Suriv-3, or the Jerusalem virus, as it is known today, caused a major epidemic in 1988. It was detected in many enterprises, government offices and academic institutions on Friday, May 13th. The virus struck all over the world, but the US, Europe and the Near East were hit hardest. Jerusalem destroyed all loaded files on infected machines.
May 13th 1988 came to be known as Black Friday. Ironically, antivirus experts and virus writers all pay close attention when the 13th of any month falls on a Friday. Virus writers are more active, while virus analysts treat it as a professional mini-holiday.
By this time, many antivirus companies had been established around the world. Generally, these were small firms, usually with two or three people. The software consisted of simple scanners that performed context searches to detect unique virus code sequences.
Users also appreciated the immunizers that came with the scanners. These immunizers would modify programs in such a way that a virus would think the computer was already infected and leave them untouched. Later, when the quantity of viruses increased into the hundreds, immunizers were rendered ineffective, as the number of immunizers required for the viruses in the wild was simply unrealistic to manufacture.
Both types of antivirus programs were either distributed for free or were sold for ridiculously low prices. Despite this, they failed to gain enough popularity effectively counter virus epidemics. Furthermore, the antivirus programs were completely helpless in the face of new viruses: imperfect channels for data transmission and the lack of a unified worldwide computer network like the modern Internet made the delivery of updated versions of antivirus programs extremely difficult.
The spread of viruses like Jerusalem, Cascade, Stoned and Vienna was also facilitated by human factors. First, users of that era did not know enough about the need for antivirus protection. Second, many users, and even professionals, didn’t believe in the existence of computer viruses.
For instance, even Peter Norton, whose name is synonymous today with many products of US-based Symantec, was skeptical about computer viruses at one stage in his career. He declared their existence to be a myth and compared them to stories of large crocodiles inhabiting the sewers of New York. This incident didn’t stop Symantec, however, from shortly after developing its own antivirus project, Norton AntiVirus.
This was an important year for the antivirus community as well: the first electronic forum devoted to antivirus security was opened on April 22. This was the Virus-L forum on the Usenet network created by Ken van Wyk, a university colleague of Fred Cohen’s.
The first widespread virus hoax was also registered in 1988. This very interesting phenomenon refers to the spread of rumors about dangerous new viruses. Actually, in some cases, these rumors worked liked a virus. Scared users would spread these rumors at the speed of light. It goes without saying that these hoaxes did not harm anyone, however, they used up bandwidth and users’ nerves and discredited those that initially believed the rumours.
Mike RoChennel (a pseudonym derived from the word ‘Microchannel’), was the author of one of the first hoaxes.In October 1988, Mike sent a large number of messages to BBSs regarding an virus which could transfer from one 2400 baud modem to another. A suggested antidote to this virus was to use modems with a speed of 1200 bauds. However ridiculous this may have sounded, many users did indeed heed this advice.
Another such hoax was released by Robert Morris about a virus spreading over networks and changing port and drive configurations. According to the warning, the alleged virus infected 300,000 computers in the Dakotas in under 12 minutes. November 1988: a network epidemic caused by the Morris Worm. The virus infected over 600 computer systems in the US (including the NASA research center) and almost brought some to a complete standstill. Like the Christmas Tree worm, the virus sent unlimited copies of itself and completely overloaded the networks.
In order to multiply, the Morris Worm exploited a vulnerability in UNIX operating systems on VAX and Sun Microsystems platforms. As well as exploiting the UNIX vulnerability, the virus used several innovative methods to gain system access such as harvesting passwords.
The overall losses caused by the ‘Morris Worm’ virus were estimated at US $96 million dollars – a significant sum at the time.
Finally, a popular antivirius program; Dr. Solomon’s Anti-Virus Toolkit was released onto the market in 1988. The program was created by UK programmer, Alan Solomon, and was widely used until 1998 when the company was taken over by US-based Network Associates (NAI).