Return to Newsletter Archive

AUTHOR:
TerrorismCentral Editorial Staff

TITLE:
TerrorismCentral Newsletter - November 16, 2003

SOURCE:
TerrorismCentral, November 16, 2003

TEXT:

It's virus season, and time to mark some important anniversaries. November 1983 was the first time a computer virus was defined and experimentally demonstrated. It also marks 20 years since the first isolates of what we now know of as the Human Immuno-deficiency Virus (HIV) and one year since the World Health Organization launched global surveillance reporting for Severe Acute Respiratory Syndrome (SARS). This week starts a 3-part series of Feature Articles looking at the impact of these viruses.


CONTENTS:

NEWS HIGHLIGHTS OF THE WEEK:

 1. World
 2. Africa
 3. Americas
 4. Asia Pacific
 5. Europe
 6. Middle East
 7. South Asia
 8. Cyberterrorism and Information Warfare
 9. Finance
10. Human Rights
11. Law and Legal Issues
12. Transportation
13. Weapons of Mass Destruction
14. Recently Published

FEATURE ARTICLE:
Viruses part I: Computers

NEWS HIGHLIGHTS OF THE WEEK


1. World

The failure to deliver antiretroviral treatment to AIDS sufferers has been declared a global health emergency by the World Health Organization. There are more than 46 million HIV infections around the world and another person is infected every six seconds. The BBC has launched a major series on HIV/AIDS, with extensive background and documentaries of personal experiences around the world, over the next two weeks.
http://news.bbc.co.uk/2/hi/talking_point/special/aids/default.stm

In Iraq, mounting attacks and casualties (including the Nasiriya bombing in which 19 Italian servicemen were killed) forced US authorities to concede it is fighting an insurgency with estimated participants numbering between 5,000 (military intelligence) and 50,000 (CIA estimate). Paul Bremer, the top administrator, returned to the US for urgent talks that resulted in another policy shift. The new plan is to accelerate the handover of power so that Iraqis would be in control by next summer (in time for the presidential election). The Center for Strategic and International Studies has published two new reports written by Anthony Cordesmann regarding possible future scenarios in Iraq, none indicating rapid success. "Iraq: Too Uncertain to Call" is at http://csis.org/features/031114toouncertain.pdf and "Current Military Situation in Iraq at http://csis.org/features/031114current.pdf. Meanwhile, the medical charity Medact cites disrupted immunization programs and the destruction of water systems as leading to generations of poor health in their report "Continuing Collateral Damage" http://www.medact.org/tbx/pages/sub.cfm?id=775. And Gordon Platt described reconstructing the banking system in November's "Global Finance"
http://globalf.vwh.net/content/?article_id=469

The World Health Organization has launched a plan to combat substandard and counterfeit medicines, particularly in the Greater Mekong region and Africa, where poorly equipped labs and under-funded regulators contribute to the problem.
http://www.who.int/mediacentre/releases/2003/pr85/en/


2. Africa

The World Bank is funding an "anti-AIDS" corridor along the Ivory Coast - Nigeria trade route. This is the first cross-border project the World Bank has funded, recognizing that infection doesn't respect national borders. The funding will provide for education and services to help reduce spread of the virus among the people who live and work along the busy coastal corridor.

Algerian police discovered donkeys were fitted with taped commands to help smuggle goods back and forth into Morocco without human accompaniment. The border has been closed for ten years, following a bombing in Morocco. 200 donkeys were killed.

Burundi officials, the rebel Forces for the Defense of Democracy (FDD), and regional leaders are meeting to complete a peace agreement between the government and the FDD. The second largest rebel group, Forces for National Liberation (FLN) have refused to join the talks. FLN fighting during the week killed some 17. FLN forces have been accused of using bicycles to infiltrate the capital, Bujumbura, and bicycle taxis have been banned to thwart this.

In Democratic Republic of Congo, rising rebel violence threatens the shaky peace process. In addition to clashes with UN troops, the Uganda People's Defense Force (UPDF) has reoccupied the mountain border area to prevent rebel Alliance of Democratic Forces (ADF), People's Redemption Army (PRA), and other remnants from regrouping. Uganda has been warned that no joint patrols or incursions into DRC territory are authorized. Eastern DRC still hosts forces from the Interahamwe, Mayi-Mayi and RCD-Goma. In response, the UN Mission is redeploying troops into a number of different provinces, particularly in the east where fighting is heaviest, and increasing disarmament efforts.

