Tuesday, 2 April 2013
the world of hacking by NEO: world of hacking.....
the world of hacking by NEO: world of hacking.....: The Secret Guide to Computers home » read » viruses home read buy the book now! contact us Virus secr...
the world of hacking by NEO: SUPERCONDUCTIVITY....is it real ?
the world of hacking by NEO: SUPERCONDUCTIVITY....is it real ?: SUPERCONDUCTIVITY...is it real?? Background: i) Experiments in high-magnetic-fields: Members of the su...
Monday, 1 April 2013
SUPERCONDUCTIVITY....is it real ?
SUPERCONDUCTIVITY...is it real??
Background:
i) Experiments in high-magnetic-fields:
Members of the superconductivity group in Durham have published arguably the most
important JC(B,T,ε) data on superconducting materials and developed a new theoretical scaling
law which successfully combines phenomenological and microscopic theory. These data
characterise the supercurrent density that a material can carry as a function of the magneticfield,
temperature and strain. We have recently installed a 15 Tesla Helmholtz-like split-pair
horizontal superconducting magnet system which is unparalleled in the university sector world-wide.
This opens the exciting possibility of making JC(B,T,ε) measurements on anisotropic
superconductors materials - which will be extremely valuable for developing our fundamental
understanding and optimisation of new technological applications.
For the best experiments, we combine world-class commercially available equipment with
probes that have been designed and built in-house. Commercial cryogenic equipment in-house
includes two high-field magnet systems, a fully equipped PPMS system, a new high-pressure
system and a He-3 system. The world-class high field facilities and instruments are supported by a
number of specialist probes designed and built in-house for making strain, magnetic, resistive
and optical measurements on superconductors. For example, the JC(B,T,ε) data were obtained
using an instrument built in Durham for use in our 17 Tesla vertical magnet system and for use
in international high-field facilities in Grenoble, France.
ii) Fabricating high-field nanocrystalline superconductors:
Members of the superconductivity group in Durham pioneered the discovery of a new class of
nanocrystalline superconductivity materials with exceptionally good tolerance to high magnetic
field.
These materials provide a new paradigm for high-field conductors which has been
patented and then published in the premier Physics journals. Equipment in-house includes
DSC, DTA, XRD, glove box, a range of milling machines and furnaces as well a HIP operating
at pressures of 2000 atmospheres and up to 2000 C. The upper critical field in Chevrel phase
superconducting materials was increased from 60 T (Tesla) to more than 100 T and in elemental
niobium from ~ 1 T to ~ 3 T. This work involves fundamental and applied scientific investigations
into nanocrystalline high-field materials where the important length scales for superconductivity are
similar to the length scales for the microstructure and is focussed on fabricating and understanding the
physics of this new class of high magnetic field superconductors.
Supercurrents in horizontal high magnetic fields:
Superconductivity is the enabling technology for the $10B ITER project that the Department of Energy
in the USA concluded is the most important large scale project in the world during the next 20 years.
About one third of the cost is the superconducting magnets that will hold the burning plasma scheduled
to ignite in 2018. Last year we installed in the Durham Physics Dept. a 15 Tesla split-pair horizontal
magnet system which is unparalleled in the university sector world-wide. In this Ph.D. project we intend
to measure and understand the supercurrent that can flow in superconducting materials in high magnetic
fields. The new magnet system opens the possibility of making detailed angular current measurements
for the first time on HTS materials. These measurements will provide the possibility of understanding
the critical issue of why supercurrent densities in high fields remain more than three orders of magnitude
below theoretical limits.
D. M. J. Taylor and Damian P. Hampshire - The scaling law for the strain-dependence of the
critical current density in Nb3Sn superconducting wires - Supercond. Sci. Tech 18 (2005) S241-
S252
Contact: Prof. Damian Hampshire d.p.hampshire@durham.ac.uk
Research project: Nanocrystalline Superconductivity:
Members of the superconductivity group in Durham pioneered the discovery of a new class of
nanocrystalline superconductivity materials with exceptionally good tolerance to high magnetic field.
These materials provide a new paradigm for high-field conductors which has been patented and then
published in the premier Physics journals. Equipment in-house includes DSC, DTA, XRD, glove box, a
range of milling machines and furnaces as well a HIP operating at pressures of 2000 atmospheres and up
to 2000 C.
The upper critical field in Chevrel phase superconducting materials was increased from 60 T
(Tesla) to more than 100 T and in elemental niobium from ~ 1 T to ~ 3 T. In this work, we control the
microstructure (grain boundaries and defects) on the length scale of the superconducting coherence
length to increase the resistivity and hence the tolerance of the superconductors to high magnetic fields.
This research Ph.D. project will involve fundamental and applied scientific investigations into
nanocrystalline high-field materials where the important length scales for superconductivity are similar
to the length scales for the microstructure and will be focussed on fabricating and understanding the
physics of this new class of high magnetic field superconductors.
D. M. J. Taylor, M. Al-Jawad and D. P. Hampshire - A new paradigm for fabricating bulk highfield
superconductors- Supercond. Sci. Tech 21 (2008) 125006
Contact: Prof. Damian Hampshire d.p.hampshire@durham.ac.uk
Also available:
Research project: Theoretical ab initio Computational Studies of Electron-Phonon
structure in Nanocrystalline Metals and Superconductors
The practical use of metals has been used to characterise different eras in Man’s development
(e.g. Bronze age). Advanced theoretical ab initio computational studies of the electronic structure
of materials have played a vital role in understanding the physics of band-structures and the
development of opto-electronic devices. These calculations have predominantly been for
semiconducting materials at zero-temperature. This research project will be directed at including
phonons in electronic structure calculations for the first time. We intend to develop ab-initio
computational tools to make detailed calculations about the electron-phonon coupling and
structure in micro- and nanocrystalline materials. Detailed calculations will provide a better
understanding of critical materials properties such as the macroscopic properties embodied in
phase diagrams, microscopic properties such as strong electron-phonon coupling and transport
properties such as resistivity. Calculations will be made for simple metals such as lithium, wellstudied
materials such as gold and important technological materials such as the high-field
superconductors Nb3Sn, NbC0.3N0.7 and Y1Ba2Cu3O7.
S. J. Clark, M. D. Segall, C. J. Pickard, P. J. Hasnip, M. J. Probert, K. Refson, and M. C. Payne,
First principles methods using CASTEP Zeitschrift für kristallographie 220, 567 (2005).
Contact: Prof. Damian Hampshire d.p.hampshire@durham.ac.uk
Research project: The Optical Properties of Metals and Superconductors:
In the last three years, we have successfully developed in the Durham physics department, a high
sensitivity variable temperature optical instrument which has been designed, commissioned and
calibrated to measure the low intensity photoluminescence emission spectra from metals and
superconductors. Although metals have very weak luminescence, it is clear that sufficient
sensitivity can be achieved. This Ph.D. research project is directed at developing the instrument
further to make optical measurements down to temperatures below 10 K. We intend to measure
for the first time the temperature dependent optical properties of metals at low temperatures and
in particular probe the superconducting state in metallic and HTS superconductors.
H. Armstrong, D. Halliday and D. P. Hampshire - Photoluminescence of Gold, Copper and
Niobium as a function of temperature - Journal of Luminescence 129 1610-1614 (2009)
Contact: Prof. Damian Hampshire d.p.hampshire@durham.ac.uk
Ph.D.- Research project: Fundamental XRD, magnetic and transport studies on single
crystals of superconductors in high magnetic fields under high pressure
The Durham physics department has a long-standing expertise using the best international highfield
and synchrotron sources in the world. In the last two years, we have obtained facilities to
make fundamental thermal and transport measurements under high pressure in Durham, on single
crystals made by the best growth groups in the world. In this Ph.D. project we intend to
investigate and understand the variables that couple to produce the microscopic mechanism that
leads to the coherent superconducting state. The importance of the thermodynamic variables
temperature and magnetic field and the critical role of charge and spin have long been appreciated
– we intend to find new insights into the superconducting many-body problem by also using
pressures up to 20 kbar as the experimental probe.
Chen DY, Wu MK, Parkinson NG, Du CH, Hatton PD, Chien FZ & Ritter C 2000. Magnetic
Ordering In The Superconducting Mixed Ruthenium-copper Oxide Sr2y(ru1-xcux)o-6. Physica C
341: 2157-2158.
Contact: Prof. Damian Hampshire d.p.hampshire@durham.ac.uk
Ph.D.- Research project: Engineering Smart Superconducting Power Systems: Durham
Energy Institute
Power transmission using superconducting technology offers the possibility of combining high
power densities with low losses in electrical distribution networks. This Ph.D. research project
will combine the design and commissioning of new cryogenic engineering instruments to
measure losses in commercially available superconducting materials with modeling the benefits
of using such materials. The focus of the research is to develop our understanding of using
superconducting technology with other renewable energy technologies to produce new paradigms
for power distribution networks. The student will a member of the Durham Energy Institute.
Degner, T., Taylor, P., Rollinson, D., Neris, A. & Tselepis, S. 2008. Microgrids and Hybrid
Systems. In Use of Electronic-Based Power Conversion for Distributed and Renewable Energy
Sources: 20 Years of Research on Power Conversion Systems. Zacharias, P. Germany: ISET.
302-310.
Contact: Prof. Damian Hampshire d.p.hampshire@durham.ac.uk
Background:
i) Experiments in high-magnetic-fields:
Members of the superconductivity group in Durham have published arguably the most
important JC(B,T,ε) data on superconducting materials and developed a new theoretical scaling
law which successfully combines phenomenological and microscopic theory. These data
characterise the supercurrent density that a material can carry as a function of the magneticfield,
temperature and strain. We have recently installed a 15 Tesla Helmholtz-like split-pair
horizontal superconducting magnet system which is unparalleled in the university sector world-wide.
This opens the exciting possibility of making JC(B,T,ε) measurements on anisotropic
superconductors materials - which will be extremely valuable for developing our fundamental
understanding and optimisation of new technological applications.
For the best experiments, we combine world-class commercially available equipment with
probes that have been designed and built in-house. Commercial cryogenic equipment in-house
includes two high-field magnet systems, a fully equipped PPMS system, a new high-pressure
system and a He-3 system. The world-class high field facilities and instruments are supported by a
number of specialist probes designed and built in-house for making strain, magnetic, resistive
and optical measurements on superconductors. For example, the JC(B,T,ε) data were obtained
using an instrument built in Durham for use in our 17 Tesla vertical magnet system and for use
in international high-field facilities in Grenoble, France.
ii) Fabricating high-field nanocrystalline superconductors:
Members of the superconductivity group in Durham pioneered the discovery of a new class of
nanocrystalline superconductivity materials with exceptionally good tolerance to high magnetic
field.
patented and then published in the premier Physics journals. Equipment in-house includes
DSC, DTA, XRD, glove box, a range of milling machines and furnaces as well a HIP operating
at pressures of 2000 atmospheres and up to 2000 C. The upper critical field in Chevrel phase
superconducting materials was increased from 60 T (Tesla) to more than 100 T and in elemental
niobium from ~ 1 T to ~ 3 T. This work involves fundamental and applied scientific investigations
into nanocrystalline high-field materials where the important length scales for superconductivity are
similar to the length scales for the microstructure and is focussed on fabricating and understanding the
physics of this new class of high magnetic field superconductors.
Supercurrents in horizontal high magnetic fields:
Superconductivity is the enabling technology for the $10B ITER project that the Department of Energy
in the USA concluded is the most important large scale project in the world during the next 20 years.
About one third of the cost is the superconducting magnets that will hold the burning plasma scheduled
to ignite in 2018. Last year we installed in the Durham Physics Dept. a 15 Tesla split-pair horizontal
magnet system which is unparalleled in the university sector world-wide. In this Ph.D. project we intend
to measure and understand the supercurrent that can flow in superconducting materials in high magnetic
fields. The new magnet system opens the possibility of making detailed angular current measurements
for the first time on HTS materials. These measurements will provide the possibility of understanding
the critical issue of why supercurrent densities in high fields remain more than three orders of magnitude
below theoretical limits.
D. M. J. Taylor and Damian P. Hampshire - The scaling law for the strain-dependence of the
critical current density in Nb3Sn superconducting wires - Supercond. Sci. Tech 18 (2005) S241-
S252
Contact: Prof. Damian Hampshire d.p.hampshire@durham.ac.uk
Research project: Nanocrystalline Superconductivity:
Members of the superconductivity group in Durham pioneered the discovery of a new class of
nanocrystalline superconductivity materials with exceptionally good tolerance to high magnetic field.
These materials provide a new paradigm for high-field conductors which has been patented and then
published in the premier Physics journals. Equipment in-house includes DSC, DTA, XRD, glove box, a
range of milling machines and furnaces as well a HIP operating at pressures of 2000 atmospheres and up
to 2000 C.
(Tesla) to more than 100 T and in elemental niobium from ~ 1 T to ~ 3 T. In this work, we control the
microstructure (grain boundaries and defects) on the length scale of the superconducting coherence
length to increase the resistivity and hence the tolerance of the superconductors to high magnetic fields.
This research Ph.D. project will involve fundamental and applied scientific investigations into
nanocrystalline high-field materials where the important length scales for superconductivity are similar
to the length scales for the microstructure and will be focussed on fabricating and understanding the
physics of this new class of high magnetic field superconductors.
D. M. J. Taylor, M. Al-Jawad and D. P. Hampshire - A new paradigm for fabricating bulk highfield
superconductors- Supercond. Sci. Tech 21 (2008) 125006
Contact: Prof. Damian Hampshire d.p.hampshire@durham.ac.uk
Also available:
Research project: Theoretical ab initio Computational Studies of Electron-Phonon
structure in Nanocrystalline Metals and SuperconductorsThe practical use of metals has been used to characterise different eras in Man’s development
(e.g. Bronze age). Advanced theoretical ab initio computational studies of the electronic structure
of materials have played a vital role in understanding the physics of band-structures and the
development of opto-electronic devices. These calculations have predominantly been for
semiconducting materials at zero-temperature. This research project will be directed at including
phonons in electronic structure calculations for the first time. We intend to develop ab-initio
computational tools to make detailed calculations about the electron-phonon coupling and
structure in micro- and nanocrystalline materials. Detailed calculations will provide a better
understanding of critical materials properties such as the macroscopic properties embodied in
phase diagrams, microscopic properties such as strong electron-phonon coupling and transport
properties such as resistivity. Calculations will be made for simple metals such as lithium, wellstudied
materials such as gold and important technological materials such as the high-field
superconductors Nb3Sn, NbC0.3N0.7 and Y1Ba2Cu3O7.
S. J. Clark, M. D. Segall, C. J. Pickard, P. J. Hasnip, M. J. Probert, K. Refson, and M. C. Payne,
First principles methods using CASTEP Zeitschrift für kristallographie 220, 567 (2005).
Contact: Prof. Damian Hampshire d.p.hampshire@durham.ac.uk
Research project: The Optical Properties of Metals and Superconductors:
In the last three years, we have successfully developed in the Durham physics department, a high
sensitivity variable temperature optical instrument which has been designed, commissioned and
calibrated to measure the low intensity photoluminescence emission spectra from metals and
superconductors. Although metals have very weak luminescence, it is clear that sufficient
sensitivity can be achieved. This Ph.D. research project is directed at developing the instrument
further to make optical measurements down to temperatures below 10 K. We intend to measure
for the first time the temperature dependent optical properties of metals at low temperatures and
in particular probe the superconducting state in metallic and HTS superconductors.
H. Armstrong, D. Halliday and D. P. Hampshire - Photoluminescence of Gold, Copper and
Niobium as a function of temperature - Journal of Luminescence 129 1610-1614 (2009)
Contact: Prof. Damian Hampshire d.p.hampshire@durham.ac.uk
Ph.D.- Research project: Fundamental XRD, magnetic and transport studies on single
crystals of superconductors in high magnetic fields under high pressure
The Durham physics department has a long-standing expertise using the best international highfield
and synchrotron sources in the world. In the last two years, we have obtained facilities to
make fundamental thermal and transport measurements under high pressure in Durham, on single
crystals made by the best growth groups in the world. In this Ph.D. project we intend to
investigate and understand the variables that couple to produce the microscopic mechanism that
leads to the coherent superconducting state. The importance of the thermodynamic variables
temperature and magnetic field and the critical role of charge and spin have long been appreciated
– we intend to find new insights into the superconducting many-body problem by also using
pressures up to 20 kbar as the experimental probe.
Chen DY, Wu MK, Parkinson NG, Du CH, Hatton PD, Chien FZ & Ritter C 2000. Magnetic
Ordering In The Superconducting Mixed Ruthenium-copper Oxide Sr2y(ru1-xcux)o-6. Physica C
341: 2157-2158.
Contact: Prof. Damian Hampshire d.p.hampshire@durham.ac.uk
Ph.D.- Research project: Engineering Smart Superconducting Power Systems: Durham
Energy Institute
Power transmission using superconducting technology offers the possibility of combining high
power densities with low losses in electrical distribution networks. This Ph.D. research project
will combine the design and commissioning of new cryogenic engineering instruments to
measure losses in commercially available superconducting materials with modeling the benefits
of using such materials. The focus of the research is to develop our understanding of using
superconducting technology with other renewable energy technologies to produce new paradigms
for power distribution networks. The student will a member of the Durham Energy Institute.
Degner, T., Taylor, P., Rollinson, D., Neris, A. & Tselepis, S. 2008. Microgrids and Hybrid
Systems. In Use of Electronic-Based Power Conversion for Distributed and Renewable Energy
Sources: 20 Years of Research on Power Conversion Systems. Zacharias, P. Germany: ISET.
302-310.
Contact: Prof. Damian Hampshire d.p.hampshire@durham.ac.uk
Sunday, 31 March 2013
world of hacking.....
The Secret Guide to Computers
home » read » viruses home read buy the book now! contact us
Virus secrets
A computer virus is a program that purposely does mischief and manages to copy itself to other computers, so the mischief spreads. Since computer viruses are malicious malevolent software, they’re called malware.
People create viruses for several reasons.
Some people think it’s funny to create mischief, by creating viruses. They’re the same kind of people who like to play “practical jokes” and, as kids, pulled fire alarms.
Some people are angry (at dictatorships, at the military, at big impersonal corporations, at clients who don’t pay bills, at lovers who rejected them, and at homosexuals). To get revenge, they create viruses to destroy their enemy’s computers.
Some people are intellectuals who want the challenge of trying to create a program that replicates itself. Too often, the program replicates itself too well and too fast and accidentally does more harm that the programmer intended.
Some people want to become famous (or infamous or influential) by inventing viruses. They’re the same kinds of people who, as kids, wrote graffiti on school walls and in bathrooms.
People who create viruses tend to be immature. Many are teenagers or disgruntled college students.
Different viruses perform different kinds of mischief.
Some viruses print nasty messages, containing four-letter words or threats or warnings, to make you worry and waste lots of your time and prevent you from getting work done.
Some viruses erase some files, or even your entire hard disk.
Some viruses screw up your computer so it prints wrong answers or stops functioning.
Some viruses clog your computer, by giving the computer more commands than the computer can handle, so the computer has no time left to handle other tasks, and all useful computer tasks remain undone.
The damage done by a virus is called the virus’s payload. Some viruses are “benign”: they do very little damage; their payload is small. Other viruses do big damage; they have a big payload. If a virus destroys your files, it’s said to have a destructive payload.
