Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UKEssays.com.
With the creation of ARPANET and its evolution into the internet we know today, malware has become a prevalent force affecting users globally. A simple, non-replicating and benign worm can be considered the ancestor to the quickly replicating and hyper malicious malware of today. Malware itself has both shaped the way the internet has grown and forced organizations to evolve to better handle malicious code. There is an entire security software industry focused on preventing and mitigating the effects of malware. This paper will discuss the origins of malware and its impact on organizations throughout the history of the internet.
The Melissa Virus: Origins and Impact
Today’s internet is fraught with dangerous software. Every day there are new and innovative attacks on computer systems from a variety of sources. There are viruses, worms, bots, adware, spyware and a plethora of other malicious software. The list goes on. Businesses need to maintain a strong cyber security posture to protect themselves while taking advantage of the interconnectivity of the global internet. Currently, most major businesses can’t afford to forgo the internet and all network related technology just because of the threat of malware. Where did all these cyber threats come from? Sources point to the Creeper as being the earliest known ancestor to modern day malware (Dalakov).
Creeper Begets Reaper
Back in 1949, John Von Neumann wrote about the concept of self-reproducing automata long before the first virus was ever created (Neumann & Burks, 1966). This idea is the foundation to how computer viruses and worms function. Then, in the 1970s, Bob Thomas would create a program that was able to move itself from computer to computer across the ARPANET (Dalakov). This early software was not truly a virus just yet. It had no malicious intent nor the ability to harm its host. It would simply display the message, “I’M THE CREEPER: CATCH ME IF YOU CAN” as it jumped from host to host (Metcalf). Shortly thereafter, Ray Thomlinson would create a new version of the Creeper that wouldn’t simply move itself, but continuously replicate and spread (Dalakov).
In an interesting development, Ray Thomlinson would also create the Reaper program. The Reaper was developed to specifically find and remove any instances of the Creeper (Metcalf). It functioned similarly to the Creeper, as it would replicate itself in a network, but it had no effect on the host. This would mark the very first and primitive instance of anti-virus software (Dalakov).
Why would Bob Thomas and Ray Thomlinson create Creeper and Reaper? While they both seem harmless and useless, Bob Thomas clarified in a brief interview with Georgi Dalakov that the original purpose of Creeper was to test the ability to automatically move programs to the computer with the most computing power on a network (Dalakov).
Infected Floppy Disks
The earliest instance of a computer virus that harmed its host would be the Wabbit Virus around 1974 (Snyder, 2012). The Wabbit Virus earned its name by rapidly replicating on the host system, like rabbits. This replication process would continue until eventually the host crashed. Then, in 1982, the Elk Cloner would rise to fame after infecting a series of Apple II home computers. Elk Cloner is widely considered the first virus to propagate “in the wild” (Manjoo, 2011). Richard Skrenta, the creator of Elk Cloner, would secretly load the program on to any floppy disk he could and let the virus spread from there (Paquette, 2000). While not particularly malicious, Elk Cloner marks one of the first viruses to not focus on immediately and rapidly expanding. Instead, Skrenta wanted Elk Cloner to remain undetected and continue to spread through more infected systems and disks (Paquette, 2000). Elk Cloner would hide in a system’s RAM so it could hijack other floppies used in the system (Rodionov, Matrosov, & Harley, 2014).
In 1987, Basit Farooq Alvi and Amjad Farooq Alvi would unleash the Brain Boot Sector Virus, which has the honor of being the first wide-spread PC virus (Paquette, 2000). The virus was created to help the Alvi brothers track pirated copies of their medical software and not for any malicious reasons, even though the virus did render any floppy deemed illegitimate useless (Cooney, 2012). Brain would not be the last boot sector virus, but it would be one of the most benign.
Possibly the most famous boot sector virus, Michelangelo, would prove to be far more malicious in 1992. Michelangelo spread similarly to previous boot sector viruses by hiding in host systems and spreading through infected floppy disks. Instead of a benign message or anti-pirating measures, Michelangelo was set to overwrite critical data and damage the disk in such a way to make it unusable (Cluley, 2012). The media went wild over the estimated five million infected systems that could all be wiped out on March 6th (Cluley, 2012). The demand for anti-virus software skyrocketed in the face of mass hysteria. In reality, Michelangelo only affected maybe 10,000 systems (Cluley, 2012). It’s uncertain if Michelangelo’s ineffectiveness was due to the sudden demand for anti-virus software or just grossly exaggerated claims of infection, but without a doubt Michelangelo brought the general public’s attention to the necessity of anti-virus software.
