The Final Virus: A Science-Fiction Story

Special to TechNewsNet, July 2005 -- Millions of Microsoft users woke up to a new and deadlier Blue Screen of Death this morning. It said "This is the Final Virus. For spam to end, Windows must die!". Rebooting got them nowhere, because their hard drives had been formatted. All their data was destroyed.

A bulletin from CERT, the Computer Emergency Readiness Team chartered by the U.S. government, advised all Windows users to take their machines off the Internet immediately. "Final is polymorphic, so normal virus scanners don't spot it. Final spreads via infected Web pages, UPnP, the Microsoft Upgrade Channel, the Microsoft Messenger service, and possibly other routes," says the bulletin. Final seems to be written to do IP port scans and infect a fixed number of other machines before destroying its host. Infection reports have been rising exponentially since Final was first reported four days ago.

In a possibly related development, ISPs reported that the volume of spam detected at their servers has dropped between 2% and 10% since Final first appeared -- the first such drop in memory. Most spam is sent by zombie networks of cracked Windows machines; as more succumb to the virus or are pulled off-net, spam volume is expected to drop further.

But at least one company isn't taking Final's death notice at face value. A Microsoft spokesman hinted that the open-source community might be behind the attack. "You've got to ask yourself: who benefits?" said Craig Mundie. "And then you have to look at Linux." Microsoft's IE web browser has been losing market share to open-source Firefox since CERT's bulletin on the BHO vulnerability early last year. Linux's market share in new server installations passed Microsoft's in 1Q2005, continuing a trend begun in 1Q2004 when Linux posted 57% gains to a full quarter of Microsoft's share. Two quarters of disappointing earnings reports this year have the company under pressure from analysts.

But "I don't think this is us," said Eric Raymond, president of the Open Source Initiative. "Why would any of us perform a criminal attack on Microsoft's users when we're winning them over fair and square? Actually, this is very bad news for us; it might get INDUCE II passed."

Yesterday Senator Orrin Hatch issued a statement that Final highlights the need to make so-called "Digital Rights Management" hardware mandatory on all new computers. INDUCE II is backed by Microsoft, the Motion Picture Industry of America, and other anti-open-source groups; it would require software to have a cryptographic signature issued by a Federal security-certification authority before it could run on new hardware, and make circumvention of a computer's onboard DRM a felony offense.

Washington insiders are saying that in the wake of the damage wrought by Final, INDUCE II could be reported out of committee as early as next week.

The frightening thing about this story is how very little of it is fiction.

According to the ISPs who monitor these things, more than 80% of all Internet traffic is now spam, with the percentage still rising. And gone are the halcyon days when that spam was mostly porn-site solicitations and pyramid schemes; nowadays, most of it is either attempts to propagate viruses or bounce messages from failed attempts. Those viruses, in turn, are nowadays primarily designed to crack Windows machines and turn them into spam-sending zombies. Email users are in imminent danger of drowning in a flood of garbage; the spam and virus problems have become inextricably intertwined.

And, in fact, the underlying technical problem is the incurable insecurity of Microsoft Windows. Crackers and spammer gangs are now finding exploits faster than Microsoft can patch them; the help-object hole in IE, which can silently zombify any machine that visits an infected webpage, is only the most notorious of the recent vulnerabilities.

Final would be an extremely simple virus to write. We haven't seen it yet, because up to now virus writers have wanted to capture and exploit Windows machines, not exterminate them. But all it would take is one programmer. The virus-writing toolkits to produce such a beast are already out there.

Though Linux passed Microsoft in web-server market share long ago, it remains second in overall share for intranet and general-purpose servers. But unless there is some break in the trend curves Linux really will be #1 around the beginning of 2005. Microsoft is already bracing for it; in a recent memo. Steve Ballmer announced a billion-dollar cut in employee benefits and other expenses.

INDUCE II doesn't exist, but INDUCE I already does and Orrin Hatch is its sponsor. Similar proposals have been floated before. Intel is already shipping NX hardware that requires a cryptographic signature before binaries will run.

I don't know how to keep this future from happening. The inertia of that huge mass of Windows users out there makes it very unlikely that we can convert everyone voluntarily before some fed-up, spam-victimized programmer decides to force the issue.

We'd better hope we find a way, though. If this is how Windows dies, it could very well take us down with it.