Propagation tricks
To propagate, viruses use two main tricks.
Trojan horse Homer’s epic poem, The Iliad, describes how the Greeks destroyed Troy by a trick: they persuaded the Trojans to accept a “gift” — a gigantic wooden horse that secretly contained Greek warriors, who then destroyed Troy.
Some computer viruses use that trick: they look like a pleasant gift program, but the program secretly contains destructive warriors that destroy your computer. A pleasant-seeming program that secretly contains a virus is called a Trojan horse.
Time bomb If a virus damages your computer immediately (as soon as you receive it), you’ll easily figure out who sent the virus, and you can stop the perpetrator. To prevent such detection, clever viruses are time bombs: they purposely delay damaging your computer until you’ve accidentally transmitted the virus to other computers; then, several weeks or months after you’ve been secretly infected and have secretly infected others, they suddenly destroy your computer system, and you don’t know why. You don’t know whom to blame.
How viruses arose
The first computer virus was invented in 1983 by Fred Cohen as an innocent experiment in computer security. He didn’t harm anybody: his virus stayed in his lab.
In 1986, a different person invented the first virus that ran on a PC. That virus was called Brain. Unfortunately, it accidentally escaped from its lab; it was found next year at the University of Delaware. (A virus that escapes from its lab is said to be found in the wild.)
Most early viruses harmed nobody, but eventually bad kids started invented destructive viruses. The first destructive virus that spread fast was called the Jerusalem virus because it was first noticed at the Hebrew University of Israel in 1987. It’s believed to have been invented by a programmer in Tel Aviv or Italy.
Most people still thought “computer viruses” were just myths; but in 1988, magazines began running articles saying computer viruses really exist. Then researchers began to invent anti-virus programs to protect against viruses and destroy them. In 1989, anti-virus programs started being distributed to the general public, to protect against the 30 viruses that had been invented so far.
Unfortunately, the nasty programmers writing viruses began protecting their viruses against the anti-virus programs. Now there are over 50,000 viruses, though many are just copycat viruses that are slight variants of others.
Companies writing anti-virus software are working as hard as the villains writing the viruses. Most anti-virus companies release updates (quarterly, or monthly, or immediately by downloading from the Internet), sometimes for free.
Popular anti-virus programs
MS-DOS 6 & 6.2 come with an anti-virus program called msav (which stands for MicroSoft Anti-Virus). But msav is rather useless, since most viruses were invented after it and outsmart it.
The best anti-virus program is Norton AntiVirus, which is published by Symantec and costs just $40.
You can also get Norton AntiVirus 2002 as part of Norton SystemWorks, which costs $60 and includes other utilities. Buy AntiVirus or SystemWorks from any computer store or mail-order dealer. The most convenient mail-order dealer is PC Connection (at 800-800-0003), which charges just $5 for overnight shipping. (You can order late at night and still receive it in the morning!)
The second-best anti-virus program is McAfee VirusScan, which is published by Network Associates and costs just $20 for the plain version, $30 for the Deluxe version.
You can also get it as part of McAfee Office, which costs $45 for the plain version, $60 for the Pro version. A stripped-down version of McAfee VirusScan is often included free when you buy a computer.
You can get a free anti-virus checkup, called HouseCall, from an Internet Web site called “housecall.antivirus.com”. That Web site is run by Trend Micro, which also sells an anti-virus program called PC-cillin. You can get another free anti-virus checkup by going to the Symantec Antivirus Research Center’s Web site (www.sarc.com) then clicking “Free Online Virus and Security Check”.
If you have Windows, make sure you get anti-virus software that’s designed for your version of Windows. Older anti-virus software think new versions of Windows are viruses and try to erase all of Windows.
Alas, using virus-scanning software can make your computer run slower, since virus-scanning can take a long time and consume RAM.
Who gets viruses
The most common place to find traditional viruses is at schools.
That’s partly because most viruses were invented at schools (by bright, mischievous students) but mainly because many students share the school’s computers. If one student has an infected floppy disk (purposely or accidentally) and puts it into one of the school’s computers, that computer’s hard disk will probably get infected. Then it will infect all the other students who use that computer. As disks are passed from that computer to the school’s other computers, the rest of the school’s computers become infected.
Then the school’s students, unaware of the infection, take the disks home with them and infect their families’ home computers. Then the parents bring infected disks to their offices (so they can transfer work between home and office) and infect their companies. Then company employees take infected disks home and infect their home computers, which infect any disks used by the kids, who, unaware of the infection, then take infected disks to school and start the cycle all over again.
Anybody who shares programs with other people can get a virus. Most programs are copyrighted and illegal to share. People who share programs illegally are called pirates. Pirates spread viruses. For example, many kids spread viruses when they try to share their games with their friends.
Another source of viruses is computer stores, in their computer-repair departments.
While trying to analyze and fix broken computers, the repair staff often shoves diagnostic disks into the computers, to find out what’s wrong. If one of the broken computers has a virus, the diagnostic disks accidentally get viruses from the broken computers and then pass the viruses on to other computers. So if you bring your computer to a store for repairs, don’t be surprised if your computer gets fixed but also gets a virus.
Occasionally, a major software company will screw up, accidentally get infected by a virus, and unknowingly distribute it to all folks buying the software. Even companies as big as Microsoft have accidentally distributed viruses.
The newest viruses are spread by Internet communications, such as e-mail, instead of by floppy disks. Internet-oriented viruses spread quickly all over the world: they’re an international disaster!
7 kinds of viruses
Viruses fall into 7 categories: you can get infected by a file virus, a boot-sector virus, a multipartite virus, a macro virus, an e-mail worm, a denial-of-service attack, or a hoax.
Here are the details.…
File viruses
A file virus (also called a parasitic virus) secretly attaches itself to an innocent program, so the innocent program becomes infected. Whenever you run the infected innocent program, you’re running the virus too!
Here are the file viruses that are most common. For each virus, I begin by showing its name, the country it came from, and the month it was first discovered in the wild. Let’s start with the oldest.…
Yankee Doodle
(From Bulgaria in September 1989) Every day at 5 PM, this virus plays part of the song Yankee Doodle on the computer’s built-in speaker.
This virus is also called Old Yankee and TP44VIR. It infects .COM & .EXE files, so they become 2899 bytes longer.
Die Hard 2
(From South Africa in July 1994) This virus infects .COM & .EXE files and makes them become exactly 4000 bytes bigger.
The virus also overwrites .ASM files (programs written in assembler) with a short program. When you try to compile the .ASM program, the computer hangs.
It’s also called DH2.
Chernobyl
(From Taiwan in June 1998) Back on April 26, 1986, radioactive gas escaped from a nuclear reactor in Chernobyl in the Soviet Union. The Chernobyl virus commemorates that event by erasing your hard disk on April 26th every year. (A variant, called version 1.4, erases your hard disk on the 26th of every month.)
If you get infected by this virus, you won’t notice it until the 26th; then suddenly your hard disk gets erased — and so do the hard disks of all your friends to whom you’d accidentally sent the virus!
The virus was written in Taiwan by a 24-year old guy named Chen Ing-Hau. Since his initials are CIH, the virus is also called the CIH virus.
The virus was first noticed in June 1998. It did its first damage on April 26, 1999. Computers all over the world lost their data on that day. Most American corporations were forewarned and forearmed with anti-virus programs; but in Korea a million computers lost their data, at a cost of 250 million dollars, because Koreans don’t use anti-virus programs but do use a lot of pirated software.
Here’s how the virus erases your hard disk:
It starts at the disk’s beginning and writes random info onto every sector (beginning at sector 0), until your computer stops working. The data that was previously on those overwritten sectors is gone forever and cannot be recovered.
The virus also tries to attack your computer’s Flash BIOS chips, by writing wrong info into them. If the virus succeeds, your computer will be permanently unable to display anything on the screen and also have trouble communicating with the keyboard, ports, and other devices, unless you bring your computer into a repair shop.
The virus destroys data just if you’re using Windows 95 or 98 (not Windows 3.1, not Windows NT).
Here’s how the virus spreads:
Whenever you run an infected program, the virus in the program copies itself into the RAM memory chips, stays there (until you turn the computer off), and infects every other program you try to run or copy. To infect a program, the virus looks for unused spaces in the program’s file, then breaks itself up and puts pieces of itself into unused spaces, so the file’s total length is the same as before and the virus is undetected.
Before you attack the virus by using an anti-virus program, boot by using an uninfected floppy. If instead you just boot normally from your hard disk, your hard disk’s infected files copy the virus into RAM; then when you tell the anti-virus program to “scan all programs to remove the virus”, the anti-virus program accidentally copies the virus onto all those programs and infects them all. Yes, the virus tricks your anti-virus program into becoming a pro-virus program!
Boot-sector viruses
On a floppy disk or hard disk, the first sector is called the disk’s boot sector or, more longwindedly, the disk’s master boot record (MBR). A virus that hides in the boot sector is called a boot-sector virus. Whenever the computer tries to boot from a drive containing an infected disk, the virus copies itself into RAM memory chips (even if the booting is unfinished because the disk is considered “unbootable”).
Before hiding in the boot sector, the typical boot-sector virus makes room for itself by moving data from the boot sector to a “second place” on the disk. Unfortunately, whatever data had been in the “second place” gets overwritten and cannot be recovered.
The typical boot-sector virus makes the computer eventually hang (stop reacting to your keystrokes and mouse strokes).
Here are the boot-sector viruses that are most common.…
Stoned
(From New Zealand in December 1987) Of all the viruses common today, this is the oldest. It was invented in 1987 by a student at the University of Wellington, New Zealand.
If you boot from a disk (floppy or hard) infected with this virus, there’s a 1-in-8 chance your computer will beep and display this message: “Your PC is now Stoned”.
It was intended to be harmless, but it assumes your floppy disk is 360K and accidentally erases important parts of the directory on higher-capacity floppy disks (such as 1.44M disks). It also makes your computer run slower — as if your computer were stoned.
It doesn’t infect files and can’t infect other computers over a network. In its most common form, it reduces your total conventional RAM memory by 4K, so you have 636K instead of 640K. It also contains this message, which doesn’t get displayed: “Legalise Marijuana”. This virus is also called Marijuana, Hemp, and New Zealand. Many other virus writers have created imitations & variants, called strains. Some strains reduce your total conventional RAM memory by 1K or 2K instead of 4K.
Form
(From Switzerland in June 1990) This virus is supposed to just play a harmless prank: on the 18th day of each month, the computer beeps whenever a key is pressed. But this virus is badly written and accidentally causes problems. For example, if your hard disk ever becomes full, the virus makes the hard disk become unbootable. And if the computer ever fails to read from a disk, the virus can make the system hang.
It reduces your total conventional RAM memory by 2K, so you have 638K instead of 640K. The virus’s second sector contains this message, which never gets displayed: “The FORM-Virus send greetings to everyone who's reading this text. FORM doesn't destroy data! Don't panic! Fuckings go to Corinne.”
Michelangelo
(From Sweden in April 1991) Inspired by the Stoned virus (and sometimes called Stoned Michelangelo), this virus sits quietly on your hard disk until Michelangelo’s birthday, March 6th. Each year, on March 6th, the virus tries to destroy all data on your hard drive, by writing garbage (random meaningless bytes) everywhere.
This virus was invented before big hard drives became popular, so it assumes your hard drive is small: it writes the garbage onto just the first 17 sectors of each of the first 256 tracks of each of the first 2 platters, both sides. The overwritten data cannot be recovered. The virus reduces your total conventional RAM memory by 1K, so you have 639K instead of 640K. The simplest way to avoid damage from the virus is to adopt this trick: on March 5th, before you turn off the computer, change the computer’s date to March 7th, skipping March 6th.
Monkey
(From the USA in October 1992) Inspired by the Stoned virus (and sometimes called Stoned Empire Monkey), this virus encrypts the hard drive’s partition table, so the hard drive is accessible just while the virus is in memory. If you boot the system from a clean (uninfected) floppy disk, the hard drive is unusable. This virus is tough to remove successfully, since removing the virus will also remove your ability to access the data.
It reduces your total conventional RAM by 1K, so you have 639K instead of 640K.
Parity Boot
(From Germany in September 1993) Every hour, this virus checks whether it’s infected a floppy disk. If it hasn’t infected a disk in the last hour, it says “PARITY CHECK” and hangs the computer.
This virus consumes 1K of your RAM, so your conventional RAM is 639K instead of 640K. The virus stays in RAM even if you press Ctrl with Alt with Del: to unload the virus from RAM, you must turn off the computer’s power or press the Reset button.
Ripper
(From Norway in November 1993) This virus randomly corrupts data being written to disk.
The chance of a particular write being corrupted is just 1 out of 1024, so the corruption occurs just occasionally and to just a few bytes at a time. You typically don’t notice the problem until several weeks have gone by and the infection has spread to many files and your backups, too! Then it’s too late to recover your data! Yes, Ripper has the characteristic of a successful virus: its effects are so subtle that you don’t notice it until you’ve infected your hard disk, your backups, and your friends! Then ya wanna die! It’s also called Jack Ripper, because it contains this message which is never displayed: “(c)1992 Jack Ripper”. It contains another undisplayed message: “FUCK 'EM UP !”
Anti-EXE
(From Russia in December 1993) This virus monitors disk activity and waits for you to run a certain important .EXE program. (Virus researchers haven’t yet discovered which .EXE program is involved.) When you run that important .EXE program (so that program’s in your RAM), the virus corrupts the copy that’s in the RAM (but not the copy that’s on disk). While you run that corrupted copy, errors occur, and the computer usually hangs.
Anti-CMOS
(From the USA in February 1994) This virus changes your system’s CMOS settings, as follows:
Your hard drive becomes “not installed”.
Your 1.44M floppy drive becomes “1.2M”.
A 1.2M floppy drive becomes “not installed”.
A 360K floppy drive becomes “720K”, and vice-versa.
To evade detection and give itself time to spread to other computers, it waits awhile before doing that damage: it waits until you’ve accessed the floppy drive many times; on the average, it waits for 256 accesses.
It’s spread just when someone tries to boot the system from an infected floppy disk. It reduces your total conventional RAM memory by 2K, so you have 638K instead of 640K. After it’s damaged your CMOS settings, here’s how to recover: run your computer’s CMOS setup program, which lets you reset the CMOS to the correct settings.
A variant virus, Anti-CMOS.B, generates sounds from the computer’s built-in speaker instead of changing the CMOS.
New York Boot
(From the USA in July 1994) This virus’s only function is to spread itself. But it spreads itself fast and often. It’s also called NYB.
Multipartite viruses
You’ve learned that some viruses, (called boot-sector viruses) infect the disk’s boot sector, while other viruses (called file viruses) infect the disk’s file system. If a virus is smart enough to infect the disk’s boot sector and file system simultaneously, it’s called a multipartite virus.
Yes, a multipartite virus hides in two places: the boot sector and also the file system. If you remove the virus from just the boot sector (or from just files), you still haven’t completely removed the virus, which can regenerate itself from the place you missed.
If a virus is very smart, it’s called a stealth polymorphic armored multipartite virus (SPAM virus):
A stealth virus makes special efforts to hide itself from anti-virus software. For example, it tricks anti-virus software into inspecting a clean copy of a file instead of letting it read the actual (infected) file.
A polymorphic virus changes its own appearance each time it infects a file, so no two copies of the virus look alike to anti-virus programs.
An armored virus protects itself against anti-virus disassembly.
A multipartite virus hides in two places: the boot sector and also the file system.
One Half
(From Austria in October 1994) The most common multipartite virus is One Half. It slowly encrypts the hard drive. Each time you turn on the computer, the virus encrypts two more cylinders (starting with the innermost 2 tracks and working toward the outer tracks). The encrypting is done by using a random code. You can use the encrypted cylinders as long as the virus remains in memory. When about half of the hard drive’s cylinders are encrypted, the computer says: “Dis is one half Press any key to continue......”
This virus is tough to remove successfully, since removing the virus will also remove your ability to access the data.
It infects the hard disk’s MBR, each floppy disk’s boot sector, and .EXE and .COM files. It scans filenames for text relating to anti-virus programs (such as MSAV, NOD, SCAN, CLEAN, and FINDVIRU): it won’t infect anti-virus programs! It’s hard to detect, since it’s polymorphic and uses stealth. It reduces your total conventional RAM memory by 4K, so you have 636K instead of 640K. It’s also called Dis, Slovak Bomber, Explosion 2, and Free Love.
Macro viruses
A macro virus hides in macros, which are little programs embedded in Microsoft Word documents and Excel spreadsheets. The virus spreads to another computer when you give somebody an infected document (on a floppy disk or through a local-area network or as an e-mail attachment). During the past few years, e-mail has become prevalent, and so have macro viruses: they’re more prevalent than all other viruses combined.
Here are the most prevalent macro viruses.…
Concept
(From the USA in July 1995) This virus infects Microsoft Word documents and templates. When you load an infected document for the first time, you see a dialog box that says “1”, with an OK button. Once you click OK, the virus takes over. It forces all documents to be saved as templates, which in turn affect new documents.
It consists of 5 macros: AutoOpen, PayLoad, FileSaveAs, AAAZAO, and AAAZFS. You can see those macros in an infected Word document by choosing “Macro” from the Tools menu.
Invented in 1995, it was historic:
It was the first macro virus. It was the first virus that infects documents instead of programs or boot sectors. It was the first virus that can infect both kinds of computers: IBM and Mac!
Old anti-virus programs can’t detect it.
It was intended as just a harmless prank demonstration of what a macro virus could do (and is therefore also called the Prank Macro virus), but it spread fast.
In 1995, it became more prevalent than any other virus. Microsoft Word’s newest versions (Word 97 and Word 2000) protect themselves against the virus, but their predecessor (Word 7) is vulnerable unless you buy an anti-virus program that includes anti-Concept.
Wazzu
(From the USA in June 1996) Inspired by the Concept virus, this virus consists of a macro called AutoOpen that forces Microsoft Word documents to be saved as templates. Whenever you open a document, the virus also rearranges up to 3 words and inserts the word “Wazzu” at random.
Laroux
(From the USA in July 1996) This virus was first discovered in July 1996 in Africa and Alaska. It was the first macro virus that infected Excel spreadsheets (instead of Word documents). It does no harm except copy itself. It works just in Windows, not on Macs.
Tristate
(From the USA in March 1998) This macro virus is called “Tristate” because it’s smart enough to infect three things: Microsoft Word documents, Excel spreadsheets, and PowerPoint slides.
Class
(From the USA in October 1998) This macro virus infects Microsoft Word documents. It just displays a stupid message on your screen occasionally.
The original version (called Class.A) says “This is Class” on your screen, on the 31st day of each month. The most prevalent version (called Class.D) displays this message on the 14th day of each month after May: “I think”, then your name, then “is a big stupid jerk!” The craziest version (called Class.E) says “Monica Blows Clinton! -=News@11=-” occasionally (at random, 1% of the time); and on the 17th day of each month after August, it says “Today is Clinton & Monica Fuck-Fest Day!”
Ethan
(From the USA in January 1999) When you use Microsoft Word, if you click “File” then “Properties” then “Summary”, you see a window where you can type a document’s title, author, keywords, and other items. When you close a document infected by the Ethan virus, this virus has a 30% chance of changing the document’s title to “Ethan Frome”, the author to “EW/LN/CB”, and the keywords to “Ethan”.
