Abbr: history of the computer virus
Results 1 to 10 of 13

Thread: Abbr: history of the computer virus

Hybrid View

  1. #1
    Member
    Join Date
    Feb 2002
    Posts
    84

    Abbr: history of the computer virus

    by: cube


    The following is an abbreviated history of the computer virus. It is not comprehensive, nor is it intended to be. I'm sure that many aficionados will find that I have skipped some major events, while detailing some others.

    As we live now in a time where every brain-dead 15 year old is downloading the latest plugin for remote access trojans like subseven and the media makes amazing spectacles out of virii like Code Red, it is hard to imagine a world in which the computer virus did not exist. However, it was not all that long ago, that there was no worry or even thought of such a thing.

    As fact and fiction have become intertwined over the years, it is difficult to pinpoint exactly when the first actual computer virus was written. The first known virus released into the wild infected the Apple II operating system. The program was not created with malicious intent and 'escaped' into the wild by accident. This occurred sometime in 1981. In 1982, a 7th grader named Richard Skrenta created the famous "Elk Cloner" for the apple OS. The term "virus" had not been applied yet.

    In 1984, a university professor named Fred Cohen first publicly introduced the idea of a computer virus to a class of graduate students. His associate, Len Adelman, is actually the one who is credited with naming the self-replicating program a "virus". It is Dr. Cohen who first proved the theory that a program could infect other programs with a clone of itself in any computer environment.

    To read more about Fred Cohen Click Here


    THE BOOT SECTOR VIRUS

    A boot sector virus is a virus that resides in a portion of a computer drive that is only read when the computer is booted up, at which time the virus is loaded into memory. Boot sector viruses often spread through floppy disks, which also have a boot sector which can become infected. If an infected floppy is left in the disk drive when a computer is booted up, the virus will be loaded into memory and can spread to other disks and computers. A well-known boot sector virus is the Michelangelo virus. (1)

    In 1986, two brothers, Basit and Amjad Alvi who owned a computer store in Pakistan got a little tired of seeing people copying their software. (Even though there are many reports that the two brothers were heavily involved in pirating the software of others.) Around the same time, they realized that the boot sector of a floppy diskette contained executable code, and this code is run whenever you start up the computer with a diskette in drive A. They realized that they could replace this code with their own program, that this could be a memory resident program, and that it could install a copy of itself on each floppy diskette that is accessed in any drive.(2) So Amjad wrote the Brain virus, which was completly non destructive. The payload of the virus was simple -- it changed the volume label of the floppy to "(c) Brain 00-00-1980 12:00".


    HITTING THE BIGTIME

    Nobody knew it yet, but the face of computer security was about to change forever. In 1987, a student in Wellington, New Zealand created, as a joke, a slopily coded little virus called the 'STONED' virus. The virus was spread by infected floppy disks, which would in turn infect the Master Boot Record of the hard disk. Stoned monitored Interrupt 13, and any DOS use of that to read/write (even the DIR command) triggered the virus to infect disks in the A drive, if they are not already infected, or write-protected. It moves the floppy disk's original Boot record code to the area used by the Directory, and if the disk has files listed in the overwritten sector, this caused the loss of entries of files, deleted files, and sub-directories in the root. (3) Infected computers read "your computer is now STONED".

    The Stoned virus and its many varients spread like wildfire throughout the world. To this day, it still pops up from time to time and is one of, if not the most widespread viruses in history.

    Throughout the early 1990's variants of the stoned virus were prevalent. The most ballyhoo was created over the Michelangelo variant in 1991. The Michelangelo virus had a vicious payload of wiping out the hard disk of the infected machine on March 6, (Michelangelo's birthday). The first media uproar occurred over the anticipation of the doom that this little bit of malicious code would create. The words "computer virus" were introduced to Joe and Jane Aoluser and antiviral products began to really sell.

