The supervisor took a closer look at the virus. "I missed it before. There's another word here, Diana P. What does this thing do?"
"Well, as it's a new version, the answer is I don't know. Until we've seen a copy, it's anybody's guess."
To discover what a virus actually does, it has to be disassembled, its operating instructions--the program--taken apart line by line. This is a difficult and time-consuming process and can be carried out only by specialists. In the meantime the technical support staff could only wait and watch as the virus spread slowly through the company, bouncing from machine to machine via the network cables that interlinked the company's 2,200 computers.
Viruses like Eddie work by attaching a copy of themselves to an executable file; whenever an infected program is used, the virus springs into action. It usually has two tasks: first, to find more files to infect; then, after it has had enough time to spread its infection to release its payload. It was obvious that Eddie was spreading so it was already performing its infection task. What was worrying was what its payload would prove to be.
To arrest the spread of the bug, it was decided to turn off all the computers in the company and wait until the virus could be cleaned out. It was a difficult decision--it would mean downtime and lost business--but it was a sensible precaution. It was later discovered that the payload in the Eddie variant was particularly malicious. When unleashed, it takes occasional potshots at the hard disk, zapping any data or programs it hits. The effect is equivalent to tearing a page out of a book at random. The loss of the pages may not become evident until one can't be found. But on a computer, if the loss goes undetected over a period of time, then the backup files, taken as a security measure in case of problems with the originals, could also have pages missing. The slow corruption of data is particularly insidious. Any computer breakdown can cause a loss of data, necessitating some reentry of the affected transactions since the last backup. But if the backups are also affected, then the task could become impossible. At worst, the data could be lost forever.
In this instance some data was irrecoverably destroyed, even though only sixty machines were found to be infected. But, in a sense, the company had been lucky: because Eddie had taken a potshot at a secretary's word-processing program and knocked out its print capability, it was discovered fairly early on. Had it lurked undetected for longer, it could have destroyed even more data.
The process of checking all 2,200 computers in the company took four and a half days, with a team of twelve people working twelve hours a day. Every executable file on every hard disk on every machine had to be checked. The team had special programs to help with the task, but viruses could easily get wrapped up inside "archived" files--files that are compressed to save computer space-- where they can escape detection. All archived files had to be expanded back to their full size, checked, and then packed away again. That took time. Also, all diskettes had to be checked, a nearly impossible task given the difficulty in finding them: diskettes have a habit of disappearing into black holes in desk drawers, in briefcases, in storage cupboards.
The computer diskette has now assumed the generality of paper as a medium for storing information. Staff with home computers often carry diskettes to and from their office, and it makes sense that diskettes containing valuable data should be stored off-site, as a precaution against problems with the office computer. But the home PC also encourages the transfer of viruses among fami- lies. A student might transfer a virus from college to home; a parent might transfer a virus from home to office. For the most part, viruses are spread innocently, but there is now such a large traffic in diskettes that it is usually impossible to trace the source of an infection.
