History of Malicious Software

The first malicious programs were found on corporate networks in the 1970s. These were often spread on the ARPANet network (precursor to the Internet) and were often little more than practical jokes.

The most 'successful' malware uses whatever transmission medium is most prevalent at the time. Nowadays most malicious programs are spread via the Internet or email. In the early days the most common way to transfer files from one computer to another was the Floppy Disk.

One of the first computer viruses was Brain in January 1986. It originated in Pakistan and infected the boot sector of a floppy disk. When the PC booted up it displayed a message advertising Brain Computer Services in Lahore, Pakistan saying "beware of this virus. contact us for vaccination". It was written by two brothers, Basit and Amjad Farooq Alvi and they claim to have written it to protect their medical software from piracy. It was, apparently, meant to only target people using illegal copies of their software but became much more widespread. The brothers were inundated with phone calls from angry computer users in the USA, UK and other places demanding that they disinfect their computers. They explained that their intentions were not malicious and ended up having to cut off their phone lines.

Other viruses, many with more malicious intent, followed in the late 1980s and into the 1990s. Here are some notable examples:

1987
Vienna, Stoned, PingPong, Cascade (Cascade affected program files and made text on the screen fall down and end up as a heap of letters at the bottom of the screen. It was also notable for having an encryption method to avoid detection). The Jerusalem virus appeared in October 1987 and destroyed program files on infected computers. It was one of the first with a trigger date - every Friday 13th except 13th November 1987. It caused an epidemic worldwide from 13th May 1988, it's first trigger date.

1988
The Morris Worm becomes the first 'successful' worm in the wild.

1989
Ghostball becomes the first multipartite virus to be discovered.

1990
Chameleon series of viruses - the first polymorphic viruses.

1991
Tequila polymorphic virus causes worldwide epidemic.

1992
Michelangelo virus. Possibly the first example of mass hysteria 'marketing' for a virus. It was predicted to cause widespread damage on 6th March 1992 (Michelangelo's 517th birthday). Although it destroyed data on some computers that were infected with it the level of damage caused was nowhere near as widespread as predicted.

Present Day
For the remainder of the 1990s right through to the present day the number of viruses and other malware types has multiplied exponentially. They have become far more sophisticated over the years and an entire digital security industry (AntiVirus) has grown up to protect computer users against them.

Every virus writer has their own reason for doing what they do and they are not usually very open about identifying themselves. There are two main types of virus writer - digital vandals who do it for fun and professional programmers operating on the fringes of organized crime.

The typical caricature of a virus writer is probably a teenage nerd with no friends and something to prove. With nothing better to do than play around on his computer he has probably recently started learning programming and wants to show off his newly-acquired skills.

Many of these young programmers are not very skilled and the virus code they produce has bugs in it. This has unintended consequences such as the virus not quite doing what it was designed to do. This might mean that it is less destructive, but sometimes it can be even more destructive than intended (like in the example of Brain which was only meant to attack copywright infringers).

Nowadays they have access to information about virus programming on the internet as well as forums and discussion groups where they can learn from experienced programmers. There are also download sites with virus toolkits and source code. All of this enables less experienced programmers to produce more effective malware.

These are the most dangerous and secretive virus programmers. Often they have started writing malware programs at the start of their programming career and, as they have grown up, have developed their skills further. They look for opportunities to make money from malware programming and do not produce the same amateurish code with bugs that comes from the less experienced 'vandals'.

Often they develop new methods of protecting their products from antivirus programs and research software and hardware vulnerabilities that they can exploit. They also look at the psychology of the computer user, identifying habits that will enable their malware programs to be spread rapidly after the initial infection.

This hard core of experienced programmers willing to sell their services account for almost 90% of malicious code being written now. They are an extremely serious and growing threat to computer security.

Every virus writer has their own reason for doing what they do. Concentrating on the professional writers who are ini it for commercial gain, here are a few of the reasons why they write viruses and other malicious software:

Fraud

The computer underworld is always looking for new opportunities to make money from cybercrime. With the growing popularity of the Internet virus writers started producing trojans to steal passwords and login information for Internet sevices. The first such trojans appeared in 1997 and were designed to steal AOL account information. Within a year, other trojans were discovered doing exactly the same for the other main Internet service providers. These are becoming less common now with the decreasing cost of Internet services. Other targets for fraud are computer games and software licence keys. The general theme here is free access to paid-for resources.

Organized Crime

For the professional virus writer there are a number of options to turn his talents to criminal activity. These include stealing money from computer users directly or creating a 'bot network' with a number of computers to make money in other ways. These can be used for spam email campaigns or Denial of Service (DOS) attacks where the target is blackmailed.

Bot Networks

Professional virus writers either work for particular organizations or operate freelance, selling to the highest bidder. A common technique here is to create a bot network, or network of 'zombie' computers under the hacker's control, that can be used for spamming or DOS attacks. This is accomplished by a trojan that affects the target computers and the networks usually number between thousands and tens of thousands of infected computers. There are a number of rather shady organizations who will pay good money to have their products promoted in spamming campaigns or have their competitors disadvantaged by DOS attacks.

Financial Gain

Another useful technique for the virus writer is installing spyware on their victims' computers to directly steal money from Internet bank accounts, PayPal accounts, etc. The sophisticated ones can log keystrokes and mouse clicks as usernames, account numbers and passwords are entered and forward them on to the hacker without the victim's knowledge.

Extortion

The parallel with conventional organized crime continues with extortion. The commonest approach is to blackmail corporate entities with the threat of a Denial of Service (DOS) attack where their network is swamped with traffic from a bot network. The most effective targets are companies who depend on their online presence such as estores, banking and gambling sites. These stand to lose a lot of money if their websites cannot be accessed for any length of time, so are more likely to pay up.

Professional virus writers who can write virus, adware, trojan and spyware code that functions efficiently, avoids detection and returns results can command top rates from the shady companies willing to pay for their services.

Aside from viruses there is a great deal to be gained commercially from spyware or adware. Spyware is simply electronic theft (where usernames, passwords, account numbers and so on are stolen and sold to the highest bidder). Adware gains its sponsors revenue through advertising to a previously inaccessible audience.