Viruses in the News ------------------- On the 16th of February, 1995, the media across the Australia were crowing the news, that the Australian Taxation Office had to close down due to a computer virus infection. This story received front page notice in the newspapers, and a prominent place in the television news bulletin of every station. The Australian author quaintly identifies himself as "Harry McBungus" and is responsible for four 'no frills' viruses, although it is unknown which version was responsible for this incident. The same author has appeared in the press many times, namely when his 'X-Fungus' virus shut down the SUNCORP bank, and when 'Dudley' similarly infected the company responsible for Australia's international telephone linkage (OTC). Here is a sampling of the stories surrounding the event: (All real names/personal details censored) The Courier Mail, Thursday, February 16, 1995 Page 1 of 2 [Picture Attached] THIS is the Brisbane teenager whose computer virus made the Australian Tax Office's massive computer network "crash" last week. The "No Frills Virus" that created when he was a high school student three years ago shut down the ATO national network for a full day, and anti-virus experts were still working on cleaning up the problem three days later. However he now is a university student and wants to use his knowledge as a virus writer to help people make their computers more secure. And he was surprised that the monster he created was still wreaking havoc. Page 2 of 2 [Techo-Terror] , 18, used to be known in the computer underground as Harry McBungus and Terminator Z, and now is a . The No Fills Virus was one of a number he wrote while a Year 11 student at "as a programming exercise". Since then it has spread around the world and become one of the most prevalent computer viruses in Australia. When it struck last week, all the ATO's 26 branches had to be isolated while the virus was finally tracked down to a branch in the Melbourne suburb of Box Hill. A computer virus is a malicious program which can alter, damage or destroy files and computer memory and may attack and spread without its victim's knowledge. There are at least 2500 known viruses worldwide and new ones are being added at the rate of 40 to 50 a month. yesterday described the ATO virus attack as a ghost from the past that had come back to haunt him. "I thought it (No Frills) had been dead and buried long ago. There is no way I ever would have imagined three years ago it would still be around now. "This is no something I can look back on and say: 'Yeah! I'm really glad that happened.' I'm not embarrased about it, but it is something I could have done without." He was interviewed by Queensland police when his first version of No Frills infected more than 100 computers at Suncorp in April, 1992, but was not charged. It also got into Brisbane Grammar School's computers. "I told them I had not spread the virus, and they seemed to accept that." But he admits that as a 15-year-old he had boasted to his school mates about the virus and showed serveral of them how he had written it. "Somebody stole the codes and within a few weeks it was circulating around Brisbane computer bulletin boards." "When I heard it was circulating I contacted one of the anti-virus companies and offered them the codes so they could combat it. They didn't take them. They just called the police." It is not illegal to write viruses, but anyone knowingly infecting a computer with a virus can be charged with a variety of offences. said it was a mystery to him how a virus got into the Tax Office. "It should have been picked up by any of the modern anti-virus software." "The fact it wasn't detected is pretty disgusting. Even once it was discovered it should have taken only five minutes to isolate and a few hours to get rid of - not days." He is described by associates as a computer genius who probably knows more about virues than most people around the world. But he said: "I moved on from writting viruses some time ago. It was never intended to do any damage or as a ploy to become infamous. There are bigger and better challenges out there than writing viruses and one of them is combating what other people can come up with. It's harder to stop a virus than to write one." He created two versions of No Frills, and it was the second that hit the Tax Office. Other versions, written by others using Harry's original codes, occasionally appear. Although not as damaging as some viruses, No Frills will often randomly destroy up to a third of the files on an infected computer by overwriting them. "It was no written as a destructive virus. It doesn't have a destructive code, but due to an oversight on my part there is a flaw in it which can cause it to corrupt some types of files. I learned a lot about programming and computer system architecture in doing it, but I never intended it to get into circulation." Australian computer vandals are believed responsible for dozens of viruses which have caused millions of dollars in damage worldwide. Hundreds of companies in Australia are hit by viruses each year, in spite of outlaying thousands of dollars for anti-virus protection. Figures from the US show the average virus attack takes almost 2 1/2 days to eradicate. Even then, a quater of the companies hit by a virus can expect to be re-infected within 30 days. Viruses can be programmed to attack on contact or to sit dormant like a time bomb, set to go off on a specific date. Australian viruses with names such as Puke.393, Aussie Parasite, Dudley and Incest have created havoc in both private enterprise and government departments. Dudley, Incest and some versions of Aussie Parasite originated in Queensland. PLAGUE THREAT ------------- [GLOBAL VIRUS ASSAULT] AN international computer terrorist group, with several members in Brisbane, is threatening to unleash 1000 new computer viruses at once. If successful they could create worldwide chaos and do billions of dollars in damage to business, government and prossibly military computer systems. United States experts say a planned virus attack had the potential to shut down a country's entire infrastructure, simultaneously striking everything from banks to communication systems and air traffic control towers. Australian business and government departments each spend thousands of dollars a year on anti-virus protection, with many organisations orperating up to three anti-virus systems which are upgraded quarterly to keep pace with new viruses. But such a massive release of new viruses could render their protection systems useless. On March 6, 1992 a single virus - known as the Michaelangelo Virus - shut down 10,000 computer systems worldwide, destroying all of their files. The group known overseas as Nuke and in Australia as Puke has put out an underground newsletter to computer virus writers calling on them to withhold all new viruses