While thousands of computer users spent long hours trying to purge the Melissa virus from their infected machines last week, Dr. Steve R. White spent long hours making his PC sick.
A theoretical physicist turned bug hunter, White runs IBM's Anti-Virus Center in Hawthorne, N.Y., one of a handful of places where computer viruses are methodically captured, dissected and cataloged with the hopes of finding a way to stop them.
To keep viruses from getting the upper hand, White and his colleagues have turned to a fitting source of inspiration: the human body. Drawing from disciplines ranging from immunology to neural networking, they've developed a complex, automated virus response technology they call the Digital Immune System. They plan to deploy it for the first time this summer.
To reach White's lab, visitors must pass a watchful lobby security guard, then run a gantlet of bolted doors, motion detectors and other anti-intruder measures that White politely declines to discuss. Finally, they arrive at a door decorated with this tabloid headline from the Weekly World News: "Deadly Virus Turns Home Computers Into Bombs!"
The security is understandable. Inside the windowless lab are two gray, padlocked filing cabinets stuffed with thousands of multi-colored 3.5-inch floppy disks. White calls it "one of the most dangerous collections of software in the world."
The disks contain about 20,000 computer viruses, binary bugs with names such as Stoned, Ripper, Wazzu -- and now Melissa. Put one in your disk drive and there's a good chance you can kiss your bank statements, love letters, family photos, and everything else on your hard drive goodbye.
"I hate them all," White says.
Fifteen years ago computer viruses were virtually unknown outside computer labs. The few deployed by early high-tech hooligans took months, even years to work their way around the globe.
No longer. Today, researchers estimate that as many as 10 viruses are created each day. Most quickly die off, surviving only in virus "zoos" maintained by scientists like White. But a few hundred thrive "in the wild," infecting and replicating in computers around the world. And, as the Melissa episode demonstrates, the Internet makes it possible for viruses to sweep through global computer networks not in months -- but hours.
"Viruses are starting to spread faster than humans can respond," says White.
On its face, a computer virus doesn't seem like a tough customer. After all, it is nothing more than a tiny snippet of software code designed to slip into a computer, reproduce and leap to a new electronic host. The smallest virus in the IBM collection is less than a dozen lines long.
But their small size often makes viruses hard to detect until it's too late. Luckily, most are merely annoying, ddesigned to change file names at random or cause all the letters on your screen to crumble into a pile. Others, however, are the ruthless binary equivalents of Ebola: Rampaging through a hard drive, they trash everything in their path.
These software demons have been around since the 1970s, when scientists at Xerox Corp.'s PARC research lab in Palo Alto, Calif., wrote a piece of self-replicating software called "Worm."
They were working on a program that could travel through PARC's nascent computer network and automatically perform routine maintenance tasks. But one morning the scientists discovered that the software had taken on a life of its own, invading new machines on the network and causing them to crash, all without human intervention.
The first PC virus to thrive in the wild was called Brain. Written in 1986 by two self-taught programmers in Lahore, Pakistan, it spread when computer users shared infected floppy disks. A year after its release, the virus had infected more than 100,000 floppies and spread as far as the University of Delaware.
Since then, virus scares have become regular events. In 1992 the Michelangelo virus promised to wipe out computer disk drives around the world on March 6, the artist's birthday. The virus fueled a media frenzy -- but turned out to be a dud. Outright hoaxes aren't uncommon either. "Share Fun" and "Good Times," two mythical viruses, turned into urban legends that still circulate in breathlessly worded e-mail warnings.
"There's a decent amount of hype over computer viruses," concedes Carey Nachenberg, chief researcher at Symantec Corp.'s anti-virus lab in Santa Monica, Calif. "But Melissa was not overhyped at all."
Melissa belongs to the newest and fastest growing strain, "macro" viruses, so named because they reside in mini-programs -- known as macros -- created with a relatively simple programming language built into Microsoft's popular Word and Excel software. In 1996 researchers had identified 40 macro viruses. Today there are several thousand.
