A History of Malware and Viruses (Part 1/2)
Stephen Hawking once said:
“I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We've created life in our own image.”
Although this may seem a little bit like Terminator or other apocalyptic Sci-Fi, it does highlight the fact that viruses can be extremely damaging and cannot be seen as “just a bit of a nuisance”.
In this blog, I’ll be giving a brief rundown (it’s a very large subject so I’ve been as concise as possible!) of how viruses have evolved over the years to the present day, and the considerations a business should now take to mitigate any issues.
Extremely Brief History of Viruses
The term computer virus was described in 1984 as ‘a program that can infect other programs by modifying them to include a possibly evolved copy of itself’, yet even before 1984, there were many papers published regarding viruses, even if they weren’t called that yet.
It started back in 1949 , when John von Neumann held lectures on his theories of “viruses”. Based upon his own lectures, in 1966 he published an essay called “The Theory of self-reproducing automata". From that stemmed more work by various students and professors for decades which discussed not only the practical problems, but also in some cases the philosophical.
In the early 1970s , a new virus was created called the “Creeper” virus. It was an experimental piece of code that was run on a machine that had access to ARPANET (The precursor to the internet). The payload was simply to display the text “I'm the creeper, catch me if you can!" at which point it found another machine to copy to and repeated its actions on there.
The early 80s saw a small rise in computer viruses, when personal computers became more popular, and people started having them in their own homes. At this point, although some payloads had malicious intent, there was never any real threat to the general computer user.
The late 80s introduced what is known to be the first worm in the wild. A worm can be described as a program that uses a computer network to spread itself, relying on security failures on the target machine to access. It also has the ability to run independently and not attach itself to a normal program like viruses normally do.
The first worm which really caused any bother, was one called Christmas EXEC. It was a program created for the purpose of sending itself to everyone in the recipients contact list.
Although it doesn’t seem particularly bothersome, it caused absolute havoc to the networks it was run on, due to the proliferation of the code spreading everywhere and causing congestion – something that has reoccurred many times. This worm affected IBM business networks, national research networks and educational networks.
In the late 1980s-early 1990s as cassettes and disks were copied in playgrounds around the world, so were malicious programs – it was really the only way for them to propagate, unless you were fortunate enough to have access to a BBS (bulletin boards you could dial into – another kind of precursor to the internet). Most viruses back then were cheeky attempts at people getting their name out there and at one point a whole scene evolved where virus writers tried to outdo each other for notoriety. In these cases a reboot of your machine would usually clear the virus completely from memory, but they could still be on your floppy disks!
If you used a machine that ran DOS back in 1989, you may have been lucky(!) enough to have had a Trojan sent to a mailing list from a WHO conference, which is thought to be the very first piece of ransomware . Ransomware encrypts your data/machine so you have no access to it, but you are able to pay for the key to unlock. In this case, you had to send $189 to a PO Box in Panama. I’ll be discussing ransomware later on.
In the early 1990s , I caught my very own first virus! I was quite proud and amused at the time. It was called the “Ghost virus” on an Atari ST and its function was to invert mouse control. The pride and amusement quickly dissipated as it copied itself to every disk I put in, causing frustration when trying to play “Jimmy Whites Whirlwind Snooker”. Lesson learnt.
Advent of Windows Nasties
March 1992 introduced a memorable virus called the “Michelangelo” virus. This virus was purported to cause millions of Windows PCs to be wiped and when the media caught hold of this, there was anguish and worry when the payload was expected to hit – March 6 th , Michelangelo’s birthday.
As it turns out, it was a bit of a damp squib with thousands, not millions of PCs affected. This, however, showed that the warning signs were there.
The mid-90s introduced a new generation of viruses, which were called macro-viruses. A macro is a programming language that is embedded within another program. Most common programs are Word, Excel and Outlook and it allows you to program shortcuts to a task, or other automation. They can be incredibly useful, but miscreants can write viruses and malware into a macro.
Macro-viruses are the one of the most important reasons it can be dangerous to open unexpected attachments in email, as they can hide inside legitimate looking documents. Macro-viruses are still prevalent to this present day.
The Early 2000s were a particularly bad time for IT staff around the world. It was a time where systems were adopted by companies, dropped onto the internet and left to do their thing. The attack possibilities for hackers, viruses and worms were vastly expanded and it was a free for all in terms of exploitation of devices.
I remember putting a PC directly on the internet around this time just to see what would happen. In a matter of minutes it was rebooting and collecting all sorts of malware. I ran an antivirus scan on it afterwards and it was infected with all sorts of viruses. I wanted to unplug it and burn it in the car-park but the company I worked for at the time had a limited budget, so I opted to wipe it and reinstall Windows.
Viruses/Worms that hit the news around that time :
2000 - ILOVEYOU – Infected millions of PCs in hours.
2001 - Anna Kournikova virus – Brought Email servers to their knees.
2001 - Sircam worm – Spread via email/network shares. Was still a top 10 virus one year later.
2001 – Code Red – Worm attacked vulnerable web servers. 359,000 hosts infected.
2001 – Nimda - Internet’s most widespread virus/worm within 22 minutes. Various attack vectors.
2002 – Beast – Remote Access Tool (allows control of victim’s machine).
2003 - SQL Slammer - Spread rapidly, infecting most of its 75,000 victims within ten minutes. Slammer slowed down the entire internet as it propagated.
In the following years, there were many, many more of these types of viruses that used a vulnerability of a system to infect (and still do). I’m only stopping the list of those now, else I’ll run out of blog room, but we are talking thousands.
Please remember Viruses are now a real threat.
In my next article I’ll be covering recent viruses including Phishing Emails and Ransomware and what you need to do to help protect yourself from falling victim to one.
IT security is a massive subject and I can’t really do it justice in a blog entry but I hope you’ve found it useful or interesting. If you have then please share the blog with your colleagues and friends.
Craig Smallman
IT Infrastructure (Support)
