Malware part 1, Introduction
Imagine for a moment that you are sitting at your computer comparing sales figures from before and after a recent marketing campaign. Your favorite station is on the radio, but they’re playing that awful song from whats-her-name. You know the one I mean. So you reach over to change the channel and…CRASH!
“FBI! On the ground! On the ground!”
Your front door is in splinters, there’s a man in black wearing body armor and a ski mask, pointing a shotgun at your face.
“On the ground now!”
Shortly, you’re in a small, but very well lit conference room trying to answer questions about child pornography, lists of credit card numbers, and millions of SPAM email messages all originating on your home office computer. You didn’t put them there. You have no idea where they came from, and to tell the complete truth, you’re having trouble believing any of it. The chances are good that within a few days it will all be cleared up. You’ll be free to go with your official record clear and your conscience clean. Your reputation, however, will never be the same, and you will probably never get your computer back.
You have become the victim of a computer worm that turned your computer into a porn and fraud clearinghouse, and the first warning you ever heard was the battering ram on your door.
Although this very scenario has actually happened to some people, it probably won’t happen to you.i Much more likely, your computer will slow down until it’s almost useless, or every other Google or Yahoo search will open a completely unexpected web site. Maybe your computer will present you with a dire warning about a massive virus infection. Just give up your credit card number, and this software that you don’t remember installing will clean it right up. “It” being your bank account, not the virus.
There are thousands, possibly millions of malicious programs that somebody out there wants to run on your computer. Maybe they want to make a political statement, make a few bucks, or just get a laugh. The first computer viruses were harmless. One programmer was looking for a more efficient way to install software on multiple computers. Another wanted to show off his skill and yet another just wanted to make his computer do tricks.ii Pretty soon, somebody realized they could do something really nasty with a self-replicating program. Next thing you know there’s Sasser and Netsky and Conficker stealing your passwords and hijacking your computer to attack some other unsuspecting soul. The motives for malware makers have changed dramatically over the last decade. Now they aren’t just looking for entertainment or bragging rights. Now they’re after your bank accounts and worse. Take a look at this brief history of computer viruses.
1971 – The Creeper virus copied itself to computers across ARPANET but did no actual harm.
1974 – The Animal Trojan kept a user distracted with a text-based game while it spread copies of itself. It was carefully programmed not to cause damage.
1981 – The Elk Cloner virus was created at Texas A&M and infected diskettes for Apple II computers. It was mostly harmless but might have been the first computer virus to spread in the wild.
1986 – Brain, a misguided attempt at copyright protection, infected the boot sector of IBM PC diskettes.
1987 – Multiple destructive computer viruses spread all over the world: Jerusalem (aka Friday the 13th), SCA, Vienna, and others.
1988 – Robert Morris created the first Internet worm supposedly as an experiment.
1990 – The Chameleon virus was created by a virus researcher and could rearrange its own code to better escape detection.
1992 – Widespread fear of the Michaelangelo virus probably caused more inconvenience than the virus itself, which turned out to be something of a dud.
1995 – WM.Concept was the first macro virus, infecting Microsoft Word’s default template file and any Word documents created on the same computer.
1998 – The Chernobyl virus from Taiwan (not any of the former Soviet republics) attacked Microsoft Windows computers.
1999 – Perhaps one of the most famous viruses of all time, Melissa infected an enormous number of computers around the world. Worms and viruses began proliferating faster than rabbits.
2000 – The ILOVEYOU worm shared the love by emailing itself to everyone in its victim’s address book.
2001 – The Code Red worm was intended to create a bot-net for attacking the White House’s website. The Nimda worm (admin spelled backwards) spread through multiple vectors: email, Internet Information Servers, shared network drives, and security vulnerabilities created by previous virus infections.
2003 – Blaster exploited a vulnerability in Windows to direct a worldwide attack against the Microsoft Windows Update servers. The SQL Slammer attacked Microsoft SQL Servers.
2004 – The Mydoom email worm created a large bot-net that spammers could use to promote their favorite herbal supplements and credit fixes. Computers everywhere began seeing pop up advertisements for fake antivirus programs, courtesy of the Vundo Trojan (aka Virtumonde).
2008-2009 – Variants of the Conficker worm infected millions of computers, tying them together into a massive bot-net to be used for any number of criminal purposes.
Whew! There are a lot more where those came from, but I think you get the picture. There are hundreds of thousands of viruses, trojans, worms, and other forms of malware (malicious software) and thousands of people eager to use them to steal your private information, your money, or your hardware. In order to keep your computer safe, you have to have anti-virus software.
i Robertson, Jordan. “AP IMPACT: Framed for Child Porn…by a PC Virus.” ABC News. Accessed 12/30/2009. http://abcnews.go.com/Technology/wireStory?id=9028516
ii Slade, Robert M. History of Computer Viruses. Ch 1. Computer Knowledge. 2009. Accessed 12/22/2009. http://www.cknow.com/cms/vtutor/robert-slade-computer-virus-history.html