Fair use, etc http://www.it.fairfax.com.au/

New viruses harbor legal writs, expert warns By DAVID M WALKER Tuesday 21 March 2000 THE next generation of computer viruses may leave companies dealing with legal writs as well as infected IT systems, according to a computer virus expert.Paul Ducklin, head of research at Sophos Anti-Virus, said new viruses were generating e-mail and sending themselves as attachments, looking as though they had been sent intentionally by their original host, possibly raising issues of the legal liability of, and unwitting reputation damage done to, the sender."In the last six to 12 months, viruses have emerged that can borrow your network connection, so if your computer is connected to a network or the Internet, anything you can do on the Net - like sending e-mails and attachments or uploading or downloading files - can be done by the virus, too. But it does it all as if it were you," Ducklin said."The e-mail will have your name on it in black and white and it will have come from you as far as the rest of the world is concerned."Ducklin said legal difficulties could arise if viruses sent sensitive corporate documents to many people. He said viruses existed that specifically sought out people's confidential documents and made them very public via e-mail.Ducklin said Sophos estimated there were now about 55,000 viruses. In August 1998 there were estimated to be about 16,000.It is believed the world's first computer virus - called Brain - was written by brothers in Lahore, Pakistan, in 1986. The first anti-virus software appeared one year later as virus designers invented more cunning techniques, such as encryption, self-mutating polymorphic viruses, tunneling and cavity infections to beat software remedies.In 1992, virus writing kits appeared, as did the Michaelangelo virus scare, where the media predicted the virus could wipe millions of PC hard disks worldwide on 6 March that year. Only a few thousand were infected.The first Word virus written in Microsoft Word Basic appeared in August 1995, followed by viruses infecting Excel, Java applications and Microsoft Office files. Parasitic, or file, viruses account for about 80 per cent of all viruses today.More recently, however, viruses such as Winword/Wazzu have introduced a legal edge to the danger of viral infection. It changes clauses in documents, while the unrelated Laroux "data diddler" virus quietly alters numbers in spreadsheets, opening the signatories on these contracts to potential legal difficulties if figures are changed or words are deleted. One Portuguese virus made the simple but potentially disastrous change of the word yes to the word no.Virus writers seem to be egged on by success, creating nasties like Happy 99, an attachment which plays a video file of fireworks when opened, but which also harvests addresses of infected parties' e-mail recipients, and then sends copies of itself to the recipient after an initial legitimate e-mail has been sent. This strategy makes it very difficult to detect whether the sender has intentionally sent the virus, Ducklin said.The ColdApe virus, on the other hand, sends sexually explicit material as attachments to Word 97 files in self-generated e-mails, Ducklin said. "Even though you may not have meant to send it, your only excuse is to say that you had a security violation and a virus attack. And although your e-mail system would probably allow such an e-mail to go out, you might not know who the recipient was.""In the UK, the Data Protection Act says certain people with certain kinds of data have a legal obligation not to let it fall into the wrong hands," Ducklin said."While they might be judged slightly differently if they send data out as the result of a virus, compared to deliberately leaking it, they still should have taken steps to ensure a virus would not be able to eject that data."He said that while the law could impact owners of infected computer systems, it could also be turned on virus writers themselves.David Smith, alleged writer of the Melissa virus and the cause of about $US80 million damage worldwide, is awaiting the New Jersey courts' verdict on his actions. British virus writer Christopher Pile was jailed in the UK for 18 months in 1995 for his handywork.In the UK, unauthorised access to a computer system can carry up to six months' jail, while unauthorised modification of files carries up to five years' imprisonment. Even unintentionally infecting files by sending a virus could open issues of legal liability, Ducklin said. But, he added, prevention was better than legal remedy.People should not send or receive exe files, and they should save Microsoft Word documents in rich text format to minimise the chance of infection, he said.Files and software, including the operating system, should be backed up, and isolated, "quarantine" PCs could be provided for opening e-mail attachments or suspect files and Internet access.A culture of scanning disks was important, Ducklin said, as was a policy not to send Excel spreadsheets in XLS format, but in CSV format instead. Opening or sending PowerPoint 95 or 97 presentations carried a higher virus risk than the same documents in PowerPoint 4.Ducklin said it was also important anti-virus companies not lapse into hyperbole about the virus threat, as occurred before 1 January about the Y2K virus threat, where companies speculated there may be 200,000 viruses unleashed by the millennium rollover."In the end it turned out the virus writers were partying like everyone else, but when nothing happened people may have thought there was no danger at all, which is not the case," he said.

-- mike in houston (mmorris67@hotmail.com), March 20, 2000

Answers

Interesting spin on the e-mail collecting. We've had a spate of "peculiar" events with network e-mail as well as some other anomalies in network and mainframe. Our mainframe was upgraded to accept cut and paste from word documents on the network...it doesn't take an AI specialist to figure out the implications there. Staff had been vaguely considering the potential for sensitive agency information to make a sudden appearance on the web (as in making jokes), but no-one's looked at it seriously. Dunno, folks. If I were looking for crackers I think I'd want to check that funny e-mail pattern and the most disrupted mainframe files-especially when there's evidence of compromise already exisiting. But then the Government had stashed those credit cards for someone (unwittingly), so maybe TPTB have a little catching up to do. Wonder how long it'll take for people to start worrying about what they've been writing. Some of our stuff is better than Matt Drudge.

-- another government hack (keepwatching_2000@yahoo.com), March 20, 2000.