That’s to honor Ethan Frome, a novel written by Edith Wharton in 1911, about a frustrated man — the kind of man who would now write viruses.
Melissa
(From the USA in March 1999) This macro virus infects Microsoft Word documents. When you look at (open) a document, if the document is infected, the virus tries to e-mail copies of the infected document to the first 50 people mentioned in Microsoft Outlook’s address book (which is called the Contacts folder), unless the virus e-mailed to those people previously. Yes, your document gets secretly e-mailed to 50 people, without you knowing!
Each of those 50 people get an e-mail from you. The e-mail’s subject says “Important message from” and your name. The e-mail’s body says “Here is that document you asked for ... don't show anyone else ;-)”. Attached to that e-mail is your document, infected by the virus.
This virus spreads fast just if your computer has Microsoft Outlook.
The typical large corporation does have Microsoft Outlook on each computer (since Microsoft Outlook is part of Microsoft Office), so the virus e-mails itself to 50 people automatically, and each of those people e-mails to 50 other people, etc., so the virus spreads fast.
The FBI hunted for the perpetrator and concluded that the Melissa virus was invented by David L. Smith in New Jersey.
He called it “Melissa” to honor a Florida topless dancer. Her name is hidden in the virus program. The virus spread all over the world suddenly, on March 26, 1999, when he put it in a message in the alt.sex newsgroup. His infected document, called LIST.DOC, contained a list of porno Web sites. In just a few days, 10% of all computers connected to the Internet contained the virus. It spread faster than any other virus ever invented. Since it created so much e-mail (from infected documents and from confused people denying they meant to send the e-mail), many Internet computers handling e-mail had to be shut down.
On April 2, 1999, the FBI had New Jersey police arrest David, who was 31. At first, he denied he distributed the virus; but on December 13, 1999, he finally pleaded guilty, apologized, and faced fines and jail.
A TV cartoon show called “The Simpsons” has an episode called “The Genius”, where Bart Simpson abruptly ends a Scrabble game by claiming he won with the word “Kwyjibo”. The virus can put into your document this quote from him: “Twenty-two points, plus triple-word-score, plus fifty points for using all my letters. Game's over. I'm outta here.”
The virus inserts that quotation just if you open or close the document at the precise minute when, on the computer’s clock, the number of minutes equals the date. For example, on May 27th it will insert that quotation if the time is 1:27, 2:27, 3:27, 4:27, 5:27, 6:27, 7:27, 8:27, 9:27, 10:27, 11:27, or 12:27.
The virus runs just if you have Microsoft Word 97 or 2000.
The virus is harmless if you have Microsoft Word 7 or earlier. Microsoft Word 97 & 2000 are supposed to protect you against macro viruses, but the Melissa virus is smart enough to disable that protection. The virus spreads quickly just if you have Microsoft Outlook; the virus uses just the address book in Microsoft Outlook, not the address book in Microsoft Outlook Express.
Although the original virus’s e-mail subject line said “Important message from”, a new variant of the virus has a blank subject line, making the virus harder to notice.
Marker
(From the USA in April 1999) This macro virus infects Microsoft Word documents. On the first day of each month, it tries to invade your privacy by copying your name (and your company’s name and your address) to an Internet site run by codebreakers.org. (If it successfully uploads your info, it doesn’t bother redoing it in future months.)
It uses whatever name and address you gave when you installed Microsoft Word. To see what name and address would be copied, go into Microsoft Word and then click “Tools” then “Options” then “User Information”.
Thus
(From the USA in August 1999) This macro virus infects Microsoft Word documents. It lurks there until December 13th, when it erases drive C. It’s called “Thus” because its macro program begins with the word “thus”.
Prilissa
(From the USA in November 1999) Here’s how this variant of Melissa differs from Melissa:
The e-mail’s subject says “Message from” and your name. The e-mail’s body says “This document is very Important and you've GOT to read this !!!”. Instead of printing a quotation from Bart Simpson, the virus waits until Christmas then does this:
1. It says “©1999 - CyberNET Vine...Vide...Vice...Moslem Power Never End... You Dare Rise Against Me... The Human Era is Over, The CyberNET Era Has Come!”
2. It draws several colored shapes onto the currently opened document.
3. It changes your AUTOEXEC.BAT file so that the next time you boot, the entire C drive will be erased (by reformatting) and you’ll see this message: “Vine...Vide...Vice...Moslem Power Never End... Your Computer Have Just Been Terminated By -= CyberNET =- Virus !!!”.
E-mail worms
An e-mail worm is a malicious program that comes as an e-mail attachment and pretends to be innocent fun.
The following e-mail worms are the most prevalent.…
Happy 99
(From the USA in January 1999) This program, called HAPPY99.EXE, comes as an e-mail attachment. If you open it, you see a window titled “Happy New Year 1999 !!”. In that window, you see a pretty firework display.
But while you enjoy watching the fireworks, the HAPPY99.EXE program secretly makes 3 changes to your SYSTEM folder (which is in your WINDOWS folder):
1. In that folder, it puts a copy of itself, and calls the copy SKA.EXE (which is why the Happy 99 worm is also called the SKA worm).
2. In that folder, it puts a file called SKA.DLL (by extracting SKA.DLL from HAPPY99.EXE).
3. It modifies that folder’s WSOCK32.DLL file, after saving that file’s original version as WSOCK32.SKA.
The modified WSOCK32.DLL file forces your computer to attach the Happy 99 worm to every e-mail you send. So in the future, whenever you send an e-mail, the person who receives your e-mail will also receive an attachment called HAPPY99.EXE. When the person double-clicks the attachment, the person will see the pretty firework display, think you sent it on purpose, and not realize you sent an e-mail worm virus.
To brag about itself, the virus keeps a list of everybody you sent the virus to. That list of e-mail addresses is in your SYSTEM folder and called LISTE.SKA.
Here’s how to get rid of the virus:
Disconnect from the Internet. (If you’re attached to the Internet by using a cable modem or local-area network instead of a simple phone line, disconnect by clicking “Start” then “Shut down” then “Restart in MS-DOS mode”.) Delete SKA.EXE and SKA.DLL from the SYSTEM folder (which is in the WINDOWS folder). In the SYSTEM folder, rename WSOCK32.DLL to WSOCK32.BAK and rename WSOCK32.SKA to WSOCK32.DLL. Delete the downloaded file, HAPPY99.EXE, from whatever folder you put it in. Look at the list of people in LISTE.SKA (which is an ASCII text file in the SYSTEM folder) and warn them that you sent them the Happy99 virus.
An updated version, called Happy 00, comes as a file called HAPPY00.EXE. It says “Happy New Year 2000!!” instead of “Happy New Year 1999 !!”.
Pretty Park
(From France in May 1999) This virus comes in an e-mail. The e-mail’s subject line, instead of saying “Important message”, says just “C:\CoolPrograms\Pretty Park.exe”. The e-mail’s body, instead of containing sentences, says just “Test: Pretty Park.exe :)” and shows a drawing of a boy wearing a hat. The boy is Kyle, from the“South Park” TV cartoon show. The icon is labeled “Pretty Park.exe”. If you double-click it, you’ll be opening an attachment called PrettyPark.exe, which is a virus.
Then you might see the 3D Pipes screensaver (which is one of the screensavers that you get free as part of Windows 98). But secretly, every 30 minutes, the virus peeks in Microsoft Outlook’s address book and sends copies of itself to your friends listed there. Every 30 seconds, it also tries to connect your computer to an Internet Relay Chat server computer, so the virus can invade your privacy by sending info about you and your computer to the virus’s author or distributor, though there’s no evidence that any private info about anyone has actually been transmitted yet.
This virus was first distributed in May 1999 by an e-mail spammer from France.
Explore ZIP
(From the USA in June 1999) This virus destroys all your Microsoft Word documents (and all other file that end in .doc), all your Excel spreadsheets (and all other files that end in .xls), all your PowerPoint presentations (and all other files that end in .ppt), all your assembly-language programs (and all other files that end in .asm), and all files that end in .h, .c, or .cpp.
It destroys the files by replacing them with files that have 0 length.
Since the file names still exist, you won’t immediately notice that their contents are destroyed, and backup software won’t notice which files are gone.
It destroys those files on drives C, D, E, etc. For example, if your computer is part of a network, the virus destroys those files on your hard drive and also on the network server’s hard drive.
It also looks in your e-mail’s Inbox (created by Outlook Express or Outlook or Exchange), notices any messages you haven’t replied to yet, and replies to them itself!
For example, if an e-mail from Joan with a subject line saying “Buy soap” hasn’t been replied to yet, the virus sends a reply who subject is “Re: Buy soap” and whose body says: “Hi Joan! I received your email and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs. Bye.”
The reply comes with an attachment called zipped_files.exe.
If the recipient opens that attachment, zipped_files.exe starts running. To fool the victim, it displays a fake error message (which begins by saying “Cannot open file”). Then it puts a copy of itself into the SYSTEM folder (which is in the WINDOWS folder); the copy is called “Explore.exe” or “_setup.exe”. It also modifies the “run” line in your computer’s WIN.INI file so the program will run each time Windows starts.
Here’s how to get rid of the virus:
Remove the “run=” line from your computer’s WIN.INI file (which is in the WINDOWS folder). While holding down the Ctrl and Alt keys, tap the Delete key; click any task named “Explore” or “_setup” (but not “Explorer”), then click the “End Task” button. Delete the file Explore.exe (or _setup.exe) from your SYSTEM folder (which is in the WINDOWS folder).
