40th Anniversary of the Computer Virus

Orome1 writes "This year marks the 40th anniversary of Creeper, the world's first computer virus. From Creeper to Stuxnet, the last four decades saw the number of malware instances boom from 1,300 in 1990, to 50,000 in 2000, to over 200 million in 2010. Besides sheer quantity, viruses, which were originally used as academic proofs of concept, quickly turned into geek pranks, then evolved into cybercriminal tools. By 2005, the virus scene had been monetized, and virtually all viruses were developed with the sole purpose of making money via more or less complex business models."

That'sssss a nice computer...

... it would be a ssssshame if something happened to it.

Re:That'sssss a nice computer...

gosh darnit creeper! I covered my walls in lava!!!! HOW DID YOU SPAWN IN HERE!!!!!!!!!

Re:That'sssss a nice computer...

[kwikrick]

Never occurred to me that Minecraft's creepers (viz. a kind of exploding NPC, a Minecrafter's worst enemy) may be a actually be named after an early computer virus... or maybe they are just called that because they sort of creep up on you, and then... BOOM.

Celebration

[cosm]

That explains the party balloons and cake I delivered to Symantec.

Re:Celebration

[hairyfeet]

You wanna know what the sad part is? Most of the bugs today are caused by nothing but sheer mind numbing stupid. I mean when you actually watch some of these people, blinding pounding the next key like a monkey trying to get a banana, not even bothering to slow down even when there is check boxes, just next next next...and WHAM! They've got 40 toolbars and a bunch of spyware and who knows what else!

Now if someone gets hit in a driveby? That's different, zero days happen. But I'd say a good 90%+ of the infected machines that cross my desk is nothing that just the tiniest bit of common sense wouldn't stop dead.

Re:Celebration

[cosm]

I mean when you actually watch some of these people, blinding pounding the next [sic]

I know most users are dolts, but I thought that was an old wives tale!

Re:Celebration

[Osgeld]

yea they should be happy, they are the only ones to get idiots to pay for their virus

Re:Celebration

[hairyfeet]

Hi Cosm! Sadly I wish that it was, but as someone who has been in the repair biz since Win3.x it is all too true. hell I'll give you a perfect example of why social engineering works: I had a customer with me sitting right exactly there telling her specifically "Do NOT open that password protected zip and run it, it is a virus!" and got told "Oh you're just paranoid, see the name? My BFF Kim sent this to me! Kim wouldn't do that!" and so she ignored me AND the AV which was practically trying to hurl itself between her and the bug and did EXACTLY what I told her not to and promptly pwned her own machine.

So sadly my friend I can state with 100% certainty it is NOT a myth or old wives tale, it is all too real. Look up the top 10 list of malware by installation and then look to see how they infect and you'll find a good 8 out of 10 if not 10 out of 10 rely on the user to pwn themselves by ignoring best practices, ignoring the EULA, never reading anything, and just blindly clicking next to continue.

The latest nasty going around is the "Security tool" variant which is installed on MILLIONS of machines and which I see at least 3 times a week, all done using the "ZOMG! u got teh bugz! Install 'is_not-viruz.exe" to kill it ZOMG!" and that damned thing is installed on millions of PCs using that lame BS tactic. No shit. Sad but true my friend, sad but true. And Linux security wouldn't do a damned thing, in fact here is How to write a Linux virus in 5 easy steps using the same tricks and it WILL work because so many refuse to think.

Re:Celebration

I thought you were describing programmers and I was nodding in agreement. Then you blamed the user....

Re:Celebration

[Quirkz]

Reminds me of the time the dean of engineering at a state university got an email with an attachment. He didn't recognize the sender, but tried to open the attachment anyway. When it didn't seem to be doing anything, he forwarded the email to his assistant, the office manager, and a couple of other people, asking them to try to open the mysterious .bat file. Then when none of them could get it to work, one of them called me in tech support to try to open it for them. Spent the rest of my day cleaning up the virus in the entire dean's office.

100,000 unique pieces of Malware identified...

[Atroxodisse]

each and every day.

Re:100,000 unique pieces of Malware identified...

Most of it created by the anti-virus folks themselves :-/

Yo Grark

Re:100,000 unique pieces of Malware identified...

[SQLGuru]

My favorite virus of all time was the Ping Pong virus (http://en.wikipedia.org/wiki/Ping-Pong_virus). I have an infected 5 1/4" floppy around here somewhere that I kept just for the fun of it. I'm pretty sure it wouldn't really work to well on modern computers.....but I could be wrong......

