Virus
Dear Paul, Melanie and Jared Wright, Bridget, Rob, Ben and Sarah, Sara, Heather and Nate Pace, Audrey, Rachel, and Matt via hardcopy,
cc: file, Tony Hafen, Pauline Nelson via mail,
Sara and Des Penny, Claude and Katherine Warner, Lloyd and Luana
Warner, Diane Cluff, Maxine Shirts via mail.
Welcome to "Thoughtlets." This is a weekly review of an idea,
belief, thought, or words that will hopefully be of some benefit
to you, my children, with an electronic copy to on-line extended
family members. Any of you can ask me not to clutter your mail
box at any time.
"I got bit by the "Love-Bug Virus." I lost 2 years of jpg and jpeg images
which I had not backed up. This included 50+ pictures of whiteboard
thinking, patent ideas, meeting notes, and other things I will not be
able to reconstruct because I used the digital camera as an extension
of my memory. Discounting the feelings accompanying the divorce, the
other time in my life I felt this violated as an individual, was when I
was about 15 years old. I think it was just before Christmas of 1964,
which is when I would have been in 9th grade. I had started playing the
guitar when I was in 5th grade, when Mr. Holeman was my teacher, the same
year Randy Shirts (and Andrea) moved to Cedar City from Iran. By nineth
grade I had graduated from an acoustic gutar to an electric Gibson guitar,
which is what I recall playing with Randy in our musical debut at a 9th
grade assembly (../9718.html). Someone broke into our house, which was
never locked, stole a bunch of Dad's shirts, the money I had been saving
for Christmas, and my Gibson guitar. I noticed the money was gone when
I got home, and got mad at Mom for taking it and not asking me. I didn't
say anything about it to her that night, just kept it inside. Mom, I'm
sorry for all the times I have missjudged you.
Mom, I remember when I noticed the guitar was gone, I went and told you
I didn't think it was fair you took my Christmas money and my guitar.
I remember you saying you thought someone had been in Dad's closet, and
we started looking around and found a lot of `stuff' (../9725.html)
missing. I remember the police coming out to the house and talking to
us, and it seeming like they didn't do much. I remember getting my
science books out, teaching myself how to dust my room for fingerprints,
finding a nice fingerprint on my red money box, and trying to get someone
to do something about it. I remember feeling brushed off, and I remember
that neither the money, nor the guitar were returned. 1964 is a long
time ago, and so I'm not sure, but this might have been the reason I
ended up getting `The Ventures Mosright rainbow guitar.' This was my
guitar all through The KeyNotes, and was the guitar I traded at a Dallas
Guitar Show in about 1978 for my Martin guitar. Rob, I understand how
you felt when you were robbed earlier this year. And these feelings
came to my mind again this week, when I was bit by a computer virus.
Thursday morning we had our weekly sales forecast meeting, I had a
brief discussion with Peter Duncan and Louise Durham about the SEG and
our marketing plans, had responded to an e-mail from Cindy Berlier and
and sent my comments to Jeff Hume and Dave Ridyard, when I received a
message from Louise Durham that said `I love you.' I assumed it was
a joke, since she sits right next to me, and opened it without thinking.
Then I had three messages from me that said `I love you' and two more
messages from Louise and a message from Cindy Berlier and then messages
from some of the development staff, then there were people running around
the halls telling everyone there was a virus and to not open e-mail's
which said `I love you.' Louise had received the virus from a friend
at the SEG, and said I knew I shouldn't have opened when it came in.
Next came the phone calls. Tracy Stark called from Plano saying he
didn't know I cared. Riley Skeen called from Casper saying he had
caught the virus, had heard about it on the news, and he hoped I wasn't
burned too bad. By this time I knew all of my jpg files were destroyed.
Then came the e-mails. Several were automatic system responses saying
they had caught the virus and had destroyed the attachment. One said
something to the effect of `I didn't know you cared, and I have always
wanted to have a nice visualization environment. You will be hearing
from my lawyers Louie, Dewey, and Screwem, as I think the damage to our
systems is about the same as the cost of your neat visualization theater.'
By this time I felt absolutely sick to my stomach. I had arranged to go
to an ULI (Urban Land Institute) luncheon, and I went, stayed to myself,
and didn't even take any notes. It was by the company who just purchased
the Galleria, and besides my Walden 3-D interest in ULI, I think this
type of developer should be interested in Continuum's visualization
technologies. I left the Galleria still dragging.
When I got back to the office, Chad Self had cleaned the virus off of my
computer. He had also deleted tens of megabytes of jpg and jpeg images.
I definitely felt violated, and realized I need to do a better job of
backing up all of the bits I keep on the Sun and especially as I hope
to start converting the atoms in the boxes in the garage to bits later
this year, there needs to be a triplicate backup system to insure as
much as possible my life's work is not wiped out by a computer virus.
A friend in London told me the following news story was available on
abcnews.com:
`'ILOVEYOU' E-Mail Plague Spreads Worldwide The "vbs.loveletter.a"
virus spreads through Microsoft Windows' Internet extensions and
replaces all JPG and MP3 files it finds with copies of itself. It
then sends itself to everyone in an infected user's Microsoft Outlook
address book. (ABCNEWS.com)
May 4 - U.S. corporations and military bases have been infected by a
massively destructive virus that clogs networks and erases graphics
and music files.
"We're dealing with a monster," a Pentagon spokesperson said.
As of 11 a.m., more than 200,000 mail hubs worldwide were infected
with the virus, said Kathy Fighen, manager of the Computer Emergency
Response Team based at Carnegie Mellon University in Pittsburgh. One
corporate mail hub can serve thousands of users.
The "Love Bug" virus spreads through e-mails with the subject line
"ILOVEYOU" containing an attached file. Computer users who receive the
e-mail should just delete it without opening the attachment, and they
won't be infected.
But if a curious user double-clicks on the snakelike icon of the
attached love letter, they will probably be infected - and unwittingly
send the virus to everyone in their Microsoft Outlook address book.
The virus apparently originated in the Philippines and hit Europe and
Asia early this morning, said Eric Chien, chief researcher at the
Symantec Antivirus Research Center in the Netherlands. Symantec and
other virus companies have already come up with vaccination and cure
programs, but their Web sites were swamped by users this morning.
Military Infected Unclassified State Department and military computers
were infected by the virus this morning, officials there said. The
federal antivirus office first noticed the attack at 5:18 a.m ET. The
State Department noticed they had been hit at 6:30 a.m., and officials
there said they stopped the virus's spread within an hour. "We are
eradicating it, getting rid of it, destroying it," said State
Department spokesman Richard Boucher.
But military bases have disconnected from their infected, unclassified
networks and are using only classified networks to communicate, sources
said. The classified systems are protected against the virus. The
Pentagon is working with anti-viral companies Symantec and McAfee to
scrub their networks of the electronic scourge, military spokespeople
said.
Clogs Up Networks
The virus uses similar tricks to last year's feared Melissa virus, but
it's even more widespread and destructive, Chien said. First,
"loveletter" resets a user's Internet Explorer Start Page to a Web page
containing an executable file. The page has since been taken down,
Chien said. He said researchers are unsure what the executable file does
when launched.
Then, the virus searches for all files with the extensions JPG, JPEG,
MP2, and MP3 - the most popular graphics and sound formats - as well
as other, more obscure extensions. It erases the files and replaces
them with copies of itself under the same name, with the extension
VBS tacked on.
Chat room aficionados are even more vulnerable. The virus infects the
popular mIRC chat program, so the next time a user starts chatting, the
virus goes out to everyone in the room. Finally, the program multiplies
by hijacking Microsoft Outlook and e-mailing itself to everyone in an
Outlook address book. Anyone running Windows 98, Windows NT 4.0, or
both Windows 95 and Internet Explorer 5.0 is vulnerable, Chien said.
The virus needs Microsoft Outlook to spread. Macintosh and Linux users
are not vulnerable.
The virus spreads through corporate firewalls because most are not
configured to reject attachments with a .txt.vbs extension, a relatively
uncommon type of file, information systems managers said.
Bored Student?
The virus "appears to have been written by a student, probably 14 to 28
years old and probably male as well," Chien said, citing code within the
virus and past experience with virus writers. "He seemed to just write
it because he was bored. He probably has no idea he'd cause so much
chaos," Chien said. Two lines within the virus identify the author as
"Spyder," part of the"@GRAMMERsoft Group" from Manila, Philippines and
say "I hate go to school." He also offers his opinion of his work:
"simple but I think this is good..."
"The group name is not familiar," said security consultant Brian Martin.
And "Spyder" is a common name in the electronic underground. But the
virus contains an e-mail address that should make it "easy to track him,"
Martin said. Officials at Spyder's e-mail provider, mail.com, are
"working on the problem," a mail.com spokeswoman said.
Law enforcement agents are pursuing Spyder, Pentagon spokespeople said.
