How a virus packaged as a love note fooled us - Federico

WITH the escalation of hostilities in Mindanao, one thing we should all guard against is a blind polarization, especially a polarization along religious lines.

There is a risk that the attendant atrocities could push both Muslim and non-Muslim sectors to opposing extreme positions that would make a negotiated peace a continually receding mirage.

We must take immediate steps to prevent such a polarization. Maybe our religious, civic and political leaders could drop their respective agenda and just get together with the citizens -- and pray really hard. Everyday.

* * *

READER Tom using an aol (AmericaOnLine) address admonished us, "You seem to be proud of this Filipino 'ingenuity' from 'low-tech Philippines,' of creating a virus that wreck (sic) havoc on even the most sophisticated defenses in the computer technology in the most advanced high-tech countries."

No, sir, we're not waving the "Proudly Philippine-made" label when we commented on (not commended) this LuvBug initially described as a creation of a youthful Filipino programmer in Pandacan. A more discerning rereading of our column last Sunday will show where Postscript is coming from.

* * *

WE were amazed to talk with some colleagues who thought all the while that a computer virus is like a germ, a bug, a termite or some crawling creature that somebody unleashes and which then creeps into the innards of a computer to cause damage.

Pardon us while we walk through a grade school computer class and come out to pass on some information on the basics of computers and viruses.

* * *

A computer virus is not a material object. It is not part, or becomes part, of the hardware. Remember this term "hardware" -- which refers to those physical components of the computer that you can see or touch -- as opposed to "software." Examples of hardware are the TV-like monitor, the keyboard, and the CPU (central processing unit) housed in the box-like metal casing. You can see hardware, touch it, hold and lift it.

A virus is something else. It is "software," an intangible set of instructions written and introduced into the computer to make it operate and do what the programmer wants the machine to do. A software can also be called a program.

* * *

HARDWARE is a mere heap of junk without the software or program to make it work. And the software will not come about and operate the hardware without the participation of the programmer or user.

Contrary to what some fantasy films depict, a computer does not act on its own. It is just a tool that carries out instructions (software) given by a programmer. Human intervention initiates and guides the computer's operation.

In fact, despite its sophistication, a computer is so helpless that if you do not plug it in, it will not work. And if you're mad at or tired of it, all you have to do to terminate the darn thing is to unplug it.

* * *

A COMPUTER is a passive and neutral tool like a hammer. But it can be fed software with destructive or malicious instructions and wreak havoc like a hammer being used on an innocent victim.

A destructive software is called a "virus" for convenience, since the word is easy to understand and visualize.

In the case of the ILOVEYOU virus and its variants, the virus was made to sneak into Microsoft's office organizer called Outlook, which is part of Office, another widely used program created by Bill Gates' Microsoft.

The LuvBug carries instructions or commands to infiltrate Outlook, to send itself as email to all names in Outlook's address book, to rename some files and foul up the PC's filing system, to look for passwords and send them back to the hacker, among other instructions.

* * *

HOW does the LuvBug get into the computer of the victim? It piggybacks on email, now the most popular and efficient means of global communication.

If the destructive instructions constituting the virus are simply written with the text of the email, they would be harmless because an email in itself is not executable -- meaning it does not and cannot prompt a computer to perform an act or to execute instructions.

The hacker or programmer writes the sinister instructions on another page or file in the form and the language that a computer and its operating system will be understand and obey. Unlike the email proper, this other file (which we call "virus") is executable. Once opened, it jumps into action to carry out its instructions.

* * *

THE e-mail containing the virus comes knocking on the user's mailbox and is normally allowed in or downloaded by the unsuspecting victim with the rest of the mail.

But it looks different from other mail in that it has an attachment or an additional file/page (actually the hidden virus) attached to it. The attachment can be opened by clicking on it.

At this point, the receiver has the option of (1) opening the attachment, (2) deferring action on it, or (3) deleting it outright.

* * *

IF the attachment is opened, the virus leaps out like a commando and starts attacking everything it was programmed to attack.

If action on the attachment is deferred, it stays in the mailbox, virus and all, waiting like a bad genie to be let out of the bottle.

If the unopened attachment is deleted outright, it ends up in the trash box. To terminate it with finality, one must follow it to the trash box and delete it there all over again.

In our case, we delete outright all incoming attachments, even seemingly harmless ones, without bothering to peep into them. You peek and the darn thing might just leap out and gobble up the files!

* * *

VIRUS creators play on the psychological weaknesses of people.

You receive a pretty package, with a note talking of love. Will you open it? Most likely you will. That was how some people had been killed or maimed by bombs in the mail.

The email carrying the LuvBug attachment says ILOVEYOU on the subject line, with a note asking the recipient to open an attached love letter. Many good-natured individuals did, and they unleashed into their systems and systems beyond one of the most destructive viruses in contemporary history.

This simple psychological knocking on the heart and the virus's resending itself to all names (and not just 50 entries as the earlier Melissa virus did) on a captive address book may explain why the LuvBug spread that far and wide, and fast, from Pandacan to the rest of the world.

* * *

BUT cannot those expensive anti-virus programs detect, block and get rid of incoming viruses?

Anti-virus software can spot a virus only if the pattern of the bug matches those already in its files of thousands upon thousands of known viruses.

In the case of a new virus like ILOVEYOU just making a debut, it is obvious that it cannot be detected -- for the simple reason that its existence and technical description are still unknown to the anti-virus program writers.

But having captured the new virus, experts now have dissected ILOVEYOU and written blocking instructions to detect and stop it. Still, if your anti-virus software does not have these new instructions, it will fail to detect ILOVEYOU.

* * *

THAT was why one of our instant advice given days ago was for owners of anti-virus software to update them via the Internet. We were assuming that the vendors came up fast with contra-ILOVEYOU instructions and were ready to share them with holders of their programs.

One problem of some Filipinos, however, is that their anti-virus software may be pirated, unlicensed copies. Vendors will not send an update to a spurious user.

As an old anti-virus software is useless against new viruses, a practical measure is, as we keep saying, to just delete all attachments, period.

We mean ALL attachments -- because even supposedly known and reliable sources of email may not know that they are infected and may send virus-infected files without being aware of it.

* * *

ATTACHMENTS are sometimes sent out of sheer laziness or ignorance. Instead of attaching a file to a letter, one can easily copy it into the email page proper where it can be read as is without the receiver having to open another page or attached file.

Transferring a text file for inclusion in an email page is a simple operation. You select the text you want to move. Hit Edit/COPY, then go to your email message. Put the cursor where you want the moved text to start. Hit Edit/PASTE and the text will appear on your email right where you want it.

That won't take one minute, and it saves you and your recipient the anxiety of unwittingly spreading and receiving viruses.

* * *

WE'RE almost at the bottom of the page, so we cut short this piece on viruses.

We had planned to discuss today our compromise formula that would allow the big oil companies to co-exist in the free market with the National Oil Exchange being pushed by Bataan Rep. Enrique T. Garcia.

With space having run out, let us just reproduce the elements of the formula:

* The oil firms will keep their refineries, storage facilities and gas stations to retail their branded products. They can join the international bidding to be called by the National Oil Exchange, but will not be required to buy refined products from the OilEx.

* Operating parallel to them, the National Oil Exchange proposed by Garcia will buy gasoline, diesel and other petroleum products directly from the lowest bidder anywhere in the world. The OilEx will store its supply initially in the Subic-Clark depots left by the Americans, and compete with the Big 3.

We hope to have space next time for readers' reactions to the formula. -- FDPascual@journalist.com

Show comments