Computer Security: Happy Birthday, Virus!

35 years ago, on 9 October 1989, the CERN Computer Security team issued for the first time a "Computer Virus Warning to all users of IBM Compatible PCs" (see the memorandum on the right). While it was not even the first virus the world had seen ("Creeper" of 1971 for DEC mainframes inter-connected via the ARPANET, "Elk Cloner" of 1982 targeting Apple IIs via infected floppy disks, and "©Brain" going after DOS-based PCs were doing their evil deeds earlier), this 1989 virus was a precursor without a name for the ransomware attacks of today. And it warranted a CERN-wide warning. Only decades later did more powerful viruses, i.e. "Slammer" and "Blaster" of 2003 and 2005, respectively, hit harder.

Things work the same way today, 35 years later. A virus, when activated, crawls through your documents and data, threatens to erase all the files from the hard disk and asks for "ransom" money (or threatens to delete that data if the payment is not paid ─ if it is even enough). The only innovation compared to the past is that data nowadays is also encrypted to better make the point. Newer variants even exfiltrate that data and threaten to publish it. Your private photos and personal documents, all being made public. To shame you. To pressure you. To make you pay.

And there is another variation compared to the past: the attack vector. While it used to be infected floppy disks that were slowly passed on from one PC to another, attacks today require either a lack of vigilance on the part of users who click on random URLs, links, QR codes or similar and, subsequently, compromise their computer, or so-called zero-day vulnerabilities in the operating system, browser, mail client or any other application digesting publicly shared documentation. If one of the criteria is fulfilled, the malicious virus does its malicious deed.

On the defence side, the baseline, however, is also still the same. "Identify […] all documents and data files that are important to you"; "Make copies"; "We have some virus detection programs"; "Cross your fingers" - not much has changed compared to today. And we happily repeat these basics for protecting your computer, laptop or smartphone here again:

• Always keep your operating system up to date. Give it some time (during the night) to patch. At least this way you protect it against any known vulnerability;
• Ditto for any other application, in particular your mail client, office application and browsers;
• Run a decent anti-malware software like the one that CERN provides for Windows and Mac operating systems;
• STOP ─ THINK ─ DON'T CLICK in order to avoid any drive-by infection when presented with a malicious URL, link, QR code, attachment, etc.;
• Have a decent back-up of all your crown jewels, i.e. all photos, documents and files that are valuable to you. In fact, CERN-related, professional data and documents should be stored centrally in CERN's IT services (CERNBox, EDMS, GitLab, Indico, etc.) and not reside solely on your computer. For your personal stuff, read this bullet point again, and go buy an external hard disk!
• Cross your fingers.

_______

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at [email protected].