07May2000 #0019.html

Virus

. . .

Dear Paul, Melanie and Jared Wright, Bridget, Rob, Ben and Sarah, Sara, Heather and Nate Pace, Audrey, Rachel, and Matt via hardcopy,

cc: file, Tony Hafen, Pauline Nelson via mail, Sara and Des Penny, Claude and Katherine Warner, Lloyd and Luana Warner, Diane Cluff, Maxine Shirts via mail.

Welcome to "Thoughtlets." This is a weekly review of an idea, belief, thought, or words that will hopefully be of some benefit to you, my children, with an electronic copy to on-line extended family members. Any of you can ask me not to clutter your mail box at any time.

"I got bit by the "Love-Bug Virus." I lost 2 years of jpg and jpeg images which I had not backed up. This included 50+ pictures of whiteboard thinking, patent ideas, meeting notes, and other things I will not be able to reconstruct because I used the digital camera as an extension of my memory. Discounting the feelings accompanying the divorce, the other time in my life I felt this violated as an individual, was when I was about 15 years old. I think it was just before Christmas of 1964, which is when I would have been in 9th grade. I had started playing the guitar when I was in 5th grade, when Mr. Holeman was my teacher, the same year Randy Shirts (and Andrea) moved to Cedar City from Iran. By nineth grade I had graduated from an acoustic gutar to an electric Gibson guitar, which is what I recall playing with Randy in our musical debut at a 9th grade assembly (../9718.html). Someone broke into our house, which was never locked, stole a bunch of Dad's shirts, the money I had been saving for Christmas, and my Gibson guitar. I noticed the money was gone when I got home, and got mad at Mom for taking it and not asking me. I didn't say anything about it to her that night, just kept it inside. Mom, I'm sorry for all the times I have missjudged you.

Mom, I remember when I noticed the guitar was gone, I went and told you I didn't think it was fair you took my Christmas money and my guitar. I remember you saying you thought someone had been in Dad's closet, and we started looking around and found a lot of `stuff' (../9725.html) missing. I remember the police coming out to the house and talking to us, and it seeming like they didn't do much. I remember getting my science books out, teaching myself how to dust my room for fingerprints, finding a nice fingerprint on my red money box, and trying to get someone to do something about it. I remember feeling brushed off, and I remember that neither the money, nor the guitar were returned. 1964 is a long time ago, and so I'm not sure, but this might have been the reason I ended up getting `The Ventures Mosright rainbow guitar.' This was my guitar all through The KeyNotes, and was the guitar I traded at a Dallas Guitar Show in about 1978 for my Martin guitar. Rob, I understand how you felt when you were robbed earlier this year. And these feelings came to my mind again this week, when I was bit by a computer virus.

Thursday morning we had our weekly sales forecast meeting, I had a brief discussion with Peter Duncan and Louise Durham about the SEG and our marketing plans, had responded to an e-mail from Cindy Berlier and and sent my comments to Jeff Hume and Dave Ridyard, when I received a message from Louise Durham that said `I love you.' I assumed it was a joke, since she sits right next to me, and opened it without thinking. Then I had three messages from me that said `I love you' and two more messages from Louise and a message from Cindy Berlier and then messages from some of the development staff, then there were people running around the halls telling everyone there was a virus and to not open e-mail's which said `I love you.' Louise had received the virus from a friend at the SEG, and said I knew I shouldn't have opened when it came in.

Next came the phone calls. Tracy Stark called from Plano saying he didn't know I cared. Riley Skeen called from Casper saying he had caught the virus, had heard about it on the news, and he hoped I wasn't burned too bad. By this time I knew all of my jpg files were destroyed. Then came the e-mails. Several were automatic system responses saying they had caught the virus and had destroyed the attachment. One said something to the effect of `I didn't know you cared, and I have always wanted to have a nice visualization environment. You will be hearing from my lawyers Louie, Dewey, and Screwem, as I think the damage to our systems is about the same as the cost of your neat visualization theater.' By this time I felt absolutely sick to my stomach. I had arranged to go to an ULI (Urban Land Institute) luncheon, and I went, stayed to myself, and didn't even take any notes. It was by the company who just purchased the Galleria, and besides my Walden 3-D interest in ULI, I think this type of developer should be interested in Continuum's visualization technologies. I left the Galleria still dragging.