Free Link
(From the USA in July 1999) This virus sends, to people in Microsoft Outlook’s address book, an e-mail whose subject line says “Check this” and whose body says “Have fun with these links. Bye.” Clicking the e-mail’s attachment makes the virus infect the recipient’s computer and then tell the recipient, “This will add a shortcut to free XXX links on your desktop. Do you want to continue?”
If the recipient clicks “Yes”, the virus creates a shortcut icon pointing to an adult-sex Web site. But even if the recipient clicks “No”, the virus has already infected the computer and will use that computer to send e-mails, which will embarrass the computer’s owner when those e-mails reach the owner’s friends.
Kak
(From France in December 1999) If your computer gets infected by this virus, every e-mail you send by using Microsoft Outlook Express gets infected (unless you have Microsoft’s correction to this security hole). The virus infects by acting as an e-mail signature instead of an attachment, so everybody reading your e-mail will get infected, even if the recipients don’t look at any attachments.
If your computer is infected, it will do this at 5PM on the first day of each month: it will protest against Microsoft by saying “Kagou-Anti-Kro$oft says not today!” and then the computer will shut itself down (as if you had clicked “Start” then “Shut Down” then “OK”).
The virus is called Kagou-Anti-Krosoft, which is abbreviated as Kak. Its main file is KAK.HTM, which is put into your Windows folder. It temporarily puts a file called KAK.HTA into your Startup folder but erases that file when you reboot.
Here are 5 signs that you’ve been infected by the virus:
1. Your Windows folder contains KAK.HTM.
2. If you click “Start” then “Programs” then “Startup”, you see a reference to “kak”.
3. If you click “Start” then “Programs” then “Find” then “Files or Folders” then type “kak” (and press ENTER), you see a reference to “kak” (besides any references to “kakworm”, which are harmless documents from anti-virus sites). If you see a reference to “kak”, delete it by clicking it (just once) then pressing SHIFT with DELETE then pressing ENTER.
4. Your AUTOEXEC.BAT file mentions “kak.hta”.
5. While using Outlook Express (Internet Explorer 5’s e-mail system), if you click “Tools” then “Options” then “Signatures”, the File box is white (instead of gray) and says “C:\WINDOWS\kak.htm”.
Love Bug
(From Philippines in May 2000) This virus comes in an e-mail whose subject line says “ILOVEYOU”. The e-mail’s body says “kindly check the attached LOVELETTER coming from me.” and comes with an attachment called LOVE-LETTER-FOR-YOU.TXT.vbs. That attachment is the virus. When you activate it (by clicking the attachment), the virus infects your computer and does 3 dastardly deeds:
It sends a copy of itself to everybody in your Microsoft Outlook address book. This will embarrass you, when everybody in your address book gets an e-mail that says “ILOVEYOU”. Your boss, assistant, colleagues, customers, friends, and ex-friends will all be surprised to get an e-mail saying that you love them and sent them a love letter. (They’ll be upset later when they discover the “love letter” is a virus you gave them!)
It wrecks graphics files and some programs. Specifically, it wrecks all files whose names end in .jpg, .jpeg, .vbs, .vbe, .js, .jse, .css, .wsh, .sct, and .hta. It wrecks them by renaming the files and inserting copies of itself into the files. Also, it hides music files (all files that end in .mp3 or .mp2), so you can’t use those files until you “unhide” them. When looking for files to wreck or hide, it looks at your computer’s hard drive and also the hard drives of any network server computers you’re attached to.
It tries makes your computer download, from an Internet Web site in the Philippines, a program misleadingly called WIN-BUGSFIX.EXE. That program tries to steal your passwords by e-mailing them to a Philippines e-mail address called MAILME@SUPER.NET.PH. To that address, tries to secretly send your Internet passwords, network passwords, your own name, your computer’s name, and your Internet settings, so the virus inventor’s computer can imitate yours and have all your Internet and network privileges.
This virus spread faster than all other viruses.
It began in the Philippines on May 4, 2000, and spread across the whole world in one day (traveling from Hong Kong to Europe to the United States), infecting 10% of all computers connected to the Internet and causing about 7 billion dollars in damage. Most of the “damage” was the labor of getting rid of the virus and explaining to recipients that the sender didn’t mean to say “I love you”. The Pentagon, CIA, and British Parliament all had to shut down their e-mail systems to get rid of the virus — and so did most big corporations. It did less damage in India (where employees are conservative and don’t believe “I love you” messages) and the Philippines (where few people use the Internet because it’s so expensive).
An international manhunt for the perpetrator finally led to a 23-year-old computer student in the Philippines city of Manila.
On May 11th (one week after the virus spread), he held a news conference. Accompanied by his lawyer and sister, he said his name was Onel de Guzman and didn’t mean to do so much harm.
In the Philippines, Internet access normally costs 100 pesos ($2.41) per hour, and 100 pesos is a half day’s wages! For his graduation thesis in computer science, he created a program that would help low-income Filipinos get free access to the Internet by stealing passwords from rich people. The university rejected his thesis because it was illegal, so he couldn’t graduate. Helped by a group of friends called the Grammersoft Group (which was in the business of illegally selling theses to other students), he made his virus be fancy and distributed it the day before the school held its graduation ceremony.
The middle of the virus’s program says the virus is copyright by “Grammersoft Group, Manila, Philippines” and mentions his college. The authorities found him by checking (and shutting down) the Philippine Web sites and e-mail addresses that the virus uses (to steal passwords), chatting with the college’s computer-science department, looking for the Grammersoft Group in Manila, and comparing the virus with earlier viruses written by his friends.
But charges against him were finally dropped, since the Philippines had no laws yet against creating viruses.
It’s called the Love Bug because it’s a virus (bug) transmitted by a love letter. It’s also called the Love Letter virus and the Killer from Manila.
Copycats have edited the virus’s program and created 28 variants. The original version is called version A. Here are examples of other versions:
Version A (the original version) says “ILOVEYOU” then “kindly check the attached LOVELETTER coming from me.” It attaches “LOVE-LETTER-FOR-YOU.TXT.vbs”.
Version C (“Very Funny”) says “fwd: Joke” then has a blank body. It attaches “Very Funny.vbs”.
Version E (“Mother’s Day”) says “Mothers Day Order Confirmation” then “We have proceeded to charge your credit card for the amount of $326.92 for the mothers day diamond special. We have attached a detailed invoice to this email. Please print out the attachment and keep it in a safe place. Thanks Again and Have a Happy Mothers Day! mothersday@subdimension.com”. It attaches mothersday.vbs.
Version M (“Arab Air”) says “Thank You For Flying With Arab Airlines” then “Please check if the bill is correct, by opening the attached file”. It attaches ArabAir.TXT.vbs.
Version Q (“LOOK!”) says “LOOK!” then “hehe…check this out.” It attaches LOOK.vbs.
The following variants pretend to cure the virus but actually are viruses themselves:
Version F says “Dangerous Virus Warning” then “There is a dangerous virus circulating. Please click attached picture to view it and learn to avoid it.” It attaches virus_warning.jpg.vbs.
Version G says “Virus Alert!!!” then a long message. This version also wrecks .bat and .com files.
Version K says “ “How to protect yourself from the ILOVEYOU bug!” then “Here’s the easy way to fix the love virus.” It attaches Virus-Protection-Instructions.vbs.
Version T says “Recent Virus Attacks — Fix” then “Attached is a copy of a script that will reverse the effects of the LOVE-LETTER-TO-YOU.TXT.vbs as well as the FW:JOKE, Mother’s Day and Lithuanian siblings.” It attaches BAND-AID.DOC.VBS. This version also wrecks many other files, and it totally deletes .mp3 and .mp2 files.
Version W says “IMPORTANT: Official virus and bug fix” then “This is an official virus and bug fix. I got it from our system admin. It may take a short while to update your system files after you run the attachment.” It attaches “Bug and virus fix.vbs”.
Version AC says “New Variation on LOVEBUG Update Anti-Virus!!” then “There is now a newer variant of love bug. It was released at 8:37 PM Saturday Night. Please Download the following patch. We are trying to isolate the virus. Thanks Symantec.” It attaches antivirusupdate.vbs.
Life Stages
(From the USA in May 2000) Here’s a famous comment about life stages:
The male stages of life:
Age Seduction line
17 “My parents are away for the weekend.”
25 “My girlfriend is away for the weekend.”
35 “My fiancée is away for the weekend.”
48 “My wife is away for the weekend.”
66 “My second wife is dead.”
Age Favorite sport
17 sex
25 sex
35 sex
48 sex
66 napping
Age Definition of a successful date
17 “Tongue!”
25 “Breakfast!’
35 “She didn’t set back my therapy.”
48 “I didn’t have to meet her kids.”
66 “Got home alive!”
The female stages of life:
Age Favorite fantasy
17 tall, dark, and handsome
25 tall, dark, and handsome, with money
35 tall, dark, and handsome, with money and a brain
48 a man with hair
66 a man
Age Ideal date
17 He offers to pay.
25 He pays.
35 He cooks breakfast next morning.
48 He cooks breakfast next morning for the kids.
66 He can chew his breakfast.
The Life Stages virus tries to e-mail that comment, but the transmission is imperfect: the virus misspells “handsome” as “hansome” and makes other errors in spelling and punctuation.
The e-mail’s subject is “Life stages” or “Funny” or “Jokes”, with maybe the word “text” afterwards, and maybe “Fw:” beforehand.
So there are 12 possible subjects, such as this: “Fw: Life stages text”. (The computer chooses among the 12 at random.) By having 12 possible subjects instead of 1, the virus is harder for anti-virus programs to stop.
The e-mail’s body says “The male and female stages of life”. Attached to it is a file that pretends to be just a simple text document called LIFE_STAGES.TXT, but actually it’s a virus program called LIFE_STAGES.TXT.SHS.
