VIRUS-L Digest Monday, 5 Dec 1988 Volume 1 : Issue 33 Today's Topics: Media (virus) humor vs. disinformation RE: prosecution of Mr. Morris Computer Virus Eradication Act of 1988 Morris and the worm Internet Worm report available in ASCII format now Virus Conference (Arlington, Virginia) --------------------------------------------------------------------------- Date: Mon, 5 Dec 1988 9:41:18 EST From: Ken van Wyk Subject: Media (virus) humor vs. disinformation This weekend, a friend of mine gave me some political cartoons that he had found in some publications (I don't know which ones). The cartoons were somewhat amusing, but certainly showed that there must still be quite a lot of confusion in the media as to what a virus even is. For example, two robots (which beared no resemblance to, say, a PUMA robot...) were shown - one says to the other, "Oh, I'll be ok, it's just a virus that I picked up from a computer." In another, a military defense system is shown with a large screen saying something like: WARNING: INCOMING MISSILES TARGET: MIX EGG WHITES UNTIL FLUFFY All the while, two generals are saying, "Must be a virus". (This isn't verbatim, but that's the jist of it.) Also, in a third cartoon, a computer operator is saying something like, "the vote tallying computer is infected by a virus, we'll have to hold the election over again". My reaction - Oh no. Ken ------------------------------ Date: Mon, 5 Dec 88 08:18 CDT From: PETCHER@eg.csc.ti.com Subject: RE: prosecution of Mr. Morris On the subject of the prosecution of Mr. Morris, and virus perpetrators in general, a lot has been said regarding the man-hours required to clean up the mess, and equate that to a dollar cost. However, nobody has rationalized that equation. In other words, would the system maintainers have been doing if they hadn't been getting rid of the worm? What was the actual value of computer time lost? If schedules were slipped due to computer unavailability, what was the cost associated with that? Who were the real money losers? Granted, any way you slice the pie, the U.S. government is probably going to come out the biggest loser, whether it's due to government employees cleaning up a government owned computer, or contractor employees doing the same on a cost plus contract. However, I feel the calculation of the actual dollars lost may be a lot more elusive than simply multiplying dollars by hours, and in the Morris case could be much larger or much smaller than the $20 million estimation being bandied about. Malcolm Petcher Texas Instruments, Inc. "The opinions are my own. The facts are gospel." ------------------------------ Date: Mon, 5 Dec 88 11:11:06 EST From: Don Alvarez Subject: Computer Virus Eradication Act of 1988 I just received a copy of HR-5061, a new bill being introduced in the House by Wally Herger (R-CA) and Robert Carr (D-Mich.). The text of the bill is included below (see disclaimer). It sounds to me like there are some subscribers to VIRUS-L who's background is more criminal law than computer science, perhaps some of you could help the rest of us out with a little commentary. Would this bill be helpful to you? Do you think you would be able to get a conviction with it? Do you think you would be able to recover your damages with it (and how would you go about defining those damages if you were to use the law)? If people are interested in sending their comments to the authors, I include the name and address of the legislative aide who has been working on this bill. If people would like to e-mail their comments, you can send them to me and I will mail them to him in a packet (be sure to include your name and normal postal mail adress, as congress isn't on the net). Happy trails, Don Alvarez boomer@SPACE.MIT.EDU - ------Start of Bill 100th Congress 2D Session H.R. 5061 To amend title 18, United States Code, to provide penalties for persons interfering with the operations of computers through the use of programs containing hidden commands that can cause harm, and for other purposes. IN THE HOUSE OF REPRESENTATIVES July 14, 1988 Mr. Herger (for himself and Mr. Carr) introduced the following bill; which was referred to the Committee on the Judiciary A BILL To ammend title 18, United States Code, to provide penalties for persons interfering with the operations of computers through the use of programs containing hidden commands that can cause harm, and for other purposes. 1 Be it enacted by the Senate and House of Representa- 2 tives of the United States of America in Congress assembled, 3 SECTION 1. SHORT TITLE. 4 This Act may be cited as the "Computer Virus Eradica- 5 tion Act of 1988". - -------Page 2 1 SECTION 2. TITLE 18 AMENDMENT. 2 (a) IN GENERAL.- Chapter 65 (relating to malicious 3 mischief) of title 18, United States Code, is amended by 4 adding at the end the following: 5 "S 1368. Disseminating computer viruses and other harm- 6 ful computer programs 7 "(a) Whoever knowingly- 8 "(1) inserts into a program for a computer infor- 9 mation or commands, knowing or having reason to be- 10 lieve that such information or commands will cause 11 loss to users of a computer on which such program is 12 run or to those who rely on information processed on 13 such computer; and 14 "(2) provides such a program to others in circum- 15 stances in which those others do not know of the inser- 16 tion or its effects; 17 or attempts to do so, shall if any such conduct affects 18 interstate or foreign commerce, be fined under this title or 19 imprisoned not more than 10 years, or both. 20 "(b) Whoever suffers loss by reason of a violation of 21 subsection (a) may, in a civil action against the violator, 22 obtain appropriate relief. In a civil action under this section, 23 the court may award to the prevailing party a reasonable attor- 24 ney's fee and other litigation expenses.". - --------Page 3 1 (b) CLERICAL AMENDMENT.- The table of sections at 2 the begining of chapter 65 of title 18, United States Code, 3 is amended by adding at the end the following: "1368. Disseminating computer viruses and other harmful computer programs.". - --------End of Bill >>>>NOTE: The above text was typed in by hand from a printed copy of HR5061 >>>> received from Mr. Herger's office. I have no experience with >>>> legal docu>> errors which could affect the nature of the bill. Neither >>>> I nor my employer (MIT Center for Space Research) make any claims >>>> as to the accuracy of the text. For an official copy of the >>>> bill, please contact: >>>> >>>> Mr. Doug Riggs >>>> 1108 Longworth Bldg >>>> Washington D.C. 20515 + ----------------------------------------------------------- + | Don Alvarez MIT Center For Space Research | | boomer@SPACE.MIT.EDU 77 Massachusetts Ave 37-618 | | (617) 253-7457 Cambridge, MA 02139 | + ----------------------------------------------------------- + ------------------------------ Date: Mon, 5 Dec 88 14:01:15 CST From: Kevin Trojanowski Subject: Morris and the worm Something I've noticed in the many notes present within this group -- most, if not all, of them discuss the Novemberm, or has been convicted beyond a reasonable doubt. Let us remember that in this country, it's innocent until proven guilty, not guilty as soon as the FBI arrests you. If you've not read the Worm analysis, I suggest doing so. It provides an interesting insight into the possibility that Morris may not have written the worm, or may not have done so alone. It cites examples of poor coding, inconsistent coding, and poor algorithmic use. - -Kevin Trojanowski troj@umaxc.weeg.uiowa.edu ------------------------------ Date: Mon, 5 Dec 1988 15:43:52 EST From: Ken van Wyk Subject: Internet Worm report available in ASCII format now A hearty thanks to Len Levine who has (painstakingly, no doubt) taken the PostScript file of Gene Spafford's report on the Internet worm and converted it to straight ASCII text (well, PostScript is ASCII, but not very readable to most of us...)! So, my U.S. mail distribution of the file can now include eitherk (360k or 1.2 meg MS-DOS), and I'll mail it back to you. If you want both the PS and the DOC file, send two 360k disks or one 1.2 meg disk. Oh yeah, first e-mail me a request for my postal address. Thanks again, Len! Ken ------------------------------ From: gateh@conncoll.bitnet Date: Mon, 5 Dec 88 16:16:54 est Subject: Virus Conference (Arlington, Virginia) A flyer about a virus conference just came across my desk, and I was wondering if anyone else has heard about it and is considering attending. Entitled "Preventing and Containing Computer Virus Attacks", it takes place January 30-31, in Arlington, VA. Speakers include Representative Wally Herger (R-CA), a special agent from the FBI, John Landry (ADAPSO virus committee chairman), Patricia Sission from NASA, as well as a collection of attorneys and business folk. Conference is chaired by Dave Douglass, no info provided. Have you heard anything about any of these people? Or any info that would help 4550 Montgomery Avenue Suite 700N Bethesda, MD 20814-3382 I've had such mixed success with seminars and conferences that I tend to get jumpy when I see one that I might want to attend. - - Gregg ___________________________________________________________________________ Gregg TeHennepe | BITNET: gateh@conncoll Minicomputer Specialist | Phone: (203) 447-7681 Academic Computing and User Services Connecticut College New London, CT 06320 ------------------------------ End of VIRUS-L Digest ********************* Downloaded From P-80 International Information Systems 304-744-2253