When it comes to cybersecurity, there are few terms with more name recognition than "computer viruses." Despite the prevalence of these threats and their wide-spread impact, however, many users don't know about the basic nature of viruses. What follows is a brief history of the computer virus, and what the future holds for this widespread cyber threat.
What is a computer virus? This idea was first discussed in a series of lectures by mathematician John von Neumann in the late 1940s and a paper published in 1966, Theory of Self-Reproducing Automata. The paper was effectively a thought experiment that speculated that it would be possible for a "mechanical" organism—such as a piece of computer code—to damage machines, copy itself and infect new hosts, just like a biological virus.
As noted by Discovery, the Creeper program, often regarded as the first virus, was created in 1971 by Bob Thomas of BBN. Creeper was actually designed as a security test to see if a self-replicating program was possible. It was—sort of. With each new hard drive infected, Creeper would try to remove itself from the previous host. Creeper had no malicious intent and only displayed a simple message: "I'M THE CREEPER. CATCH ME IF YOU CAN!"
According to InfoCarnivore, the Rabbit (or Wabbit) virus was developed in 1974, did have malicious intent and was able to duplicate itself. Once on a computer, it made multiple copies of itself, severely reducing system performance and eventually crashing the machine. The speed of replication gave the virus its name.
Called ANIMAL, the first Trojan (although there is some debate as to whether this was a Trojan, or simply another virus) was developed by computer programmer John Walker in 1975, according to Fourmilab. At the time, "animal programs," which try to guess which animal the user is thinking of with a game of 20 questions, were extremely popular. The version Walker created was in high demand, and sending it to his friends meant making and transmitting magnetic tapes. To make things easier, Walker created PERVADE, which installed itself along with ANIMAL. While playing the game, PREVADE examined all computer directories available to the user and then made a copy of ANIMAL in any directories where it wasn't already present. There was no malicious intent here, but ANIMAL and PREVADE fit the definition of a Trojan: Hiding inside ANIMAL was another program that carried out actions without the user's approval.
Brain, the first PC virus, began infecting 5.2" floppy disks in 1986. As Securelist reports, it was the work of two brothers, Basit and Amjad Farooq Alvi, who ran a computer store in Pakistan. Tired of customers making illegal copies of their software, they developed Brain, which replaced the boot sector of a floppy disk with a virus. The virus, which was also the first stealth virus, contained a hidden copyright message, but did not actually corrupt any data.
The introduction of reliable, speedy broadband networks early in the 21st century changed the way malware was transmitted. No longer confined to floppy disks or company networks, malware was now able to spread very quickly via email, via popular websites or even directly over the Internet. As a result, modern malware began to take shape. The threat landscape became a mixed environment shared by viruses, worms and Trojans—hence the name "malware" as an umbrella term for malicious software. One of the most serious epidemics of this new era was the LoveLetter, which appeared on May 4, 2000.
As Securelist notes, it followed the pattern of earlier email viruses of the time, but unlike the macro viruses that had dominated the threat landscape since 1995, it didn't take the form of an infected Word document, but arrived as a VBS file. It was simple and straightforward, and since users hadn't learned to be suspicious of unsolicited emails, it worked. The subject line was "I Love You," and each email contained an attachment, "LOVE-LETTER-FOR-YOU-TXT.vbs." The ILOVEYOU creator, Onel de Guzman, designed his worm to overwrite existing files and replace them with copies of itself, which were then used to spread the worm to all the victims' email contacts. Since the message often came to new victims from someone familiar, they were more likely to open it, making ILOVEYOU a proof-of-concept for the effectiveness of social engineering.
The Code Red worm was a "file less" worm—it existed only in memory and made no attempt to infect files on the system. Taking advantage of a flaw in the Microsoft Internet Information Server, the fast-replicating worm wreaked havoc by manipulating the protocols that allow computers to communicate and spread globally in just hours. Eventually, as noted in Scientific American, compromised machines were used to launch a distributed denial of service attack on the Whitehouse.gov website.
One of the most recent of the major viruses came out in 2014, Heartbleed burst onto the scene and put servers across the Internet at risk. Heartbleed, unlike viruses or worms, stems from a vulnerability in OpenSSL, a general purpose, open source cryptographic library used by companies worldwide. OpenSSL periodically sends out "heartbeats" to ensure that secure endpoints are still connected. Users can send OpenSSL a specific amount of data and then ask for the same amount back—for example, one byte. If users claim they're sending the maximum allowed, 64 kilobytes, but only send a single byte, the server will respond with the last 64 kilobytes of data stored in RAM, notes security technologist, Bruce Schneier, which could include anything from user names to passwords to secure encryption keys.
For more than 60 years, computer viruses have been part of collective human consciousness, however what was once simply cyber vandalism has turned quickly to cybercrime. Worms, Trojans and viruses are evolving. Hackers are motivated and clever, always willing push the boundaries of connection and code to devise new infection methods. The future of cybercrime seems to involve more PoS (point of sale) hacks, and, perhaps, the recent Moker remote access Trojan is a good example of what's to come. This newly-discovered malware is hard to detect, difficult to remove and bypasses all known defenses. Nothing is certain—change is the lifeblood of both attack and defense.