The .SHS means it’s a SHell Scrap object program. When you open it, you see the comment about the stages of life. (You see it in a Notepad window.) While you read that comment, the virus secretly infects your computer, so your computer transmits the virus to 100 randomly-chosen people in your Outlook address book and to Internet chat groups.
After e-mailing the virus to your friends, the computer erases those e-mails from your Sent folder, so you don’t know the e-mails were sent. To stop you from eradicating the virus by editing the registry, the virus changes the name of the computer’s REGEDIT.EXE program to “RECYCLED.VXD”, then moves it to the Recycle Bin and makes it a hidden file so you can’t see it.
The virus is called Life Stages (or just Stages). You can remove it by using the Internet to go to www.symantec.com/
avcenter/venc/data/fix.vbs.stages.html.
Snow White
(From the USA in September 2000) This virus offers to tell you a naughty story about Snow White.
It comes in an e-mail whose subject line tries to say “Snow White and the Seven Dwarfs — the REAL story!” and claims to be from hahahaha@sexyfun.net. The e-mail’s body tries to send this message:
“Today, Snow White was turning 18. The 7 dwarfs always were very educated and polite with Snow White. When they went out to work in the morning, they promised a HUGE surprise. Snow White was anxious. Suddenly, the door opens, and the Seven Dwarfs enter….”
It sends that subject and message in slightly flawed English (for example, it says “Snowhite” instead of “Snow White”) or in French, Spanish, or Portuguese — because the virus is smart enough to analyze your computer to find out which language you seem to prefer!
To find out the rest of the sexy story, you’re encouraged to open the attachment (which the English version calls “sexyvirgin.scr” “midgets.scr” or “dwarf4you.exe” or “joke.exe”). If you click that attachment, you’ll launch the multilingual virus, which will infect your WSOCK32.DLL file and thereby watch you forevermore! Whenever you send or receive an e-mail (or view a Web site that mentions an e-mail address), the virus will notice, then delay awhile, then send itself to that e-mail address; so if you try to send an e-mail to a friend, your friend will get two e-mails from you, the second one being the Snow White story with virus.
The virus tries to communicate with a newsgroup called alt.comp.virus so it can send and receive new fancier versions of itself by swapping intelligence with copies that are on other computers. For example, one of the new fancy features puts a spinning spiral onto your computer screen once an hour (whenever your computer’s clock says the number of minutes is 59). To drive you extra crazy, the spiral also appears all day on September 16 & 24. Another fancy feature copies the virus into all your .EXE files, so that those files will still run but are infected, making the virus hard to remove.
The virus is also called Hybris, since the attachment includes a copyright notice saying the virus is called “HYBRIS (c) Vecna”.
Magistrate
(From Sweden in March 2001) This virus, called Magistrate or Magistr, targets magistrates, judges, and lawyers.
After your computer is infected, it spreads to your colleagues by e-mail and networks. Then it waits, still lurking in your computer.
If 2 months have passed, then on odd-numbered days
your desktop’s icons will run away from the mouse pointer whenever you try to click them.
If 3 months have passed, the infected file is deleted.
If you’re a judge or lawyer, this virus is especially dangerous, because of this rule: if at least 1 month has passed and at least 100 colleagues were infected and at least 3 of your files contain at least 3 legal phrases (in English, French, or Spanish),
it wrecks your computer thoroughly, by doing all this:
It erases the infected file.
It erases your CMOS and your flash BIOS chip (so you can’t restart your computer).
It wrecks every 25th file (by changing it to repeatedly say “YOUARESHIT”).
It deletes every other file.
It makes the screen say this:
Another haughty bloodsucker...
YOU THINK YOU ARE GOD,
BUT YOU ARE ONLY A CHUNK OF SHIT
It wrecks a sector on your first hard disk (by putting different info there).
For example, here are the English legal phrases it looks for:
sentences you, sentence you to, sentences him to, ordered to prison
convict, found guilty, find him guilty, guilty plea, against the accused
affirmed, sufficiency of proof, sufficiency of the evidence
verdict, judgment of conviction, proceedings, habeas corpus
circuit judge, trial judge, trial court, trial chamber, “, judge”
The virus program includes this note (which isn’t printed on the screen):
ARF! ARF! I GOT YOU!
virus: Judges Disemboweler.
by: The Judges Disemboweler.
Written in Malmo (Sweden)
The virus comes in a strange e-mail:
The e-mail’s body is an excerpt from a .DOC or .TXT document that was on the sender’s disk. The e-mail’s attachment is an infected copy of an .EXE or .SCR program that was on the sender’s disk. In the e-mail’s return address (“From:”), the virus usually alters the second character, to prevent the recipient from replying to the sender and complaining about receiving a virus.
Sircam
(From the USA in July 2001) Of all the viruses, this virus does the most to destroy your privacy, because it grabs a document you wrote and secretly sends it to somebody you never intended!
This virus can get very embarrassing. For example, if you wrote a private note, to a friend, about how much you hate your boss, the virus might secretly send that note to your boss!
It sends e-mail to every e-mail address mentioned in your address book or your Web cache.
Each e-mail it sends has a 3-line body. The top line says:
Hi! How are you?
The middle line is one of these:
I send you this file in order to have your advice
I hope you can help me with this file that I send
I hope you like the file that I sendo you
This is the file with the information that you ask for
The bottom line says:
See you later. Thanks
Exception: if your computer uses Spanish instead of English, the 3-line message is sent in Spanish.
Attached to the e-mail is a document, which you created by using Microsoft Word or WordPad or Excel or Winzip, and which the virus copied from your “My Documents” folder. The attached copy is infected with the virus; so while the recipient reads the document, the recipient’s computer gets secretly infected. The document’s name is used as e-mail’s subject.
If you’re on a local-area network, the virus tries to spread itself to the rest of the network. The virus is supposed to also destroy some files; but the guy who invented the virus made a programming error, so the destruction never gets done.
Nimda
(From the USA in September 2001) If you spell “admin” backwards, you get “nimda”, which is the name of this virus. It spreads by e-mail and through networks. Its main purpose is to attack the security of a network server, by making every “guest” user get “administrator” privileges, so a hacker can log in as a guest and take over the whole computer network.
When being transmitted through e-mail, the virus comes as an e-mail attachment called README.EXE, in an e-mail that has a blank body and usually a blank subject.
If you receive such an e-mail, you’ll get infected even if you don’t open the attached README.EXE file: just staring at the e-mail’s blank body will infect you, since this virus uses a trick called “Automatic Execution of Embedded MIME type”. That trick makes the virus spread fast.
To confuse you, the virus sends out the e-mails, then goes dormant for 10 days, the sends out e-mails again, then goes dormant again, alternating forever. During each 10-day dormancy period, it sends no e-mails, so you think you’ve been “cured”; you get annoyed and confused when 10 days later you get another burst of e-mails.
To make sure you don’t erase the virus, it hides copies of itself throughout your computer’s .EXE files and some .TMP files.
A variant called Nimda.E comes in an attachment called SAMPLE.EXE instead of README.EXE.
Klez
(From China in October 2001) This virus was invented after all the other viruses in this chapter. This virus is the newest major virus. It’s become the most prevalent virus, because many folks are using old anti-virus programs that don’t detect this virus yet.
This virus comes in 9 versions, called Klez.A, Klez.B, Klez.C, Klez.D, Klez.E, Klez.F, Klez.G, Klez.H, and Klez.I. The most common is Klez.H. Here’s how Klez.H works.…
If your computer is infected, the virus looks all over your computer’s hard disk for e-mail addresses, then forces the computer to send an e-mail to each of those people.
The virus uses a trick called address spoofing: the virus makes each e-mail message pretend to be from an innocent bystander instead of from you. In the e-mail’s “From” field, instead of your return e-mail address, the virus inserts the e-mail address of an innocent bystander — an innocent uninfected person whose e-mail address happened to be on your computer’s hard disk (such as your Inbox or Outbox). When the e-mail you sent reaches its victim, if the victim is using an anti-virus program and notices the virus, the victim will blame the innocent bystander instead of you. You’ll never be warned that you’re spreading the virus, and you’ll keep infecting more people, without you or your friends knowing that you’re the spreader.
Another trick: Klez.H often comes in this e-mail, which pretends to be protection against Klez.E but actually contains Klez.H. The e-mail’s subject is “Worm Klez.E immunity” and the body says the following (I’ve edited out some bad grammar):
“Klez.E is the most common worldwide spreading worm. It's very dangerous by corrupting your files. Because of its very smart stealth and anti-anti-virus technique, most common anti-virus software can’t detect or clean it. We developed this free immunity tool to defeat the malicious virus. You only need to run this tool once, and then Klez will never come into your PC. Note: because this tool acts as a fake Klez to fool the real worm, some anti-virus programs might complain when you run it. If so, ignore the warning and select ‘continue’. If you have any question, please mail to me.”
That e-mail is a lie: the e-mail itself contains the Klez.H virus.
Klez.H often comes instead in an e-mail containing an attached innocent document copied from the sender’s computer. Klez.H borrowed that technique from Sircam.
Klez.H can also come in an e-mail, pretending to be from your ISP’s postmaster, saying that you sent an e-mail that bounced and to look at the attached file.
Like Nimda, Klez.H can infect you even if you don’t open the attachments. Klez.H contains routines to disable and destroy anti-virus programs. Klez.H gives you a present: a second virus, called Elkern. Klez.H and Elkern try to corrupt all your computer’s programs by inserting themselves into each program.
The virus is called “Klez” because it contains this message, which is not displayed:
Win323 Klez V2.01 & Win32 Foroux V1.0
Copyright 2002,made in Asia
DoS attacks
Your computer can attack an Internet Web-site server computer (called the target) by sending so many strange requests to the target computer that the target computer can’t figure out how to respond to them all. The target computer gets confused and becomes so preoccupied worrying about your requests that it ignores all other work it’s supposed to be doing, so nobody else can access it. Everybody who tries to access it is denied service because it’s too busy. That’s called a denial-of-service attack (DoS attack).
