Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Abbr: history of the computer virus

  1. #1

    Abbr: history of the computer virus

    by: cube


    The following is an abbreviated history of the computer virus. It is not comprehensive, nor is it intended to be. I'm sure that many aficionados will find that I have skipped some major events, while detailing some others.

    As we live now in a time where every brain-dead 15 year old is downloading the latest plugin for remote access trojans like subseven and the media makes amazing spectacles out of virii like Code Red, it is hard to imagine a world in which the computer virus did not exist. However, it was not all that long ago, that there was no worry or even thought of such a thing.

    As fact and fiction have become intertwined over the years, it is difficult to pinpoint exactly when the first actual computer virus was written. The first known virus released into the wild infected the Apple II operating system. The program was not created with malicious intent and 'escaped' into the wild by accident. This occurred sometime in 1981. In 1982, a 7th grader named Richard Skrenta created the famous "Elk Cloner" for the apple OS. The term "virus" had not been applied yet.

    In 1984, a university professor named Fred Cohen first publicly introduced the idea of a computer virus to a class of graduate students. His associate, Len Adelman, is actually the one who is credited with naming the self-replicating program a "virus". It is Dr. Cohen who first proved the theory that a program could infect other programs with a clone of itself in any computer environment.

    To read more about Fred Cohen Click Here


    THE BOOT SECTOR VIRUS

    A boot sector virus is a virus that resides in a portion of a computer drive that is only read when the computer is booted up, at which time the virus is loaded into memory. Boot sector viruses often spread through floppy disks, which also have a boot sector which can become infected. If an infected floppy is left in the disk drive when a computer is booted up, the virus will be loaded into memory and can spread to other disks and computers. A well-known boot sector virus is the Michelangelo virus. (1)

    In 1986, two brothers, Basit and Amjad Alvi who owned a computer store in Pakistan got a little tired of seeing people copying their software. (Even though there are many reports that the two brothers were heavily involved in pirating the software of others.) Around the same time, they realized that the boot sector of a floppy diskette contained executable code, and this code is run whenever you start up the computer with a diskette in drive A. They realized that they could replace this code with their own program, that this could be a memory resident program, and that it could install a copy of itself on each floppy diskette that is accessed in any drive.(2) So Amjad wrote the Brain virus, which was completly non destructive. The payload of the virus was simple -- it changed the volume label of the floppy to "(c) Brain 00-00-1980 12:00".


    HITTING THE BIGTIME

    Nobody knew it yet, but the face of computer security was about to change forever. In 1987, a student in Wellington, New Zealand created, as a joke, a slopily coded little virus called the 'STONED' virus. The virus was spread by infected floppy disks, which would in turn infect the Master Boot Record of the hard disk. Stoned monitored Interrupt 13, and any DOS use of that to read/write (even the DIR command) triggered the virus to infect disks in the A drive, if they are not already infected, or write-protected. It moves the floppy disk's original Boot record code to the area used by the Directory, and if the disk has files listed in the overwritten sector, this caused the loss of entries of files, deleted files, and sub-directories in the root. (3) Infected computers read "your computer is now STONED".

    The Stoned virus and its many varients spread like wildfire throughout the world. To this day, it still pops up from time to time and is one of, if not the most widespread viruses in history.

    Throughout the early 1990's variants of the stoned virus were prevalent. The most ballyhoo was created over the Michelangelo variant in 1991. The Michelangelo virus had a vicious payload of wiping out the hard disk of the infected machine on March 6, (Michelangelo's birthday). The first media uproar occurred over the anticipation of the doom that this little bit of malicious code would create. The words "computer virus" were introduced to Joe and Jane Aoluser and antiviral products began to really sell.

    Of course, all of the hoopla resulted in an anticlimax. The infection rate was very low for Michelangelo. Much lower than expected. This prompted many of the more jaded members of the computer community to theorize that the whole thing had been created by AV companies, to instill fear in the minds of its customers. While that may be a bit off the mark, it was quite a popular theory of the time. There were many other boot sector viruses, as well as others that infected command.com and exe files. Examples included Jerusalem and Lehigh, two of the more infamous viruses.

    To read more about the Stoned virus and its variants Click Here

    To read more about the boot sector virus in general Click Here


    THE POLYMORPHIC VIRUS

    Polymorphic viruses are viruses which change slightly each time they are executed. These are meant to defeat anti-virus scanners which search for certain strings of code to identify viruses. Some virus writers have written toolkits so that novice users can write their own viruses. (1)

    What we now call the polymorphic virus was first created by Mark Washburn, who modified the source for a virus called "Vienna" to change itself. These were not very infectious, however, and did not make much of an impact. The first widely reported polymorph was called Tequila. Tequila erupted out of Switzerland, spread through a shareware company. Tequila used full stealth when it installed itself on the partition sector, and in files it used partial stealth, and was fully polymorphic. A full polymorphic virus is one for which no search string can be written down, even if you allow the use of wild cards.(4) This was, of course a huge problem for anti-virus vendors to deal with. It took several months and more than one company closing its doors to get the best of Tequila.