    Of course, all of the hoopla resulted in an anticlimax. The infection rate was very low for Michelangelo. Much lower than expected. This prompted many of the more jaded members of the computer community to theorize that the whole thing had been created by AV companies, to instill fear in the minds of its customers. While that may be a bit off the mark, it was quite a popular theory of the time. There were many other boot sector viruses, as well as others that infected command.com and exe files. Examples included Jerusalem and Lehigh, two of the more infamous viruses.

    To read more about the Stoned virus and its variants Click Here

    To read more about the boot sector virus in general Click Here


    THE POLYMORPHIC VIRUS

    Polymorphic viruses are viruses which change slightly each time they are executed. These are meant to defeat anti-virus scanners which search for certain strings of code to identify viruses. Some virus writers have written toolkits so that novice users can write their own viruses. (1)

    What we now call the polymorphic virus was first created by Mark Washburn, who modified the source for a virus called "Vienna" to change itself. These were not very infectious, however, and did not make much of an impact. The first widely reported polymorph was called Tequila. Tequila erupted out of Switzerland, spread through a shareware company. Tequila used full stealth when it installed itself on the partition sector, and in files it used partial stealth, and was fully polymorphic. A full polymorphic virus is one for which no search string can be written down, even if you allow the use of wild cards.(4) This was, of course a huge problem for anti-virus vendors to deal with. It took several months and more than one company closing its doors to get the best of Tequila.

    To read more about polymorphic virii Click here


    THE MACRO VIRUS

    Macro viruses are relatively new but experts now estimate that they are the most common type of virus. A macro is a set of instructions within an application that can be used to automate tasks. While this sounds relatively harmless, macros can often perform system operations such as creating or deleting files, or writing into already existing files, and thus have the potential to cause a great deal of damage. Most macros are written for Microsoft Word and Excel. These often work by infecting the template for a new document. Therefore, each time a new document in created, the virus replicates and executes. Macros are especially dangerous because they can often be cross platform, unlike most viruses, which are written for the PC only.(1)

    The first macro virus was discovered in August of 1995, when several large companies began having to deal with the rather annoying nuisance of a MS WORD macro that copied and reproduced itself. It was called "Concept". Once again, it was believed to be created without malicious intent. Part of the payload was displaying a message from the author reading "That's enough to prove my point"

    Since most Macro viruses are also worms, we will discuss two of the most famous macro viruses in the following section on worms.


    WORMS
    Worms are spread over computer networks, and are distinct from viruses in that they do not have a host file. However, worms today are commonly spread through e-mail. Oftentimes, there is an attachment to the e-mail, and when the user opens the attachment, the worm is executed.

    Worms commonly attempt to send copies of themselves to everyone in the user's address books. (1) Worms generally use security holes in operating systems to gain access. Since Windows is the most used operating system in the world, most modern worms are written in Visual Basic Script and fall under the definition of the MACRO VIRUS.

    The term 'WORM' is derived from a science fiction novel called The Shockwave Rider, which spoke of a "tapeworm" that brought down a network of government supercomputers. This and the worms of today, certainly do not inspire kind feelings, but actually the first worms, created in the 1970's were meant to benefit networks.



    The first notable program that can be reasonably referred to as a worm is "creeper" written by Bob Thomas in 1975. The program was intended to help air traffic controllers keep track of airplanes. The idea did not catch on.

    In the 80's Xerox started to play around with worms. John Shock and Jon Hepps are the ones that actually began calling such programs 'worms'. They began implementing worms to help out with tasks around the network. Some worms were very simple and did things like traveling around the network delivering messages. Others were more complex, like "vampire", which laid dormant during the day and at night would use idle computers for processor power. (5) One night, Vampire malfunctioned, causing all the computers on the network to crash. Powering up the computers caused nothing but another crash. A "vaccine" had to be created to rid the systems of the worm and render the network useful again. Needless to say, this was the end of Xerox's experimentation with worms...

    In 1988, the first malicious worm was created. It was written by a student at Cornell University named Robert Tappan Morris. The "Internet Worm" single-handedly crashed most of the internet (which of course was a lot smaller back then). The program merely copied itself and overloaded computers with invisible tasks, rendering them useless to users.

    Quite a few worms followed, but nothing really took hold until the macro virus was discovered.


    Macro viruses are relatively new but experts now estimate that they are the most common type of virus. A macro is a set of instructions within an application that can be used to automate tasks. While this sounds relatively harmless, macros can often perform system operations such as creating or deleting files, or writing into already existing files, and thus have the potential to cause a great deal of damage. Most macros are written for Microsoft Word and Excel. These often work by infecting the template for a new document. Therefore, each time a new document in created, the virus replicates and executes. Macros are especially dangerous because they can often be cross platform, unlike most viruses, which are written for the PC only.(1)

    The first macro virus was discovered in August of 1995, when several large companies began having to deal with the rather annoying nuisance of a MS WORD macro that copied and reproduced itself. It was called "Concept". Once again, it was believed to be created without malicious intent. Part of the payload was displaying a message from the author reading "That's enough to prove my point"


    MELISSA

    All was relatively quiet on the Macro Virus front until 1999, when the Melissa virus began spreading at an incredible rate. Written in Visual Basic Script, it executed a macro in a document attached to an email, which forwarded the document to 50 people in the user's Outlook address book. The virus also infected other Word documents and subsequently mailed them out as attachments. At the time, Melissa was the fastest spreading virus in history. Hundreds of thousands of computers were infected. Melissa was written by a programmer from New Jersey, named David Smith. It was believed to be named after a stripper he once knew. The only stripping David now sees is the tease performed by his cellmate...


    I LOVE YOU
    (No, not like that. I mean the virus)

    In 2000, the world was hit yet again with another macro virus. This one, called I love you or "the love bug" infected millions of machines and caused an estimated $8.5 billion damage worldwide. This nasty little bug was also written in VBS, deleted mp3 and JPG files and emailed usernames and passwords to the virus author. A suspect in The Philippines was arrested in the case, but he was released.

    The history of the Computer Virus, while a long one, is a very interesting one. Unfortunately, detailing every virus and it's payload, as well as it's impact on the viral world is not feasible here in this article. If you are interested in delving deeper into virus history, I recommend these links:

    http://www.securityfocus.com/frames/...s/virhist.html
    http://all.net/books/virus/
    http://www.cknow.com/vtutor/vthistory.htm


    FOOTNOTES

    (1) http://www-cse.stanford.edu


    (2)http://www.ladysharrow.ndirect.co.uk..._computer_.htm


    (3)http://www.datafellows.com/v-descs/stoned.shtml


    (4)http://www.ladysharrow.ndirect.co.uk...lymorphism.htm


    (5)http://www.software.com.pl/newarchiv...ages/worm.html








    :: Email Viruses ::

    Email attachments were, are, and will be the most common way of spreading computer viruses, trojans, and worms nowadays. Some of their actions are limited to just annoying the user, while others contain data destructive procedures.


    COMING TO LIFE

    Generally, viruses sent by email are brought to life by the user who deliberately double clicks the attachment file itself. To increase the possibility of a successful attack by the virus, their writers often prepare a message that lures the user into executing the attachment itself. The themes of these message range from explaining that the attached file is a slide show fo summer vacation photos, through business reports, to love letters.

    However, this is not the only way of bringing the malicious file to life - recently, many vulnerabilities have been found in email client software, especially MicroSoft's product - MS Outlook. By exploiting these vulnerabilities, viruses may spread with almost no user intervention, for example viewing the message body. Most of these vulnerabilities exploit MicroSoft's improper implementation of JavaScript and its own language - ActiveX.

    The most dangerous, at the moment (Sept. 2001), is the vulnerability in MicroSoft's Windows Explorer, Internet Explorer, and Outlook, recently found by the security expert, Georgi Guninski (http://www.guninski.com/clsidext.html). Named the CLSID bug, it exploits the Windows CLSID values, which tell windows what kind of file it is and what program to run it from. It is possible to set the CLSID value to another extension than the real file shows. Exploiting this bug, it is possible to trick the user into thinking that he will view for example a text file, while windows runs it as an application file.


    HALL OF FAME

    - Melissa (http://www.cert.org/advisories/CA-1999-04.html)


    The first virus to use the MS Outlook address book to spread itself to other users.

    - Worm.Explore.Zip (http://www.virusbtn.com/VirusInformation/expzip.html)



    Highly destructive email virus that again uses the MS Outlook address book to spread itself. Destroys .ASM .C .CPP .DOC .H .XLS .PPT files. It can also spread without the use of email, through the LAN.

    - Bubble Boy (http://www.virusbtn.com/VirusInformation/bboy.html)

    The first virus (inspired by Melissa) that was able to propagate itself via email without having the need of an attachment file to be executed by the recipient.

    - Love Bug (http://hackingtruths.box.sk/ilu.txt)

    The infamous virus based on a master thesis of an university student, which used social engineering to spread itelf. Disguised under the name of a love letter, the attachment file was a visual basic script which included destructive procedures. It propagated itself by selecting male users from the MS Outlook address book and sending the email to them.


    EMAIL VIRUS PREVENTION

    (http://admin.soe.purdue.edu/support/...f/email_virus/)

    - Have up-to-date antivirus software installed on your computer

    - Turn off html message viewing in your email client software

    - Do not open any attachment file unless you know exactly what it is, whom is it from, and were you expecting it. (REMEMBER: The sender could also be infected and might have sent you the attachment file unwillingly)
    My only fear in death is comming back reincarnated.

    \"Would I ever sh*t you?\"
    \"Of course not you are my favorite turd.\"--E5C4P3

  2. #2
    Senior Member
    Join Date
    Jul 2002
    Posts
    744
    inb4 necro'd!
    Every now and then, one of you won't annoy me.

  3. #3
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Replying to a thread 8 years old, normally, is a bad idea. But, at least they said more than "Me too!" (TM) lol.

    Besides, who ever wrote that did miss the very first computer viruses... They were made as pranks on Unix WAY before that.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Hmmmm, nothing like a bit of nostalgia?

    Somewhere I still have a 5.25" floppy from Norton, that claims to detect all 720 known viruses

    I remember the days when viruses mostly spread via the boot sector of floppies. There was a kind of competition amongst the authors as to who could write the smallest virus.............harmless, as you didn't have room for a payload!

    Back then there was no internet, no e-mail and the only things usually attached to a network were 5250 dumb terminals (greenscreens).

    Melissa?...........David L. Smith.............. I downloaded his Poppy, Office 97 macro virus generation toolkit...........I took a look at the metadata and saw that he had used a copy of office 97 registered in his own name!

    Lovebug............I was lucky there...........I added a little regedit to their logons about 6 weeks before, so it only opened in notepad
    I guess things have moved on a pace in the past few years? you hardly ever hear of an honest to goodness virus these days?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #5
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Personally I miss those days of virii running rampant. You just don't have that anymore. It added excitement lol. "I wonder if this exe file is a screen saver like it says it is, or something that will be like me paying a hooker on 7 mile Detroit to do something and my member will end up looking like the "other" floppy drive afterwards"... Ah well.

    Today it's all about the mal ware it seems. Virus writers just don't try anymore. It USED to be actual skill required, and shown, by making a virus that had more features than DOS, that was half the SIZE of Dos, and crashed a lot less.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  6. #6
    Junior Member
    Join Date
    Apr 2013
    Posts
    21
    Thank you so much for your kindness! It has shaped my life and contributed to my success more than anything else in college.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides