An Abbreviated Bibliography for



                        Computer Viruses

                               and

                     Related Security Issues
















                             Revised
                         April 18, 1990






    NIST   The National Institute of Standards and Technology

                  ABSTRACT

This document provides a list of suggested
readings about computer viruses and other
related threats to computer security.  The
primary intended audience is management and
those who need access to the basic facts,
however readings are included that are also
suitable for technically-oriented individuals
who wish to learn more about the nature of
computer viruses and techniques that can be
used to reduce their potential threat.  The
suggested readings range from general discus-
sions on the nature of viruses and related
threats, to technical articles which explore
the details of various viruses, the mechan-
isms they attack, and methods for controlling
these threats to computer security.  Other
articles are included that deal with more
general aspects of computer security, but
which have some bearing on the problem.












The National Institute of Standards and Technology


The National Institute of Standards and Tech-
nology (NIST) has responsibility within the
Federal Government for computer science and
technology activities.  The programs of the
NIST National Computer Systems Laboratory
(NCSL) are designed to provide ADP standards,
guidelines, and technical advisory services
to improve the effectiveness of computer
utilization and security, and to perform
appropriate research and development efforts
as foundation for such activities and prog-
rams.  Copies of this paper as well as other
publications may be obtained from the follow-
ing address:

National Institute of Standards and Technology

Computer Security Management and Evaluation Group

         Computer Security Division
              A216, Technology
           Gaithersburg, MD 20899


                           BASIC TERMS


The following list provides general definitions for basic terms
used throughout the literature.  Some of the terms are relatively
new and their definitions are not widely agreed upon, thus they
may be used differently elsewhere.

Computer Virus:  A name for
software written to cause some
form(s) of damage to a comput-
ing system.  Computer viruses
copy their instructions to
other programs; the other pro-
grams may continue to copy the
instructions to more programs. 
Depending on the author's mo-
tives, the instructions may
cause many different forms of
damage, such as deleting files
or crashing the system.  Com-
puter viruses are so named be-
cause of their functional sim-
ilarity to biological viruses,
in that they can spread rapid-
ly throughout a host system. 
The term is sometimes used in
a general sense to cover many
different types of harmful
software, such as Trojan hor-
ses or network worms.

Network Worm:  A name for a
program or command file that
uses a computer network as a
means for causing damage to
computing systems.  From one
system, a network worm may at-
tack a second system by first
establishing a network connec-
tion with the second system. 
The worm may then spread to
other systems in the same man-
ner.  A network worm is simil-
ar to a computer virus in that
its instructions can cause
many different forms of
damage.  However, a worm is a
self-contained program that
spreads to other systems,
whereas a virus spreads to
programs within the same sys-
tem (a worm could do that as
well).

Malicious Software:  A general
term for computer viruses,
network worms, Trojan horses,
and other software designed to
deliberately circumvent
established security
mechanisms or codes of ethical
conduct or both, to adversely
affect the confidentiality,
integrity, or availability of
computer systems and networks.

Unauthorized User(s):  A user
who knowingly uses a system in
a non-legitimate manner.  The
user may or may not be an
authorized user of the system. 
The actions of the user
violate established security
mechanisms or policies, or
codes of ethical conduct, or
both.

Trojan Horse:  A name for a
program that disguises its
harmful intent by purporting
to accomplish some harmless
and possibly useful function. 
For example, a Trojan horse
program could be advertised as
a calculator, but it may
actually perform some other
function when executed such as
modifying files.

Back Door:  An entry point to
a program or system that is
hidden or disguised, perhaps
created by the software's
author for maintenance or
other convenience reasons. 
For example, an operating sys-
tem's password mechanism may
contain a back door such that
a certain sequence of control
characters may permit 

access to the system manager
account.  Once a back door be-
comes known, it can be used by
unauthorized users or
malicious software to gain
entry and cause damage.

