page-046

Chapter 1 / Empty Cup Mind

to any other diskette or hard drive accessed by the machine. During system

startup, the virus would display the message: "Your computer is now stoned."

Later on in the book, we'll see how this idea has been reborn as Peter Kleiss-

ner's Stoned Bootkit.

Once the Internet boom of the 1990s took off, email attachments, browser-

based ActiveX components, and pirated software became popular transmis¬

sion vectors. Recent examples of this include the ILOVEYOU virus,which

was implemented in Microsoft's VBScript language and transmitted as an

attachment named LOVE-LETTER-FOR-YOU.TXT.vbs.

Note how the tile has two extensions, one that indicates a text file and the

other that indicates a script file. When the user opened the attachment (which

looks like a text file on machines configured to hide file extensions), the Win¬

dows Script Host would run the script, and the virus would be set in motion

to spread itself. The ILOVEYOU virus, among other things, sends a copy of

the infecting email to everyone in the user's email address book.

Worms are different in that they don't require explicit user interaction (i.e.,

launching a program or double-clicking a script file) to spread; worms spread

on their own automatically. The canonical example is the Morris Worm. In

1988, Robert Tappan Morris, then a graduate student at Cornell, released the

first recorded computer worm out into the Internet. It spread to thousands of

machines and caused quite a stir. As a result, Morris was the first person to be

indicted under the Computer Fraud and Abuse Act of 1986 (he was eventually

fined and sentenced to 3 years of probation). At the time, there wasn't any

sort of official framework in place to alert administrators about an outbreak.

According to one in-depth examination,�� the UNIX "old-boy" network is

what halted the worm's spread.

Adware and Spyware

Adware is software that displays advertisements on the user's computer while

it's being executed (or, in some cases, simply after it has been installed). Ad¬

ware isn't always malicious, but it's definitely annoying. Some vendors like

to call it "sponsor-supported" to avoid negative connotations. Products like

18. http://us.mcafee.com/viriisInfo/default.asp?id=dcscription&virus_k=98617.

19. Eugene Spafford, "Crisis and Aftermath," Commtinicalions of the ACM, June 1989, Volume

32, Number 6.