Despite the simplicity of the code, the writer does have a good idea of
psychology. By adding the phrase "kindly check the attached LOVELETTER
coming from me" to the e-mails, he makes users think it might be a
personal message. "If you send an attachment with, 'I'm a virus, run
me,' people won't run it. But with this, people say, 'oh, look, it's
a love letter, I think I'll open it,'" Chien said.
The answer, security experts said, is simple: Never, ever, ever, open an
attached file that comes as a surprise, no matter who it seems to be
from, or how "loving" it seems to be.
Stunning Spread
Experts said they were stunned by the speed and wide reach of the virus.
"Many, many tens of thousands of machines have been infected by it,"
said Symantec spokesman Richard Saunders. In the U.S., the virus has
affected the Pentagon, the federal Department of Agriculture, the
Florida Lottery, the Wisconsin Legislature, and media organizations
including Time Warner Inc., according to employees of affected companies
and officials of anti-virus companies. "It is literally anybody who is
running Microsoft Outlook, and that is the most common e-mail client in
the world," said Richard Jacobs, president of anti-virus firm Sophos.
The bug appeared in Hong Kong late in the afternoon, spreading throughout
e-mail systems once a user opened one of the contaminated messages. It
later moved into European parliamentary houses and through the high-tech
systems of big companies and financial traders. "I have to tell you
that, sadly, this affectionate greeting contains a virus which has
immobilized the House's internal communication system," said Margaret
Beckett, leader of Britain's House of Commons. "This means that no
member can receive e-mails from outside, nor indeed can we communicate
with each other by e-mail." Companies in Denmark, Norway, the
Netherlands and Switzerland were also hit.
ABCNEWS' Sascha Segan and The Associated Press contributed to this story.
Curing the Virus May 4 - All the major anti-viral companies have
released free trial versions of their software that can fix the new
virus. Try going to www.symantec.com, www.mcafee.com, or www.sophos.com.
You'll be cured, but you won't be able to get your JPEG and MP3 files
back unless you've made backups. To prevent further infections by
copycat viruses, Richard Jacobs of Sophos recommends you turn off your
Windows Scripting Host. In Windows 98, that means go to your Start Menu
and choosing Settings, then Control Panel. Double-click on the Windows
Components control panel, and then choose the Accessories option.
Uncheck the box for Windows Scripting Host, which should be the last
one on the list. Melissa and ILOVEYOU both use Windows Scripting Host
to propagate, but very few users need it in their day-to-day lives,
Jacobs said. The number-one lesson, antiviral experts agree, is to
scrutinize e-mail closely. "It's so important for people to think about
what they're opening in their e-mail. Very few people get large numbers
of love letters via email," Jacobs said.'
And it didn't stop. One of our programmers disected the virus:
`Dear CoRe:
You must have already been bullied by or at least heard about the
"ILOVEYOU" virus since this morning. Actually, this "virus" is just
a ASCII file which is attached to a e-mail. You can easily view this
file by openning it from any txt file editor such as notepad, winwrite
or word, etc. The thing is that the extention of this file is "VBS",
which is VBScript language program. This kind of file is associated
to a program which name is "WSCRIPT.EXE", which can be found in every
windows machine. If you double click the attachment, the system will
automatically lunch the WSCRIPT.EXE and it will interpret the commands
in the VBS file line, then the "virus" is activated to do stuff on
your machine. So it is you who let the virus perform a series of
actions by double-clicking the attachment icon in your e-mail. A lot
of virus are spreaded by e-mails. Some of them reside in Microsoft
Word DOC files. Some of them reside in EXE executable files. The
only way for viruses to take effect is to manually activate them.
If you don't do that, they will stay there just like other files in
your file system. So NEVER DOUBLE CLICK AN ATTACHMENT FILE THAT HAS
A SUSPICOUS EXTENSION, UNLESS YOU KNOW WHAT IT IS!!!
Now the Microsoft Word can give you an alert if the DOC file you are
opening has MACRO, which is the only way a virus could do harm to you
in a word file. You can choose to disable the MACRO and then open the
file without any danger even the file is infected by a virus already.
For EXE files, you'd gotta be very careful. The executables do not
need any other program to run. They could be your worst nightmare if
there is a virus in the file. But don't worry, as long as you keep
that program from running, you are safe, for, computer viruses are
still programs.
FYI: I reviewed the virus code and here are what it is and the things
it does:
* The guy who wrote this program claimed that he "hate go to school".
He said his name is spyder, e-mail addr. is
"ispyder@mail.com", and he's with GRAMMERSoft Group. He lives in
Manila, Philippines.
