A History of Malware

In today’s world, most personal information is housed on a computer or in some online space. As this volume of data increases, so does a hacker’s incentive to steal it. Cyber threat is extremely present and for this reason, cyber security is an important topic to discuss.

Between 2004 and 2013, over 1 billion records of personal information were stolen or leaked

Over the years there have been thousands of thousands of viruses spread online and they have created billions of dollars of damage from lost productivity, wasted resources, and broken machines.

What is Malware?

Malware, which is short for malicious software, is an umbrella term that refers to a variety of harmful or intrusive software, including computer viruses, worms, Trojan horses, ransomware, and other malicious programs. These programs are created by hackers who may want to use your computer to attack other targets, to make money by stealing your personal information, or to simply troll the internet. Different types of malware can affect Windows, Mac, and Linux computers, and the data servers that keep companies and the internet itself running. Here are a few good terms to know:

  • Computer viruses: Any kind of code that is designed to do harm and spread itself to more computers. Viruses almost always corrupt or modify files on a targeted computer.
  • Worms: A standalone program that replicates itself in order to spread to other computers. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth.
  • Trojan horses: Think of the of the story of how the Greeks concealed themselves in order to enter Troy. A Trojan Horse is any malicious computer program which misleads users of its true intent. Using social engineering, a Trojan Horse will gain a users trust by acting reputable and then coaxs the user into performing actions or divulging confidential information. Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves.
  • Ransomware: A form of blackmail when a hacker steals or threatens to destroy your computer assets until you play a release fee of anywhere from $400-$1000.
  • Drive-by download: When a user visits a web page and a malicious program downloads in the background.

Historial Malware Attacks

A few cyber attacks have become well known for either their place in time, their pervasiveness, their destruction, or a combination of all three. Here are the ones I found most interesting.

Creeper & Reaper, 1971

creeper.jpg

For the most part, malware in the 70’s, 80’s, and 90’s was more annoying that harmful.  The history of cyber security began with a research project lead by Bob Thomas. Bob  realized that it was possible for a computer program to move across a network, leaving a small trail wherever it went. In 1971, he designed Creeper, a program that traveled between Tenex terminals on the early ARPANET, printing the message “I’M THE CREEPER: CATCH ME IF YOU CAN.” A man named Ray Tomlinson saw this idea and liked it. He tinkered with the program and made it self-replicating—the first computer worm. He then wrote Reaper, the first antivirus software—which would chase Creeper and delete it.

The Morris Worm, 1988

The next monumental event the world of cyber threat came from a man named Robert Morris. In 1988 Robert wanted to gauge the size of the internet. To do this, he wrote a program designed to propagate across networks, infiltrate Unix terminals using a known bug, and then copy itself. The Morris worm replicated so aggressively that the early internet slowed to a crawl, causing untold damage.

The Melissa Virus, 1999

Que the rise of phishing: the fraudulent practice of sending emails designed to look reputable in order to induce individuals to reveal personal information. When the Melissa Virus was rampant, a person would receive an email with the subject “Important Message.” The email read “Here is that document you asked for … don’t show anyone else ;)” and included a single attachment. When the user opened the word doc, their computer would automatically open a multitude porn sites on their computer and send the email out to 50 of the users contacts from their address.

Effects: In just a few days, Melissa spread to hundreds of thousands of computers though Microsoft’s Outlook email program, but did not inflict damage to the computer itself. Email services however were significantly slowed down and this virus cost companies about $80 million overall.

ILOVEYOU Virus, 2000

iloveyou

Similar to Melissa, this email virus was very successful because leveraged social engineering; it was designed to make people curious enough to open the attachment. The infected email contained the subject line “ILOVEYOU” and came with an attachment titled “love-letter-for-you.txt” When opened, the virus wiped all local computer files overwriting everything with copies of itself. Meanwhile the virus would send itself to everyone in your address book.

Effects: Reached 45 million computers in just two days and caused $10 billion in damage.

Slammer, 2003

Slammer was a worm that targeted SQL servers which store databases using Microsoft SQL Server. The worm worked by taking advantage of a bug in the software by sending the server a specially formatted piece of code that appeared to be an ordinary request for information, but actually reprogrammed the server to send out more copies of itself.  These servers would then send requests to thousands of other servers, which could not handle all the traffic.

Effects: Slammer was extremely pervasive and infected 75,000 servers in just 10 minutes. Millions of servers were affected by this worm and and Slammer caused the internet to slow down to an unusable speed for users all over the world, if not crash. It is believed that Slammer caused about $1.2 billion dollars of damage.

Mebroot/Torpig, 2007

The main goal of Mebroot was to hook the user’s computer up to a botnet called Torpig. Mebroot enters a users computer via a drive-by download and from there it overwrites what is known as the Master Boot Record, the part of your computer’s record that stores the instructions that tell your computer how to start up. This allowed Mebroot to instruct the computer to connect to Torpig which then steals all of your information. Torpig use a spying technique known as Man-in-the-Browser by lurking in the user’s browser logging activity and any private information entered.

Effects: By late 2008, Torpig had stolen information connected to 500,000 bank accounts.

ZeroAccess Botnet, 2013

A botnet similar to Torpig, ZeroAccess botnet spread through a variety of channels, but most commonly via drive-by-download. Once infected, a users computer would earn the hacker revenue though bitcoin mining and click fraud.

Effects:  Known as one of the largest botnets in history, ZeroAccess affected over 1.9 million computers.

WannaCry Ransomware, 2017

Wana_Decrypt0r_screenshot

WannaCry is a ransomware worm that spread rapidly through across a number of computer networks by exploiting a Windows implementation. Once launched, the worm attempts to access a hard-coded URL (the so-called kill switch), and if it can’t, it proceeds to search for and encrypt files, leaving them inaccessible to the user. WannaCry then displays a ransom notice, demanding $300 in Bitcoin to decrypt the files.

Effects: Though its lifetime was only 4 days, WannaCry is responsible for over 200,000 victims and infecting more than 300,000 computers. According to one modeling source, economic losses from this cyber attack may have reached up to $4 billion.

Consumer Protection

If you are feelings uneasy about your computer security after reading this blog, rest assured, there are measures you can take to reduce cyber-threat. Install anti-virus programs, do not click on suspicious emails or links, and keep your operating systems and computer programs updated with the latest security patches. Computer security comes from consumer diligence and reading this post was a great way to start this effort! Thanks for making it to the end 🙂

13 thoughts on “A History of Malware

  1. Hi Lizzy! Good idea for a post, this is definitely a very relevant subject in this technological age. It is interesting (and not at all surprising) how malware often targets human social interaction and innate curiosity. This makes me think of the hacks many years ago in the earlier stages of Facebook where clicking on a link advertising something like a free iPad (a specific example I remember) would then grant the hacker access to your personal information and send that link out to all your friends with a message promoting it. As software and security becomes increasingly more sophisticated, malware has still obviously managed to have a drastic impact so hopefully there isn’t another WannaCry coming soon!

    Liked by 1 person

    • Happy you enjoyed it 🙂 Fighting malware and cyber attacks for big companies is a huge and ongoing task since user bases can be extremely large and there is often high volume and high value data at risk!

      Like

  2. Hey Lizzy! I got the chills reading this. I don’t usually think about malware because I’ve been lucky enough to have never been personally affected by it, but these huge outbreaks that have occurred over the years remind me how vast and unknown the web is. It’s crazy to think that so much progress has been made in security, and yet still new malware is created and spread. These landmark malware attacks are like something out of a Black Mirror episode.

    Liked by 2 people

  3. This was an awesome article! My mom is very conscious about everything online, and would always talk to me about sharing my information online. Now, I want the computer to take my data! Apps like Spotify, Google, and Uber track my information all the time, and I don’t even think about it. With stories like Target, Equifax, or Home Depot becoming the norm, I think having your information stolen is almost guaranteed.