When I got back to the office, Chad Self had cleaned the virus off of my computer. He had also deleted tens of megabytes of jpg and jpeg images. I definitely felt violated, and realized I need to do a better job of backing up all of the bits I keep on the Sun and especially as I hope to start converting the atoms in the boxes in the garage to bits later this year, there needs to be a triplicate backup system to insure as much as possible my life's work is not wiped out by a computer virus. A friend in London told me the following news story was available on abcnews.com:

`'ILOVEYOU' E-Mail Plague Spreads Worldwide The "vbs.loveletter.a" virus spreads through Microsoft Windows' Internet extensions and replaces all JPG and MP3 files it finds with copies of itself. It then sends itself to everyone in an infected user's Microsoft Outlook address book. (ABCNEWS.com) May 4 - U.S. corporations and military bases have been infected by a massively destructive virus that clogs networks and erases graphics and music files. "We're dealing with a monster," a Pentagon spokesperson said. As of 11 a.m., more than 200,000 mail hubs worldwide were infected with the virus, said Kathy Fighen, manager of the Computer Emergency Response Team based at Carnegie Mellon University in Pittsburgh. One corporate mail hub can serve thousands of users. The "Love Bug" virus spreads through e-mails with the subject line "ILOVEYOU" containing an attached file. Computer users who receive the e-mail should just delete it without opening the attachment, and they won't be infected. But if a curious user double-clicks on the snakelike icon of the attached love letter, they will probably be infected - and unwittingly send the virus to everyone in their Microsoft Outlook address book. The virus apparently originated in the Philippines and hit Europe and Asia early this morning, said Eric Chien, chief researcher at the Symantec Antivirus Research Center in the Netherlands. Symantec and other virus companies have already come up with vaccination and cure programs, but their Web sites were swamped by users this morning. Military Infected Unclassified State Department and military computers were infected by the virus this morning, officials there said. The federal antivirus office first noticed the attack at 5:18 a.m ET. The State Department noticed they had been hit at 6:30 a.m., and officials there said they stopped the virus's spread within an hour. "We are eradicating it, getting rid of it, destroying it," said State Department spokesman Richard Boucher. But military bases have disconnected from their infected, unclassified networks and are using only classified networks to communicate, sources said. The classified systems are protected against the virus. The Pentagon is working with anti-viral companies Symantec and McAfee to scrub their networks of the electronic scourge, military spokespeople said. Clogs Up Networks The virus uses similar tricks to last year's feared Melissa virus, but it's even more widespread and destructive, Chien said. First, "loveletter" resets a user's Internet Explorer Start Page to a Web page containing an executable file. The page has since been taken down, Chien said. He said researchers are unsure what the executable file does when launched. Then, the virus searches for all files with the extensions JPG, JPEG, MP2, and MP3 - the most popular graphics and sound formats - as well as other, more obscure extensions. It erases the files and replaces them with copies of itself under the same name, with the extension VBS tacked on. Chat room aficionados are even more vulnerable. The virus infects the popular mIRC chat program, so the next time a user starts chatting, the virus goes out to everyone in the room. Finally, the program multiplies by hijacking Microsoft Outlook and e-mailing itself to everyone in an Outlook address book. Anyone running Windows 98, Windows NT 4.0, or both Windows 95 and Internet Explorer 5.0 is vulnerable, Chien said. The virus needs Microsoft Outlook to spread. Macintosh and Linux users are not vulnerable. The virus spreads through corporate firewalls because most are not configured to reject attachments with a .txt.vbs extension, a relatively uncommon type of file, information systems managers said. Bored Student? The virus "appears to have been written by a student, probably 14 to 28 years old and probably male as well," Chien said, citing code within the virus and past experience with virus writers. "He seemed to just write it because he was bored. He probably has no idea he'd cause so much chaos," Chien said. Two lines within the virus identify the author as "Spyder," part of the"@GRAMMERsoft Group" from Manila, Philippines and say "I hate go to school." He also offers his opinion of his work: "simple but I think this is good..." "The group name is not familiar," said security consultant Brian Martin. And "Spyder" is a common name in the electronic underground. But the virus contains an e-mail address that should make it "easy to track him," Martin said. Officials at Spyder's e-mail provider, mail.com, are "working on the problem," a mail.com spokeswoman said. Law enforcement agents are pursuing Spyder, Pentagon spokespeople said. Despite the simplicity of the code, the writer does have a good idea of psychology. By adding the phrase "kindly check the attached LOVELETTER coming from me" to the e-mails, he makes users think it might be a personal message. "If you send an attachment with, 'I'm a virus, run me,' people won't run it. But with this, people say, 'oh, look, it's a love letter, I think I'll open it,'" Chien said. The answer, security experts said, is simple: Never, ever, ever, open an attached file that comes as a surprise, no matter who it seems to be from, or how "loving" it seems to be. Stunning Spread Experts said they were stunned by the speed and wide reach of the virus. "Many, many tens of thousands of machines have been infected by it," said Symantec spokesman Richard Saunders. In the U.S., the virus has affected the Pentagon, the federal Department of Agriculture, the Florida Lottery, the Wisconsin Legislature, and media organizations including Time Warner Inc., according to employees of affected companies and officials of anti-virus companies. "It is literally anybody who is running Microsoft Outlook, and that is the most common e-mail client in the world," said Richard Jacobs, president of anti-virus firm Sophos. The bug appeared in Hong Kong late in the afternoon, spreading throughout e-mail systems once a user opened one of the contaminated messages. It later moved into European parliamentary houses and through the high-tech systems of big companies and financial traders. "I have to tell you that, sadly, this affectionate greeting contains a virus which has immobilized the House's internal communication system," said Margaret Beckett, leader of Britain's House of Commons. "This means that no member can receive e-mails from outside, nor indeed can we communicate with each other by e-mail." Companies in Denmark, Norway, the Netherlands and Switzerland were also hit. ABCNEWS' Sascha Segan and The Associated Press contributed to this story. Curing the Virus May 4 - All the major anti-viral companies have released free trial versions of their software that can fix the new virus. Try going to www.symantec.com, www.mcafee.com, or www.sophos.com. You'll be cured, but you won't be able to get your JPEG and MP3 files back unless you've made backups. To prevent further infections by copycat viruses, Richard Jacobs of Sophos recommends you turn off your Windows Scripting Host. In Windows 98, that means go to your Start Menu and choosing Settings, then Control Panel. Double-click on the Windows Components control panel, and then choose the Accessories option. Uncheck the box for Windows Scripting Host, which should be the last one on the list. Melissa and ILOVEYOU both use Windows Scripting Host to propagate, but very few users need it in their day-to-day lives, Jacobs said. The number-one lesson, antiviral experts agree, is to scrutinize e-mail closely. "It's so important for people to think about what they're opening in their e-mail. Very few people get large numbers of love letters via email," Jacobs said.'