    To read more about polymorphic virii Click here


    THE MACRO VIRUS

    Macro viruses are relatively new but experts now estimate that they are the most common type of virus. A macro is a set of instructions within an application that can be used to automate tasks. While this sounds relatively harmless, macros can often perform system operations such as creating or deleting files, or writing into already existing files, and thus have the potential to cause a great deal of damage. Most macros are written for Microsoft Word and Excel. These often work by infecting the template for a new document. Therefore, each time a new document in created, the virus replicates and executes. Macros are especially dangerous because they can often be cross platform, unlike most viruses, which are written for the PC only.(1)

    The first macro virus was discovered in August of 1995, when several large companies began having to deal with the rather annoying nuisance of a MS WORD macro that copied and reproduced itself. It was called "Concept". Once again, it was believed to be created without malicious intent. Part of the payload was displaying a message from the author reading "That's enough to prove my point"

    Since most Macro viruses are also worms, we will discuss two of the most famous macro viruses in the following section on worms.


    WORMS
    Worms are spread over computer networks, and are distinct from viruses in that they do not have a host file. However, worms today are commonly spread through e-mail. Oftentimes, there is an attachment to the e-mail, and when the user opens the attachment, the worm is executed.

    Worms commonly attempt to send copies of themselves to everyone in the user's address books. (1) Worms generally use security holes in operating systems to gain access. Since Windows is the most used operating system in the world, most modern worms are written in Visual Basic Script and fall under the definition of the MACRO VIRUS.

    The term 'WORM' is derived from a science fiction novel called The Shockwave Rider, which spoke of a "tapeworm" that brought down a network of government supercomputers. This and the worms of today, certainly do not inspire kind feelings, but actually the first worms, created in the 1970's were meant to benefit networks.



    The first notable program that can be reasonably referred to as a worm is "creeper" written by Bob Thomas in 1975. The program was intended to help air traffic controllers keep track of airplanes. The idea did not catch on.

    In the 80's Xerox started to play around with worms. John Shock and Jon Hepps are the ones that actually began calling such programs 'worms'. They began implementing worms to help out with tasks around the network. Some worms were very simple and did things like traveling around the network delivering messages. Others were more complex, like "vampire", which laid dormant during the day and at night would use idle computers for processor power. (5) One night, Vampire malfunctioned, causing all the computers on the network to crash. Powering up the computers caused nothing but another crash. A "vaccine" had to be created to rid the systems of the worm and render the network useful again. Needless to say, this was the end of Xerox's experimentation with worms...

    In 1988, the first malicious worm was created. It was written by a student at Cornell University named Robert Tappan Morris. The "Internet Worm" single-handedly crashed most of the internet (which of course was a lot smaller back then). The program merely copied itself and overloaded computers with invisible tasks, rendering them useless to users.

    Quite a few worms followed, but nothing really took hold until the macro virus was discovered.


    Macro viruses are relatively new but experts now estimate that they are the most common type of virus. A macro is a set of instructions within an application that can be used to automate tasks. While this sounds relatively harmless, macros can often perform system operations such as creating or deleting files, or writing into already existing files, and thus have the potential to cause a great deal of damage. Most macros are written for Microsoft Word and Excel. These often work by infecting the template for a new document. Therefore, each time a new document in created, the virus replicates and executes. Macros are especially dangerous because they can often be cross platform, unlike most viruses, which are written for the PC only.(1)

    The first macro virus was discovered in August of 1995, when several large companies began having to deal with the rather annoying nuisance of a MS WORD macro that copied and reproduced itself. It was called "Concept". Once again, it was believed to be created without malicious intent. Part of the payload was displaying a message from the author reading "That's enough to prove my point"


    MELISSA

    All was relatively quiet on the Macro Virus front until 1999, when the Melissa virus began spreading at an incredible rate. Written in Visual Basic Script, it executed a macro in a document attached to an email, which forwarded the document to 50 people in the user's Outlook address book. The virus also infected other Word documents and subsequently mailed them out as attachments. At the time, Melissa was the fastest spreading virus in history. Hundreds of thousands of computers were infected. Melissa was written by a programmer from New Jersey, named David Smith. It was believed to be named after a stripper he once knew. The only stripping David now sees is the tease performed by his cellmate...


    I LOVE YOU
    (No, not like that. I mean the virus)

    In 2000, the world was hit yet again with another macro virus. This one, called I love you or "the love bug" infected millions of machines and caused an estimated $8.5 billion damage worldwide. This nasty little bug was also written in VBS, deleted mp3 and JPG files and emailed usernames and passwords to the virus author. A suspect in The Philippines was arrested in the case, but he was released.

    The history of the Computer Virus, while a long one, is a very interesting one. Unfortunately, detailing every virus and it's payload, as well as it's impact on the viral world is not feasible here in this article. If you are interested in delving deeper into virus history, I recommend these links:

    http://www.securityfocus.com/frames/...s/virhist.html
    http://all.net/books/virus/
    http://www.cknow.com/vtutor/vthistory.htm


    FOOTNOTES

    (1) http://www-cse.stanford.edu


    (2)http://www.ladysharrow.ndirect.co.uk..._computer_.htm


    (3)http://www.datafellows.com/v-descs/stoned.shtml


    (4)http://www.ladysharrow.ndirect.co.uk...lymorphism.htm


    (5)http://www.software.com.pl/newarchiv...ages/worm.html








    :: Email Viruses ::

    Email attachments were, are, and will be the most common way of spreading computer viruses, trojans, and worms nowadays. Some of their actions are limited to just annoying the user, while others contain data destructive procedures.


    COMING TO LIFE

    Generally, viruses sent by email are brought to life by the user who deliberately double clicks the attachment file itself. To increase the possibility of a successful attack by the virus, their writers often prepare a message that lures the user into executing the attachment itself. The themes of these message range from explaining that the attached file is a slide show fo summer vacation photos, through business reports, to love letters.

    However, this is not the only way of bringing the malicious file to life - recently, many vulnerabilities have been found in email client software, especially MicroSoft's product - MS Outlook. By exploiting these vulnerabilities, viruses may spread with almost no user intervention, for example viewing the message body. Most of these vulnerabilities exploit MicroSoft's improper implementation of JavaScript and its own language - ActiveX.

    The most dangerous, at the moment (Sept. 2001), is the vulnerability in MicroSoft's Windows Explorer, Internet Explorer, and Outlook, recently found by the security expert, Georgi Guninski (http://www.guninski.com/clsidext.html). Named the CLSID bug, it exploits the Windows CLSID values, which tell windows what kind of file it is and what program to run it from. It is possible to set the CLSID value to another extension than the real file shows. Exploiting this bug, it is possible to trick the user into thinking that he will view for example a text file, while windows runs it as an application file.


    HALL OF FAME

    - Melissa (http://www.cert.org/advisories/CA-1999-04.html)


    The first virus to use the MS Outlook address book to spread itself to other users.

    - Worm.Explore.Zip (http://www.virusbtn.com/VirusInformation/expzip.html)



    Highly destructive email virus that again uses the MS Outlook address book to spread itself. Destroys .ASM .C .CPP .DOC .H .XLS .PPT files. It can also spread without the use of email, through the LAN.

    - Bubble Boy (http://www.virusbtn.com/VirusInformation/bboy.html)

    The first virus (inspired by Melissa) that was able to propagate itself via email without having the need of an attachment file to be executed by the recipient.

    - Love Bug (http://hackingtruths.box.sk/ilu.txt)

    The infamous virus based on a master thesis of an university student, which used social engineering to spread itelf. Disguised under the name of a love letter, the attachment file was a visual basic script which included destructive procedures. It propagated itself by selecting male users from the MS Outlook address book and sending the email to them.


    EMAIL VIRUS PREVENTION

    (http://admin.soe.purdue.edu/support/...f/email_virus/)

    - Have up-to-date antivirus software installed on your computer

    - Turn off html message viewing in your email client software

    - Do not open any attachment file unless you know exactly what it is, whom is it from, and were you expecting it. (REMEMBER: The sender could also be infected and might have sent you the attachment file unwillingly)
    My only fear in death is comming back reincarnated.

    \"Would I ever sh*t you?\"
    \"Of course not you are my favorite turd.\"--E5C4P3

  2. #2
    Senior Member
    Join Date
    Feb 2002
    Posts
    133
    Interesting, thanks.
    If you don\'t learn the rules nobody can accuse of cheating.

  3. #3
    Senior Member
    Join Date
    Dec 2001
    Posts
    321
    good post, too bad some of the links don't work
    assembly.... digital dna ?

  4. #4
    sorry about the ones that dont work
    My only fear in death is comming back reincarnated.

    \"Would I ever sh*t you?\"
    \"Of course not you are my favorite turd.\"--E5C4P3

  5. #5
    Senior Member BrainStop's Avatar
    Join Date
    Jan 2002
    Posts
    295

    Thumbs up

    Nice overview, E5C4P3!

    I remember the good old days of the Brain virus ... man, was that a long time ago ...

    Cheers,

    BrainStop

  6. #6
    hmmmm never knew you could trick the windows into believing a files CLISD code is different to what the file actually is!?!? Will have to look into that one

    v_Ln

  7. #7
    Senior Member
    Join Date
    Feb 2002
    Posts
    253
    Thanks for the information.

  8. #8
    Junior Member
    Join Date
    Jun 2010
    Posts
    1
    The sad part is that people are actually trying to teach others how to make viruses. I guess the history is much longer than that one since you said it is just a concise one. I want to read up more about it. Thank you very much for getting my interest. you are a great writer by the way.
    Take care

  9. #9
    Senior Member
    Join Date
    Jul 2002
    Posts
    744
    inb4 necro'd!
    Every now and then, one of you won't annoy me.

  10. #10
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Replying to a thread 8 years old, normally, is a bad idea. But, at least they said more than "Me too!" (TM) lol.

    Besides, who ever wrote that did miss the very first computer viruses... They were made as pranks on Unix WAY before that.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •