Man
Professional
- Messages
- 3,059
- Reaction score
- 585
- Points
- 113
Viruses and other malware that spread for sinister or mysterious reasons have been a staple of cyberpunk novels and real-life news for decades. And truth be told, there have been computer viruses online since before there was even a concept of the internet.
This CSO article looks at some of the most important milestones in the evolution of malware: each of these entries represents a new idea, a lucky break that exposed a gaping hole in security, or an attack that proved particularly destructive, or sometimes all three.
Creeper did not cause any harm to the systems it infected - Thomas developed it as a proof of concept, and its only effect was to cause connected teletypes to print a message that read "I AM THE CREEPER: CATCH ME IF YOU CAN." It is mentioned here, despite its innocuous nature, because it was the first and became the template for all subsequent malware. Shortly after Creeper was released, Ray Tomlinson, best known for implementing the first email program, wrote a competing program called Reaper, which spread from computer to computer by deleting Creeper's code.
Brain was developed by programmers (and brothers) Amjad and Basit Farooq Alvi, who lived in Pakistan and sold medical software. Since their programs were often pirated, they created a virus that could infect the boot sector of pirated disks. It was mostly harmless, but contained their contact information and an offer to “cure” the software.
Whether they actually “solved” the problem is unclear, but as they explained 25 years later, they soon began receiving phone calls from all over the world and were shocked at how quickly and far Brain had spread (and how crazy the people who illegally copied their software were for some reason). Today, Brain is widely known as the first IBM PC virus, so we’re including it on the list despite its harmless nature, and the brothers still have the same address and phone number they sent out 25 years ago.
De Guzman was never charged with a crime because what he did wasn’t illegal in the Philippines at the time, but he expressed regret in an interview 20 years later, saying he never intended for the malware to spread so far. He also became something of a pioneer in social engineering: The worm got its name because it was spread via emails with “ILOVEYOU” in the subject line. “I realized that a lot of people wanted love, so I named it that,” de Guzman said.
The creator and ultimate goal of Mydoom remain a mystery today. In addition to sending copies of the worm via email, infected computers were also used as a botnet to launch DDoS attacks on SCO Group (a company that aggressively tried to claim intellectual property rights to Linux) and Microsoft, leading many to suspect a rogue member of the open source community. But nothing concrete has ever been proven.
You'll typically hear Zeus referred to as a "banking Trojan," since that's where its variants focus most of their energy. The 2014 variant, for example, manages to wedge itself between a user and their banking website, intercepting passwords, keystrokes, and more. But Zeus goes beyond banks, with another variation gobbling up Salesforce.com information.
CryptoLocker became famous for its rapid spread and its powerful asymmetric encryption, which was (at the time) exceptionally difficult to crack. It also became famous for something unusual in the world of malware: a happy ending. In 2014, the US Department of Justice and foreign agencies managed to take control of the Gameover Zeus botnet and restore the files of CryptoLocker victims for free. Unfortunately, CryptoLocker also spreads via good old phishing, and variants of it still exist.
Emotet first appeared in 2014, but like Zeus, it is now a modular program that is most often used to deliver other forms of malware, such as Trickster and Ryuk. Emotet is so good at what it does that Arne Schönbohm, head of Germany’s Federal Office for Information Security, calls it the “king of malware.”
The Mirai botnet was actually similar to some of the earlier malware we’ve discussed in that it exploited a previously unknown vulnerability and caused far more damage than its creator intended. In this case, the malware detected and took over IoT devices (mostly security cameras) that hadn’t had their default passwords changed. Paras Jha, the college student who created the Mirai malware, intended to use the botnets he created to launch DoS attacks that would help settle scores in the obscure world of Minecraft server hosting, but instead he unleashed an attack on a major DNS provider and knocked out much of the US East Coast for most of the day.
Today, it would probably be forgotten if it weren’t for what happened the following year. A new variant of a self-replicating worm emerged that used the disclosed NSA exploits EternalBlue and EternalRomance to spread from computer to computer. Initially distributed through a backdoor in a popular Ukrainian accounting software package, the new version, dubbed NotPetya, quickly spread across Europe.
While NotPetya still looked like ransomware, it was a wiper designed solely to destroy computers, as the address displayed for users to send their ransom was randomly generated and unhelpful. Researchers believe that some countries’ intelligence agencies may be repurposing the more conventional Petya malware for use as a cyberweapon against other countries, and so, in addition to the massive damage it caused, NotPetya earns its place on this list by illustrating the symbiotic relationship between state-sponsored and criminal hackers.
What makes Clop so interesting and dangerous, however, is not how it’s used, but by whom. It’s at the forefront of a trend called Ransomware-as-a-Service, in which a professional group of hackers does all the work for whoever pays them enough (or splits a percentage of the ransomware wealth they extract from victims). The earlier entries on this list date back to the days when the internet was for amateurs and lone wolves; today, it seems that even cybercrime is largely the preserve of governments and professionals.