And it didn't stop. One of our programmers disected the virus:

`Dear CoRe: You must have already been bullied by or at least heard about the "ILOVEYOU" virus since this morning. Actually, this "virus" is just a ASCII file which is attached to a e-mail. You can easily view this file by openning it from any txt file editor such as notepad, winwrite or word, etc. The thing is that the extention of this file is "VBS", which is VBScript language program. This kind of file is associated to a program which name is "WSCRIPT.EXE", which can be found in every windows machine. If you double click the attachment, the system will automatically lunch the WSCRIPT.EXE and it will interpret the commands in the VBS file line, then the "virus" is activated to do stuff on your machine. So it is you who let the virus perform a series of actions by double-clicking the attachment icon in your e-mail. A lot of virus are spreaded by e-mails. Some of them reside in Microsoft Word DOC files. Some of them reside in EXE executable files. The only way for viruses to take effect is to manually activate them. If you don't do that, they will stay there just like other files in your file system. So NEVER DOUBLE CLICK AN ATTACHMENT FILE THAT HAS A SUSPICOUS EXTENSION, UNLESS YOU KNOW WHAT IT IS!!! Now the Microsoft Word can give you an alert if the DOC file you are opening has MACRO, which is the only way a virus could do harm to you in a word file. You can choose to disable the MACRO and then open the file without any danger even the file is infected by a virus already. For EXE files, you'd gotta be very careful. The executables do not need any other program to run. They could be your worst nightmare if there is a virus in the file. But don't worry, as long as you keep that program from running, you are safe, for, computer viruses are still programs. FYI: I reviewed the virus code and here are what it is and the things it does: * The guy who wrote this program claimed that he "hate go to school". He said his name is spyder, e-mail addr. is <mailto:> "ispyder@mail.com", and he's with GRAMMERSoft Group. He lives in Manila, Philippines. * Several things it does: 1. It modifies your windows registry table, change your IE start page URL to one of four. He used such long paths just to avoid his program to be spotted by the webmaster. And four of them just incase some of them are deleted. The next time you start your IE, the WIN-BUGSFIX.exe program may be executed and you may fall into deeper level of hell. If none of the four locations is avalible, it will change your start page to blank page. 2. It replaces the files on your hard drive that have the extentions below with a copy of itself: .jpg .jpeg .mp2 .mp3 .vbs .vbe .js .jse .css .wsh .sct .hta If any of the type of files was activated later on, the nightmare will happen again... 3. It sends out an e-mail with itself attatched to everybody in your outlook addressbook. 4. it also creates a HTML file, which is called "LOVE-LETTER-FOR-YOU.HTM". Then every time you browse a webpage that has an VBScript program, this page may be activated and ... you know what's gonna happen. Well, that's what I got from the source code. It's really a terrible but smart tiny program. It's powerfull, for the people who are not careful enough. Ok, tell me if I am wrong. Take care, folks. Sincerely, Peng'

So I learned I am not careful enough. Guess I've know that for some time. So, am I responsible? There was another abcnews.com article I feel is relevant (and which you can easily skip if you feel it isn't):

`Who's to Blame for Viruses? Are Software Companies at Fault? By Jack Valko Special to ABCNEWS.com Q U E S T I O N : Why don't they hold Microsoft responsible for making an operating system that is so vulnerable to viruses, instead of trying to track down the writers of the viruses? - Steve A N S W E R : Probably for the same reason they don't prosecute lock manufacturers after someone kicks down a door and robs a house. If you read the fine print of their software license agreement, you'll see that the code comes with no guarantee to work at all and the developer is not responsible if it crashes your system. Isn't it interesting how software development is the only industry that can offer such an outrageous purchase agreement and still be successful? Operating system designers do need to keep their systems secure so they continue to sell, even if they aren't under any legal obligation to do so. Every operating system has security issues. The only sure way to keep intruders out is to turn the systems off. That said, Microsoft has a long way to go to keep not only its operating systems up to par with the industry but also its applications. The recent outbreak of the Melissa virus, which exploits the Word and Excel macro language by quickly replicating a pornographic e-mail message, goes to show that someone at Microsoft was asleep during this feature design. Melissa is not the only macro virus in existence, but one of the first of many pernicious attacks that will continue to frighten end users and drive corporate computing departments crazy. These macros can do very powerful things, like starting applications and writing or changing any file on your hard disk. There is no security designed into the macro language at all, except to disable it altogether. The Answer Geek encourages you to do so whenever the dialog box presents itself.'

The bottom line is trust. With this type of virus intrusion, it is easy to loose trust. Trust is the basis of society. When crooks don't trust each other, their society fails (see the Book of Mormon storis about the Gadianton Robbers). When couples don't trust each other, their marriages fail. When co-workers don't trust each other, companies fail. A lack of trust creates an interpersonal friction which heats up any interaction until it starts on fire and burns out of control. And what can we do to overcome these fires of hell? Turn the other cheek. Love our neighbor as ourselves. And be really careful each time we open an e-mail attachment. For instance, this came in the work e-mail Friday:

`Hi, Additional viruses are out there, now with subject of "Joke". (It's hard to resist that one!).' Then a little later in the day: `To: CORE-HOU Subject: FW: yet *another* *&^%$# virus Importance: High how low are they gonna go? > Name: Mother's Day (a variant ILOVEYOU) > Subject line: Mother's Day Order Confirmation > Attachment: mothersday.vbs > Details: > There is another variant of the "I LOVE YOU" virus - The "Mother's Day" > virus - this one tries to trick victims into opening an attachment by > claiming it's a bill for diamonds purchased at a special Mother's Day > price. There is another one called "Lucky". > The latest variant might cause the most trouble. It attempts to prey on > consumer fears of erroneous credit card charges and arrives with the > subject line "Mother's Day Order Confirmation." The body of the message > then tells the potential victim: "We have proceeded to charge your > credit card for the amount of $326.92 for the mothers day diamond > special. We have attached a detailed invoice to this email. Please > print out the attachment and keep it in a safe place. Thanks Again and > Have a Happy Mothers Day! mothersday@subdimension.com." > The attached file, mothersday.vbs, is very similar to the original > ILOVEYOU virus but is considerably more destructive. It sets out to > delete all .INI and .BAT files from all local and network drives. > Removing such files could make it impossible to restart a victim's > computer'

