Security Experts Start Looking for the Antidote

 The first notable virus outbreak in 1988 was
triggered by the Suriv-3 virus on
May 13^th. The event is also known as the Black Friday and antivirus
companies are still going into full alert each time the 13th of any month falls
on a Friday. Suriv-3 infected many enterprises, government offices and academic
institutions around the world, but caused extensive damage in the US, Europe and the Near
East.

 Following the
massive infections in 1987 and 1988, a couple of companies stared developing
antivirus utilities. However, such small companies with two to five employees
would only produce simplistic string scanners, able to detect unique virus code
sequences. Basic antivirus software was often bundled with immunizers (pieces
of software that modified programs in order to trick viruses into thinking that
they had already been infected). Although immunizers were highly efficient for
specific viruses, they did not offer proactive defense against unknown security
threats. Moreover, as viruses started to bloom, antivirus companies were unable
to issue immunizers quickly enough for all of them.

 Although the vast
majority of antivirus products were sold for negligibly low prices, computer
users did not rush to get protected. In addition to that, antivirus software
could not be updated easily, as the Internet was still in its early days. This
meant that new viruses could easily escape string scanners

 On April 22, the
first dedicated antivirus forum went live on the Usenet network. Called the
Virus-L forum, it was founded by Ken van Wyk, Fred Cohen’s friend and
colleague.

 However, virus
creators have also begun gearing up for the battle. 1988 marks the birth date
of a new type of malware, in the form of a virus construction kit, designed for
the Atari ST. The do-it-yourself utility allowed beginner virus creators to
easily build viruses with miscellaneous features using a simple and intuitive
interface.

 Worm.Macos.Macmag.A was
the first important computer virus written for Macintosh computers. It also
came with a number of programming innovations that made it extremely efficient.
It all began in February 1988, when a file Apple’s HyperCard software turned up
in a Compuserve online forum. When users would download and open it, the file
would secretly install a system extension (The “system extension” is an INIT resource that had been copied
into the system folder, which means that a program is automatically executed
upon startup.) which made the computer display a New Age peace message on every startup. It
seems that the virus had been written by Artemus Barnoz
(known as Richard Brandow. Although Brandow claimed authorship, he commissioned the programming
part to a professional software developer called Drew Davidson) and Boris Wanowitch, that were the editors of both
the Canadian computer magazine MacMag and the “Computer Graphics Conspiracy” New
Age publication.

 The virus was
rather harmless, given the fact that its payload would only display a “peace
message” that read:

“RICHARD
BRANDOW, publisher of MacMag, and its entire staff
would like to take this opportunity to convey their UNIVERSAL MESSAGE OF PEACE
to all Macintosh users around the world.”

 However, the peace
message was at least questionable, given the medium the two colleagues used to
spread it. The virus went off circulation on March 2^nd(The date picked by the authors for the final run was not chosen at
random: March 2, 1988 was the first anniversary of Macintosh II line. More than
that, a coding bug caused Macintosh II systems to crash),when it would appear once and then it would delete itself from the infected
system.

 History repeats itself, they say, and this seems to have been the
case with “Denzuko.A“, a virus
written by Indonesian programmer Denny Yanuar
Ramdhani. Just as the Reaper would
seek and destroy the Creeper virus in
early seventies, Denzuko.A (The virus is also known as Den Zuk with its Ohio and Hacker variants) would look for instances of the Brain
virus, then swiftly remove them from the infected computer. However, Denzuko.A
was more than an antivirus utility, given the fact that it would replace Brain
with copies of itself. The virus lay hidden on track 40 on the infected
diskettes, but its programmer seems to have made a programming error, since
360KB diskettes only have 39 tracks. More than that, the virus is not able to
infect 1.2M or 3.5″ diskettes correctly –
instead, it would destroy all the stored data on it. Upon successful infection Denzuko.A would change the “(c)
Brain” label with “Y