Virus Invades University, Lab Computers Across U.S.

A large-scale computer virus infected systems across the country Thursday, afflicting the Lawrence Livermore National Laboratory, the NASA Ames Research Center in Mountain View and at least eight major universities, including UC Berkeley, Stanford and Massachusetts Institute of Technology, but officials said they were unsure how much, if any, damage had been done.

The bug infected thousands of computers but apparently did not destroy any files or research, said Prof. James Bruce, vice president for information systems at MIT.

The New York Times in today’s editions said unidentified computer security analysts were calling the virus “the largest assault ever on the nation’s computers.”

Viruses, the communicable diseases of computers, are tiny programs created in computers either as a joke or vandalism. They can attach themselves to other programs and spread through shared software.

In their mildest form, a message flashes on a user’s screen; as malignancies, they can destroy data and cripple a computer.

“We’re not crippled,” Bruce said. “It first showed up in the middle of the night and spread very virulently during the day.”

The most worrisome invasion occurred at Livermore, one of two national labs where nuclear weapons are designed. Spokeswoman Bonnie Jean Barringer said the invasion “was detected and contained within two hours.”

Livermore spokesman Jeff Garberson said a computer problem was discovered late Wednesday.

“We . . . took action to contain it, which means to stop it from spreading to other computer systems. We were successful by about 1 in the morning,” about five hours after it was discovered.

“This is for unclassified, non-secured systems,” Garberson said. “It did not affect our classified national defense system at all.”

The lab’s work includes design of the nation’s nuclear weapons and key work on the Strategic Defense Initiative.

“We are now powering back up and should have all these unclassified systems back on line by tomorrow,” Garberson said.

In an interview with The Times, Wallace Raven, spokesman for UC Berkeley, called the virus “kind of nasty but not malicious.” He said it “ate up computer time,” causing the university system to slow down, but “there was no damage and nothing was lost.”

At 3 a.m. Thursday, university officials “posted a fix,” telling users how to protect the system from the virus.

The virus was reported to have made its way into sophisticated computer systems at MIT, Stanford, UC Berkeley, Cornell University, Purdue University, the University of Wisconsin, Boston University and the University of Chicago.

Others May Have Been Hit

Experts believe that many other facilities, including Rutgers University, the University of Michigan and UC San Diego, may also have been hit.

At NASA’s Ames facility, “several (computer networks tied into telephone lines) were infected by computer viruses,” spokesman Jack Murphy said.

“The infestation was detected Wednesday evening at approximately 9:45 p.m. (PST). No supercomputers were infected nor classified data accessed or compromised, and there was no known loss of data,” Murphy said.

Classified Air Force information is not kept in computer systems that can be accessed by phone, he added.

The Jet Propulsion Laboratory in Pasadena, warned by Ames, immediately “guillotined” its computer system from the infected network and has developed a protective “software patch” to be installed before the networks are reconnected, probably within a day, according to spokesman Jim Wilson.

Researchers said it may not be possible to determine where the virus started. Asked who the saboteur could have been, Paul B. Pomes, senior research programmer in the computer services office of the University of Illinois at Champaign-Urbana, replied, “Very likely a bored graduate student.”

The New York Times said the virus apparently was released by a computer graduate student trying to sneak what he thought was a harmless virus onto ARPANET, an electronic research network provided by the Defense Department’s Advanced Research Projects Agency,where the program was supposed to remain undetected.

The Times said an anonymous caller, identifying himself as an associate of the student, telephoned the newspaper and said the virus went awry because of a programming error that caused it to replicate itself much faster than intended.

“The student realized his error shortly after letting the program loose and . . . was now terrified of the consequences,” the Times said.

The Defense Communications Agency set up an emergency center to deal with the problem, the newspaper said.

‘Sitting Around’

“This has the feel of somebody who was sitting around thinking one night over a beer, ‘Hey, I can write a virus. Let’s see what happens,’ ” said Charley Kline, senior research programmer with the computing services office at the University of Illinois.

Those using a research network called Internet were forced to stop work Thursday while technicians attempted to clear their machines of the virus. The extent of the damage is not known because technicians have not yet determined all things the virus can do or how many computers have been affected. At a minimum, hours or days of work time will be lost by thousands of workers.

Researchers trying to analyze the effect of the virus said it may infect any computer that uses the operating system called Berkeley Unix, Version 4.3, the Washington Post reported.

This particular virus is very large, consisting of a program of 60,000 bytes and is very sophisticated. Once introduced, it sends itself by electronic mail like a chain letter relayed at the speed of light, multiplying the virus among many computers.

It not only sends itself, but when it arrives, it tries at least four ways to break into the computer, Stevan Milunovic, director of information systems at SRI International in Menlo Park, Calif., told the Post.

Carol Broadbent, director of public relations at Sun Microsystems Inc., which manufactures computers that use the Unix system, said the virus triggers so many operations in a computer that the user is put on hold while the system runs on its own.

“We’ve notified our customers about the problem and how to keep it from spreading,” she said.

Engineers have come up with ways to disable certain functions of the machines to prevent the spread of the virus.

Linked to Infected Networks

In Washington, Charles Redmond, a spokesman for NASA, said there had been no reports of the space agency’s public computer system, Space Physics Analysis Network, or SPAN, being affected by the attack, but the system is linked to some of the infected networks.

“We are treating this seriously and alerting users on SPAN to protect their data and their programs. The system we have has in the past been the victim of viruses because it is deliberately maintained as an open system for international scientific participation,” Redmond said.

“This is going to be the most extensive virus that has ever invaded any computer system,” said Greg Chartrand, manager of the computer network at Fermi National Accelerator Laboratory. “We have been sitting back all day watching this storm take place and praying the lightning bolts won’t hit us.”

‘A Vicious Thing’

Al Thaler, program manager for National Science Foundation’s NSFnet, was shaken by the invasion of the nation’s research computers: “It is a mean-spirited, vicious thing that interferes severely with the communications network our research computers live in. We are angry.”

Even though it will be hard to find out who started the virus, Thaler said, “We are going to try.”