Ivory Coast's peace process is at a standstill while serious differences remain between The New Forces rebels, who control the north, and the government. There are fears that the north will secede, an action that would trigger renewed civil war.

An outbreak of Ebola virus has been confirmed in northwest Republic of Congo, with 11 deaths so far.

Rwandan rebel leader Paul Rwarakabije, leader of the Democratic Forces for the Liberation of Rwanda, and a hundred of his militiamen, have surrendered to the government. After more than ten years in DR Congo, Rwarakabije says it is time for peace.

In western Sudan, severe fighting has driven half a million people from their homes and threatens a humanitarian crisis to which response is restricted by Sudanese authorities who are not honoring a recent agreement to permit better access. This Darfur region is one of the major areas of dispute in the peace process, focused on access to scarce natural resources.

The previously unknown Zimbabwe Freedom Movement (ZFM) has announced its goal to remove President Mugabe from power with use of force.
http://www.zfm.cc/


3. Americas

Brazil's Landless Movement has begun a march to call for land reforms. More than a thousand workers are walking 112 miles to the capital, where they are expected to arrive on November 20 for a meeting with President Lula da Silva.

In Bogota, Colombia, two grenades were thrown into a popular bar frequented by expatriates. One person died and at least 25 were injured. Colombian politics remain unsettled after the defeat of a referendum effort and the resignation of three senior ministers.

Dominican Republic labor unionists and students held a one-day general strike that shut down the country and was accompanied with demonstrations. Clashes with the police killed at least six and hundreds were arrested. The demonstrators were protesting price increases and power cuts.

Guatemalans turned out in large numbers to vote for conservative Oscar Berger (38 percent) and center-left Alvaro Colom (28 percent), who will face each other in a run-off since n either reached the 50 percent threshold. Former dictator Efrain Rios Montt was defeated, coming in third with 17 percent of the vote.

A Peruvian military court has cleared commandos charged with executing 14 Tupac Amaru Revolutionary Movement rebels in 1997, saying that the commandos were obeying orders during a military situation.

The US 9/11 Panel has reached a deal with the White House that permits access to presidential briefings and other sensitive documents. The successful negotiations preempted issuance of subpoenas for the material.

The Supreme Court has agreed to hear appeals from al Qaeda and Taliban suspects detained at the US naval base in Guantanamo Bay, Cuba.

Military pay associated with mobilizations for the "war on terror" and homeland security is the topic of a new General Accounting Office report, http://www.gao.gov/cgi-bin/getrpt?GAO-04-89. They find the result of cumbersome and complex processes for pay "is to severely constrain DOD's ability to provide active pay to these personnel, many of whom were risking their lives in combat in Iraq and Afghanistan. In addition, these pay problems have had a profound financial impact on individual soldiers and their families". These problems affected more than 90 percent of the study group.


4. Asia Pacific

US Defense Secretary Rumsfeld is visiting Asia to discuss changing troop deployments. He began in Japan, where he was asked to scale down the US military presence and he accepted the delayed Japanese peacekeeping deployment in Iraq pending improved security. South Korea has similar issues. There are indications that discussions with North Korea could resume in December.

Australia was accused of using Indonesia as a dumping ground for asylum seekers after 14 Turkish Kurds were expelled. Australia says this is merely regional cooperation. Indonesia is investigating the incident.

Burma's political conditions had significantly deteriorated since the UN Human Rights Rapporteur last visited in March. Paulo Sergio Pinheiro found evidence that the violence in May was the result of government actions and that all detained or placed under arrest should be freed.

China and India have held their first ever joint naval exercises in the East China Sea.

Malaysia has detained 13 students who were deported from Pakistan on suspicion of links to Islamic militant groups.


5. Europe

The European Commission has issued proposals for a new cross border agency to control illegal migration into the EU.

Eight years after the Dayton accord that ended the 1992-5 war in the former Yugoslavia, Svetozar Marovic President of Serbia and Montenegro, apologized to Bosnia for the war. Bosnia-Herzegovina and the war recovery are covered in a Special Report in the Financial Times, November 11.
http://www.ft.com/bosniaher2003

The Corsican National Liberation Front -Combatants' Union of Fighters has announced a ceasefire without conditions, prior to local elections scheduled for next March. Separatist fighting in Corsica has gone on for over 30 years.
https://terrorismcentral.com/Newsletters/2003/071303.html#FeatureArticle

Czech police have arrested two Slovaks suspected of selling low-grade uranium.