Time Bomb, Logic Bomb: 
Mechanisms used by some
examples of malicious software
to cause damage after a
predetermined event.  In the
case of a time bomb, the event
is a certain system date,
whereas for a logic bomb, the
event may vary.  For example,
a computer virus may infect
other programs, yet cause no
other immediate damage.  If
the virus contains a time bomb
mechanism, the infected
programs would routinely check
the system date or time and
compare it with a preset
value.  When the actual date
or time matches the preset
value,  the destructive
aspects of the virus code
would be executed.  If the
virus contains a logic bomb,
the triggering event may be a
certain sequence of key
strokes, or the value of a
counter.

Anti-Virus Software:  Software
designed to detect the occur-
rence of a virus.  Sold as
commercial products and as
shareware, anti-virus programs
can scan software for known
viruses or monitor a system's
behavior and raise alarms when
activity occurs that is typi-
cal of certain types of
computer viruses.

Isolated System:  A system
that has been specially
configured for determining
whether applicable programs
contain viruses or other types
of malicious software.  The
system is generally
disconnected from any computer
networks or linked systems,
and contains test data or data
that can be restored if
damaged.  The system may use
anti-virus or other monitoring
software to detect the
presence of malicious
software.  

Computer Security:  The tech-
nological safeguards and
management procedures that can
be applied to computer
hardware, programs, data, and
facilities to assure the
availability, integrity, and
confidentiality of computer
based resources and to assure
that intended functions are
performed without harmful side
effects.
                      SUGGESTED READINGS


Adler, Marc, "Infection Protection: Antivirus Software" PC
Magazine, April 25, 1989.

Arkin, Stanley et al., "Prevention and Prosecution of High-Tech
Crime," Matthew Bender Press Co., 1989.

Brenner, Aaron, "LAN Security", LAN Magazine, August 1989.

Bunzel, Rick, "Flu Season," Connect, Summer 1988.

Cohen, Fred, "Computer Viruses," Proceedings of the 7th DoD/NBS
Computer Security Conference, 1984.

Computer Viruses - Proceedings of an Invitational Symposium, Oct
10/11, 1988, Deloitte, Haskins, and Sells, 1989.

Denning, Peter J., "Computer Viruses," American Scientist, Volume
76 May-June 1988.

Denning, Peter J., "The Internet Worm," American Scientist,
Volume 77, March-April 1989.

Dewdney, A. K., "Of Worms, Viruses and Core Wars," Scientific
American, March 1989.

Dvorak, John, "Virus Wars: A Serious Warning," PC Magazine, Feb
29, 1988. 

Federal Information Processing Standards Publication 112,
Password Usage, National Bureau of Standards, May 1985.

Fiedler, David and Hunter, Bruce M., "Unix System Administra-
tion," Hayden Books, 1987.

Fites, P.F., M.P.J. Kratz, and A.F. Brebner, "Control and
Security of Computer Information Systems," Computer Science
Press, 1989.

Fitzgerald, Jerry, "Business Data Communications: Basic Concepts,
Security, and Design," John Wiley and Sons, Inc., 1984.

Gasser, Morrie, "Building a Secure Computer System," Van Nostrand
Reinhold, New York, 1988.

Grampp, F. T. and Morris, R. H., "UNIX Operating System
Security," AT&T Bell Laboratories Technical Journal, October
1984. 

Greenberg, Ross, "Know Thy Viral Enemy," Byte Magazine, June
1989.

Hatkin, Martha E, and Robert B. J. Warner, "Smart Card Technol-
ogy: New Methods for Computer Access Control,"  NIST Special
Publication 500-157,  National Institute of Standards and Tech-
nology, September 1988.

Hoffman, Lance, "Modern Methods for Computer Security and
Privacy," Prentice-Hall, 1977.

Honan, Patrick, "Avoiding Virus Hysteria," Personal Computing,
May 1989.

