In
the age of the Internet’s billion connected people, it’s fitting that
viruses should evolve to use the Net–and those people–to spread, rather than
depend on old-fashioned coding and disks.
Early virus authors went to much trouble to build
in code that would ensure replication. Today, their focus has shifted. The
intelligence is in
the messages, and the authors are often more psychologists than hackers. They
play on predictable human reactions, not PC response.
Take the so-called Ericsson phone scam.
"Forward this message to 10 or 15 people, and you get a brand-new Ericsson
phone free." Here’s the power of the Net numbers. I watched with
amazement as otherwise mature adults fell over themselves trying to win free
phones and sending out dozens of emails. This chain quickly escalated, almost
bringing down Ericsson’s network, and forcing that company to deploy filters
to bounce such mail at the company’s routers, with the message that this was a
fraud.
This is a "denial of service attack."
All it takes is to send a message that asks to be copied to ten other people–one
that is so persuasive that enough people will do so. Chain letters,
forward-else-bad-luck letters, free cash bonanzas from Microsoft...anything
goes. If each user mails 10 others, you quickly reach catastrophe. No one’s
immune: AOL, the world’s largest ISP, has been brought down by denial of
service attacks.
If these bugs have caught the public and media
imagination, business users are not amused.
The ‘I Love You’ worm that struck the world
this month was one of the most destructive ever, affecting several million PCs
worldwide and causing at least $5 billion of damages, as companies shut down
email servers and had to fix the damage caused. A fifth of business PC users in
the world were affected. Again, the sheer effectiveness of the virus was aided
by the modus operandi–replicate and send to everyone in a person’s
address-book–and the elegant simplicity of the message: an "I love
you" message coming from someone you know...
In the "physical" world, we wonder why
so many billions are spent on weapons of attack and defense. Now that war
culture has hit the cyberworld, driven not by geo-political factors, but often,
by an amazingly misplaced sense of cyber-power.
The ‘love-bug’ helped spell out how critical
security will be for business in the Internet age, how vulnerable Microsoft
products are (running malicious scripts automatically, for instance), how much
of corporate time and money will be spent tackling security issues–and how
much they’ll affect every user on the planet.