* Several things it does:
1. It modifies your windows registry table, change your IE start page
URL to one of four. He used such long paths just to avoid his
program to be spotted by the webmaster. And four of them just
incase some of them are deleted. The next time you start your IE,
the WIN-BUGSFIX.exe program may be executed and you may fall into
deeper level of hell. If none of the four locations is avalible,
it will change your start page to blank page.
2. It replaces the files on your hard drive that have the extentions
below with a copy of itself: .jpg .jpeg .mp2 .mp3 .vbs .vbe
.js .jse .css .wsh .sct .hta If any of the type of files was
activated later on, the nightmare will happen again...
3. It sends out an e-mail with itself attatched to everybody in your
outlook addressbook.
4. it also creates a HTML file, which is called "LOVE-LETTER-FOR-YOU.HTM".
Then every time you browse a webpage that has an VBScript program,
this page may be activated and ... you know what's gonna happen.
Well, that's what I got from the source code. It's really a terrible
but smart tiny program. It's powerfull, for the people who are not
careful enough. Ok, tell me if I am wrong.
Take care, folks.
Sincerely,
Peng'
So I learned I am not careful enough. Guess I've know that for some
time. So, am I responsible? There was another abcnews.com article I
feel is relevant (and which you can easily skip if you feel it isn't):
`Who's to Blame for Viruses?
Are Software Companies at Fault?
By Jack Valko
Special to ABCNEWS.com
Q U E S T I O N : Why don't they hold Microsoft responsible for making
an operating system that is so vulnerable to viruses, instead of trying
to track down the writers of the viruses?
- Steve
A N S W E R : Probably for the same reason they don't prosecute lock
manufacturers after someone kicks down a door and robs a house. If you
read the fine print of their software license agreement, you'll see
that the code comes with no guarantee to work at all and the developer
is not responsible if it crashes your system. Isn't it interesting how
software development is the only industry that can offer such an
outrageous purchase agreement and still be successful?
Operating system designers do need to keep their systems secure so they
continue to sell, even if they aren't under any legal obligation to do
so. Every operating system has security issues. The only sure way to
keep intruders out is to turn the systems off.
That said, Microsoft has a long way to go to keep not only its operating
systems up to par with the industry but also its applications. The recent
outbreak of the Melissa virus, which exploits the Word and Excel macro
language by quickly replicating a pornographic e-mail message, goes to
show that someone at Microsoft was asleep during this feature design.
Melissa is not the only macro virus in existence, but one of the first
of many pernicious attacks that will continue to frighten end users and
drive corporate computing departments crazy.
These macros can do very powerful things, like starting applications and
writing or changing any file on your hard disk. There is no security
designed into the macro language at all, except to disable it altogether.
The Answer Geek encourages you to do so whenever the dialog box presents
itself.'
The bottom line is trust. With this type of virus intrusion, it is easy
to loose trust. Trust is the basis of society. When crooks don't trust
each other, their society fails (see the Book of Mormon storis about the
Gadianton Robbers). When couples don't trust each other, their marriages
fail. When co-workers don't trust each other, companies fail. A lack
of trust creates an interpersonal friction which heats up any interaction
until it starts on fire and burns out of control. And what can we do
to overcome these fires of hell? Turn the other cheek. Love our
neighbor as ourselves. And be really careful each time we open an
e-mail attachment. For instance, this came in the work e-mail Friday:
`Hi,
Additional viruses are out there, now with subject of "Joke". (It's
hard to resist that one!).'
Then a little later in the day:
`To: CORE-HOU
Subject: FW: yet *another* *&^%$# virus
Importance: High
how low are they gonna go?
> Name: Mother's Day (a variant ILOVEYOU)
> Subject line: Mother's Day Order Confirmation
> Attachment: mothersday.vbs
> Details:
> There is another variant of the "I LOVE YOU" virus - The "Mother's Day"
> virus - this one tries to trick victims into opening an attachment by
> claiming it's a bill for diamonds purchased at a special Mother's Day
> price. There is another one called "Lucky".
> The latest variant might cause the most trouble. It attempts to prey on
> consumer fears of erroneous credit card charges and arrives with the
> subject line "Mother's Day Order Confirmation." The body of the message
> then tells the potential victim: "We have proceeded to charge your
> credit card for the amount of $326.92 for the mothers day diamond
> special. We have attached a detailed invoice to this email. Please
> print out the attachment and keep it in a safe place. Thanks Again and
> Have a Happy Mothers Day! mothersday@subdimension.com."
