We all know the feeling; a sore throat, sneezing, congestion, a cough, a runny nose…oh no, the dreaded cold virus! No human is immune. Likewise, no computer is immune.
How it happens, how it works and how we treat it remain mostly the same for human and computer. Computer viruses, much like the flu virus, are designed to spread from host to host and has the ability to replicate itself. Similarly, in the same way that viruses cannot reproduce without a host cell, computer viruses cannot reproduce and spread without programming such as a file or document. And like any human virus, computer viruses continue to change over time. To better understand a computer virus though let’s take a look at how it all started; at the history of the computer virus…
Computer viruses have been around just about as long as the personal computer has existed.
With the advent of the Internet, the ability of viruses to rapidly spread has increased substantially. Despite this increase in capability to infect large numbers of computers across international borders, the definition of a computer virus has not changed much over time. That is, a computer virus continues to be defined as a computer program that when it is run or executed is capable of copying itself into data files, other computer programs, or even the boot sector of a computer’s hard drive. Once the replication process is successful, the targeted computing device is “infected” by the virus. Once delivered, a computer virus may or may not have a payload designed to do any manner of activities, including deleting files, stealing information, or displaying information on the target computer. Although over the history of computer viruses, the definition of the malware has not changed, the techniques and payload delivery has evolved alongside the Internet itself.
A brief history timeline
Public computer virus history finds its origins in the early 1980s. The following is a timeline of some of the more significant viruses discovered publicly since 1982.
The first known virus to be released in public was Elk Cloner. It was created by a US high school student Rich Skrenta as a joke and was spread via floppy disk, targeting the Apple DOS 3.3 operating system. When a computer became infected by the Elk Cloner, it would copy itself into a video game and would be set off on the 50th play of the game. Once activated, a poem about the virus would be displayed on the computer screen.
The first year that large numbers of computer viruses for personal computers (PCs) start to appear. The Brain virus (created in Pakistan) was one of the first and most well-known from this period. It was a boot sector virus and would spread to new computers through infected floppy disks. The virus included the following text in the boot sector of the infected disk:
Welcome to the Dungeon (c) 1986 Basit & Amjads (pvt) Ltd VIRUS_SHOE RECORD V9.0 Dedicated to the dynamic memories of millions of viruses who are no longer with us today – Thanks GOODNESS!! BEWARE OF THE er..VIRUS : this program is catching program follows after these messages….$#@%$@!!
Robert Morris created the ARPANET worm discovered in 1988. This virus was designed to reproduce itself and computer files, and then spread to all of the networked computers. The files that were reproduced eventually became large enough to completely fill the computer memories of the networked computers which resulted in approximately 6,000 computers on the network becoming disabled.
The Friday the 13th virus was also first discovered in this year. It was programmed to delete files on infected computers on Friday the 13th and caused a significant amount of damage world-wide.
The first encrypted virus, Cascade, was first discovered.
1989 saw the AIDS Trojan virus first appear which was the first known instance of “ransom ware.” The virus would infect the MS DOS AUTOEXEC.BAT file and would then count the number of times that the computer boots. Once the count reaches 90, the virus proceeds to hide DOS directories and also encrypt all of the file names on the C drive of the computer essentially making the computer unusable. The virus then asked the user to renew their license and to send $189 USD to a P.O. Box in Panama.
In order to address public demand for countermeasures against the growing computer virus threat, the first anti-virus software starts to appear on the market.
Symantec releases Norton Anti-Virus.
The Tequila polymorphic virus is discovered. This was the first known virus with the capability to change the composition of the virus as it spreads to other computers.
By 1992 there are now more than 1,000 publicly recognised viruses.
One of the first major computer virus hoaxes is released, call the “Good Times” virus. Warnings about the virus quickly spread amongst Internet users in 1994 with the virus supposedly transmitted via an email that used the subject line of “Good Times.” The warning recommended that the computer user should delete any email with the subject line without reading it. Although the virus was never found to exist, the warnings about it become almost virus-like.
Macro viruses started to emerge. The first known “Word” virus discovered in this period was the Concept virus.
