spaf@cs.purdue.edu (Gene Spafford) (12/22/89)
At various seminars during the past few months, I've been making a
few statements about the motives behind viruses and related threats
(like the AIDS diskette). I'd like to share them with this audience,
too. I hope I'm wrong about these, but....
Theorem #1) The majority of viruses written so far have been done for
"sport," by people who have been trying to prove that they can write
viruses. Others are possible experiments that got away, and a few
specific cases of revenge.
Theorem #2) Within a year or so, writing viruses for "sport" will
almost cease to happen. They are becoming so well known and such a
nuisance, and software guards are such that casual attempts will not
be tried nor will they be successful if tried.
Theorem #3) We will see more cases of viruses, etc. written as acts of
political terrorism and as acts of extortion. Examples of
politically-related computer attacks have occurred recently: the
Stoned (New Zealand) virus, the Dukakis Mac virus, the FuManchu virus,
the NASA "wank" worm, and perhaps the current AIDS trojan horse.
These will be much more cleverly written and well-funded attacks as
time goes on. (Imagine viruses that flash messages like: "Experiment
with Computers, not Animals," "Save the Unborn," "Ban Nuclear Power,"
"Free Palestine," etc.)
Theorem #4) Within the next few years, there will be at least one
major problem where some purported anti-viral/security software will
be made available, and it will contain a logic bomb or trojan horse in
it that causes more damage than what it is supposed to fix. (Minor
thesis: the likely author of such software will be someone marketing
commercial security software, and the logic bomb version will be a
public-domain package not traceable to the author. The purpose -- to
discredit public domain anti-virus software.)
Theorem #5) Too many people will continue to seek a software solution
even though the problem is only partially in software. Thus, we
aren't going to see an end to the problem for a long time to come.
Comments? Discussion?
- --
Gene Spafford
NSF/Purdue/U of Florida Software Engineering Research Center,
Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004
Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf