At the beginning of the PC era, Internet security was not much of a concern as people simply booted their machines and loaded programs without worry.
In that earlier, more innocent era, the term “virus” was relegated strictly to the realm of clinical biology and only living things could actually get viruses. That all changed 30 years ago this month when University of Southern California graduate student Fred Cohen coined the term “computer virus.”
The world’s first computer virus had actually appeared a year before in 1982, with the debut of the Elk Cloner, which affected the Apple II operating system. For the first time in history, computers could now get “sick” with viruses, and the IT world has never been the same since.
Over the past 30 years, viruses have gone from that initial Elk Cloner virus, which had extremely limited impact, to widespread attacks that cripple companies and are now even part of the modern nation-state arsenal for cyber-warfare.
The timeline of viruses over the last 30 years has not been a straight line, and there have been multiple extinction events of entire classes of computer viruses as the IT industry has come to terms with virus threats. Roger Thompson, chief emerging threat researcher at ICSA (International Computer Security Association) Labs sees the past 30 years as being made up of multiple eras.
The first era was the age of DOS viruses which spanned from 1987 until 1995. Thompson described the period as one with “astonishingly complicated” code. One of the key evolutions during this period was the emergence of self-replicating viruses, known as worms.
On Nov. 2, 1988, Robert Morris, at the time a Cornell graduate student, unleashed the world’s first worm. It was a 99-line program and was designed to infect Sun Microsystems and Digital Equipment Corp. VAX environments. In 2001, some 13 years after the Morris worm was unleashed, eWEEK ran on a story titled, “Who Let the Worms Out?” which detailed the impact that security incident had.
According to Thompson, the release of Windows 95 was an extinction-level event for the first era of viruses. Windows 95 introduced a new protected mode operating system, eliminating an entire class of viruses. At the same time, Microsoft introduced Office 95, which included a powerful macro language, which opened the door to a new era of the most destructive viruses that computing infrastructure had ever seen up to that date.
While the Morris worm was mostly a proof of concept, the Melissa worm of 1999 was not. Melissa was the first mass-mailing email virus and even 10 years after it first hit, eWEEK was still lamenting its destructive impact. Melissa’s impact, however, pales in comparison to the devastation of the ILOVEYOU worm, which infected machines around the world in 2000.
The Melissa and ILOVEYOU viruses both overwrote and deleted files on millions of PC’s worldwide. The worm component of Melissa and ILOVEYOU accessed users’ contact lists in order to replicate and widely spread the destruction.
Melissa and ILOVEYOU were both macro viruses that leveraged Microsoft’s Visual Basic scripting language in order to execute their destructive payloads. In April 2001, still reeling from the impact of ILOVEYOU, eWEEK reported that Microsoft restructured its entire security mantra in order to prevent a similar event from ever happening again. As it turned out though, the worst for Microsoft was yet to come.
eWEEK 30: Computer Viruses Evolve From Minor Nuisances to Costly Pests
Thompson referred to the era beginning in July 2001 as “the time of network worms.” In July 2001, Code Red, the first server-based virus, hit Microsoft’s Internet Information Server, attacking Websites with denial-of-service (DoS) attacks as well as defacing Websites with the slogan, “Hacked by Chinese.” At the end of July 2001, eWEEK reported that more than 300,000 servers were affected by Code Red in its first month alone.
In September 2001, the carnage continued with the W32.Nimda worm. At the time, an eWEEK report estimated the cost to cleanup Nimda could top $500 million.
Nimda was just the tip of the network worm iceberg. In January 2003, the SQL Slammer worm first hit the Internet. By February 2003, it was clear that the SQL Slammer attack had infected more than 200,000 machines running Microsoft’s SQL Server software and caused widespread damage.
SQL Slammer slowed Internet traffic to a crawl in many areas when it was first launched because it was generating billions of repetitive attacks on computers across the Web.
During 2003, the Blaster worm also wreaked havoc across the Internet and infected hundreds of thousands of machines. Blaster was followed by MyDoom in January 2004, which was spread via email and included a DoS attack component.
With the release of Windows XP SP2 in 2004, another extinction level event hit the world of viruses. Thompson noted that Windows XP SP2 included a build-in firewall for the first time in the history of Microsoft’s desktop operating system. The addition of the default firewall had the effect of limiting the spread of network worms and the damage they caused.
Worms still persisted beyond 2004. In 2008, the Conficker worm first appeared and went through a number of evolutions. It was expected to unleash its payload on April 1, 2009. An expert working group of industry vendors came together to find a cure that limited the impact of Conficker. By April 2009, the working group’s fix blocked more than 300,000 botnet-controlled domains that were programmed to unleash Conficker’s payload.
The age that we’re in now is the age of advanced persistent threats (APTs) and Trojans. According to Thompon’s data, malware programmers release thousands of Trojans every day. A Trojan is a type of malware that inserts itself on a user’s device in a bid to extract information.
“We’re now in an age of criminal Trojans and enterprise malware,” Thompson said.
The first viruses and worms of 30 years ago were built as proofs of concept and later as destructive nuisances—not, for the most part, to steal money. The modern era of viruses and Trojans is all about making money for hackers. There is also a large amount of APT activity from professional coders to build malware for nation-state cyber-spying and cyber-war activities.
One such example is the Stuxnet malware, which was allegedly created by the U.S. National Security Agency and Israel in a bid to stop Iran from building nuclear weapons.
While there have been extinction-level events for the viruses and malware of the past, there might not be another extinction event for the modern era of Trojans and APTs.
“We’re moving to a world where BYOD [bring your own device] is the new norm, and I’m pretty sure that BYOD should be an acronym that stands for, bring your own destruction,” Thompson said. “There are now a great many ways that code can get in today.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.