A short history of computer viruses

 

The first computer virus, called "Creeper system", was an experimental self-replicating virus released in 1971. It was filling up the hard drive until a computer could not operate any further. This virus was created by BBN technologies in the US.

The first computer virus for MS-DOS was "Brain" and was released in 1986. It would overwrite the boot sector on the floppy disk and prevent the computer from booting. It was written by two brothers from Pakistan and was originally designed as a copy protection.

"The Morris" was the first Computer virus which spread extensively in the wild in 1988. It was written by Robert Morris, a graduate student from Cornell University who wanted to use it to determine the size of the internet. His approach used security holes in send mail and other Unix applications as well as weak passwords, but due to a programming mistake it spread too fast and started to interfere with the normal operation of the computers. It infected around 15,000 computers in 15 hours, which back then was most of the internet.

Since then, many new viruses have been introduced and the trend is growing exponentially every year.

Infamous viruses of the digital age

Following are some of the most well-known or significant viruses that have grown in step with the role of information technology in society:

In 1991, the "Michelangelo" virus was first discovered in Australia. It would lay dormant until 6th March every year and then overwrite the first one hundred sectors on the storage devices with zeros, preventing the computer from booting. Only 20,000 computers were reported infected.

In 1998, CIH was released. It infected around 60 million computers and caused significant damages by overwriting important system files. It was written by a Taiwanese student.

In 1999, "Melissa" was released. This one, was the first wide spread Word Macro Virus. It was distributed via email and would automatically send itself to the first 50 people in the Outlook address book. It did not harm the computer as it was sending out passwords for some erotic websites which required membership. It caused so much email traffic resulting in email servers to crash.

2000 was the year of "iloveyou". Again, it came via email however it sent itself to all contacts. It also overwrote office, image, and audio files. The virus came from the Philippines and infected over 50 million computers in less than 10 days. Most companies back then decided to turn off their email servers to stop spreading the virus.

Since 2000, so many new viruses have been unleashed to wreak havoc on the world at large that it is difficult to list the most infamous. "Anna Kournikova", Code Red, Nimba, Beast, SQL Slammer, Blaster, Sobig, Sober, MyDoom, Netsky, Zeus, Conficker, Stuxnet, CryptoLocker, Locky, Mirai and WannaCry, are a few examples that come to mind.

Evolution of the cybersecurity threat

In 2013 the new form of ransomware started with the CryptoLocker virus. There have been many new versions of this virus including Locky and WannaCry, as well as Petya (not the latest version). The original CryptoLocker virus infected about half a million computers in its original version. Some of these clones, such as TorrentLocker or CryptoWall, were specifically designed to target computers in Australia.

Wannacry - image via http://www.bbc.com/news/technology-39924318

This year we have had virus attacks which spread very fast: WannaCry and NotPetya. Both of these viruses used a security hole within the protocol Windows uses to access files over the network (SMB). This security hole, named EternalBlue, was made public by a Hacker group called "Shadow Brokers", who stole it from the US National Security Agency (NSA). Although Microsoft released a patch for this vulnerability in March 2017, the number of systems worldwide based on obsolete/unsupported software, or that had not yet applied the latest updates, allowed WannaCry to gain a strong foothold through a phishing email attack. WannaCry infected around 200,000 computers across 150 countries before the "Kill switch" was discovered and stopped the virus from spreading further.

More recently, NotPetya exploited the same security hole. It was not delivered through email however, and therefore only had a limited reach. At first it was assumed that this virus might be an upgraded version of Petya, a CryptoLocker type ransomware. In fact, NotPetya was distributed as an updated version of a Ukrainian tax accounting package called MeDoc, and from there, it started spreading through internal networks of multinational companies with offices in Ukraine. It would encrypt all files on a computer as well as the master file table of a hard drive, preventing the computer from booting. NotPetya had a very basic payment system, compared to other ransomware type viruses. This led to the general opinion that the Petya part of the virus was a just a decoy and recovery of the files proved impossible.

 

Protecting yourself against the unknown

As new viruses are released, Anti-Virus software manufacturers apply new tools to fight them. It is a constant cat and mouse game.

Most of the ransomware type viruses cannot be detected with a classic Anti-Virus, so cyber security companies have started to conduct behaviour monitoring to detect them. It is just a matter of time, however, until there is a new virus that finds a way around each new detection method and the whole process begins again.

When the risks are always changing, the best steps to help you stay safe remain the same -constant vigilance to combat phishing email and fraudulent websites as the most common means of infection:

  • Do not open emails and email attachments, when you are not 100% certain that they are legitimate.
  • Do not click on links in emails or their attachments unless you were expecting to receive them. Remember, email accounts can be spoofed or hacked, so although a message may appear to come from a legitimate source, if the content is not what you expect from that sender it may not be trustworthy.
  • Keep your computer up to date with the latest software updates and security patches.
  • Check for spelling or grammar mistakes - this includes in the URL of websites you visit as well as the body of emails. For example, mistaking ofice.com for Microsoft's office.com will take you to a known malware site.
  • Make sure you report any suspicious emails or unusual system behaviour as soon as possible. Check out this Sentrian #AMA post for instructions on how to forward a suspicious email as an attachment to the Service Desk for investigation.


Comments

Check out our Facebook Posts and Interact with us for free....