Crypt Newsletter supplied this short paper to a consumer group in Washington, D.C., that's trying to prevent the software industry from running over consumers in the area of product liability law. The industry's position is, obviously, "It's your neck if you buy, use or download our products and then wind up hosed in any way."
Most people with even half a brain grasp the point that this is a profoundly anti-consumer stance.
In America, only the computer software industry has this carte blanche ticket to screw with people unapologetically. If any other type of company in your hometown were caught ignorantly putting saltpeter into the water supply for years, you could go after them. Maybe you could even get the media outraged, too!
If this analogy isn't clear enough, consider the recent case of Williamson Sales of San Diego and the distribution of hepatitis A contaminated strawberries. Now, you should know hepatitis A -- if you're going to get hepatitis -- is the hepatitis to get. The virus that causes it is, relatively speaking, mild. Some people who contract the disease often don't know they have it; symptoms vary widely and may never appear noticeably. Children, who were the consumers of Williamson's strawberries, generally don't get as sick as adults. Victims may become extremely jaundiced or not at all.
In no cases during the media firestorm over the virus-contaminated strawberries were company officials caught saying things like "It's not our fault, there's no liability, you broke the shrinkwrap and ate the strawberries," or It's just a minor hepatitis virus (not B or non-A/non-B which are extremely bad), a relative prankster, no one will get very sick, perhaps not at all." Can you imagine what would have happened if any had? A vice-president of Williamson, or it's parent, Epitope, would have been ceremonially lynched by the media.
However, the software industry lives in a kind of mystic never-never land where these conditions do not apply. By the same token, the industry is allowed to drown everyone in ads creating the impression that products will take you anywhere you want to go, educate your children, revivify your moribund career, make you more appealing to women, earn riches for you . . . well, you know the drill.
Keep in mind as you read what follows that Microsoft's distribution of Concept and Wazzu macro viruses are one reason these viruses have become two of the most widely reported macro virus infections in the wild. Keep in mind, a hundred crazed virus writers busily uploading virus-infected uuencoded binaries to alt.cracks or alt.sex.filthy.etc couldn't accomplish in five years what Microsoft facilitated in two. Keep in mind that the level of technical attention to detail and preventive measures needed to prevent these mass distributions was well within the capability of Bill Gates' minions.
-----------------
YOUR ONE-STOP SHOP FOR MACRO VIRUSES
Since 1995, Microsoft Corporation has been responsible for mass distributions of computer viruses known under the generic name "Word macro viruses." "Word macro viruses" are named because they infect a special kind of document generated by Microsoft Word. These types of documents contain what are known as embedded macros. The embedded macros can be thought of as instructions to Word to perform some special function related to the creation, handling, alteration and display of Word documents. Unfortunately, the instructions are sufficiently powerful and flexible to allow for the creation of a small program that contains the basic property of replication into target files that do not already contain it. In the case of Word macro viruses, these programs infect other documents handled by Word, adding their instructions to uninfected documents.
In 1995, the first Word macro virus -- now called Concept -- was massively distributed by Microsoft on a CD-ROM called Microsoft Windows 95 Software Compatibility Test. The shipment went to hundreds of companies in August 1995. [1] Microsoft helpfully refused to acknowledge the severity of the problem for a few weeks. When it finally did, it named the virus "Prank" as spin control.
Partly as a consequence of this release and another around the same time in which 5,500 more infected CD-ROMs were distributed by a different company generating support software for Microsoft Windows NT, the Concept virus is now very common "in the wild." "In the wild" is a term used by anti-virus researchers to describe a computer virus frequently reported infecting the computers of individual users, business or institutional PC networks. It was coined from a monthly brief known as the Wild List, edited by IBM computer virus researcher Joe Wells. The Wild List is distributed on the Internet and documents the most commonly found computer viruses.
Interestingly, in June 1996 Hiawatha Bray, a computer reporter for the Boston Globe wrote of Microsoft Corporation sending him a Concept macro virus-infected CD-ROM. Although he had thrown away the CD in disinterest, a subsequent note from Microsoft's public relations agency warned Bray of the virus on it. [2]
Much more recently, Microsoft has distributed a word macro virus known as "Wazzu" multiple times.
In September of last year, an edition of Microsoft's The Microsoft SPCD [Solution Provider CD] was distributed containing a Wazzu virus infected document. The CD was distributed to all Microsoft Solution Providers, a catch-all name for a large group of businesses involved in resale and service on Microsoft products as well as add-on software development. [3]
The Wazzu virus, in addition to infecting documents, carries a payload that will occasionally meddle with the contents of documents generated in Word by adding instances of the word "wazzu" to them. Therefore, evidence of the Wazzu virus' spread throughout the world can be found on the Internet by careful use of Internet search engines. Comprehensive searches for the phrase "wazzu" in which all natural occurrences of the string are filtered out (for example, all returned results from papers describing Wazzu virus, all returned results pertaining to Washington State University where "Wazzu" is a nickname for the school, etc.) will return Web documents that contain the typo "wazzu." Since "wazzu" is not a typo that would be expected to be frequently found in word processor-generated documents, it's good evidence of the spread of the virus. Web pages that show evidence of Wazzu do not actually contain the virus. However, they do indicate that the page was created from an infected Word document or handled on a PC in which Wazzu virus was active.
One month later, Microsoft distributed Wazzu again, this time in Switzerland at ORBIT, an information technology exhibition. This sample of Wazzu was carried on a CD-ROM called "Letz Fetz on the Netz" and was in a document containing hot-line phone numbers for Microsoft Germany. Although Microsoft officials were informed of the contamination, the CD was distributed anyway. [4] The Wazzu infected document was also downloadable from Microsoft's Swiss Website for a period of five days.
In February, the editor of an Internet publication for Microsoft Office reported the company was distributing a new copy of Wazzu from its Website. In fact, he had downloaded the document and accidentally infected himself. However, there was a difference between this copy of Wazzu and the examples previously cited. This copy of Wazzu had been rewritten to work in Microsoft's new Office 97. [5]
This is interesting because it shows that someone went to the trouble of looking at the old Wazzu virus quite closely in order to rewrite it so that it would infect documents produced by Word 97. And then, of course, it was necessary to infect a Word 97 generated document and position it so that it went into wide distribution with other official documents supplied by Microsoft from its Website.
The editor maintained that the version of Wazzu that infected him had been written sometime during the beta-test of Office 97. He wrote, "If you have any old CDs with a beta version of Office 97 lying around (something like 70,000 copies of "Beta 2" were distributed), get rid of them."
Citations: 1. S&S International's Web site. S&S International is a world-wide anti-virus developer with an office in the U.S. in Burlington, Mass. Extensive information on Word macro viruses is found on its Website: http://www.drsolomon.com 2. Bray, Hiawatha. June 6, 1996. "Nasty viruses going around: Even Microsoft's demo CD-ROM tainted with the Word macro infection." The Boston Globe. 3. Op. cit., S&S International. 4. Brunnstein, Klaus. October 14, 1996. "Microsoft AGAIN distributes Macro Virus." Risks Forum Digest. Risks Forum Digest is a regular Internet publication devoted to publication of timely news and notices on risks associated with technology, including computing and networks. 5. Leonhard, Woody. February 24, 1997. "THE FIRST WORD 97 SPECIFIC VIRUS." Woody's Office Watch.
About the author: George Smith is the author of the book "The Virus Creation Labs: A Journey Into the Underground" (American Eagle, 1994). "Virus Creation Labs" is an analysis of the culture of computer virus writers, virus distribution and the growth of the anti-virus industry. Since 1992, he has edited the Crypt Newsletter, an Internet publication that focuses on aspects of computer crime, misuse of computer technology in American society and related issues. Smith also hosts a special interest group on the CompuServe network devoted to the same subject material. In 1995 he was an invited speaker at the National Computer Security Association's annual International Virus Prevention Conference in Arlington, VA. He possesses a Ph.D. in chemistry from Lehigh University, Bethlehem, PA.
-------------------
Other relevant links: