eWEEK 30: Computer Viruses Evolve From Minor Nuisances to Costly Pests
Thompson referred to the era beginning in July 2001 as "the time of network worms." In July 2001, Code Red, the first server-based virus, hit Microsoft's Internet Information Server, attacking Websites with denial-of-service (DoS) attacks as well as defacing Websites with the slogan, "Hacked by Chinese." At the end of July 2001, eWEEK reported that more than 300,000 servers were affected by Code Red in its first month alone. In September 2001, the carnage continued with the W32.Nimda worm. At the time, an eWEEK report estimated the cost to cleanup Nimda could top $500 million. Nimda was just the tip of the network worm iceberg. In January 2003, the SQL Slammer worm first hit the Internet. By February 2003, it was clear that the SQL Slammer attack had infected more than 200,000 machines running Microsoft's SQL Server software and caused widespread damage. SQL Slammer slowed Internet traffic to a crawl in many areas when it was first launched because it was generating billions of repetitive attacks on computers across the Web.With the release of Windows XP SP2 in 2004, another extinction level event hit the world of viruses. Thompson noted that Windows XP SP2 included a build-in firewall for the first time in the history of Microsoft's desktop operating system. The addition of the default firewall had the effect of limiting the spread of network worms and the damage they caused. Worms still persisted beyond 2004. In 2008, the Conficker worm first appeared and went through a number of evolutions. It was expected to unleash its payload on April 1, 2009. An expert working group of industry vendors came together to find a cure that limited the impact of Conficker. By April 2009, the working group's fix blocked more than 300,000 botnet-controlled domains that were programmed to unleash Conficker's payload. The age that we're in now is the age of advanced persistent threats (APTs) and Trojans. According to Thompon's data, malware programmers release thousands of Trojans every day. A Trojan is a type of malware that inserts itself on a user's device in a bid to extract information. "We're now in an age of criminal Trojans and enterprise malware," Thompson said. The first viruses and worms of 30 years ago were built as proofs of concept and later as destructive nuisances—not, for the most part, to steal money. The modern era of viruses and Trojans is all about making money for hackers. There is also a large amount of APT activity from professional coders to build malware for nation-state cyber-spying and cyber-war activities. One such example is the Stuxnet malware, which was allegedly created by the U.S. National Security Agency and Israel in a bid to stop Iran from building nuclear weapons. While there have been extinction-level events for the viruses and malware of the past, there might not be another extinction event for the modern era of Trojans and APTs. "We're moving to a world where BYOD [bring your own device] is the new norm, and I'm pretty sure that BYOD should be an acronym that stands for, bring your own destruction," Thompson said. "There are now a great many ways that code can get in today." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
During 2003, the Blaster worm also wreaked havoc across the Internet and infected hundreds of thousands of machines. Blaster was followed by MyDoom in January 2004, which was spread via email and included a DoS attack component.