IN December of 1987 an electronic message named "CHRISTMA EXEC" arrived at IBM's flagship Thomas J. Watson Research Laboratory, in Yorktown Heights, New York. Steve R. White, a theoretical physicist, was working on an unrelated computer-security problem when the communiqué first unfolded on a colleague's screen, slowly tapping out keyboard characters in the shape of a pine tree and then signing off with the salutation "Merry Christmas."
Any enchantment, though, turned to worry as the visitor accessed the colleague's electronic address book and sent a copy of itself -- ostensibly from the colleague -- to the 1,500 or so entries in the database. A magician doing a disappearing act, CHRISTMA EXEC then erased itself. People were stunned. Loudspeakers blared a warning not to run the rogue program, but it was too late. The holiday message was a Scroogelike virus that replicated itself hundreds of thousands of times, clogging up the company's internal E-mail system for nearly a day. Long before all the damage reports were in, however, White had dropped what he was doing to concentrate on the invader. "You realize as soon as this happens that it's something bad," he recalls. "I said, 'That's it, I'm not working today. I'm going to watch this happen, because this is a seminal event in history.'"
This was an early battle in the Virus Wars, a struggle between good and evil that affects a million computer users every year and threatens to intensify in the age of Internet communications and commerce, when viruses can be passed rapidly around the globe. With huge bets placed on the future of E-business, and with virtually every virus aimed at IBM computers and compatibles (such machines running Microsoft's DOS and Windows operating systems today account for some 90 percent of all personal computers), few companies take the threat as seriously as IBM does. In 1987 perhaps three digital viruses existed. Today, every day, six to ten PC viruses stream into the Anti-Virus Center at IBM's Hawthorne Laboratory, an extension of the Watson lab a few miles down the road from its parent. So far the IBM group has battled about 20,000 separate invaders.
And that's not even the half of it. Until recently the enemy at least seemed contained: once IBM's investigators or their counterparts in a few other organizations turn their attention to a virus, it typically takes less than twenty-four hours to decipher the code and divine a cure. But with millions of people swapping files and conducting Internet business around the clock, once-sluggish mutant codes can go global in well under a day.
On a recent visit to the Hawthorne Lab, White took me to a two-room suite a couple of floors above the Anti-Virus Center. Here, sealed off from the outside world by computer firewalls and other defenses against hackers, resides a prototype of what IBM thinks might be the savior of the Net. It's called the Digital Immune System. The idea is to create digital white blood cells -- much as human beings develop antibodies to biological agents -- that will be permanently available on line. In theory, automatic virus-scouting programs will transmit suspect codes directly to the immune center, where they will be analyzed and debugged and the cure beamed back before mere mortals even know there's a problem. "If the Internet is going to survive," White says, "we're going to need an automated response on this rapid time scale."
A COMPUTER virus is a bit of software code that gets into a machine -- typically through a disk or an electronic message -- and co-opts its host's resources, making copies of itself and ordering up aberrant behavior ranging from posting an innocuous message to wiping out hard drives. Although the theory behind viruses goes back at least to the 1970s, they did not emerge in the "wild" until the late 1980s. They speedily became an everyday menace. Annual sales of anti-virus software are expected to surpass $1 billion next year.
Nearly as soon as viruses came into existence, myths emerged about virus writers. In TV shows and movies they are brilliant iconoclasts who run circles around hapless corporations. No such romanticism affects IBM's twenty-five-person anti-virus team, however. Viral codes are rife with bugs -- and none of their writers would land a job with IBM. "The writers might think that they're showing off their programming prowess," says Jeffrey O. Kephart, an instrumental figure in IBM's anti-virus fight. "But in most cases they're displaying their ineptitude to the world." Though few good studies of virus writers exist, the available evidence indicates that they're almost always male, usually in their teens or early twenties, and have an attitude. A pair of file cabinets inside the Anti-Virus Center hold boxes of diskettes bearing copies of every virus the lab has tackled. A few samples from this morgue illustrate the point.
One is Wazzu, which in its heyday, in 1997, infected Microsoft Word files by randomly shuffling words and inserting its name into text, as in "Now is wazzu the country to come to the aid of your time." Form, another demon, caused keyboards to make an annoying clicking sound on the twenty-fourth of each month. Inside his errant code, where only debuggers would see it, Form's creator left this message: "Virus sends greetings to everyone who's reading this text. Form doesn't destroy data! don't panic. F---ings go to corinne."
These creations may seem like harmless pranks, but anti-virus researchers warn that there's no such thing as a benign virus. Take Wazzu. "You might think it's a funny virus unless you're writing the Israeli-Palestinian peace treaty," White says. Even Form is far from harmless, since a virus's very presence means that a computer's standard operations have been disrupted, increasing the risk of crashes and tainted files. And without naming names, White tells horror stories of corporate mergers in which one company infected another because viruses got into the spreadsheets they exchanged.