close this bookTidBITS#109   19920302
View the documentMailBITS/02-Mar-92
View the documentPrinting Notes
View the documentMore On Viruses
View the documentVirus Fighters
View the documentQuickMail & AppleShare 3.0
View the documentPatents & Copyrights
View the documentMessaging Acronyms
View the documentReviews/02-Mar-92
View the documentFoot Notes

Virus Fighters

by John Norstad -- j-norstad@nwu.edu

I've been getting a number of thank you notes via private email and on the newsgroups lately.

Thank you very much. I appreciate your appreciation.

However, I must let everyone know that I'm more than a bit embarrassed. As the author of Disinfectant, I am in a way just the most visible tip of a very large iceberg. The rest of the iceberg deserves just as much credit and thanks as do I. The only problem is, you don't know who these people are!

I can't list the names of these people, or even the name of our Internet-based organization. This is not the same group as the Disinfectant Working Group I mention in my online manual, although there is quite a bit of overlap between the two groups.

Let me just tell you very briefly what has happened since last Wednesday morning (19-Feb) concerning this new MBDF virus.

The virus was reported to me, and a copy was sent to me, last Wednesday morning by a Professor of Mathematics in Wales. I immediately forwarded his note and the virus to the group.

By Wednesday evening, several members of the group had completely disassembled, analyzed, and tested the virus. I did NOT do any of this work!

On Thursday morning, the same professor in Wales sent me a note saying that he thought he had gotten the virus from sumex-aim. I checked, and sure enough, the games he mentioned were infected at sumex.

I again immediately notified our group, which includes the managers of sumex. The sumex managers started working furiously checking files, shutting down the archive temporarily and tracing back the source of the infection. They quickly discovered a trail leading to Cornell University.

I began working on Disinfectant 2.6. Others in the group worked on their anti-viral programs, helped prepare public announcements, and continued to do technical research on the virus. Others in the group notified the authorities at Cornell and began cooperating on that front.

To make a long story short, the net result is that:

  • Within three days of the discovery of the virus, all of the major freeware, shareware, and commercial Mac anti-viral tools were updated to deal with the new virus.

  • Two Cornell sophomores have been arrested, arraigned, and are now in jail, less than six days after discovery of the virus. [Adam: They are now free on bail, and the FBI has decided not to investigate or press federal charges.]

This brief historical summary of the events of the past six days is a wonderful example of the power of the Internet, and is a wonderful example of the tremendous spirit of cooperation fostered by the Internet.

At least a dozen people were directly involved in this process. I was just one of them. I was not even the "leader," just a participant.

So again, it's embarrassing. The credit should go to the group, not just to me.