The Great Worm
During the early days of the internet, while it was still ARPANET, Robert Tappan Morris accidentally took down an estimated 6,000 systems with the Morris Worm, ten percent of the internet’s total users at the time (Marsan, 2008). Morris didn’t intend for the worm to become so explosively widespread, but a programming mistake caused the worm to spread faster than he could contain it. Morris wanted to essentially create a botnet, but he was never able to fully implement that part of the worm (Lee, 2013).
The worm was meant to kill itself if it ran into another infected system, preventing it from clogging up systems and being detected. However, to prevent too many people from taking advantage of this feature and escaping infection, Morris made the worm ignore this kill switch roughly one out of seven times (Lee, 2013). Unfortunately, this was far too low a number and the worm went on to cripple the early internet. Once word of the worm got out, many systems were unplugged from the internet to prevent further spreading while system administrators worked out how to get rid of the worm from infected systems. This was just another major event that stressed the importance of cyber security with the horrible implications of malware.
The Melissa Virus
In 1999, a new viral threat would inflict over $80 million in damages to businesses utilizing email servers (Leyden, 2002). On March 26th, 1999, David L. Smith uploaded the Melissa Virus as a word document to an online newsgroup. Once the file was opened, the Melissa Virus emailed itself to the first fifty people in your Microsoft Outlook contacts and occasionally corrupted files by inserting an old Simpson’s reference into the file (Cluley, 2002). The email would be structured in a way to look like a colleague was sending a requested word document, but, it was the virus. So, people across the internet downloaded the file to see what was in it, only to further spread the virus.
The Melissa Virus, like so many breakout malware stories before it, forced companies to reevaluate their cyber security measures. Huge companies like Microsoft and Intel had to shut down their email gateways due to the Melissa Virus’s rapid emails clogging their servers (Leyden, 2002). Companies realized that their own employees could be their biggest liability if they weren’t trained well enough to spot a possible attack.
From Love Letters to Worms
Only a year after the devastating Melissa Virus, another email worm would come along and compromise hundreds of thousands of computers in less than six hours (Lemos, 2011). Much like the Melissa Virus, the Love Letter, or ILOVEYOU, would email itself to people in your contacts list upon opening the malicious email. There were two very large differences between the malware.
First, the Love Letter emailed itself to every single contact in you Microsoft Outlook address book (Lemos, 2011). This allowed it to rapidly surpass the Melissa Virus’s rate of infection. Steven McGhie, a director of Internet business development at the time, stated that in the three minutes he had been logged on to his infected system, the virus had already created almost 600 malicious emails (Lemos, 2011). Thankfully, he unplugged his internet while most were in his outbox.
Second, once the worm was running, it would rapidly start overwriting any scripts or multimedia files with itself. Then, in a strange turn, it would replace all music files in the system with a copy of worm but renamed to mimic the music file’s name. If that wasn’t enough, it would attempt to spread through any chat rooms or network drives the host was connected to (Lemos, 2011).
Worms would continue to get more and more innovative with how they spread. The SQL Slammer Worm crushed Love Letter’s record infection speed. Slammer was able to spread to over 750,000 systems in just half an hour (Moore, et al., 2003). The worm itself did have any malicious code, but the amount of traffic caused by the worm was enough to essentially create a massive denial of service attack and slow down or take down the internet across the globe. Then, in 2008, the Conficker Worm infects over 9 million computers across the globe and continues to infect millions of unpatched systems years later (Vijayan, 2017). Both SQL Slammer and Conficker continue to show up and infect millions of vulnerable hosts that haven’t been patched or updated, years after they were first unleashed. This is the power of an automated worm that only requires network access and a vulnerable host to propagate.
Ransomware is becoming a popular form of malware today. This type of malware will attempt to hold files or systems hostage to force the user to pay a ransom. The first instance of ransomware was back in 1989 with the release of the AIDS Trojan, a trojan virus spread via diskette (Harley, 2009). After the infected system booted ninety times, the trojan would encrypt important files on the computer until the victim paid the PC Cyborg Corporation for a decryption key. The AIDS Trojan is notable for being the first recorded instance of ransomware, but it was fairly easy to decrypt, and ransomware wouldn’t really become popular again until the 2000s.
In 2013, CryptoLocker was able to infect over 250,000 systems and raised over $3 million for its creators (Lord, 2018). The massive profitability of the attack served to spur on ever increasing ransomware attacks over the internet (Lord, 2018). In fact, Symantec reports that in 2012 less than 5% of new malware was ransomware, but as of 2016 over 95% are ransomware (O’Brien, et al., 2016). This just shows how rapidly the malware landscape can change after one success story and how important it is for software security to be constantly ahead of the game.
Malware threats today don’t resemble their humble ancestors too closely anymore. The original Creeper was a humble program shuffling from one system to the next with little purpose. Eventually programs were able to replicate themselves, such as Elk Cloner and Michelangelo, for both good and evil. Soon viruses spread chaos through opening an attachment saying “ILOVEYOU”. Now worms can spread without even opening your email. If your antivirus isn’t ready, the Slammer Worm and its ilk are prepared to invade. Then all these infected systems become part of a botnet that pushes out ransomware attacks. The history of malware is long and scary, but it’s important to know where all our modern threats come from. By looking the past and understanding how malware evolves, we can better protect ourselves in the future.
- Cluley, G. (2012, March 06). Memories of the Michelangelo virus. Retrieved from https://nakedsecurity.sophos.com/2012/03/05/michelangelo-virus/
- Cluley, G. (2013, November 10). Memories of the Melissa virus. Retrieved from https://nakedsecurity.sophos.com/2009/03/26/memories-melissa-virus/#comments
- Cooney, M. (2012, January 19). Security history: Nothing like an old-fashioned boot sector virus. Retrieved from https://www.networkworld.com/article/2184961/security/security-history–nothing-like-an-old-fashioned-boot-sector-virus.html
- Dalakov, G. (n.d.). First computer virus of Bob Thomas. Retrieved from http://history-computer.com/Internet/Maturing/Thomas.html
- Harley, D. (2017, October 20). A Trojan Anniversary. Retrieved from https://www.welivesecurity.com/2009/12/18/a-trojan-anniversary/
- Lee, T. B. (2013, November 01). How a grad student trying to build the first botnet brought the Internet to its knees. Retrieved from https://www.washingtonpost.com/news/the-switch/wp/2013/11/01/how-a-grad-student-trying-to-build-the-first-botnet-brought-the-internet-to-its-knees/?utm_term=.787e5e405743
- Lemos, R. (2011, August 03). Inside the ‘ILOVEYOU’ worm. Retrieved from https://www.zdnet.com/article/inside-the-iloveyou-worm/
- Leyden, J. (2002, May 01). Melissa virus author jailed for 20 months. Retrieved from https://www.theregister.co.uk/2002/05/01/melissa_virus_author_jailed/
- Lord, N. (2018, April 06). A History of Ransomware Attacks: The Biggest and Worst Ransomware Attacks of All Time. Retrieved from https://digitalguardian.com/blog/history-ransomware-attacks-biggest-and-worst-ransomware-attacks-all-time
- Manjoo, F. (2011, September 26). The computer virus turns 25. Retrieved from https://www.salon.com/2007/07/12/virus_birthday/
- Marsan, C. D. (2008, October 30). Morris worm turns 20: Look what it’s done. Retrieved from https://www.networkworld.com/article/2268919/lan-wan/morris-worm-turns-20–look-what-it-s-done.html
- Metcalf, J. (n.d.). Core War: Creeper and Reaper. Retrieved from http://corewar.co.uk/creeper.htm
- Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., & Weaver, N. (2003, January). The Spread of the Sapphire/Slammer Worm. Retrieved from https://www.caida.org/publications/papers/2003/sapphire/sapphire.html
- Neumann, J. V., & Burks, A. W. (1966). Theory of self-reproducing automata. Urbana, IL: University of Illinois Press.
- Ng, A. (2017, May 15). WannaCry ransomware loses its kill switch, so watch out. Retrieved from https://www.cnet.com/news/wannacry-ransomware-patched-updated-virus-kill-switch/
- Rab, A., Neville, A., Anand, A., Wueest, C., Tan, D., Lau, H., . . . Chong, Y. L. (2016, July 19). ISTR Special Report: Ransomware and Businesses 2016 – Symantec (D. O’Brien & J. Power, Eds.). Retrieved from http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/ISTR2016_Ransomware_and_Businesses.pdf
- Paquette, J. (2000, July 16). A History of Viruses. Retrieved from https://www.symantec.com/connect/articles/history-viruses
- Rodionov, E., Matrosov, A., & Harley, D. (2014, November 12). VB2014 paper: Bootkits: Past, present & future. Retrieved from https://www.virusbulletin.com/virusbulletin/2014/11/paper-bootkits-past-present-amp-future
- Snyder, D. (2012, July 24). The very first viruses: Creeper, Wabbit and Brain. Retrieved from http://infocarnivore.com/the-very-first-viruses-creeper-wabbit-and-brain/
- Vijayan, J. (2017, December 7). Conficker: The Worm That Won’t Die. Retrieved from https://www.darkreading.com/attacks-breaches/conficker-the-worm-that-wont-die/d/d-id/1330594
Cite This Work
To export a reference to this article please select a referencing stye below:
Related ServicesView all
DMCA / Removal Request
If you are the original writer of this essay and no longer wish to have your work published on the UKDiss.com website then please: