During 1989 things really started to move. The Fu Manchu virus (a modification of Jerusalem) was sent anonymously to a virus researcher in the UK, and the 405 virus (a modification of the overwriting virus in the Burger book) was sent to another UK researcher. A third UK researcher wrote a virus and sent it to another UK researcher; in 1989, the UK was where it was all happening. But not quite all. In 1989, the Bulgarians started getting interested in viruses, and Russia was beginning to awaken.
In March of 1989, a minor event happened that was to trigger an avalanche. A new virus was written in Holland. A Dutchman calling himself Fred Vogel (a very common Dutch name) contacted a UK virus researcher, and said that he had found this virus all over his hard disk. He also said that it was called Datacrime, and that he was worried that it would trigger on the 13th of the next month.
When the virus was disassembled, it was found that on any day after October 12th, it would trigger a low level format of cylinder zero of the hard disk, which would, on most hard disks, wipe out the File Allocation Table, and leave the user effectively without any data. It would also display the virus’ name: Datacrime virus. A straightforward write-up of the effect of this virus was published, but it was another non-memory-resident virus, and so highly unlikely to spread.
However, the write-up was reprinted by a magazine, another magazine repeated the story, a third party embellished it a bit, and by June it was becoming an established fact that it would trigger on October 12th (not true, it triggers on any day after the 12th, up till December 31st) and that it would low level format the whole hard disk. In America, the press started calling it “Columbus Day virus” (October 12th) and it was suggested that it had been written by Norwegian terrorists, angry at the fact that Eric the Red had discovered America, not Columbus.
Meanwhile, in Holland, the Dutch police were doing one of the things that falls within those things that police are supposed to do: crime prevention. Datacrime virus was obviously a crime, and the way to prevent it was to run a detector for it. So they commissioned a programmer to write a Datacrime detector, and offered it at Dutch police stations for $1. It sold really well. But it gave a number of false alarms, and it had to be recalled and replaced with version 2. There were long queues outside the Dutch police stations, lots of confusion about whether anyone actually had this virus (hardly anyone did, but the false alarms muddied the waters).
If the police take something seriously, it must be serious, right? So in July, large Dutch companies started asking IBM if viruses were a serious threat. Datacrime isn’t, but there is a distinct possibility that a company could get Jerusalem, Cascade or Stoned (or Italian, in those days before 8088 computers became a rarity). So what is IBM doing about this threat, they asked?
IBM had internal-use-only anti-virus software. They used this to check incoming media, and to make sure that an accident like Lehulpe could never happen again. IBM had a problem: if they didn’t offer this software to their customers, they could look very bad if on October 13th a lot of computers went down. The technical people knew that this wouldn’t happen, but obviously they knew that someone, somewhere, might have important data on a computer that would get hit by Datacrime. IBM had to make a decision about whether to release their software, and they had a very strict deadline to work to; October the 13th would be too late.
In September of 1989, IBM sent out version 1.0 of the IBM scanning software, together with a letter telling their customers what it was, and why they were sending it out. When you get a letter like that from IBM, and a disk, you would be pretty brave to take no notice, so a lot of large companies scanned a lot of computers, for the first time. Hardly anyone found Datacrime, but there were instances of the usual viruses.
October 13th fell on a Friday, so there was a double event: Jerusalem and Datacrime. In the US, Datacrime (Columbus Day) had been hyped out of all proportion for a virus that is as uninfective as this one, and it is highly likely that not a single user had the virus. In Europe (especially in Holland) there might have been a few, but not many.
In London, the Royal National Institute for the Blind announced that they’d had a hit, and had lost large amounts of valuable research data, and months of work. We investigated this particular incident, and the truth was that they had a very minor outbreak of Jerusalem, and a few easily-replaced program files had been deleted. Four computers were infected. But the RNIB outbreak has passed into legend as a Great Disaster. Actually, the RNIB took more damage from the invasion of the television and print media than from the virus.
By the end of 1989, there were a couple of dozen viruses that we knew about, but we didn’t know that in Bulgaria and Russia, big things were brewing.
The information in this section was provided by and used with permission of Dr. Solomon Software. Please do not further use the material without obtaining your own permission to use it.
|Dr Solomon History|
|1988 The Game Begins||1990 The Game Gets More Complex|