    I know security is very important, but Im surprised that there is very little as far as insurance or protection from this. Companies like LifeLock provide security, but they can’t protect you from everything. Also, its interesting how Malware uses human psychology in order to spread.

    Liked by 2 people

  4. I think its a great point that the threat of Malware is ever increasing, and it shows no signs of stopping. I remember when pop up ads and emails from grandma were the main culprits, but now it seems like large corporations and institutions are the main targets from from seriously malicious hacks. Information protection is becoming more important than ever, and with the developments of the cloud, I wonder if it will become harder or easier for leakers/hackers to obtain your information. Either way, nice post.

    Liked by 1 person

  5. Great post Lizzy! I had always wondered about the logistical details of data hacks and malware, so this post was extremely informative for me! It inspired me to read more about the tech side of the Equifax hack last year, and I found an article that describes the malware present in this case. If you are interested in reading it, here is the link: https://www.extremetech.com/internet/257364-equifax-website-hacked-serve-malware-course. It turns out that the source of the hack was a compromised advertising partner.

    Something that really stood out to me in this post is the LARGE SCALE of these attacks, both in the amount of servers/computers affected and in the cost of damages. The ILOVEYOU virus reached 45 million computers and caused $10 BILLION in damage…wow. Again, great work!

    Liked by 1 person

  6. Great post, Lizzy!
    Cyber-security is such an interesting topic today – it seems inevitable that all of us will have our personal information compromised at some point through security breaches. Public Wifi, for example, is something I am always a bit cautious about because you do not really know who is providing the Wifi that you’re making your devices vulnerable to. As more things move to the cloud and IoT, I’m interested to see some of the measures that large companies take to ensure data safety and security online.

    Like

  7. Hey Lizzy! Great overview of the history of Malware. This was really informative, and it reminded me of how important it is to be careful with all of the new technology in our lives. In our discussion a few weeks back it was brought up that certain companies don’t trust Google or Amazon Web Services with their proprietary data. It will even be necessary for large tech giants to make sure more consumers feel safe using their services going forward in the future as our society becomes more and more reliant on technology. The future of cybersecurity will definitely be fascinating!

    Like

  8. This was chillingly fascinating, Lizzy! I’m surprised there aren’t more TV shows about cybercrime…it has the twisted intrigue of any crime but with an intellectual and far-reaching spin. While malware attacks are normally thought of on an individual level, your mention of the aggregate cost is mind-boggling. Your blog sparked so many questions that could comprise an entire course just to answer—how long does it take to plan a cyber crime and what sort of people/organizations are behind it? How do you regulate and punish cyber crime when it spans international borders? I’ve heard that Apple products are less vulnerable to attacks than Windows, is that due to their closed ecosystem? What steps can Windows and Linux computers take to ward off attacks? Is paying the only way to recover from a ransomware attack, or can you hack your way around it? How do you know if your computer has been the victim of a drive by download? So many questions…such an interesting topic!

    Like

  9. Great detailed look at the history of bad stuff on the internet. Glad to say I’ve never experienced a serious bug like any of these but crossing my fingers it never happens. Nevertheless, I thought the guy who designed the creeper was definitely the most humorous.

    Liked by 1 person

  10. I think this blog could be the inspiration for the next Stephen King book! Great post. Sharing information has never been easier. People (myself include) tend to share sensitive information willingly without thinking about how secure something is. We are constantly hearing about big companies falling victim to cyber attacks. This will continue to be an ongoing issue and companies need to constantly innovate to create secure systems to defend against malware and cyber attacks!

    Liked by 1 person

  11. As someone who works in IT (and the Walk-In Help Desk right here on campus), this was really cool to read. As I started my freshman year, we had some WannaCry victims — and that was 2014! Scary how it’s since evolved and still targets unsuspecting PC users. Thanks for sharing!

    Like

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s