WatchPoint Security Blog

Malware: Coming of Age

Written by Mark Warner | March 18, 2016

Malware, short for malicious software, covers any infectious file on a computer system. Common examples are viruses, worms, Trojan horses, and ransomware. Throughout the decades, these mal-intended files have evolved in functionality and intent. But more importantly, what has really changed are the people who are creating them. What was once a craft for hobbyists and a test of ones’ skills has now grown into well-organized government espionage and syndicated crime groups all working toward one singular goal – a shift in power. The shift in power can take place by one of the following, but is not limited to, direct monetary loss and a gain for the adversary, indirect monetary loss through incurred costs, the theft of information, or by gaining control of services.

The ‘80s – Discovery of What’s Possible

Elk Cloner – 1982 – First virus to spread into the wild and affected Apple II computers. Proliferation was done via floppy disk. Once a floppy was inserted into an infected system, the virus would then infect the floppy disk itself and thus the next system that used that floppy.

https://en.wikipedia.org/wiki/Elk_Cloner

 

PC-Write – 1986 – First Trojan horse. PC-Write was a shareware word processor software that when installed would also install a backdoor allowing for remote access.

https://en.wikipedia.org/wiki/PC-Write

 

By the end of the ‘80s, virus creators started to realize the best way of spreading a virus was not to create a virus that needed to be executed, but to create a self-replicating virus, or worm, and to use the Internet as its delivery system.

 

Morris Worm – 1988 – The first worm distributed through the Internet. It infected over 6,000 computers and was the first malware to gain mainstream media attention. According to the author, the worm was intended to only gauge the size of the Internet and was not intended to cause damage.

https://en.wikipedia.org/wiki/Morris_worm

 

The ‘90s – The Internet and Email

In the mid-‘90s, with the proliferation of the Internet and the invention of email, a new wider-spreading method was available. And with the popularization of office suites and macros, it meant there was a new execution method.

 

1999 – Melissa Virus – The first macro virus. An attachment was sent to the end user and once opened would use a macro to send itself to 50 contacts in your address book.

https://en.wikipedia.org/wiki/Melissa_(computer_virus)

 

2000 – ILOVEYOU – Spread via email and used a vbscript. It deleted files from the computer and emailed usernames and passwords to its creator. Spread by sending emails to contacts in your contact list.

https://en.wikipedia.org/wiki/ILOVEYOU

 

The 2000s and On – Espionage and Money

In the 2000s, with a widespread medium and established methods realized, it was only a matter of time until the question was asked, how can I make money with this? And perhaps more importantly, how much control can we get?

 

2005 – Innovative Marketing Inc – First large scareware producer. Works by prompting the end user with popups and dialogs, by scaring the end user into believing their system was infected.  A prompt states something along the lines of “click here” and, of course, requires payment to clean the infection.

https://en.wikipedia.org/wiki/WinFixer

 

2009 – Stuxnet – Arguably one of the most innovative malware software packages to date. It is believed to be US Government sanctioned. This malware was designed to attack Iran’s nuclear facilities.

https://en.wikipedia.org/wiki/Stuxnet

 

2013 – CryptoLocker – The first large-scale Trojan ransomware. Once on your system, it systematically destroys your data by encrypting it and then asks for a monetary return to restore your data to its original state.

https://en.wikipedia.org/wiki/CryptoLocker

 

With the introduction of new technologies, new opportunities are presented to our adversaries. And as our dependency on technology grows, the more vulnerable we become. We’re put in a position where, not only do we need to stay alert and be aware of the threat landscape, but we also must have the best technology available to fight back.