No problem for me.

I run Microsoft Security Esssss345@%#$%#%^$Yr6y5364y67$Y$yw4635#^36trtGERertw443666

Re:No problem for me.

[somersault]

You also apparently have an MS wireless keyboard!

Re:No problem for me.

[elrous0]

You forgot the archaic, but still ubiquitous, "NO CARRIER" at the end.

Re:400 years of genetically altered nazi mutant ru

[cosm]

I even took a shot at deciphering your trolling, but alas, your troll dialect is unknown. The trolls of yore were much more entertaining.

Core War

I'm too young (alive in 1971, but only a kid) to remember Creeper, but I remember Core War in the early 1980s, a game inspired by Creeper and Reaper. The programs written for Core War were the conceptual ancestors of the modern virus, competing in Darwinian fashion to destroy each other and take over the system's core memory. Different coding strategies were involved, such as writing a program to be self-repairing vs. keeping it simple and small enough to evade detection vs. brute force offense and defense be damned, etc. All perfectly harmless... but I can't help wondering how many 1980s virus coders learned some of their craft from Core War.

Re:Core War

[Phil06]

I recall malware named GALAXY on the DEC-10, 1978 perhaps. It was a tempting program filename for students hunting around for new games to play besides ADVENT and WARGAM. The program copied hundreds of empty files with random filenames making it very time consuming to do a series of wildcard deletes that did not get the files you wanted to keep. The person who wrote it added inline backspace characters to black out the offending lines of code line when you printed it, unless you printed it out on a line printer where you could advance the platen by hand when it got to that line. I think I still have the DECTAPE with a copy hidden away somewhere.

Re:Core War

I'm also too young to remember this (1975) but i vividly remember WANK, OILZ aint OILZ. Here come the hercules, here come the submarines

Re:400 years of genetically altered nazi mutant ru

[The+Grim+Reefer2]

So that's what happens when James Joyce posses a troll. Who new?

No respect

[SJHillman]

I get no respect, I tell ya. When I was a kid, I was really ugly. I was so ugly, I ran Windows ME for three years with no antivirus and never got a single infection.

Re:No respect

[andrewa]

You never really ran ME did you? It was 98. And all those Victoria's Secret catalogues you claim to have - they're really Macy's catalogues aren't they?

Something wonderful has happened

[andrewa]

Your AMIGA is alive !!!

Re:Something wonderful has happened

Hey, I remember that one. It was quite fascinating back then. Motivated me to look into this topic some more and write an actually working virus for the Amiga that infected executable files. Amazing what you could do in a few lines of Assembler on that machine.

Only 50,000 in 2000 ?

I call shenanigans; we'd already been through the virus heaps of Windows 95, Windows 98, and then Windows 2000 and I'm expected to believe that there were only 50,000 malware instances at that time? Either I was incredibly unlucky, or I knew the location of 10% of those..

Re:Only 50,000 in 2000 ?

[xorsyst]

Sounds about right from memory, although actually it was about 20,000 less than that. McAfee played a marketing fluff game by counting 20,000 viruses generated by a one simple generator as different viruses. Everyone else had to follow suit.

Virus Control Improvements

[Traiano]

In 2006 or so I went to a conference in Redmond (WinHEC, I believe) where one of Microsoft's security team managers presented and overview of the virus threat to the desktop market. One of the things Microsoft had recently learned is that the majority of exploits were coming from hackers that had reverse engineered Windows patches to identify where Microsoft was correcting buffer overflow issues. Based on that knowledge, hackers knew un-patched versions of Windows could be exploited.

The strategy at MSFT became somewhat simple at that point: minimize the time between a security update's release and its application on 100% of networked computers. The presenter could show that MSFT had brought this average time down from months to weeks back then. Its clear to me that Microsoft has continued to make gains in this space over the years.

Lastly, the presenter showed that the exact same process applied to Linux. Few hackers find vulnerabilities to poring through an entire operating system's code base. They reverse-engineer patches and then hunt for un-patched systems. Microsoft claimed to be ahead of Linux in their ability to mass-apply security patches and he showed results that a Linux honeypot would be compromised slightly quicker that Windows, although not significantly so. I found the author credible in his data but recognize that he had an agenda with his presentation.

Re:Virus Control Improvements

However i still don't see a massive amount of threats in linux (besides its open source nature) like you can see every month in microsoft reports. If you summ up all virus that has been present in linux over its entire history it doesn't compare with a single year of MS, and i repeat BESIDES ITS OPEN SOURCE NATURE.

pd.: sorry for my awfull eng.