France has granted bail to three people arrested last week for alleged terrorist operations connected with the Real IRA. They are still under investigation for conspiracy but their three colleagues were freed last week.

Georgia remains on the brink of a possible civil war since talks between the government and opposition leaders over fraudulent election results reached no agreement. Massive protests continued throughout the week, but were suspended over the weekend. Troops were brought in to control the demonstrations in Tbilisi and President Shevardnadze has offered a second vote in 27 of 2,800 polling stations.

Greece is being challenged by its efforts to join the EU and manage the forthcoming Olympic games. The Financial Times reviews these and other issues in a Special Report, November 11 http://www.ft.com/greece2003

Serbs are attempting to elect a President for the fourth time in just over a year. The number of voters has been unable to meet the minimum required turnout of 50 percent.

Two Turkish synagogues suffered nearly simultaneous car bomb attacks. At least 20 people were killed and nearly 300 injured. Five of the dead and 80 of the injured were Jewish. Investigations continue into whether this was a suicide bombing or not. Simultaneous bombings are one of the hallmarks of al Qaeda, and a group of Turkish radicals called the Great Eastern Islamic Raider's Front (IBDA/C) claimed responsibility.

Turkey's outlawed separatist Kurdistan Workers' Party (PKK) was renamed the Congress for Democracy and Freedom in Kurdistan (Kadek) and has now apparently announced its dissolution and plans to establish a new movement to provide broader peaceful political representation for Kurds.
http://69.57.132.41/~kadek/kurdistan/


6. Middle East

The UN relief and Works Agency for Palestine Refugees has raised less than half the funds needed for relief even while the needs rise. " More than 60 per cent of the refugees are living on $2 a day, or less, while chronic and acute malnutrition among children reached 25 per cent in some areas. UNWRA is feeding more than 1 million refugees in Gaza and the West Bank, but the Agency has had to halve its food distribution. In the first half of 2002, cash assistance to the very poorest people was cut to $950,000 from $3.4 million in the Gaza Strip and to $2,600 from $3.3 million in the West Bank, the Agency said. "This has meant that the large number of destitute families were not given assistance for basic needs, such as fuel for cooking, or replacement household items for those families whose shelters were destroyed," UNRWA said." The UN expert on right to food said, " 9 per cent of Palestinian children under the age of five suffer some form of brain damage because of chronic malnutrition caused by... closures, curfews and the hindrance of the movement of people and merchandise within the occupied territories...." And that "too many Palestinians were cut off from the land they need for their livelihoods, thanks to the establishment of military zones, the construction of a security fence and what he described as a Bantustan-style policy of separating communities".
http://www.un.org/apps/news/story.asp?NewsID=8841&Cr=palestin&Cr1=
http://www.un.org/apps/news/story.asp?NewsID=8866&Cr=palestin&Cr1=

Hamas has ruled out an immediate end to attacks but is willing to have a discussion with Palestinian Prime Minister Qureia.

Iran has been cooperating with the International Atomic Energy Agency (IAEA) by suspending uranium enrichment, agreeing to the additional protocol, and providing required documentation. A leaked IAEA report indicates there is no indication of a weapons program but past concealment means it will take more time to reach a final conclusion.
http://www.ceip.org/files/nonprolif/templates/article.asp?NewsID=5614

Four former Shin Bet (Israeli domestic security) chiefs have attacked the government's poor handling of the peace process. At the same time, those who developed the Geneva Plan have launched a large advertising campaign to promote this alternative.

The prisoner exchange agreement between Israel and Lebanese Hezbollah is on hold. Hezbollah insists that any prisoner exchange had to include Samir Kantar, in prison in Israel for killing an entire family.

Saudi Arabian authorities have been investigating last week's deadly suicide bombing on the housing complex in which 17 died, including five children, and 120 were injured. Investigators have found similarities with the May 12 bombings and suggest both are the work of al Qaeda. Several arrests have been made.

Syria says it will continue discussions with the US despite votes in the US Congress to impose sanctions. The Institute for International Law of Peace and Humanitarian Law has published bulletin BOFAXE 261E regarding the Israeli strikes in Syria on October 6 that concludes it violated international norms prohibiting use of force.
http://www.ifhv.de/

Palestinian leader Yasser Arafat has reached an agreement for a new cabinet with Prime Minister Qureia that returns control of security to Arafat.

The UN Office for the Coordination of Humanitarian Affairs has published an analysis of the "security barrier" that Israel is constructing in the West Bank and finds it will separate 14.5 percent of land and affect nearly 700,000 Palestinians, a third of those in the West Bank.
http://www.reliefweb.int/hic-opt/


7. South Asia

Rising attacks in Afghanistan are having a significant impact on humanitarian operations. The UN has ordered its foreign staff to stay at home while they review security in the wake of the death of an employee, the first killed in two years, as well as a car bombing earlier in the week. Note the latest Security Council briefing at http://www.un.org/News/Press/docs/2003/sc7913.doc.htm

India and China have held their first ever joint naval exercises in the East China Sea.

The Indian state of Assam is on security alert following threats against Hindi speakers issued by the United Liberation Front of Assam. Bengali is the dominant language in Assam.
http://www.e-pao.net/

Maldives president Gayoom has been sworn in for his 6th term after receiving 90 percent of the votes in a referendum in which he was the sole candidate. He followed this success by firing two officials who had backed a reformist group.

Nepalese Brigadier-General Sagar Bahadur Pandey has died with three other soldiers in a Maoist rebel ambush using a landmine. He was the highest-ranking officer killed in the 8 years of the rebellion.

Controversy in Sri Lanka continues to hold back peace efforts. The Norwegian mediators have suspended activity until the political crisis between the President and Prime Minister is resolved.


8. Cyberterrorism and Information Warfare

Singapore has passed new laws to combat cyber crime, including allowing activity monitoring and preemptive action.

Microsoft has released five new patches, including three rated critical.

The MiMail I worm variant is targeting PayPal users with a false account expiration warning.

George V. Hulme writes of "The Mind of a Hacker" in the November 10 issue of Information Week.
http://www.informationweek.com/story/showArticle.jhtml?articleID=16000606

The US General Accounting Office has found the "Uneven Implementation of Wireless Enhanced 911 Raises Prospect of Piecemeal Availability for Years to Come" is a report that looks at problems arising primarily from lack of funding and coordination.
http://www.gao.gov/cgi-bin/getrpt?GAO-04-55


9. Finance

The Financial Times has obtained a leaked copy of a new UN report. They reveal "Loopholes undermine crackdown on terror financing" (by Mark Turner and Edward Alden) and "Al-Qaeda 'financiers' active in Europe: A UN report reveals a lack of action over Youssef Nada and Ahmed Idris Nasreddin" (by Edward Alden, Mark Huband and Mark Turner) published in the November 14 issue. http://www.ft.com (subscribers) They cite "inadequate co-operation, legislative loopholes, and a lack of political determination" as harming international efforts.

The Canadian government has added the Palestine Liberation Front (PLF), the Popular Front for the Liberation of Palestine (PFLP), and the Popular Front for Liberation of Palestine, General Command (PFLP/GC) to their list of terrorist organizations, bringing the number of groups on the list to 34.

US Treasury has designated 15 alleged members of an Italian al-Qaeda cell as international terrorists. Information was provided by Italian authorities and will also be acted upon by the UN. They are: Radi Abd El Samie Abou El Yazid El Ayashi, Ciise Maxamed Cabdullaah, Mohammed Tahir Hammid, Mohamed Amin Mostafa, Daki Mohamed, Faraj Farj Hassan Al Saadi, Nassim Saadi, Cherif Said Ben Abdelhakim, Lotfi Rihani, Hamadi Bouyahia, Lazher Ben Khalifa Ben Ahmed Rouine, Imed Ben Mekki Zarkaoui, Mourad Trabelsi, Kamel Ben Mouldi Hamraoui, and Noureddine Drissi.
http://www.treas.gov/press/releases/reports/italianalqaidacellfactsheet.htm

Global Relief has not been charged with any terror-related crime but their assets have been frozen in the US for almost two years. The US Supreme Court has refused to hear an appeal against these actions.