until 1000 had been gathered worldwide. Their aim is to release all of the new viruses at the same time on to computer bulletin boards, including the massive 30-million-member Internet. Anti-virus software companies admit such a scheme has the potential to cause worldwide chaos and do billions of dollars in damage to business and government computer systems. However, they doubt the ability of the organisation to stockpile so many viruses. Marketing director of Brisbane-based Leprechaun Software, Len Groves, said most virus writers got so excited about what they could not wait to get it into circulation. There are about 2500 known computer viruses in circulation and three or four new ones appear each week. Puke has members throughout Australia and has been in existence for at least five years. At least two of its members have been charged by Federal Police recently with computer related offences. Computer virus damage costs Australia tens of millions of dollars each year. Viruses are man-made rogue programs which reproduce and mutate, attaching themselves to other computer programs and files and spreading in much the same way as a biological virus. Many of the viruses are harmless and some are even humorous, but many are extremely contagious and very damaging, destroying all data and the operating system on computers they infect. Infected computer networks have to be closed down - often for days at a time - while they are "disinfected". Even then, they are likely to be hit again by the same virus two or three weeks later. Companies have been put out of business permanently after losing all of their data, because they had failed to make back-up copies. Queensland State Government departments were hit by viruses seven times in the two years from mid-1994, but were lucky to suffer only minor damage. The most serious case cost $40,000 to fix. Several viruses have turned up at sites on the Gold Coast and in Townsville, but nowhere else. Other viruses have spread further afield. Two years ago "Harry" had a falling out with Puke, and a short time later a virus named Dudley appeared on the scene. It was almost identical to No Frills, but an anonymous caller to Leprechaun told them it was members of Puke trying to get back at "Harry" for something. They wanted him to be blamed. Since then another version also allegedly written by a Puke member called Oi Dudley, has appeared. Recently an underground group, called Vlad, has surfaced in Brisbane. One of its first efforts was the Incest Virus. Vlad often checks into Leprechaun's public access bulletin board to "have a look around" and taunt the virus busters. Like graffiti vandals, virus writers often sign their work and include strings of text (sometimes encrypted) in the virus programs. The contents can range from foul to foolish. TAXMAN STOPPED BY VIRUS ----------------------- The Australian, Tuesday, February 21, 1995 Teenager's anxiety and delight with own virus --------------------------------------------- Queensland teenager feels a mixture of anxiety and delight every time his No Frills virus throws another large business into turmoil. No Frills latest target is the Australian Tax Office, but its list of victims over the past three years includes Telecom and SunCorp, Queenslands largest financial institution. was a 15 year old schoolboy when he produced the prototype of No Frills. It referred to itself in an internal message as K-Mart and gave its author the nom de code of "Harry McBungus". The virus infected SunCorp in February, 1992, forcing the company to quarantine 100 desktop systems and 12 servers while it was purged and damaged files were repaired. Even as SunCorp was setting its house in order, was working on the streamlined version that became No Frills. He claims it escaped into the public domain via a games diskette. Almost a year to the day after the SunCorp infection, a version of No Frills in an encryption wrapper ran wild in Telecom's International Business Office computers. The attack forced Telecom to first isolate, then rebuild Novell networks linking about 1000 PC's. The five-day containment and clean-up exercise involved an international effort and a 30-member Telecom Tiger team. claims Telecom's use of the McAfee anti-virus software exacerbated the problem, which included the disconnection of 15 servers. "They started scanning their systems with McAfee, which couldn't find the virus," he says. "But every time McAfee opened a file to scan it, the virus infected it. That's how most of the infection happened." There were no public reports of major No Frills outbreaks last year, but the ATO attack has put the virus back in the spotlight. , a student at the , says the virus was written to infect executable overlay files, not destroy data files. But he concedes it could become confused by header information in some data files and infect them by mistake. "Basically, it's just a straight-forward virus," says. "I don't derive pleasure out of destroying things; I'd be a skewed human being if I did." "I'm not sitting here feeling happy because it's trashing thousands of computers." admits, however to feeling elated on hearing of the Tax Office's problems. "I do feel some joy that it's out there going strong, not just sitting in some virus archive," he says. maintains some contact with the virus community, but he says writing viruses is no longer a passion. "It's just one of those things you play with for a while, thinking it's cool, and then move on." These days, is more interested in his ; he thinks working with biological viruses would be fascinating. He would also like to do "something productive" with computer viruses, such as research, but fears his past may bar him from a career in the industry. "Even if I don't get into legal trouble for something like what happened with the Tax Office, having my name connected with No Frills will probably eliminate any future for me in computers," says. "If I was advising anyone I'd tell them to think about the consequences further down the track and not just look five minutes ahead, like I did when I started writing viruses." Overall, doesn't regret writing No Frills. "As a programming exercise I think it was good," he says. "But when you weigh up everything that has happened, well, I've never sat down and thought about it, but it may have been for the worst, mainly because of the anger it caused. "You live and learn. You see that more things happen than you realised at the time. "People suffer and stuff like that. I don't think people deserve to have viruses happen to them." In keeping with his new-found desire to do something positive with viruses, nominates a Russian anti-virus package called AVP as among the best he's seen. He likes the detailed and accurate technical information it supplies on various viruses. Other reccomended anti-virus packages on 's shortlist include Thunderbyte Scan and FPROT.