Author: Josh Fruhlinger
Source
This CSO article looks at some of the most important milestones in the evolution of malware: each of these entries represents a new idea, a lucky break that exposed a gaping hole in security, or an attack that proved particularly destructive, or sometimes all three.
- The Creeper Virus (1971)
- Brain Virus (1986)
- Morris Worm (1988)
- ILOVEYOU worm (2000)
- Mydoom Worm (2004)
- Zeus Trojan (2007)
- CryptoLocker ransomware (2013)
- Emotet Trojan (2014)
- Mirai Botnet (2016)
- Petya ransomware/NotPetya wiper (a program for completely erasing traces of work with applications and access to files) (2016/17)
- Clop ransomware (2019 - still)
1. The Creeper Virus (1971)
In 1966, computer pioneer John von Neumann's posthumous paper, The Theory of Self-Reproducing Automata, was published, outlining the idea of computer code that could replicate and spread itself. Five years later, the first known computer virus, called Creeper, was written by Bob Thomas. Written in PDP-10 assembly language, Creeper could replicate itself and move from computer to computer across the nascent ARPANET.Creeper did not cause any harm to the systems it infected - Thomas developed it as a proof of concept, and its only effect was to cause connected teletypes to print a message that read "I AM THE CREEPER: CATCH ME IF YOU CAN." It is mentioned here, despite its innocuous nature, because it was the first and became the template for all subsequent malware. Shortly after Creeper was released, Ray Tomlinson, best known for implementing the first email program, wrote a competing program called Reaper, which spread from computer to computer by deleting Creeper's code.
2. Virus Brain (1986)
Creeper was designed to infiltrate computer networks, but for much of the 1970s and '80s, this infection vector was limited simply because most computers operated in isolation. What malware did move from computer to computer was spread via floppy disks. The earliest example was Elk Cloner, which was created by a 15-year-old as a prank and infected Apple II computers. But perhaps the most important of this generation of viruses was the one that became known as Brain, which began spreading around the world in 1986.Brain was developed by programmers (and brothers) Amjad and Basit Farooq Alvi, who lived in Pakistan and sold medical software. Since their programs were often pirated, they created a virus that could infect the boot sector of pirated disks. It was mostly harmless, but contained their contact information and an offer to “cure” the software.
Whether they actually “solved” the problem is unclear, but as they explained 25 years later, they soon began receiving phone calls from all over the world and were shocked at how quickly and far Brain had spread (and how crazy the people who illegally copied their software were for some reason). Today, Brain is widely known as the first IBM PC virus, so we’re including it on the list despite its harmless nature, and the brothers still have the same address and phone number they sent out 25 years ago.
3. Morris Worm (1988)
In 1988, a piece of malware called Morris emerged that could lay claim to a number of firsts. It was the first widespread computer worm, meaning it could replicate itself without the need for additional software. It targeted several vulnerabilities to help it spread faster and further. Although it was not intended to cause harm, it was probably the first piece of malware to cause real, significant financial damage, more than deserving of its place on this list. It spread incredibly quickly – within 24 hours of its release, it had infected 10 percent of all computers connected to the internet – and created multiple copies of itself on each machine, bringing many of them to a standstill. Estimates of the cost of the attack run into the millions.4. Worm ILOVEYOU (2000)
Unlike the previous malware creators on this list, Onel de Guzman, who was 24 years old in the Philippines in 2000, created his creation with outright criminal intent: He couldn't afford dial-up service, so he created a worm that could steal people's passwords so he could use their accounts. But the malware exploited a number of Windows 95 flaws so cleverly—especially the fact that Windows automatically hid the file extensions of email attachments so people wouldn't realize they were running executables—that it spread like wildfire, with millions of infected computers soon sending copies of the worm and passwords back to a Filipino email address. It also wiped numerous files on the targeted computers, causing millions of dollars in damage and briefly taking down the UK House of Parliament's computer system.De Guzman was never charged with a crime because what he did wasn’t illegal in the Philippines at the time, but he expressed regret in an interview 20 years later, saying he never intended for the malware to spread so far. He also became something of a pioneer in social engineering: The worm got its name because it was spread via emails with “ILOVEYOU” in the subject line. “I realized that a lot of people wanted love, so I named it that,” de Guzman said.
5. Mydoom (2004)
The Mydoom worm infected computers via email, then took control of the victim computer to send out more copies of itself via email, and did so so effectively that at its peak it accounted for a quarter of all emails sent worldwide, a feat that has never been surpassed. The infection ultimately caused more than $35 billion in damage, which, adjusted for inflation, has also never been exceeded.The creator and ultimate goal of Mydoom remain a mystery today. In addition to sending copies of the worm via email, infected computers were also used as a botnet to launch DDoS attacks on SCO Group (a company that aggressively tried to claim intellectual property rights to Linux) and Microsoft, leading many to suspect a rogue member of the open source community. But nothing concrete has ever been proven.
6. Trojan Zeus (2007)
Zeus was first discovered in 2007, at the end of the Web 1.0 era, but it showed what malware could be like in the future. The Trojan, which infects via phishing and drive-by downloads from infected websites, isn’t just one type of attacker; instead, it acts as a vehicle for all sorts of malicious payloads. Its source code and operating manual were leaked in 2011, helping both security researchers and criminals who wanted to exploit its capabilities.You'll typically hear Zeus referred to as a "banking Trojan," since that's where its variants focus most of their energy. The 2014 variant, for example, manages to wedge itself between a user and their banking website, intercepting passwords, keystrokes, and more. But Zeus goes beyond banks, with another variation gobbling up Salesforce.com information.
7. CryptoLocker ransomware (2013)
Zeus can also be used to create botnets of controlled computers, kept in reserve for some later sinister purpose. CryptoLocker One such botnet, called Gameover Zeus, infected its bots with CryptoLocker, one of the earliest known versions of ransomware. The ransomware encrypts many of the files on the victim's computer and demands payment in cryptocurrency to restore access to the data.CryptoLocker became famous for its rapid spread and its powerful asymmetric encryption, which was (at the time) exceptionally difficult to crack. It also became famous for something unusual in the world of malware: a happy ending. In 2014, the US Department of Justice and foreign agencies managed to take control of the Gameover Zeus botnet and restore the files of CryptoLocker victims for free. Unfortunately, CryptoLocker also spreads via good old phishing, and variants of it still exist.
8. Trojan Emotet (2014)
Emotet is another piece of malware whose functionality has changed over the years it has remained active. In fact, Emotet is a prime example of what is known as polymorphic malware, whose code changes slightly each time it is accessed to avoid detection by endpoint security programs. Emotet is a Trojan that, like others on this list, is primarily distributed via phishing (repeat after us: do not open unknown email attachments).Emotet first appeared in 2014, but like Zeus, it is now a modular program that is most often used to deliver other forms of malware, such as Trickster and Ryuk. Emotet is so good at what it does that Arne Schönbohm, head of Germany’s Federal Office for Information Security, calls it the “king of malware.”
9. Mirai Botnet (2016)
All of the viruses and other malware we’ve discussed so far have affected what we call “computers” — the PCs and laptops we use for work and play. But in the 21st century, there are millions of devices with more computing power than anything Cryper could infect. These Internet of Things (IoT) devices are ubiquitous, ignored, and often unpatched for years.The Mirai botnet was actually similar to some of the earlier malware we’ve discussed in that it exploited a previously unknown vulnerability and caused far more damage than its creator intended. In this case, the malware detected and took over IoT devices (mostly security cameras) that hadn’t had their default passwords changed. Paras Jha, the college student who created the Mirai malware, intended to use the botnets he created to launch DoS attacks that would help settle scores in the obscure world of Minecraft server hosting, but instead he unleashed an attack on a major DNS provider and knocked out much of the US East Coast for most of the day.
10. Petya ransomware/NotPetya wiper (2016/17)
The ransomware, dubbed Petra, began hitting computers in 2016. While it had a clever mechanism for locking its victims' data - it encrypts the master file table that the OS uses to find files - it was distributed through common phishing attacks and is not considered particularly dangerous.Today, it would probably be forgotten if it weren’t for what happened the following year. A new variant of a self-replicating worm emerged that used the disclosed NSA exploits EternalBlue and EternalRomance to spread from computer to computer. Initially distributed through a backdoor in a popular Ukrainian accounting software package, the new version, dubbed NotPetya, quickly spread across Europe.
While NotPetya still looked like ransomware, it was a wiper designed solely to destroy computers, as the address displayed for users to send their ransom was randomly generated and unhelpful. Researchers believe that some countries’ intelligence agencies may be repurposing the more conventional Petya malware for use as a cyberweapon against other countries, and so, in addition to the massive damage it caused, NotPetya earns its place on this list by illustrating the symbiotic relationship between state-sponsored and criminal hackers.
11. Clop Ransomware (2019-present)
Clop (sometimes written Cl0p) is another ransomware variant that appeared on the scene in 2019 and has become increasingly prevalent since then, to the point that it has been named one of the top malware threats of 2022. In addition to preventing victims from accessing their data, Clop also allows the attacker to exfiltrate that data. McAfee has a breakdown of the technical details, including an overview of how the malware evades security.What makes Clop so interesting and dangerous, however, is not how it’s used, but by whom. It’s at the forefront of a trend called Ransomware-as-a-Service, in which a professional group of hackers does all the work for whoever pays them enough (or splits a percentage of the ransomware wealth they extract from victims). The earlier entries on this list date back to the days when the internet was for amateurs and lone wolves; today, it seems that even cybercrime is largely the preserve of governments and professionals.
Author: Josh Fruhlinger
Source