10. Human Rights

A UN report to the Social, Humanitarian and Cultural Committee found that "two related issues were at work: the impact of security and counter-terrorism legislation on human rights defenders; and the role of human rights defenders in emergencies. In many States, the scope of security legislation far exceeded the legitimate objective of strengthening security. Lawyers, journalists, and non-governmental organization personnel and political activists had been targeted unfairly for speaking out against existing measures that were being applied more aggressively, or measures adopted more recently to combat terrorism".
http://www.un.org/News/briefings/docs/2003/jilaniPB.doc.htm

Amnesty International echoes the risk of human rights campaigners, this time in a report on parts of the Americas that begins "The persecution of government critics, opposition politicians, journalists, human rights defenders, trade unionists, academics and students is as much a characteristic of the history of Latin America and the Caribbean as it is of the present. The end of several protracted conflicts, transitions to democratic forms of government and new economic development models have not always produced expected dividends in the exercise of fundamental freedoms". http://web.amnesty.org/library/index/ENGAMR010092003


11. Law and Legal Issues

Maher Arar is preparing a lawsuit against US officials who deported him, a Canadian citizen, to Syria, where he was tortured.

Giovanni Bomono has been arrested in Rome after he was expelled from Senegal. One of Italy's most wanted criminals, he is connected with two murders, drug trafficking and money laundering for the Mafia in Namibia and South Africa.

Mustafa Ibrahim, district commander of the Free Aceh Movement (GAM), was sentenced by Indonesia court to 17 years in prison for treason, arms possession and extortion.

Stephen John Jordi has been arrested in Miami Beach, Florida, US, on suspicion of planning to bomb abortion clinics.

Ahmed Mehalba, a Guantanamo Bay interpreter for the US Navy, has been indicted in Boston, Massachusetts, US, on charges of mishandling information and making false statements.

Zacarias Moussaoui, the "20th hijacker", has lost the right to represent himself in his US trial. Federal judge Brinkema had repeatedly warned him against filing "further frivolous, scandalous, disrespectful or repetitive pleadings" but he persisted. Moussaoui will be represented by court-appointed attorneys who have previously participated in actions on his behalf.

Sheik Ali Hassan al-Moayad and Mohammed Mohsen Yahya Zayed will be extradited from Germany to the US to faces charges of supporting al Qaeda. The German Federal Constitutional court made the decision, which follows their arrest in Frankfurt in January.

Mahmoud al-Nadi was found guilty in Israeli court of transporting a suicide bomber who was later responsible for the June 2001 Tel Aviv discotheque bombing.

More than 900 September 11 families and others have lost their ability to sue individual members of the Saudi royal family now that a US federal judge has ruled there was insufficient evidence against them. The plaintiffs may appeal the decision, but the lawsuit will continue with the remaining defendants.

Zaid Hassan Abd Al-Latif Masud Al Safarini and four others were convicted in Pakistani court of the 1986 Pan Am hijacking in which 22 people were killed, including two US citizens. Safarini was released and his sentence commuted in 2001 whereupon he was seized by US authorities. He has now agreed a plea bargain to avoid the death penalty but will be sentenced to a prison term in December.

Hade Soleimanpour will not be extradited from the UK to Argentina in connection with the 1994 bombing of a Jewish community center after the British Home Office found there was insufficient evidence to justify the extradition.

Akhmed Zakayev will not been extradited from the UK to Russia. A British judge ruled there would be substantial risk of torture if Zakayev were returned to Russia to face charges of murder and kidnapping.


12. Transportation

"New Food Transport Regs Challenge the Supply Chain" is the topic of an article by Lara Sowinski in World Trade, December 2003. It reviews US Food and Drug Administration regulations on the importation of food that come into force in December, demonstrating the complexity of the rules and suggests a risk management approach would be more effective. http://www.worldtrademag.com (registration needed)
http://www.fda.gov/oc/opacom/hottopics/bioterrorism.html


13. Weapons of Mass Destruction

The Institute of Biological Energy Alternatives have produced an artificial virus using a new, rapid method they scientists claim could be engineered to build new life forms, such as bacteria to produce clean energy. http://www.bioenergyalts.org/news.html

A group of 80 non-governmental organizations have formed the Cluster Munition Coalition to campaign against cluster bombs, in preparation for negotiations on a new protocol to the UN Convention on Conventional Weapons.
http://www.handicap-international.be/content.asp?lng=1&cID=252
http://www.cmc-international.org/

Germany has shut down the first of its 19 nuclear power stations at the beginning of an effort to phase out the nuclear program.