One reason macro viruses are so worrisome is that even novice hackers can create them. Within days of Melissa's arrival new -- and in some cases more virulent -- mutations of the virus started to appear, with names like Melissa.A, Papa, and Mad Cow.
More importantly, macro viruses are the first strain that can hide in otherwise normal-looking documents attached to e-mail messages. With a single mouse click, a virus victim can unknowingly dispatch the contagion to hundreds of other computers.
The very popularity of the Microsoft Windows operating system -- wwhich runs 90 percent of desktop computers -- and Microsoft's application programs, which are almost as popular, creates an environment that allows macro viruses to thrive.
"That's one reason why computers attached to the Internet are so vulnerable to attack," says Stephanie Forrest, a computer scientist at the University of New Mexico. "It's like planting Iowa with one variety of corn: If a little beastie figures out how to eat that corn, survive and reproduce ... you're in trouble."
That's where IBM's Digital Immune System may help. The system runs on 20 computers in a refrigerated laboratory two floors above IBM's Anti-Virus Center. Under development for nearly a decade, it could be the next weapon in the fight against these man-made bugs.
It takes a different approach from most anti-virus software products, such as McAfee VirusScan or Norton Antivirus, which scan a PC or network for viral "signatures" -- tiny fragments of computer code unique to a particular virus. If one turns up, the software sounds an alarm.
The problem is that so many new viruses are flooding the Internet each day that hunters have trouble keeping their signature files up to date. As Melissa showed, viruses can slip past these software defenses before virus fighters react.
White hopes that instead of taking an afternoon to identify a virus, his group's Digital Immune System will be able to analyze a virus and dispatch a cure in the span of a lunch break. The staff hopes to shave the response time down to minutes.
The new IBM technology works like this: Monitoring software on a user's PC looks for suspicious activity. If it finds some, it captures a sample of the suspected invader's code and transmits it across the Internet to Digital Immune System computers. The machines act as a virtual Petri dish, analyzing the virus, concocting software antibodies to fight the virus and delivering the cure over the Internet to all computers running the monitoring software, ensuring that the virus cannot spread to them.
Last week, IBM researchers fed a copy of Melissa into the immune system. Within a few minutes, the computer had figured out how Melissa worked and cranked out an antidote.
"If this system had been in place, fewer computers would have been infected," says White.
IBM has joined forces with Symantec, maker of the popular Norton AntiVirus software. The companies plan to deploy the Digital Immune System this summer.
Even if the technology succeeds, White doubts his Anti-Virus Lab will be any less busy. "I don't think computer viruses are ever going to go away for basically the same reason that the biological ones are still with us," he says.
"The question is: 'Will we be able to cope?'"
Who writes computer viruses?
"They're your neighbors, your children, your employees. You can't say it's one type of person," says Sarah Gordon, an IBM researcher who has spent the past 10 years studying computer viruses and the people who create them.
Over the years Gordon has corresponded with dozens of virus writers, mostly men between 17 and 27, but some as young as 11 and as old as 45. And she's met women who write them, as well.
Why do they do it? Gordon says the reasons are complex: to prove that they can, to look cool in front of their peers. Sometimes it's unintentional. "I talk to virus writers who say, 'I didn't mean for it to get out,' " she says.
Some people like to collect them from Internet sites where they're posted. "It's the electronic version of the Matchbox car," Gordon says.
That's how CyberYoda learned how to write viruses. He says he's an 18-year-old computer science major at the University of Texas.
He became interested in writing viruses two years ago after crossing paths with a virus called Ripper: "It fascinated me that a little piece of code only 1,024 bytes long has managed to outwit many adults and continue to spread around the world for years."
He downloaded a tutorial from the Web and spent a weekend learning to write macro viruses.
He says he's never written an intentionally destructive virus. "Destructive viruses usually are very noticeable and don't spread well," he says. Of the three he's written so far, the one he's most proud of is the Trenton virus, named after a friend who committed suicide.
Twice a year -- on the day his friend was born and the day he shot himself -- the Trenton virus displays a poem on the infected computer screen that ends: "Please Help Somebody Today. Tomorrow may be too late. Tomorrow was too late to help Trent . . . "