastructure. One virus, for example, specifically targets major companies' telephone Electronic Switching Systems, randomly rerouting calls. Three other malicious viruses will actually lock a processor in a divide by zero loop, which, if left running for a sufficient amount of time, will overheat the Central Processing Unit, causing it to melt down and effectively reducing the computer to scrap metal. Similarly, a different virus will wreck monitors by tampering with the video card, causing them to overheat and be destroyed.

Another virus effects applied industrial systems that monitor key processes such as conveyer belt operations, the temperature regulation in power plants, labeling of food products, and even payroll systems. What the virus does is disregard the true information, inserting random quotes where information is requested. This could cause the total recall of a product because it was falsely labeled to be safe for children, when in actual fact it is not.

Lastly, there are two viruses that affect the Domain Name Service (DNS) automated directory assistance for the Internet, linking the name of a web site with the corresponding Internet Protocol (IP) address. These two viruses are non memory resident parasites, meaning that they need an application that is integrated in the DNS server in order to exist. These parasite viruses shuffle the directory systems (the resolution tables) so that the web sites no longer match their IP numbers. As a result, for example, rather than reaching the CNN web site, a totally different web site is accessed. As systems security expert, Sam Schubert, points out, "depending on which DNS server is targeted, viruses of this nature have the potential of crippling the Internet."

Awareness a Priority:

The viruses briefly described above are just a few examples of the types of viruses that are being developed and that are set to activate in the confusing environment of the millennium change over. About 98 percent of them, both benign and those with system lethal intent, originate outside U.S. borders i.e. outside U.S. control. This makes it extremely difficult to get a handle on the problem, which is why awareness needs to be a priority.

If several of the malicious viruses were to hit at the same time as wide spread Y2K failures, the stress on the system would be severe. It would take days, more likely months, to clean up and, in some cases, rebuild the system. Anti-virus software may not protect against these viruses since the majority of them have not been studied and included in the anti-virus software. The only way to mitig

-- trying to help (forum regular@yourdon.com), July 12, 1999.

see if this works

http://www.csis.org/html/y2 kw9.html

-- trying to help (forum regular@yourdon.com), July 12, 1999.

This is a very relevant post. The question is not "will" these scums of the earth will strike, but "where and when?".

-- Time For Bed.... (midwestmike_@hotmail.com), July 12, 1999.

LAS VEGAS (AP) - Computer security companies updated their virus- detection software on Sunday after the in-your-face launch at a hackers convention of a new tool designed for stealth invasions of networks operated by Microsoft Windows.

Despite the rapid response, however, any defense against the hacking program may prove fleeting thanks to some aggressive tactics taken by the tool's authors, an irreverent group named Cult of the Dead Cow, or CDC.

The hacking tool, called ``BO2K,'' can enable someone to gain control of a computer or network from a remote location. BO2K is an abbreviation for a slightly profane variation of ``Back Office,'' the name of a program in Microsoft's Office 2000 suite of business software.

The CDC and other hackers attending the seventh annual ``DefCon'' convention in Las Vegas charged that Microsoft has stubbornly refused to address a multitude of gaping security holes in Windows.

By exploiting those vulnerabilities, hackers hope to force the world's largest software company to repair them. And, raising the ante another notch, the CDC is also releasing the software code for BO2K - inviting other programmers to create mutations that would frustrate efforts to immunize computers against attack.

But that vigilante-type ``hactivism'' was rejected by Microsoft and federal officials, including many who attended DefCon under cover - at least until they were unmasked during the convention's popular ``Spot the Fed'' contest.

BO2K is actually an update to a hacking tool released at last year's DefCon hackers convention. The first tool targeted the Windows 95 and Windows 98 operating systems that run an overwhelming majority of the world's desktop computers.

Much to the delight of the nearly 1,000 anti-Microsoft enthusiasts who crammed into the BO2K launch Saturday, the new tool can also hijack control of network systems using Windows NT, a top program for running computer networks, as well as computers running on test versions of the as-yet unreleased Windows 2000.

``Our position is that Windows is a fundamentally broken product,'' said Deth Veggie, the CDC's ``minister of propaganda.'' Like nearly every hacker, Veggie only identifies himself by his online pseudonym, partly for effect and partly out of legal concerns. ``Hopefully, this will force them to fix this thing.''

The government-chartered Computer Emergency Response Team at Carnegie Mellon University in Pittsburgh is investigating B02K, but has not issued any advisory or warning.

The hacking tool ``is one of several programs which, if installed on an organization's computers, can give control of the computers to outsiders with malicious intent,'' Jeffrey J. Carpenter, senior incident responder for the CERT, said Sunday. Because BO2K works with Windows NT, ``intruders have the potential to gain control of more sensitive server machines.''

By Sunday morning, leading computer security firms such as Symantec and Network Associates had already posted advisories and detection software for BO2K on their Web sites.

Microsoft had been blasting BO2K even before Saturday's highly theatrical presentation, which relied heavily on thumping industrial music, strobe lights and screaming - a bizarre mutation of the dog and pony shows that often accompany a Microsoft product launch.

``I certainly categorize what they're trying to do as being malicious. This program they have created has absolutely no purpose except to damage users,'' said Jason Garms, lead product manager for Windows NT security, complaining that hackers behave as if the Internet operates under a different set of rules than the rest of the world.  

-- justme (justme@justme.net), July 12, 1999.