Going viral: The history of malware from Alcon to Zeus

Malware, viruses, Trojans, ransomware. These are all words that have entered into everyday language. But what are their origins and how have we got to the situation where there are hundreds of millions of harmful programs in the wild?

The origin of species

The origins of computer viruses lie not with criminal gangs or bored teenagers, but, perhaps surprisingly, in research.

They are also older than one might think.

Creeper, generally accepted to be the very first computer virus, was developed in 1971 by computer programmer Bob Thomas from BBN Technologies, as an experimental self-replicating program.

Thomas then created the Reaper worm to track and delete his original program.

However, while Creeper did not make it out into the wild, another worm, called Morris, did.

Morris was developed in 1988 by Robert Tappan Morris, a student at Cornell University, who claimed it was originally written to gauge the size of the nascent Internet.

However, a bug in the code turned it from an innocuous piece of research into a virulent denial of service worm.

According to Marcin Kleczynski, founder of security vendor Malwarebytes, this is quite typical of the early days of computer viruses.

"Viruses started as proofs of concept," says Kleczynski.

"People have always wanted to do crazy things for their own entertainment or interest," adds Simon Young, VP of UK & Ireland at Trend Micro.

However, as the Internet started to take off, so did a more nefarious uses of self-replicating software.

The Dade Murphy archetype

In the early 90s, viruses aimed at the general population began to emerge. According to security researcher Graham Cluley, the original virus authors were "normally teenage boys who were perhaps not very socially adept, but were talented".

"They would hang out on bulletin boards and were really writing viruses to show off to each other, mainly engaging in graffiti and that kind of thing," says Cluley.

"This is when you started to get some of the original worms," says James Forshaw, principal security consultant at Context Information Security.

"Things like the ILoveYou worm, Melissa or Michelangelo," he adds.

This was also when the fight back against viruses first began in earnest, with some of the best-known early anti-viruses, such as Symantec's Norton Antivirus, McAfee Antivirus, and AVP - later Kaspersky Anti-Virus, beginning to emerge.

The authors of this type of malware are the kind of archetype portrayed in the 1995 Angelina Jolie and Jonny Lee Miller film Hackers, albeit somewhat glamorised.

Their work was often flamboyant, with the creators generally writing their programs in such a way that they announced themselves as soon as they were installed.

However, as Internet commerce and banking began to take off, the profile of the attacker began to change, with lone-agents creating viruses for their own entertainment and community kudos being replaced by a more professional class of attacker.

The era of the cybercriminal

At around the turn of the millennium, the amount of business being done online through sites like Amazon and eBay started to take off, with smaller companies and traditional, not born-on-the-web retailers following suit a while later.

Over the intervening 15 years there has been an exponential growth in the malware circulating in the wild.

"The sea change came when criminals realised there was money to be made through these attacks," says Forshaw.

Instead of viruses that would corrupt a hard drive or send out spam, new malware like key loggers that sat quietly running in the background stealing data began to appear and proliferate.

"When I started working for an antivirus company in 1992, we were seeing about 200 viruses appearing a month," says Cluley. "Now it's 2,000 a month."

By the mid-2000s, malware had become a lucrative business with links to organised crime.

It is at this time that the first sophisticated banking Trojans, like the infamous Zeus and it's progeny, started to appear as well.

Additionally, attacks became more sophisticated, using compromised but legitimate websites to deliver "drive by" infections for example, or highly targeted phishing techniques to get access to a particular corporate network.

In short, the cyber threat arena has changed beyond recognition to become a professionalised, black market economy.

"Cybercrime-as-a-service has become a serious industry," says Young. "SLAs are offered, there are vertically structured organisations." Services are even advertised in specialist underground forums.

There is also an awful lot of money to be made.

The CryptoLocker ransomware that appeared in September 2013 is reported to have made over $20 million in the last three months of 2013 alone.

The Trojan, once downloaded, encrypts a victim's files and demands a ransom of 400 US dollars or Euro to decrypt them.

In its appearance, the attack is somewhat reminiscent of the viruses of 20 years ago or more: a dialogue box is displayed telling the user what has happened, with a countdown timer giving them between 70 and 100 hours to make a payment. If they do not, the encryption key is deleted, the attackers claim, and their data will be lost forever.

The reason CryptoLocker has been so successful is there is no alternative but to pay the ransom in order to regain control of the files.

Into the future

In the 43 years since the development of Creeper, the world of malware has changed unrecognisably. Authors have gone from being curious academics to teenagers full of bravado to professional criminals. Malware has gone from being obvious attacks that were disruptive but preventable and curable, to silent programs vacuuming up data from the shadows, and back to the in-your-face nature of the old viruses, only this time the disruption is to your wallet as well as your files.

Given the rapidly evolving nature of the field, is it possible to predict what might happen in the future?

Many researchers are reticent to do so, however Young, Forshaw, Cluley, and Kleczynski all agree it is worth keeping an eye on the Internet of Things.

"We have been doing some research on the Internet of Things and some of these appliances are not as secure as perhaps they could be, maybe because their creators don't consider them to be a target," says Forshaw.

He also claims devices running on Android may be more susceptible to attack, as the current state of the smartphone and tablet market shows a much higher incidence of malware on Google's mobile operating system than others.

Could our connected fridges be used then to steal or extort money from us? Will our driverless cars hold us hostage? Potentially yes, once the technology takes off.

"I wouldn't like to be the first person to find out my car has been compromised by malware and I'm currently doing 70mph down the motorway," says Forshaw.

Kleczynski foresees another potential use of malware in the Internet of Things.

"One of the things I have always considered is there is a huge market for data mining," he says.

"We remove potentially unwanted programs (PUPs) now from people's computers, because who wants all of their browsing history sent to these data mining companies?

"In the future, as we start wearing things like watches that have GPS, PUPs could be used to send data on what shops you go to back to these companies, who wants that either?" he adds.

"That's a much bigger market than turning your car off and trying to hold it to ransom, because you can call a mechanic to come and fix that."

Nevertheless, history has shown us that little if anything can stop the onward march of technology, or take the edge of our hunger for gadgets.

Will there be new vectors for attack? Undoubtedly. Should we or will we let it stop us? No.

For more advice on transforming your business, visit HP BusinessNow