Re:Virus Control Improvements

[hairyfeet]

Look it is actually very simple why Windows gets more bugs. Most bugs are made by criminals, and criminals like most predators are naturally lazy. they want to get as much as they can for as little work as they can. They target Windows because as someone who actually works on the things 6 days a week I can tell you that is where the stupid people are by a loooong shot.

Doesn't make Windows bad, I have machines that have been running nearly a decade with no bugs, just retired my Win2K after a decade bug free, etc. but for every person like me that follows best practices you probably have 100,000 that will blindly click on anything, never read a EULA, will happily click through any UAC or virus warning, as long as you offer them something they want, or spook them.

Most of the bugs I see, and I usually get to see them all, but a good 90% of the infections that cross my desk can be divided into TWO categories. The "ZOMG! U got teh viruz ZOMG! Run this "is_not_bugz.exe" to kill teh viruz ded! ZOMG!" or the "Want to watch this hot porn FOR FREE? Well you can! All you have to do is load our "is_not_bugz_iz_codec.exe" to see the hot action NOW!"

In both of those cases the vaunted Linux security would do exactly jack and squat since the user is actively helping the malware and as long as the user has the right to install then there is nothing you can do. Repos wouldn't help because they would ignore you for the malware writer, an AV can only do so much if the user is working against it. Frankly MSFT could develop the perfect security model tomorrow and as long as Sally Dipshit is allowed to install and Horny Hank Hugeass is willing to ignore all warnings to get a chance at free titties? You're still fucked.

So just be glad you're a niche Linux guys, because look at all the bugs coming out for Android. Where goes the masses goes the stupid and the bugs along with them. All you can do is give them "the look" and keep them off your PCs.

Re:Virus Control Improvements

[blackest_k]

so according to you its because the users are stupid that windows is over run with virus and malware problems and osx and linux are largely left alone. Even with android it takes a trojan from an unofficial market place on a rooted phone to get infected and there is no replication.

I'm just not buying that,there are stupid users on every platform but they are not getting hit. You don't need to be great with computers to use Linux and there are a good number of people that are not good with computers using Linux these days. Often because they have had it installed as a dual boot option by the person that cleaned their last windows infection. I've personally been doing this for a few years and the results have been great. All it takes is getting them to use Linux for most of their net related activities and windows for their games. You can play flash based browser games on either so for the facebook crowd they can still play farmville and mafia wars and chat with facebook chat. Generally Linux runs faster on a given pc than a secured version of windows which gives a better user experience.

Even if windows gets reinfected they can still do most of what they want to do and bring their pc to me for cleaning at a convenient time for both of us.

Cleaning gets a lot easier when you can boot into Linux and do the scans and removal from there.
Avast actually do a free Linux version which can clean the windows partition, which these days will have had any av installed crippled by the malware.

I guess one advantage of android and the iphones are the introduction to the general public of alternative operating systems.

I know that this comes off as an antimicrosoft dig but with what is it 200 million pieces of malware and growing its well deserved isn't it? Theres good even great software that runs on windows and nowhere else and without microsoft we wouldn't have the cheap hardware we have today but in thirty years they have been unable to stem the flow of malware aimed at their software platforms.

Re:Virus Control Improvements

[hairyfeet]

Look, you want to see me blow through your famous Linux security like shit through a goose? Well here you go tada! Using the exact same tricks as they use on Windows and as simple as opening an email attachment (sound familiar?) I can royally fuck your Linux OS. Send spam, alter files, set myself up to autostart. Gee, doesn't this sound like Windows?

The ONLY reason you don't see malware writers using this trick (which BTW they have in the past, look up "KDE theme virus" to see for yourself) is because you have to have basic computer and problem solving skills because Linux is a PITA as a desktop so you have to know how to trawl forums for fixes, use CLI to install and fix driver issues, etc. The fact that you have to learn and understand at least a basic understanding of Linux (or have an admin with said knowledge) means the odds of getting enough infections to be worth the work is rather slim.

To use an old quote you rob banks because that is where the money is and if you want to build a 200,000 strong botnet you don't go to the OS that has less than the margin for error marketshare to start and with more geeks and CS grads than Sally Clueless users to boot. it is simple numbers my friend, or are you one of those that says the reason Macs with the vaunted BSD security fall first on pwn2own is that people would risk losing a 10,000 prize just to win a $2300 Macbook?

The ONLY reason Linux isn't an infected mess is social engineering like I pointed out above which works 100% on Linux needs clueless users to work and there are less of those to go around. I'd say wait until you get the numbers but with all the infighting and factionalism of the community I doubt you'll get past 4% anyway, sorry. But as Android gets popular and drags in the clueless you WILL see more infections, mark my words. If the target is juicy the malware writers WILL hit it and despite all the "Linux runs the web" BS the simple fact is you get better bandwidth for longer by pwning home connections since they don't monitor their connections like server admins do.

Re:Virus Control Improvements

[blackest_k]

interesting link but there is the problem that an image file is shown as an image file of the image on the desktop or even in the home directory certainly in the case of 10.04 . Even in the article its mentioned xubuntu isn't vulnerable to this. It's also from 3 years ago and was using 8.10 we are now in 2011 and ubuntu has had 9.04, 9.10, 10.04. 10,10 and in a few weeks 11.04 will be released.

ok lets say the truth is that its still possible to infect a Desktop or OSX or Linux system. it is still pretty minimal currently and likely to remain so for a number of years.

To use an analogy who are you more likely to catch a dose from some whore or your wife. Hopefully your wife is faithful but you can't be 100%

using Linux for the internet is like practising safe sex, and to be even more secure you can run it from a live cd and have a totally clean operating system running.

now i'm not saying you should throw out windows completely as it does have its uses there are plenty of programs which are essential for many people and need windows to run. Just use safer practices and you can have the advantages of both.

       

Re:Virus Control Improvements

[hairyfeet]

We have a saying for what you are advocating and it is called security through obscurity and if you are gonna go that route you are better off using AROS or Ecomstation or any of the other even more obscure OSes.

Of course that is also ignoring there is a downside to STO, and that is when a bug DOES come along you're fucked just as there were several thousand that got bit by the KDE theme virus, even though it was on a relatively obscure site that required an activity that many don't do.

I would argue that using the latest and greatest, Windows 7 X64 with a good AV such as Avast or Comodo and low rights browser like IE or Chromium based you will be more protected in the long run since the OS is hardened and has much tougher security thanks to DEP, ASLR, low rights mode, and file and registry virtualization. You can even harden it further if you like (I've been using this for months, if you have friend on Windows 7 I would recommend you send them this link) by adding Structured Exception Handling Overwrite Protection (SEHOP) .

So while I'm glad it works for you there is a reason why an OS is obscure and in the case of Linux it is because it is a giant PITA on the desktop. Six month update deathmarch, updates that fix one thing and break three more, drivers that rarely survive updates, the fact that it is pretty much useless without CLI (if you don't believe me disable your access to Bash for a year. I had a couple of Linux advocates try it and they had to re-enable in less than 6 months as they couldn't fix anything without Bash), in short for the vast majority it just doesn't work. After all I can make a 100% secure machine by cutting all the wires and burying it in a hole filled with concrete, but that doesn't make the machine very useful does it?

Re:400 years of genetically altered nazi mutant ru

[The+Grim+Reefer2]

Damn it, I hate when a troll proof reads better than I do; posses=possesses

Intelligent viruses (virii)

[Tigger's+Pet]

I was impressed when reading TFA (Yep, I actually read it for a change) to find out how advanced the original 'Creeper' virus was. It had artificial intelligence and everything - read again... "...and starts over, thereby hoping from system to system". It only 'hoped' from one system to the next - that's cool.

To Creeper

Happy Birthday

Re:400 years of genetically altered nazi mutant ru

Also, new=knew

Crappy Article

The author didn't even have enough smarts to include the Morris Worm.

Re:Crappy Article

The author didn't even have enough smarts to include the Morris Worm.

I know a man who named his kid Morris, will that do?

What a pointless piece...!

This is a typical puff piece by an ignorant reporter. Why didn't they ask a real virus researcher about some of the most influential viruses? Where is there no comment about BRAIN, the first international-spread virus which invented the boot-sector infection path? Why no mention of the amazing prevalence of FORM, which constituted about 1/3 of all infections in the world at its height? Why is there nothing about CONCEPT, the Microsoft-written virus which ushered in the era of high-level language macro viruses?

Why are the only viruses mentioned ones which there has been some public fuss about? I know - because the author knows nothing about this arcane technical subject, but hasn't let that get in the way of writing 500 words....

Re:What a pointless piece...!

I agree. Author was pretty worthless.

Re:What a pointless piece...!

[vaporland]

I agree - where's Robert Tappan Morris's Internet worm?

Re:What a pointless piece...!

[Mike+Van+Pelt]

Right... I don't see how anyone pretending to know anything about the history of the computer virus phenomenon could fail to mention the Pakistani Brain Virus.

What Stuxnet targets is pretty well known -- the controllers for those uranium isotope separating centrifuges. It changes the speed to physically damage them. The reporter didn't even attempt to pretend that he'd done his homework.

Lets start with a better list

[devent]

An article about the history of computer viruses that mentions Microsoft, Windows or IIS only 7 times? Lets start with a better list (thank you Wikipedia):

* Michelangelo: The virus was designed to infect DOS systems
* Melissa: It can spread on word processors Microsoft Word 97 and Word 2000 and also Microsoft Excel 97, 2000 and 2003. It can mass-mail itself from e-mail client Microsoft Outlook 97 or Outlook 98.
* I LOVE YOU: is a computer worm that successfully attacked tens of millions of Windows computers in 2000
* Code Red: 359,000 Microsoft's IIS web server.
* Sasser: running [on] vulnerable versions of the Microsoft operating systems Windows XP and Windows 2000
* Zotob: [runs on] Microsoft operating systems like Windows 2000,
* Storm botnet: The botnet, or zombie network, comprises computers running Microsoft Windows as their operating system, with the Storm worm at one point accounting for 8% of all malware on Microsoft Windows computers.
* Koobface: is designed to infect Microsoft Windows and Mac OS X, but also works on Linux (in a limited fashion)
* Conficker: targeting the Microsoft Windows operating system, with more than seven million government, business and home computers in over 200 countries now under its control.
* Stuxnet: is a Windows computer worm discovered in July 2010 that targets industrial software and equipment. Iran 62,867; Indonesia 13,336; India 6,552; United States 2,913;Australia 2,436;United Kingdom 1,038;Malaysia 1,013;Pakistan 993, all Windows.

What’s next? Are you kidding me? More Windows infected machines, more spam and more attacks on governments and industry that are stupid enough to pay for this system.

Re:Lets start with a better list

An article about the history of computer viruses that mentions Microsoft, Windows or IIS only 7 times? Lets start with a better list (thank you Wikipedia):

Most of your list entries are worms, botnets, logic bombs, rootkits, and trojans. You only have one Virus listed, and it's from back in the DOS days.

Thank you for proving once again how utterly worthless the Wikipedia really is as a primary reference source.

Re:400 years of genetically altered nazi mutant ru

[Hal_Porter]

Don't be homonymphobic.

Re:400 years of genetically altered nazi mutant ru

[The+Grim+Reefer2]

Also, new=knew

Yes, thank you. I can't believe I missed that one too.

...Like a fine wine...

[binaryseraph]

... Seems they just get better with age!

Semi-related topic

[RogueWarrior65]

The Cuckoo's Egg is a great book on hacker hunting.
http://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/1416507787/ref=sr_1_1?s=books&ie=UTF8&qid=1300160625&sr=1-1

Re:Semi-related topic

I just repurchased this. Could not believe it when I first read it a decade and a half ago...and read it straight through because it was that thrilling and "action" packed. Definite must read.

Re:400 years of genetically altered nazi mutant ru

Also "proof read" is one word.

Start w/ 1st one: ROBERT MORRIS' WORM

Which originated on *NIX (not Windows)

Agreed, 110%... apk

It really ought to be required reading for security pros in the Comp. Sci. field:

"The Cuckoo's Egg is a great book on hacker hunting." - by RogueWarrior65 (678876) on Monday March 14, @11:44PM (#35487714)

At 1st, once I started reading it (back around 5++ yrs. ago or more here), I thought "This is going to be DRY and BORING most likely"... it was ANYTHING BUT THAT (especially for those versed in networking).

APK

P.S.=> Thank goodness for the summer students' "secondary logging system" (or he never might have determined what he did)... apk

read TFA! :(

[Isaac+Remuant]

This is sad. Slasdotters are so used to not reading TFA that they sometimes miss interesting stories like this one. It's a light and amusing article. Read it!

My Ubuntu wished the computer virus a happy birthd

[andreicristianpetcu]

Happy birthday dude :)

The plural of virus is virus

All these virus experts and IT geeks yet nobody can get their head around the fact that the plural of virus is VIRUS.
Its not viruses, its not virii, its virus no matter how many there are.