On the Origin and Evolution of Computer Viruses

Compelling statistics on virus infections last year sets the scene of this brief history of computer viruses.

On the Origin and Evolution of Viruses - 3765 Virus Active Today

According to Panda Software some 3765 viruses are active today - but how did it all start and how did the several species evolve?

Viruses didn't start spreading systematically and frequently until 1987 when the fast-spreading IBM Christmas Worm with half a million replications an hour infected IBM. The Internet Worm created by Morris caused the first Internet crises in 1987/8 and shut down many computers. In 1989 the AIDS Trojan was created and sent as an AIDS information program - the Trojan held data hostage demanding sums of money to be paid for the decryption key.

In 1990, Panda Software opened shop in Spain. The Tequila polymorphic (with the ability to change) virus made its appearance in 1991 and variants of it are still found in the wild. A year later, the Michaelangelo virus became the first virus to attract media attention as it predicted massive damage. The first toolkits to fabricate viruses also emerged while McAfee was first incorporated distributing its products via freeware.

With the Internet Liberation Front, 1995 marked the Year of the Hacker when attacks on NASA, other US Government departments, IBM and General Electric were recorded. The first Word Macro virus appeared in the same year while Microsoft launched Windows 95. The first 95-specific virus, Boza, appeared together with Staog the first Linux virus. Strange Brew was the first Java virus in 1998 and Back Orifice was the first Trojan designed to be a remote administration tool that allows others to take over a remote computer via the Internet. Access viruses also appeared for the first time seven years ago. In 1999, Melissa hit used Outlook and Outlook Express to send itself to others via email.

2000 saw Yahoo shutting down because of the first distributed denial of service attacks (DDos). The new millennium also saw Love Letter, a worm that spread around the Internet like wild fire. That year, Internet enabled telephones on the Spanish network were hit by the first attack on a telephone system, Timofonica.

Liberty was accidentally released in the wild and this was the first Trojan developed for the Palm PDA. The first worm (Gnuman) to attack a peer-to-peer communication network appeared in 2001 disguising itself as an MP3 file. The LogoLogic-A worm spreads via MIRC chat and E-mail in the same year while the first worm capable of spreading itself through Adobe's PDF software appeared. The first virus to infect shockwave files made its first appearance in January 2002 while in March, the first native .NET worm written in C#, Sharp-A was announced.

Also in late May the Benjamin appeared. Benjamin was unique in that it uses the KaZaa peer-to-peer network to spread. In 2003, Slammer's spreading technique worked so well that for some period of time all of South Korea was effectively eliminated from the Internet. Some of the malware of 2003 were accompanied by very realistic graphics and links to make you think the mail actually came from the likes of Microsoft or Paypal.

In 2004 the Trojan.Xombe was sent to a wide audience and posed as a message from Microsoft Windows Update asking you to run the attached revision to XP Service Pack 1. The weekend of 20/21 March introduced Witty the first worm to attack security software directly. The worm erased portions of the hard drive while sending itself out. August saw a backdoor for PocketPC devices. Last year also marked the first ever computer virus, Cabir, spread by mobile phones - this virus was sent to anti-virus firms. No infections were reported and the worm was harmless, however it shows that mobiles are also at risk from virus authors.

And this is just viruses. Spyware, adware, security risks, vulnerabilities, diallers, hoaxes, hacking tools, spy programs and keyloggers are all in the wild wreaking havoc and causing some serious damage to millions of legitimate users worldwide.

Gaps in Security
"The future is not ours to see" but in security you cannot take a "que sera' sera' attitude"! Virus authors are continually developing new threats and new tactics to ensure that their malware infects as many victims as possible. For example, new variants of Mytob were appearing every hour. Some viruses also disguise themselves as critical Windows system files like lsass and svchost. These variants are appearing at a rate far faster than anti-virus firms can analyse them and update their scanners leaving serious gaps in anyone's security architecture.

Installing anti-virus, anti-spyware and firewall software, together with the information provided by processlibrary.com should give you the best protection possible against the security threats existing today.

During the couple of hours it took me to write this article, the active viruses to date increased from 3765 to 3811 (Source: Panda Software).