So, how was your week? Hope none of you were bit by the virus. My finger still hurts (0017.html). The stitches came out on Thursday. I can touch things now, and it still feels funny. As far as the rest of the week, it really was kind of quiet. We had visitor's from Norway, and signed an agreement with DNB (the largest Norwegian Bank), that gives them until the end of May to raise $10 million as a next round of investment money. I hope this one works, as the month to month financing of 55 employees is getting very tireing. Wednesday night the Teacher's did a neat combined activity, where the leaders served dinner to people in the order they requested, even though they didn't know what they were ordering because the names were different. Specifically:

`Menu Actual Grass Salad Lover's Delight Spoon Golden Rods Speghetti Jersey's Best Ice Cream Nickles and Dimes Carrots Supersoaker Water Jack Knife Pitch Fork Sailor's Crumbs Crackers ? Sauce ? Bread'

There were twelve items, and everyone chose three servings. It was fun to watch people eat ice cream with a knife and noodles, then speghetti sauce and salad. Lauguage is important, and a basis of trust. On Wednesday and again on Friday I had lunch with Kwok Chen, a Princeton Ph.D. from Hong Kong who was co-founder of LCT Technologies (he is the `C'), a company that specializes in gravity and magnetics modeling, data collection, processing, and interpretation. I have worked with and around Kwok since the early 1980's. They just sold LCT, he is retired, and is interested in working with Continuum. The Friday lunch was because one of my colleagues missed the appointment to have lunch and interview with Kwok. This does not build trust, and creates business friction. Tuesday evening and Thursday evening there were meetings with the Vpatch principals. Looks like they are going to get funded, and that is exciting. Sara, if John Howell gets a job he is bidding on, he will have a summer job for you. He works in Portfolio Analysis, which is where all of the big dollars are in oil & gas, and I think this would be the perfect opportunity for you. However, it is still a big if. When do you move back to Houston? Audrey got here early Thursday morning. Thanks to Ed Roger's she has a job at Baker Bott's, one of the big law firms downtown, in the Shell Tower. Andrea's friends Sharon and John Shay came and visited us Friday night. We went out to dinner at Landry's. It was nice to meet some of Andrea's past friends and get to know them. It was a very nice evening, although I was sick at my stomach, only ate some gumbo, and ended up throwing up and having diarrhea and stomach pain most of the night. It was probably a stomach virus from lunch or dinner Wednesday. Oh well!

Yesterday, I participated in the Rice Alliance for Technology and Entrepreneurship (http://alliance.rice.edu). It was really neat. There were presentations by BidTab.com (a competitor to e-pipe, an early name for Vpatch), Carbon Nanotechnologies which build the strongest fiber ever made, Desmogen which does tissue engineering and has a gel which turns into a matrix which bone can regrow in, EJP Technologies multi-sensor non-invasive measurement for process systems, ExpertNetwork.com for keeping expert witnesses from being tainted in trials, FeelPretty.com for selling extra large women's lingerie, Membrane Products Corporation for filtering virus out of water, Offline Systems for editing home movies on-line, Skycomm International for building a fiber to satellite teleport at Ellington Airforce Base, and Tax Machine for providing computer tax submission for those without computers at home. I still wasn't feeling my best and spent the rest of the day sleeping, cleaning up e-mail filing on the Sun and then on the PC while watching `The Land Before Time' and `Return to the Land Before Time.' Andrea was at a Regional Priest Laurel Conference at the North Stake Center all day. She got home about 12:30 this morning. It is now 11:55 AM, and I am still in my pajamas. So I guess I will go shave, shower, get my suit on, and go to church, where I have no fears of catching a virus."

I'm interested in sharing weekly a "thoughtlet" (little statements of big thoughts which mean a lot to me) with you because I know how important the written word can be. I am concerned about how easy it is to drift and forget our roots and our potential among all of distractions of daily life. To download any of these thoughtlets go to http://www.walden3d.com/thoughtlets or e-mail me at rnelson@walden3d.com.

With all my love,
Dad
(H. Roice Nelson, Jr.)

. . .

Copyright © 2000 H. Roice Nelson, Jr.