A Brief History of Malware — Its Evolution and Impact
A brief look at the history of malware shows us that this malicious menace has been with us since the dawn of computing itself. According to Scientific American, the idea of a computer virus extends back to 1949, when early computer scientist John von Neumann wrote the “Theory and Organization of Complicated Automata,” a paper that postulates how a computer program could reproduce itself. In the 1950s, employees at Bell Labs gave life to von Neumann’s idea when they created a game called “Core Wars.” In the game, programmers would unleash software “organisms” that competed for control of the computer.
The earliest documented viruses began to appear in the early 1970s. Historians often credit the “Creeper Worm,” an experimental self-replicating program written by Bob Thomas at BBN Technologies with being the first virus. Creeper gained access via the ARPANET and copied itself to remote systems where it displayed the message: “I’m the creeper, catch me if you can!”
The term “virus” however, wasn’t introduced until the mid-eighties. Fred Cohen, often considered the father of what we know today as a computer virus, coined the term in his 1986 Ph.D. thesis. He defined a “virus” in a single sentence as: “A program that can infect other programs by modifying them to include a, possibly evolved, version of itself.”
From these simple and benign beginnings, a massive and diabolical industry was born. Today, according to The Anti-Phishing Workgroup, malware has infected one-third of the world’s computers. The consequences are staggering. Cybersecurity Ventures reports that losses due to cybercrime, including malware, are anticipated to hit $6 trillion annually by 2021.
In this post, we’ll take a brief look at the history of malware and how it evolved and impacted the world. For a more in-depth look at the various types of malware, see Lastline’s blog Malware Types and Classifications.
History of Malware — The Early Years
Early malware was primitive, often spreading entirely offline via floppy disks carried from computer to computer by human hands. As networking and the internet matured, malware authors were quick to adapt their malicious code and take advantage of the new communication medium.
Here’s a representative list of some of the significant early versions of malware and how they impacted the world[i].
- 1971 Creeper: An experiment designed to test how a program might move between computers.
- 1974 – Wabbit: A self-replicating program that made multiple copies of itself on a computer until it bogs down the system to such an extent that system performance is reduced and eventually crashes. Researchers named this virus “wabbit” (rabbit) because of the speed at which it was able to replicate.
- 1982 – Elk Cloner: Written by a 15-year-old, Elk Cloner is one of the earliest widespread, self-replicating viruses to affect personal computers. Elk Cloner displayed a friendly little poem on the infected system: “It will get on all your disks; It will infiltrate your chips; Yes, it’s Cloner!”
- 1986 – Brain Boot Sector Virus: Generally regarded as the first virus to infect MS-DOS computers. Its origin stems from two brothers in Pakistan who created it to test loopholes in their company’s software.
- 1986 — PC-Write Trojan: Malware authors disguised one of the earliest Trojans as a popular shareware program called “PC-Writer.” Once on a system, it would erase all of a user’s files.
- 1988 — Morris Worm: This worm infected a substantial percentage of computers connected to ARPANET, the forerunner of the Internet, essentially bringing the network to its knees within 24 hours. Its release marked a new dawn for malicious software. The author, Robert Morris, became the first malware author convicted for his crimes.
- 1991 — Michelangelo Virus: It was so named because the virus was designed to erase information from hard drives on March 6th, the birthday of the famed Renaissance artist. The virus was at the center of a wild media storm with panicked reporters claiming that it had infected millions of computers and that the world would see dire consequences on March 6th. In reality, the virus only impacted about 10,000 systems, but the hype significantly raised public awareness of computer viruses.
- 1999 — Melissa Virus: Generally acknowledged as the first mass-emailed virus, Melissa utilized Outlook address books from infected machines, and mailed itself to 50 people at a time.
History of Malware — Toolkits and Astonishing Rates of Infection
Between 2000 and 2010, malware grew significantly, both in number and in how fast infections spread. At the start of the new millennium, Internet and email worms were making headlines across the globe. Later, we witnessed a dramatic increase in malware toolkits, including the now infamous Sony rootkit, which was instrumental in malware authors including rootkits in most modern malware. Crimeware kits aimed specifically at websites also rose in popularity, and the number of compromised websites escalated correspondingly. SQL injection attacks became a leading threat, claiming popular victims such as IKEA.
Here’s a summary of some of the significant malware released between 2000 and 2010:
- 2000 – ILOVEYOU Worm: Spreading by way of an email sent with the seemingly benign subject line, “ILOVEYOU,” the worm infected an estimated 50 million computers. Damages caused major corporations and government bodies, including portions of the Pentagon and British Parliament, to shut down their email servers. The worm spread globally and cost more than $5.5 billion in damages.
- 2001 – Anna Kournikova Virus: Emails spread this nasty virus that purported to contain pictures of the very attractive female tennis player, but in fact hid the malicious malware.
- 2003 – SQL Slammer Worm: One of the fastest spreading worms of all time, SQL Slammer infected nearly 75,000 computers in ten minutes. The worm had a major global effect, slowing Internet traffic worldwide via denial of service.
- 2004 – Cabir Virus: Although this virus caused little if any damage, it is noteworthy because it is widely acknowledged as the first mobile phone virus.
- 2005 – Koobface Virus: One of the first instances of malware to infect PCs and then propagate to social networking sites. If you rearrange the letters in “Koobface” you get “Facebook.” The virus also targeted other social networks like MySpace and Twitter.
- 2008 – Conficker Worm: A combination of the words “configure” and “ficker”, this sophisticated worm caused some of the worst damage seen since Slammer appeared in 2003.
History of Malware – State Sponsored, Sophisticated and Profitable
Between 2010 and the present time, we’ve again observed significant evolution in the sophistication of malware. Organized crime and state sponsors upped the game dramatically with large, well-funded development teams. These malicious workgroups continue to evolve today, developing advanced malware with evasion tactics that outsmart many conventional anti-malware systems. Infiltrating factories and military systems became a common reality, and the monetization of malware grew rapidly with dramatic growth in ransomware and other illegal schemes.
Here are some notable varieties of malware that have had a major impact between 2010 and today.
- 2010 – Stuxnet Worm: Shortly after its release, security analysts openly speculated that this malicious code was designed with the express purpose of attacking Iran’s nuclear program and included the ability to impact hardware as well as software. The incredibly sophisticated worm is believed to be the work of an entire team of developers, making it one of the most resource-intensive bits of malware created to date.
- 2011 — Zeus Trojan: Although first detected in 2007, the author of the Zeus Trojan released the source code to the public in 2011, giving the malware new life. Sometimes called Zbot, this Trojan has become one of the most successful pieces of botnet software in the world, impacting millions of machines. It is often used to steal banking information by man-in-the-browser keystroke logging and form grabbing.
- 2013 – Cryptolocker: One of many early ransomware programs, Cryptolocker had a significant impact globally and helped fuel the ransomware era.
- 2014 – Backoff: Malware designed to compromise Point-of-Sale (POS) systems to steal credit card data.
- 2016 – Cerber: One of the heavy-hitters in the ransomware sphere. It’s also one of the most prolific crypto-malware threats. At one point, Microsoft found more enterprise PCs infected with Cerber than any other ransomware family.
- 2017 – WannaCry Ransomware: Exploiting a vulnerability first uncovered by the National Security Agency, the WannaCry Ransomware brought major computer systems in Russia, China, the UK, and the US to their knees, locking people out of their data and demanding they pay a ransom or lose everything. The virus affected at least 150 countries, including hospitals, banks, telecommunications companies, warehouses, and many other industries.
History of Malware — From PCs to Just About Everything Electronic
Although malware gained much of its initial footing by infecting computers like PCs, today virtually anything with a microprocessor is at risk. Researchers have demonstrated how malware can infect hundreds of new targets, including wearables (like watches and Fitbits), light bulbs, automobiles, water supply systems, and even airliners.
Moving from research and theory to reality, cybercriminals have already successfully deployed malware that compromised everything from simple devices to complex industrial complexes, including mobile phones, ATM machines, security cameras, TVs, e-cigarettes, vending machines, and nuclear plants. This list is of course, just a small representation of actual malware infections.
History of Malware — Is This Just the Beginning?
Most wars involve a specific set of countries and have a defined beginning and end. Regrettably, the war with malware impacts everyone across the globe and has no end in sight. According to CNBC, cyberattacks are the fastest growing crime in the United States (and it’s easy to speculate, the fastest growing crime in the rest of the world as well).
While the cybersecurity industry is feverishly working to control malware—and succeeding in many ways, cybercriminals show no signs of defeat, or even of slowing down. When cybercriminals are thwarted in one area, they quickly develop new tactics and attack in another. As a precursor to what may happen in the near future, see Malware Attack Vectors: What to Expect in 2018.
In all probability, most of the history of malware lies in front of us, not behind us. We can expect to see cybercrime continue to cause unprecedented damage to both private and public enterprises.
Fortunately, those organizations that diligently deploy the latest anti-malware solutions stand a good chance of avoiding much of the damage that malware will no doubt inflict on the masses.
[i] Additional Sources:
- Timeline of Computer Viruses and Worms, Wikipedia, Mar 30, 2018
- A Short History of Crimeware, CSO, Nov 4, 2017
- When Did the Term Computer Virus Arise? Scientific American
- Creeper (Program), Wikipedia, Mar 30, 2018
- Report: Malware Poisons One-Third of World’s Computers, TechNewsWorld
- Cybercrime Damages Predicted to Cost $6 Trillion Annually by 2021, PRNews Wire, Oct 19, 2017
- Protect Against the Fastest Growing Crime: Cyber Attacks, CNBC, 25 July 2017
- Everything You Need to Know About WannaCry, CNET, May 19, 2017
- Ransomware: Security Researchers Spot Emerging New Strain of Malware, ZDNET, Oct 19, 2017
- The Story Behind The Stuxnet Virus, Forbes, Oct 17, 2010
- Cryptlocker: What You Need to Know, The Guardian, Jun 3, 2014
Latest posts by Bert Rankin (see all)
- RSA Hot Topic — IoT Security and Managing Unknown Devices - April 18, 2018
- Machine Learning for Cybersecurity: Good, but Imperfect - April 17, 2018
- Hot Topics for RSAC 2018 - April 11, 2018