Kurzban, Stanley A., "Viruses and Worms--What Can You Do?," ACM
SIG Security, Audit, & Control, Volume 7 Number 1, Spring 1989.

Lipner, S. and S. Kalman, "Computer Law,", Merrill Publishing
Co., 1989.

McAfee, John, "The Virus Cure," Datamation, Volume 35, Number 4,
February 15, 1989.

McLellan, Vin, "Computer Systems Under Siege," The New York
Times, January 17, 1988.

Murray, William H., "Epidemiology Application to Computer
Viruses," Computers and Security, Volume 7, Number 2, April 1988.

Parker, T., "Public domain software review: Trojans revisited,
CROBOTS, and ATC," Computer Language, April 1987. 

Pfleeger, Charles, P., "Security in Computing," Prentice-Hall,
1989.

Pozzo, Maria M., and Terence E. Gray, "An Approach to Containing
Computer Viruses," Computers and Security, Volume 6, Number 4,
August 1987.

Rubenking, Neil, "Infection Protection," PC Magazine, April 25,
1989.

Schnaidt, Patricia, "Fasten Your Safety Belt," LAN Magazine,
October 1987.

Shoch, John F., and Jon A. Hupp, "The Worm Programs--Early
Experience with a Distributed Computation," Communications of the
ACM, Volume 25, Number 3, March 1982.

Spafford, Eugene H., "The Internet Worm Program: An Analysis,"
Purdue Technical Report CSD-TR-823, November 28, 1988.

Spafford, Eugene H., Kathleen A. Heaphy, and David J. Ferbrache,
"Computer Viruses - Dealing with Electronic Vandalism and
Programmed Threats," ADAPSO Software Industry Division Report,
1989.

Stefanac, Suzanne, "Mad MACS," Macworld, November 1988.

Steinauer, Dennis D., NBS Special Publication 500-120, Security
of Personal Computer Systems: A Management Guide, National Bureau
of Standards, January 1985.

Stohl, Clifford, "The Cuckoo's Egg," Doubleday, 1989.

Thompson, Ken, "Reflections on Trusting Trust (Deliberate
Software Bugs),"  Communications of the ACM, Vol 27, August 1984.

Tinto, Mario, "Computer Viruses: Prevention, Detection, and
Treatment,"  National Computer Security Center C1 Tech. Rpt. C1-
001-89, June 1989.

Wack, John P., and Lisa J. Carnahan, "Computer Viruses and
Related Threats: A Management Guide,"  NIST Special Publication
500-166,  National Institute of Standards and Technology, August
1989.

White, Steve R., David M. Chess, and Chengi Jimmy Kuo, "Coping
with Computer Viruses and Related Problems," Research Report
Number RC 14405, International Business Machines Corporation,
Yorktown Heights, New York, 1989, adapted and distributed as
"Coping with Computer Viruses and Related Problems," Form G320-
9913, International Business Machines Corporation, September
1989.

Witten, I. H., "Computer (In)security: infiltrating open sys-
tems," Abacus (USA), Summer 1987.

ELECTRONIC FORUMS:

VIRUS-L is a moderated mail forum for discussing computer virus
issues; comp.virus is a non-digested Usenet counterpart.  Infor-
mation on accessing anti-virus, documentation, and back-issue
archives is distributed periodically on the list.  Send subscrip-
tion requests to: LISTSERV@LEHIIBM1.BITNET.  In the body of the
message, enter "SUB VIRUS-L your name"

RISKS-FORUM Digest is a moderated mail forum for discussing
computer security issues as well as risks associated with other
forms of technology.  Send subscription requests to:
RISKS-Request@CSL.SRI.COM.

The NIST Security Bulletin Board is a repository of computer
security information open to the general public.  Users can
download files, send messages, participate in forums, and access
security alert information.  Dial 
(301) 948-5717 at 2400/1200/300 BPS, parity none, 1 stop bit, 8-
bit characters.