In the attack, the “strange request” asks the target computer to reply to a message; but when the target computer tries to reply, it gets flummoxed because the return address is a spoof (a fake address that doesn’t exist). The target computer tries to transmit to the fake address and waits hopelessly for acknowledgement that the reply was received. While the target computer waits for the acknowledgement, the attacking computer keeps sending more such requests, until the target computer gets overloaded, gives up, and dies.
Denial-of-service attacks were invented in 1997. In March 1998, denial-of-service attacks successfully shut down Internet computers run by the Navy, the US space agency (NASA), and many universities.
Distributed DoS attacks
In the summer of 1999, an extra-powerful denial-of-service attack was invented. It’s called a distributed denial-of-service attack (DDoS attack). Here’s how it works:
A virus spreads by e-mail to thousands of innocent computers (which are then called zombie agents or drones). The virus waits in those computers until a preset moment, then forces all those computers to simultaneously attack a single Internet target computer by sending strange requests to that computer, thereby overloading that computer and forcing it to deny service to other customers.
The first DDoS attack viruses were Trin00 and Tribe Flood Network (TFN). Shortly afterwards came versions that were more sophisticated: Tribe Flood Network 2000 (TFN 2K) and Stacheldraht (which is the German word for “barbed wire”).
Those viruses are flexible: you can teach them to attack any target. Though the inventors of those viruses said they were just “experiments”, other folks used those viruses to attack Yahoo and many other Web sites in February 2000. The attacks were successful: they shut down Yahoo, CNN.com, Amazon.com, eBay.com, eTrade.com, Buy.com, Datek.com, and the FBI’s Web site.
Hoaxes
A hoax is just an e-mail message that contains a scary incorrect rumor and warns you to “pass the message to all your friends”.
The hoax is not a program; it’s just a document. Though it theoretically does “no harm”, actually it’s as harmful as traditional viruses, since it wastes your time, waste your friends’ time, embarrasses you (when you later discover the rumor is a lie and should be retracted), and creates a worldwide clogging of e-mail systems forced to transmit the rumor and retractions to millions of people.
Good Times
(From the USA in May 1994) Beginning in 1994, people began sending each other e-mails spreading a rumor that if you receive a file called “Good Times”, don’t download it, because downloading it will erase your hard disk. The rumor was false: there is no “Good Times” virus.
The person who started the rumor knew it was false and started it as a prank. The rumor traveled fast and clogged e-mail systems all across the country, so the rumor itself became as annoying as a traditional virus.
The rumor gradually got wilder, and said that “Good Times” was an e-mail message, and just reading the message would erase your hard disk.
The rumor eventually became even more bizarre. Here’s an abridgement of the rumor’s current version:
“The FCC released a warning, last Wednesday, of major importance to any regular user of the Internet. A new computer virus has been engineered that’s unparalleled in its destructive capability. Other viruses pale in comparison to this newest creation by a warped mentality.
“What makes this virus so terrifying, said the FCC, is that no disk need be inserted to infect a computer. The virus can be spread through Internet e-mail. Once a computer is infected, its hard drive will most likely be destroyed. If the program is not stopped, it will create a loop that can severely damage the processor if left running too long. Unfortunately, most novice users will not realize what’s happening until far too late.
“Luckily, there’s a way to detect what’s now know as the ‘Good Times’ virus: the virus always travels to new computers in an e-mail message whose subject line says ‘Good Times’. Avoiding infection is easy once the file has been received: don’t read it.
“The program is highly intelligent: it will send copies of itself to everyone whose e-mail address is in a received-mail file or a sent-mail file. It will then trash the computer it is running on.
“So if you receive a file with the subject line ‘Good Times’, delete it immediately! Do not read it!
“Warn your friends of this newest threat to the Internet! It could save them a lot of time and money.”
Again, there is no Good Times virus, but the rumor of the virus is itself a kind of virus!
Personal viruses
(From the USA in July 1997) By July 1997, jokers began collecting fake reports of personal viruses. Afterwards, the collection grew bigger, so now it includes these:
Jack Kevorkian virus deletes all old files.
Joey Buttafuoco virus attacks just minor files.
Woody Allen virus bypasses the motherboard and turns on a daughter card.
Lorena Bobbitt virus reformats your hard drive into a 3½-inch floppy then discards it through Windows.
Tonya Harding virus turns your .BAT files into lethal weapons.
Jeffrey Dahmer virus eats away at your system resources, piece by piece.
Mike Tyson virus quits after two bytes.
Arnold Schwarzenegger virus terminates and stays resident; it’ll be back.
Monica Lewinsky virus sucks all data out of your computer, then e-mails everyone about what it did.
Ross Perot virus activates every component in your system, just before the whole thing quits.
Adam & Eve virus takes a couple of bytes out of your Apple.
Oprah Winfrey virus makes your 300M hard drive shrink to 80M then gradually expand to 200M.
Martha Stewart virus sorts all your files and folds them into cute doilies, displayed on your desktop.
Spice Girl virus has no real function but makes a pretty desktop.
Titanic virus makes your whole system go down.
Star Trek virus invades your system in places no virus has gone before.
Disney virus makes everything in the computer go Goofy.
AT&T virus tells you, every 3 minutes, what a great service you’re getting.
MCI virus tells you, every 3 minutes, that you’re paying too much for the AT&T virus.
PBS virus makes your PC stop what it’s doing every few minutes to ask for money.
LAPD virus claims it feels threatened by other files and erases them in self-defense.
Prozac virus totally screws up your RAM, but your processor doesn’t care.
Congressional virus freezes the screen; then each half of the screen blames other half for the problem.
Healthcare virus tests your system for a day, finds nothing wrong, then sends you a bill for $4500.
Airline virus: you’re in Dallas, but your data is in Singapore.
Gallup virus makes 60% of infected PCs lose 38% of their data 14% of the time.
Right To Life virus won’t let you delete any files until you see a counselor about alternatives.
Politically Correct virus never calls itself a “virus” but instead an “electronic micro-organism”.
Bad Times
(From the USA in December 1997) In 1997, inspired by the Good Times virus hoax, Joe Garrick (and later others) published a rumor about a “Bad Times” virus. Here’s the rumor’s newest version (abridged):
“If you receive an email entitled “Badtimes”, delete it immediately. Don’t open it.
“This one is pretty nasty. It will erase everything on your hard drive, delete anything on disks within 20 feet of your computer, demagnetize the stripes on all your credit cards, reprogram your ATM access code, screw up the tracking on your VCR, and scratch any CD you try to play.
“It will recalibrate your refrigerator so your ice cream melts and milk curdles, give your ex-lover your new phone number, mix antifreeze into your fish tank, drink all your beer, and leave dirty socks on the coffee table when company’s coming over.
“It will hide your car keys, move your car randomly around parking lots so you can’t find it, make you fall in love with a hardened pedophile, give you nightmares about circus midgets, and make you run with scissors.
“It will give you Dutch Elm Disease and Psittacosis. It will rewrite your backup files, changing all active verbs to passive and incorporating misspellings that grossly change the meaning.
“It will leave the toilet seat up and your hair dryer plugged in dangerously close to a full bathtub. It will molecularly rearrange your cologne, making it smell like dill pickles.
“It is insidious, subtle, dangerous, terrifying to behold, and an interesting shade of mauve.
“Please forward this message to everyone you know!!! Everyone deserves a good laugh.”
E-mail tax
(From Canada in April 1999) In April 1999, a rumor swept across Canada, by e-mail, saying the Canadian government would start charging 5¢ for each e-mail ever sent, to reimburse the Canadian postal service, which was losing money because people were sending e-mails instead of regular letters. The rumor was false, a prank.
The next month, a U.S. variant began, which said “U.S.” instead of “Canada”.
Here’s an abridgement of the rumor. [Brackets show where the Canadian and US versions differ.]
“Please read the following carefully if you intend to stay online and continue using e-mail.
“The Government of [Canada, the United States] is attempting to quietly push through legislation that will affect your use of the Internet. Under proposed legislation, [Canada Post, the U.S. Postal Service] will bill e-mail users.
“Bill 602P will permit the government to charge a 5-cent surcharge on every e-mail, by billing Internet Service Providers. The consumer would be billed in turn by the ISP. [Toronto, Washington DC] lawyer Richard Stepp is working to prevent this legislation from becoming law.
“The [Canada Post Corporation, US Postal Service] says e-mail proliferation costs nearly [$23,000,000, $230,000,000] in lost revenue per year. Since the average citizen receives about 10 e-mails per day, the cost to the typical individual would be an extra 50 cents per day, or over $180 dollars per year, beyond regular Internet costs.
“Note that this money would be paid directly to [Canada Post, the US Postal Service] for a service they don’t even provide. The whole point of the Internet is democracy and non-interference.
“One [back-bencher, congressman], Tony Schnell, has even suggested a ‘20-to-40-dollar-per-month surcharge on all Internet service’ beyond the government’s proposed e-mail charges. Most major newspapers have ignored the story, the only exception being the [Toronto Star, Washingtonian], which called the idea of e-mail surcharge ‘a useful concept whose time has come’.
“Don’t sit by and watch your freedoms erode away! Send this e-mail to all [Canadians, Americans] on your list. Tell your friends and relatives to write to their [MP, congressman] and say ‘No!’ to Bill 602P. — Kate Turner, Assistant to Richard Stepp”
That rumor is entirely fiction. There is no “Bill 602P”, no “Tony Schnell”, no “Richard Stepp”, and no desire by postal authorities or newspapers for a surcharge.
Subscribe to:
Comments (Atom)