How will viruses impact Y2K? : LUSENET : TimeBomb 2000 (Y2000) : One Thread

I'm wondering what the impact of virus-generated failures will be come 1/1/00. Any opinions on what to expect, please?

-- Deb M. (, November 27, 1999


I suspect that the overwhelming majority of the viruses are going to be aimed at Windows 95 and Windows NT environments, with a few more aimed at UNIX and mainframe environments. I think we Mac evangelists may get off lucky on this one...

-- Ed Yourdon (, November 27, 1999.

There are many suprises, That await us on midnight of Dec.31 1999!!. There are a lot of sick people that would like nothing more than to see the Great Satan fall. They will go to any lengths to meet their goal. HH.

-- The Happy Hoarder (, November 27, 1999.

I'd expect computer viruses to be a minor pain for a few folks and a major one for a very small number. Might expect hack attacks to cause more chaos.

It's not so much the computer virii or issues that concern's the guys in the back masks on the building top in NYC, dumping boxes of grey powder off the roof and into the wind...That's the type of virus I'm concerned about.

-- Don Kulha (, November 27, 1999.

There's an insiduous program already in place to insure that Y2k won't be a bust. I don't get the sense that an individual person is responsible for this, but I have a queasy feeling that a foreign enemy is planting the seeds to tie up whatever remains of our computer networks.

"Defending a system against a trinoo-orchestrated attack would be practically impossible" it seems like it's not a question of "If..." but of WHEN! And how will we ever know if the systems jam up because of Y2k or Trinoo?

"Trinoo could be used to overwhelm a wide variety of networks, ranging from a corporation's internal billing system to computers operated by the Federal Aviation Administration"


(Fair use, etc)


By Bruce V. Bigelow STAFF WRITER

20-Nov-1999 Saturday

A malicious software program, designed to wreak havoc on both public and private computer networks, has been covertly installed in thousands of Unix-based computers around the world, experts said yesterday.

The program -- dubbed "trinoo" -- has not been used to attack any systems since it was discovered late this summer, said Kevin Houle of the federally funded Computer Emergency Response Team, or CERT, at Carnegie Mellon University.

Still, "There's evidence to suggest that (trinoo) is in active development, testing and deployment," Houle said. The person or persons who created the program are unknown, he added.

The Pittsburgh-based center described the trinoo threat in a relatively low-key "incident note," that was posted Thursday at its Web site:

But some computer security experts say they're alarmed by the stealthy nature of the trinoo program, which remains dormant until activated, and by trinoo's potential for widespread disruption.

"As far as I can tell, any machine on nearly any network is vulnerable to this method of attack," said Gene Schultz, a network security expert at SAIC's Global Integrity Corp. "They are using very insidious mechanisms to cause damage and disruption."

The trinoo program was detected, for example, in computers operated by a major long-distance telecommunications company. But experts aren't sure how trinoo was installed there.

"Until we understand how this program is distributed into computers, we won't precisely understand how to defend against it," Schultz said.

Such concerns apparently ignited a debate earlier this week among network security experts over the best way to disseminate information about the trinoo threat.

"CERT is very concerned about this," said Jon R. David, an internationally recognized security consultant who is the senior editor of the journal Computers and Security. "They're sort of torn between a rock and a hard place. If they go public, they might precipitate" a computer attack, he said.

Trinoo could be used to overwhelm a wide variety of networks, ranging from a corporation's internal billing system to computers operated by the Federal Aviation Administration, Schultz said.

Once installed, trinoo essentially creates its own nefarious network within a network. One computer becomes the master controller and hundreds or even thousands of other computers become "daemons," or foot soldiers.

The program remains dormant until someone sends a command that activates the master computer with instructions for carrying out an attack.

The master then commands the legions of machines under its control to transmit a flood of computerized data to a particular system, overloading the target in a so-called "denial of service" attack.

"It's simply a stream of data packets that's designed to do nothing more than overload the bandwidth available at the target," CERT's Houle said.

"Denial of service attacks are much more costly to industry now than they ever were before," Schultz said, noting the prevalence of Web sites designed for bankers and brokers, as well as e-commerce sites. "The main goal now for information security managers is to maintain the continuity of networks and systems and the applications that run on them."

Defending a system against a trinoo-orchestrated attack would be practically impossible, said Alan Paller, director of research for the SANS Institute, a cooperative organization for more than 62,000 system administrators.

Paller described trinoo as a "tool that victimizes thousands of machines" by taking over a little spot on your machine, "and when your machine is doing the attacking, you don't notice it doing it."

Yet your computer may be joining hundreds or even thousands of other computers in an orchestrated attack on someplace like the San Diego Supercomputer Center.

"That's why this is troubling, because you're both the victim and the attacker," Paller said.

The SANS institute has advised its members to examine their networks for unusual ICMP data traffic. ICMP refers to a type of message protocol that controls the way packets of data flow through networks.

Commands from the trinoo master are handled by hiding the instructions in 16-bit bursts of ICMP data that are usually exchanged freely between computers, experts said.

"This is a very sophisticated attack mechanism," Schultz said. "Whoever did this certainly must be a very technically capable person."

-- LunaC (, November 27, 1999.

There is a friend of mine who is close to the Arian militias and has hacker friends. His hacker friends supposedly have worked on computers for the Y2K problem because it was a job. The hackers supposedly also inserted things into the computer code while they were working on it to make certain it came down after the first of January. In the McAlvany Intelligence Report, it says they expect about 200,000 viruses to be released at New Year's which they the government have only identified 40,000. That means there are about 160,000 they do NOT know anything about. There are alot of people outside as well as inside who would love to bring down the US government.

-- Kaylam (, November 27, 1999.

ED: I know you're lurking now. Please give us your take on the cancellation of "Mr. CEO" from the Y2K radio show Dec.1. This only provides more fuel for the pollies, who claim that there is nothing to Y2K.

I believe that there was a direct threat made, and I stick to that opinion. But I can't believe that Jim Lord wasn't smart enough to think up a contingency plan--he surely MUST have seen this coming.I said that if Griffin could live to see his book about the FED published, then a little planning would have prevented this fiasco.

How about his posting, on his Tonga site, a copy of a private verbatim interview with Mr. CEO? NOW THAT WOULD BE GREAT. Think that would send the spinmeisters into an apopleptic fit?

Please reply, on behalf of all on this board, I ask this of you.

-- profit of doom (, November 27, 1999.

Moderation questions? read the FAQ