> The attached file, mothersday.vbs, is very similar to the original
> ILOVEYOU virus but is considerably more destructive. It sets out to
> delete all .INI and .BAT files from all local and network drives.
> Removing such files could make it impossible to restart a victim's
> computer'
So, how was your week? Hope none of you were bit by the virus. My finger
still hurts (0017.html). The stitches came out on Thursday. I can touch
things now, and it still feels funny. As far as the rest of the week,
it really was kind of quiet. We had visitor's from Norway, and signed
an agreement with DNB (the largest Norwegian Bank), that gives them until
the end of May to raise $10 million as a next round of investment money.
I hope this one works, as the month to month financing of 55 employees
is getting very tireing. Wednesday night the Teacher's did a neat
combined activity, where the leaders served dinner to people in the
order they requested, even though they didn't know what they were
ordering because the names were different. Specifically:
`Menu Actual
Grass Salad
Lover's Delight Spoon
Golden Rods Speghetti
Jersey's Best Ice Cream
Nickles and Dimes Carrots
Supersoaker Water
Jack Knife
Pitch Fork
Sailor's Crumbs Crackers
? Sauce
? Bread'
There were twelve items, and everyone chose three servings. It was fun
to watch people eat ice cream with a knife and noodles, then speghetti
sauce and salad. Lauguage is important, and a basis of trust. On
Wednesday and again on Friday I had lunch with Kwok Chen, a Princeton
Ph.D. from Hong Kong who was co-founder of LCT Technologies (he is the
`C'), a company that specializes in gravity and magnetics modeling,
data collection, processing, and interpretation. I have worked with
and around Kwok since the early 1980's. They just sold LCT, he is
retired, and is interested in working with Continuum. The Friday
lunch was because one of my colleagues missed the appointment to have
lunch and interview with Kwok. This does not build trust, and creates
business friction. Tuesday evening and Thursday evening there were
meetings with the Vpatch principals. Looks like they are going to get
funded, and that is exciting. Sara, if John Howell gets a job he is
bidding on, he will have a summer job for you. He works in Portfolio
Analysis, which is where all of the big dollars are in oil & gas, and
I think this would be the perfect opportunity for you. However, it is
still a big if. When do you move back to Houston? Audrey got here
early Thursday morning. Thanks to Ed Roger's she has a job at Baker
Bott's, one of the big law firms downtown, in the Shell Tower. Andrea's
friends Sharon and John Shay came and visited us Friday night. We went
out to dinner at Landry's. It was nice to meet some of Andrea's past
friends and get to know them. It was a very nice evening, although I
was sick at my stomach, only ate some gumbo, and ended up throwing up
and having diarrhea and stomach pain most of the night. It was
probably a stomach virus from lunch or dinner Wednesday. Oh well!
Yesterday, I participated in the Rice Alliance for Technology and
Entrepreneurship (http://alliance.rice.edu). It was really neat.
There were presentations by BidTab.com (a competitor to e-pipe, an
early name for Vpatch), Carbon Nanotechnologies which build the
strongest fiber ever made, Desmogen which does tissue engineering
and has a gel which turns into a matrix which bone can regrow in,
EJP Technologies multi-sensor non-invasive measurement for process
systems, ExpertNetwork.com for keeping expert witnesses from being
tainted in trials, FeelPretty.com for selling extra large women's
lingerie, Membrane Products Corporation for filtering virus out of
water, Offline Systems for editing home movies on-line, Skycomm
International for building a fiber to satellite teleport at Ellington
Airforce Base, and Tax Machine for providing computer tax submission
for those without computers at home. I still wasn't feeling my best
and spent the rest of the day sleeping, cleaning up e-mail filing on
the Sun and then on the PC while watching `The Land Before Time' and
`Return to the Land Before Time.' Andrea was at a Regional Priest
Laurel Conference at the North Stake Center all day. She got home
about 12:30 this morning. It is now 11:55 AM, and I am still in
my pajamas. So I guess I will go shave, shower, get my suit on,
and go to church, where I have no fears of catching a virus."
I'm interested in sharing weekly a "thoughtlet" (little statements
of big thoughts which mean a lot to me) with you because I know how
important the written word can be. I am concerned about how easy
it is to drift and forget our roots and our potential among all of
distractions of daily life. To download any of these thoughtlets
go to http://www.walden3d.com/thoughtlets or e-mail me at
rnelson@walden3d.com.
With all my love,
Dad
(H. Roice Nelson, Jr.)