14. Recently Published

Carol Bergman, editor "Another Day in Paradise" Earthscan

Rick Bragg, "I Am A Soldier Too" Knopf

Theodore Friend "Indonesian Destinies" Belknap Press, Harvard University Press

Stanleu Greene, "Open Wound: Chechnya 1994 to 2003" Trolley

Douglas Hurd, "Memoirs", Little Brown

John Keegan, "Intelligence in War: Knowledge of the Enemy from Napoleon to Al- Qaeda" Knopf

David Lewis, "The Man Who Invented Hitler" Headline

Wolfgang Schivelbusch, "The Culture of Defeat: On National Trauma, Mourning and Recovery" Metropolitan Books, Granta

Control Risks Group has published the "RiskMap 2004" that addresses "Geopolitical uncertainty, instability in key emerging markets countries, and the continued threats to international business posed by terrorism and crime".
http://www.crg.com/html/service_level2.php?id=129


FEATURE ARTICLE: Viruses, part I: Computers

TA virus is a type of malicious code that operates much as its biological namesake. It can only operate with a carrier host and is self-replicating. It is the ability to replicate that poses the greatest danger to systems.

John von Neumann developed the concept of self-replicating programs in 1949. By distinguishing between the machine and the concept of a machine, von Neumann laid the foundation for developing computers to store data in memory as well as establishing the basis for other sciences that rely on an understanding of complexity.

Programmers were used to inadvertent system failures (the term "bug" emerged in 1945) and also enjoyed using computers for pranks, but the idea to use hidden computer codes as a weapon first appeared in works of fiction in the 1970s and 80s. 1982 was the year of the first virus, Elk Cloner.

Elk Cloner was distributed on Apple operating system diskettes. It created flaws in the output and displayed a poem, "Elk Cloner: The program with a personality". Turning off the computer and reinserting the diskette restored the program, and no permanent damage was done. But as long as the computer was on, it would continue to copy itself to other diskettes.

Fred Cohen formally defined the virus in 1983, based on a series of experiments conducted by him and his colleagues. They are described in Cohen's seminal paper as follows:

"On November 3, 1983, the first virus was conceived of as an experiment to be presented at a weekly seminar on computer security. The concept was first introduced in this seminar by the author, and the name 'virus' was thought of by Len Adleman. After 8 hours of expert work on a heavily loaded VAX 11/750 system running Unix, the first virus was completed and ready for demonstration. Within a week, permission was obtained to perform experiments, and 5 experiments were performed. On November 10, the virus was demonstrated to the security seminar."
www.all.net/books/virus/part5.html

Even this first experiment was notable for both the speed of infection. Cohen explains, "In each of five attacks, all system rights were granted to the attacker in under an hour. The shortest time was under 5 minutes, and the average under 30 minutes. Even those who knew the attack was taking place were infected. In each case, files were 'disinfected' after experimentation to assure that no user's privacy would be violated. It was expected that the attack would be successful, but the very short takeover times were quite surprising. In addition, the virus was fast enough (under 1/2 second) that the delay to infected programs went unnoticed." [ibid]

The ease of development was also surprising, particularly the way in which a virus attaches to another program. Cohen continues, " After successful experiments had been performed on a Unix system, it was quite apparent that the same techniques would work on many other systems. In particular, experiments were planned for a Tops-20 system, a VMS system, a VM/370 system, and a network containing several of these systems. In the process of negotiating with administrators, feasibility was demonstrated by developing and testing prototypes. Prototype attacks for the Tops-20 system were developed by an experienced Tops-20 user in 6 hours, a novice VM/370 user with the help of an experienced programmer in 30 hours, and a novice VMS user without assistance in 20 hours. These programs demonstrated the ability to find files to be infected, infect them, and cross user boundaries." [ibid]

Viral attributes of easy creation and speedy dissemination have plagued industry ever since.

Viruses reached public notice first in 1986 when a program called Brain infected MS-DOS based computers. Created by brothers Basit and Amjad Farooq Alvi in Pakistan, it was disseminated on floppy diskettes by infecting the boot sector and quickly spread around the world. Soon, viruses moved away from the operating system into files, making infections even faster and easier. Around this time the first anti-virus products began to emerge, along with virus hoaxes.

Internet users experienced a viral epidemic for the first time in 1988 when poorly written code developed by Robert Morris allowed his worm to infect and disable 6,000 computers, paralyzing the entire network and causing damages estimated at nearly $100 million.