The Melissa virus started infected large numbers of computers by sending itself to the first 50 email addresses in the Microsoft Outlook address book. The virus is estimated to have caused more than $80 million in damages and resulted in the virus author being sentenced to jail for 20 months.
The “I Love You” virus was written by a student in the Philippines and would go on to infect several million computers. It worked in a similar fashion to the Melissa virus, but would send passwords over the network and would also overwrite image files on the target computers.
The Code Red worm infected large numbers of Windows NT and Windows 2000 servers starting in July 2001. The worm caused more than USD $2 billion in estimated damages. The worm was able to run entirely in memory and did not leave any files behind.
In January of this year, the Slammer worm spread at the fastest rate seen to date. It would go on to infect large numbers of computers. The worm exploited a buffer overflow bug in the Microsoft SQL Server and Desktop Engine database products and infected more than 75,000 computers in less than 10 minutes.
The Bagle worm was discovered. The malware is designed to spread via email attachment and targets all versions of Microsoft Windows. Once installed on a computer, the virus installs a backdoor that allows a remote user to gain control over the infected computer. The virus included its own SMTP engine in order to help mass email the virus as an attachment based on the email address book on the infected computer. Some of the variants of the Bagle virus include the following text:
“Greetz to antivirus companies
In a difficult world,
In a nameless time,
I want to survive,
So, you will be mine!!
— Bagle Author, 29.04.04, Germany.”
The Sasser and MyDoom viruses were also discovered in 2004. MyDoom was responsible for slowing down the global Internet speed by 10 percent and also reduced website access to a number of sites around the world by up to 50 percent.
In March of 2005, the first cell phone virus was discovered and named, Commwarrior-A. The virus is thought to have originated in Russia and spread via text message.
The Conficker worm was discovered this year and the name was based on the words configuration and the German “Ficker” which is a vulgar term in the English language. The worm leverages flaws in Windows software and makes use of a standard dictionary attack to crack administrator passwords to help it spread. Once spread, the worm forms a botnet and has infected millions of computers in more than 200 countries since it was first discovered. The initial variant of Conficker exploited a vulnerability in network services found in Windows XP, Windows 2000, Windows Vista, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 Beta
The Stuxnet and DuQu viruses were discovered in the 2009/2010 timeframe. They are referred to as the first public cyber super weapons and are alleged to have been created by the Israeli and United States governments. Although designed to attack Iranian nuclear facilities, the virus has since spread beyond the intended targets.
The DuQu computer worm was first discovered in September of 2011 and is believed to be related to the Stuxnet worm. Similar to Stuxnet, DuQu exploits zero-day Windows kernel vulnerabilities and signs its components with stolen digital keys. DuQu is not a destructive virus being focused on gathering information; however, it could be modified to include a special payload in the future. When found on personal computers, DuQu has been known to delete recent information entered onto the computer. The primary point of the DuQu virus appears to be to steal private keys and digital signatures in addition to capturing other critical information on targeted systems.
2012 saw the Flame virus attack computer systems primarily located in the Middle East that run the Windows operating system. Also known as sKyWIper, the virus is unique in that it would be loaded into an infected system in parts. The first component of the virus is approximately six megabytes in size and contains approximately six other compressed modules. Once the virus became known publicly, the virus authors sent a module which disabled the virus.
The Future of Computer Viruses
For more than 60 years, computer viruses have been part of collective human consciousness, however what was once simply cyber vandalism has turned quickly to cybercrime. Worms, Trojans and viruses are evolving. Hackers are motivated and clever, always trying to push the boundaries of connection and code to devise new infection methods. The future of cybercrime seems to involve more PoS (point of sale) hacks, and, perhaps, the recent Moker remote access Trojan is a good example of what’s to come. This newly-discovered malware is hard to detect, difficult to remove and bypasses all known defences.
And so like human viruses, the only sure future of computer viruses is change and adaptability; both attack and defence.
CybACADEMY courses powered by GoldPhish® educates employees on the cyber risk and helps build a more secure organisation with awareness training.
Our FREE Campaign is aimed at helping smaller businesses get one step ahead of the cyber criminals with Free awareness training.