Web TV's Non-Virus Virus

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

WebTV's 'Non-Virus' Virus by Chris Oakes

3:00 a.m. Mar. 18, 2000 PST Although it prefers to call the trouble a "malicious code," WebTV has experienced its first virus.

Parent company Microsoft is working on a patch of its service to counteract malicious programming code that overloads WebTV newsgroup discussions with fake postings. "Newsgroups are starting to flood with junk posts, and you can't post," said Brian Bock, editor-in-chief of Net4TV Voice, an online publication focusing on Internet services via television. WebTV users first reported the problem to Net4TV.

Bock said the virus -- a first for the closed, non-PC WebTV system -- is like the renowned PC virus Melissa. The similarity is that it self-replicates, he said. But this virus does it by altering signatures that appear at the bottom of WebTV user's Usenet messages.

"When another WebTV user runs across [an infected message], it writes the virus into their email signature," he said. "Then when they go make a Usenet posting, it cross-posts. They end up posting to a whole bunch of different news groups."

The result is the multiplication of junk messages in discussion forums until discussions are disrupted completely because the system's maximum number of viewable messages is reached.

Microsoft was extremely reluctant to call the problem a virus. "It's not a virus," said Microsoft spokeswoman Claire Haggard. "There's never been a virus on WebTV."

Then what is it?

Haggard said the problem was malicious code in WebTV's Usenet posting system.

The company took issue with the description of the code as "self-replicating," saying it had to be "manually" inserted in Usenet posts and didn't self-replicate. Furthermore, Haggard said the multiplying Usenet messages did not involve the exploitation of a user's signature.

Bock said the virus does make use of an existing flaw in the service's email system. That hole is exploited along with a WebTV code for posting messages, Bock said.

The issues are separate, Haggard said.

In any case, the problem gets awfully close to meeting the conventional definition of virus: a malicious code that, once installed, performs usually undesirable tasks on the victim's computer.

In most technical definitions, self-replication is not a prerequisite, although the Merriam-Webster definition of virus does include self-replication: "A computer program usually hidden within another seemingly innocuous program that produces copies of itself."

Virus or not, manual or self-replicating, the malicious code will be patched, hopefully by next week, the company said. Meanwhile, WebTV will be removing the junk posts. Haggard said the company has only heard from 14 users inquiring about the problem.

She said the company plans a regular update of its client and server software soon, and that "the upgrade will be made immune from such hacker problems."


-- Jen Bunker (jen@bunkergroup.com), March 20, 2000

Moderation questions? read the FAQ