The volume and sophistication of viral attacks began to increase, aided by the emergence of online virus communities and groups of virus writers, (and soon virus-writing toolkits), but for the next couple of years anti-virus programs were able to keep up by identifying fragments of typical virus code. The emergence of Chameleon, the first polymorphic virus, changed this.

A polymorphic virus is one in which each copy is slightly different, making it harder to detect. (There are toolkits that use this technique to help "script kiddies" easily create new forms of an existing virus.) These viruses typically are prepared with the viral code and an encryption routine and in addition use random decryption to change the output each time it infects a new machine. If truly random, this is very difficult to detect, and anti-virus programs had to adopt new analysis techniques to combat this new threat.

Tequila was the first polymorphic virus to reach epidemic proportions, but more followed quickly behind and the scale of infections grew rapidly. Damages from infections also grew.

It became easier with the dominance of MS-DOS and Windows-based personal computers. Virus writers began to neglect the older operating systems in favor of high-volume, easy-entrance Microsoft products. This specialization also made it easier to collaborate and create more unusual and damaging tools. For example, new viruses were developed to target specific Microsoft applications, like Concept for Word and Laroux for Excel. Tristate infected Word, Excel and PowerPoint.

Melissa, in 1999 was the first to combine a Word macro virus with Outlook to mail itself to other users. This technique remains a highly successful method of viral dissemination.

The end of the century opened the way to a new technique: Denial of Service and Distributed Denial of Service attacks. These attacks shut down major sites and even inter-net enabled telephone and emergency services. In 2002 the largest such attack targeted the root internet servers, with limited impact.

Polymorphism reached a new height in 2001, shortly after the September 11 attacks. Nimda infected hundreds of thousands of computers around the world. It used five different methods to spread:

"* from client to client via email
* from client to client via open network shares
* from web server to client via browsing of compromised web sites
* from client to web server via active scanning for and exploitation of various Microsoft IIS 4.0 / 5.0 directory traversal vulnerabilities (VU#111677 and CA-2001-12)
* from client to web server via scanning for the back doors left behind by the "Code Red II" (IN-2001-09), and "sadmind/IIS" (CA-2001-11) worms" (http://www.cert.org/advisories/CA-2001-26.html)

2003 has been the year of the biggest, fastest, and most damaging cyber-attacks, including both malicious code and record volumes of spam.

Slammer holds the record as the fastest worm in history. In less than three hours it infected hundreds of thousands of computers around the world and caused over $1 billion in damages. It knocked out nuclear control systems, ATM transactions, airlines and emergency services, using a flaw in Microsoft SQL Server.

Total damages from cyber-attacks rapidly increased during the year. In the first nine months, mi2g has estimated the costs of repairs, downtime, maintenance and so on at more than $80 billion, which is more than the insurance claims from the September 11 attacks. (http://www.mi2g.com)

Happily, these have all been economic damages -- so far. Threats to the critical infrastructure by the use of malicious code are real and need to be addressed both by technology and public policy. So far, these have not resulted in loss of life, unlike the biological viruses that will be discussed in the next two parts of this series: AIDS and SARS.

Further reading:

Further Reading:

* Chameleon
http://hq.mcafeeasap.com/dispVirus.asp?virus_k=1313

* Elk Cloner
http://www.skrenta.com/cloner/

* CERT Coordination Center http://www.cert.org

Fred Cohen http://www.all.net/
http://www.all.net/books/virus/part1.html

* Denial of Service developments

* Eugene Kaspersky
http://www.viruslist.com/eng/viruslistbooks.html?id=9

* National Institute of Standards and Technology
http://csrc.nist.gov/
http://csrc.nist.gov/publications/nistir/threats/subsubsection3_3_1_1.html#SECTION0003110000000000000

* Robert Slade
http://www.cknow.com/vtutor/vtsladecontents.htm

* Ryan Schuster
http://www.avcollective.com/Essays/history1.htm

* Symantec Enterprise Paper on types of viruses
http://www.symantec.com/avcenter/reference/striker.pdf

* Virus Myths
http://www.vmyths.com

* The Work of John von Neumann (1903-1957)
http://mayet.som.yale.edu/coopetition/vN.html


HOW TO CONTACT US:

Please contact us with your questions or comments by sending email to .

We look forward to hearing from you.

If you want to be removed from this list, please reply to the message with REMOVE in the subject line.

Editorial Team
TerrorismCentral
All Rights Reserved. Copyright © 2003 by TerrorismCentral.