SAN FRANCISCO CHRONICLE REPORTER COOKS HIMSELF IN THE BURMESE
HOT-ZONE OF COMPUTER VIRUS REPORTING

October 26, 1996

One of the worst pieces of mainstream journalism on computer viruses
I've ever seen came earlier this month from the San Francisco
Chronicle's Jon Swartz.  In an October 8 article entitled "Symantec's
High-Tech Hot Zone," Swartz gets just about everything wrong in his haste
to write hagiography. As business, feature or straight news reporting,
it rates a solid "F," accurately serving only as an unpaid
advertisement for an anti-virus company while conveying no useful
information on computer viruses.

A few paragraphs in, Swartz immediately bewilders and frightens readers
by writing viruses are spread through "e-mail messages."  Wrong.
Reporters who insist on writing that computer viruses are contracted
through standard electronic mail need to be forbidden from writing
on the subject.

Swartz then reassuringly informs readers computer viruses are not like
bacteria, invisible aethers or nuclear radiation: "[Viruses] do not
spread by casual contact -- for example, by simply laying a contaminated
disk on top of a clean one or on top of a computer."

All of this discussion is framed around Norton Anti-virus employees
who are given an aura of saintliness in their work.  As examples of
computer virus effects, the Norton technicians show Swartz two virus
activations -- Burma and Frodo -- neither of which are current.  In the
dog-and-pony show, the reader is not told that Burma is an overwriting
virus -- the most primitive variety extant -- that immediately corrupts
a handful of target programs with itself and flashes an eye-popping
display. Viruses like Burma never spread because they are as obvious
as a loud fart at a Miss Manners convention. Burma brings any computing
to a grinding halt necessitating its immediate extermination. So it
is  -- from a user standpoint -- hardly an example of Swartz's "world's
most virulent computer viruses." I also doubt whether the Burma virus
could be said to have ever been "in the wild." [1]

Swartz then commits another sin.  He lets a mouthpiece for an
anti-virus vendor cite an anonymous case. "One company was losing $1
million a day [to computer viruses]," claims a Symantec rep. Of course,
since the case is hidden behind the cloak of anonymity, there is no way
to determine whether the anecdote is reasonable or fabricated and
utterly self-serving.

Swartz writes that virus writers are "brilliant" perpetuating the myth
that they're dangerous weirdo geniuses armed with computers.  It's a good
hook for sexy information warfare stories. But it's false.  The ugly truth
is that the vast majority of the thousands of viruses now categorized are
rather simple programs. They are easy to write or fabricate
from older models by anyone passingly familiar with them. No geniuses
need apply.

Swartz writes the Norton Anti-virus facility is a "top secret lab."
If it's so "top secret," why does the company regularly issue press
releases about it and encourage reporters to take pictures?

The Chronicle story also features a side-bar peppered with a number
of goobers like: "Most [viruses] originated in Bulgaria and were
primarily political messages that did not damage PCs."  This belies
Swartz's own reporting in the main body of the story and an alert
copy editor on the desk might have caught the error.  None of the viruses
Swartz mentions are from Bulgaria. Indeed, a couple of their names
indicate they (and I'm being even more sarcastic here) _might not_ be
from Bulgaria: Burma, Pakistani Brain, Stoned, Frodo, Michelangelo. In
reality, there are so many computer viruses, it's stupid to insist most
come from one country. Put in perspective: This Chronicle propagated
"myth" is similar to an illogical statement that claims most infectious
diseases come from Zaire simply because the African country was widely
popularized in 1995 as one source of Ebola plagues.

Here's another Swartz/Symantec whopper -- "The Internet is a major
source of spreading [viruses]." The Internet is a _good_ medium for
spreading hoaxes, like Good Times. The Internet is an _efficient_ medium
for propagating exaggerated computer virus scare stories -- for example,
Hare Krishna. And, of course, the Internet is a _good_ collective bogeyman,
suitable as justification for more entreaties to buy Symantec software.
However, the Internet is not the major vector for virus infections. These
remain exchanged virus-contaminated diskettes and, now, Microsoft Word
documents.

Swartz also digs up an "independent" expert -- Joe Wells who maintains the
list of computer viruses reported in the wild -- to add some color and
affirmation to his redeeming tale of the brave employees of the Norton
Anti-virus project. The reporter doesn't mention that Wells used to work
as part of the Norton Anti-virus project and might, therefore, not be
expected to be critical of the company in a formal publication.  (For the
insiders, the one time I met Joe at an international virus prevention
conference, he frequently made jokes about Symantec.)

The computer virus story remains an interesting one and should be
reported on.  However, collections of myths and bumbling mistakes wrapped
around a vendor endorsement disguised as news -- like the Chronicle's
paean to Symantec -- deserve to be punted.


Notes:

1. The Burma virus was actually written in Newport News, Virginia
-- not Bulgaria, obviously -- by former virus-writer, Aristotle.  Aristotle
figured prominently in my book, "The Virus Creation Labs," and was a
one-time member of the virus-writing group known as NuKE.  Aristotle
laughingly admitted many times he was a wretched virus programmer. The
Burma virus was one of his "joke" examples, it's visual activation taken
directly from an effect programmed into the NuKE virus-writing group's
electronic magazine, the NuKE InfoJournal.  While Aristotle would
doubtless be flattered by the appearance of the Burma virus in the
San Francisco Chronicle, he would certainly laugh out loud at the
paper's endorsement of it as an example of the "brilliant" world of
virus-writing.

But wait, there's more to reveal.

Burma was actually only a hack of a hack.  In it's original incarnation
it was called "The Swizzler." The Swizzler, or Swizzles, first appeared
in 1993 (and here's a San Francisco Chronicle reporter writing about
it as a dangerous computer virus in 1996 [!]) when Aristotle wanted
American teenagers in the virus underground to believe they had the
latest virus by the Dark Avenger, the infamous -- but shadowy -- Bulgarian
virus-writer. Swizzles wasn't Bulgarian, but most of the people it was
given or shown to (like some newspaper reporters) were too gullible to
penetrate the sham.  Swizzles showed up many times in the virus
underground, under slightly different name and with slightly different
payload.  It was an extremely simple overwriting file-infecting virus
that destroyed programs when it landed on them.  One variant would also
infect and destroy COMMAND.COM which immediately created a problem, as
the machine would hang the next time DOS tried to reload the transient
portion of the shell from the disk, usually about 5 seconds after
Swizzles - or whatever it was called - executed.  Its most infamous
incarnation - as a red-herring - was, in the end, Burma. Burma was 
actually submitted to the Los Alamos National Lab in Albuquerque when 
Pam Trexler, an employee there, solicited Aristotle for a virus that 
was supposed to be representative of the virus underground.  Of course, 
Burma wasn't, but that was the ruse.  The idea that a virus as simplistic 
and obvious as Burma wasting anyone's time at a national lab, even if the
recipient was a researcher or the equivalent of a lab janitor, is worth
recording.

P.S.  Why is this virus called Burma, then, you ask?  The code of the
virus has the text "Rangoon, Burma" buried in it.  


George Smith
Crypt Newsletter
http://www.soci.niu.edu/~crypt
