The computer virus – a history24th Apr 2011
In February 2011 the personal computer virus was 25 years old.
In that time computer viruses have caused the loss of untold millions of pounds, wasted decades in productivity, and wrecked companies.
Despite this the dangers represented by computer viruses go largely unheeded, often because society at large still feels that they do not really intrude on their existence – an attitude that, with the emergence of the virus called Stuxnet, now borders on the irresponsible.
With Stuxnet, which according to Iranian President, Mahmoud Ahmadinejad deliberately sabotaged the country’s plans to build a nuclear power plant, the computer virus proved for the first time that it could be used to achieve serious real world damage.
Computer security experts say that this is just the beginning.
The new 21st century viruses are already being custom-built like Stuxnet to steal data for use in online banking theft and fraud, espionage and sabotage.
Lawyers are predicting this trend will see a spate of legal cases from victims seeking compensation against organisations they deem to have taken insufficient precautions to protect their data.
However, though it’s now a real world threat with the potential to wreak the sort of Hollywood-style havoc portrayed in the movie ‘Die hard 4.0’ where traffic lights jam and power systems go down, the computer virus had a modest beginning in a computer shop near Lahore railway station.
Dubbed ‘Brain’ by the media, the virus was written by two brothers, Basit and Amjad Farooq Alvi to protect any copyright infringements on a medical computer program they had written.
Its potential as a virus was accidental.
But this accident was to have two completely unintended consequences.
First, the program alerted others to the possibility that computer code could be written for harmful purposes and, secondly, that harmful computer code could be passed from machine to machine.
Since that time the computer virus has progressed quickly and like viruses in the biological world they have gone through a number of mutations.
Viruses have also gone through the hands of a number of different social groups before settling into those of their current minders, the criminals.
Once the concept of the computer virus passed into the consciousness of the technology community it briefly became the preserve of what the media often referred to as the ‘computer whiz-kid.’
Often they were middle-class teenagers who were good at computing and academic who wanted some external recognition of their intellect, and the computer virus was an ideal way of achieving this.
A ‘successful’ virus received instant media attention, conferred on its creator intellectual recognition, and also proved that they knew about something that most people did not.
It also presented an opportunity for an attack on the establishment by hitting at the establishment’s most potent symbol of control – the computer. It answered that time honoured challenge of the young to adult authority.
The result was a general recognition that technology conferred power.
Virtually every famous name in computing from Sir Tim Berners-Lee to Bill Gates has been outed as a hacker in their youth. Those involved in technology realised that their knowledge allowed them to challenge governments in a way that had never been possible before; getting into the heart of their computers and extracting information.
This awareness spawned a technology libertarianism that saw the emergence of hacking groups such as the Chaos Computer Club in Germany and Hactic in Holland that embraced technology as the means to achieve political change by opening up access to information.
On the sidelines of this technology sub-culture sat the newly-developing virus writers and others with less lofty ideals than the members of the CCC and Hactic, such as Karl Koch, Peter Karl and Hans Hubner. These three members of the CCC made contact with the KGB and offered it their hacking services – an essential part of the later development of the computer virus as this approach began the Russian interest in using computer code to obtain data, now widely seen in modern viruses.
That move to modern viruses was driven by two trends, technology itself and the development of the internet as a means for business to buy and sell goods and services and to enable online sales.
The early computer viruses infected computers via floppy disks; before the arrival of the CD-ROM this was the method of loading and transferring data between computers. As with biological viruses, the floppy disks needed a carrier, without a human to move them from computer to computer they were harmless.
These viruses worked by infecting the computer’s boot sector, the part of the computer that Windows computers used whenever they started up.
They were followed by executable viruses – viruses that ran whenever you executed the program that they were hidden in – normally in a game or in software that had been pirated.
In most cases these viruses caused damage of some sort – essentially because the author wanted to draw attention to themselves – so one of the symptoms may have been that all of the characters on a screen would start to fall to the bottom, or a message would flash onto the screen telling you that your computer was infected and your hard drive was about to be wiped.
However such actions only involved what society at large viewed as the computer nerds, large corporates and government and a handful of the most forward-looking companies.
Changes by Microsoft to its technology eradicated these viruses by changing the way that computers booted themselves up.
It was only with the birth of the mass market internet in 1996 that the computer virus broke out of that ghetto. Again in a sense it could be claimed that this happened by accident.
The Morris worm
In 1988, Robert Morris Junior, a computer whiz-kid who embarrassingly was also the son of Robert Morris, the former chief scientist at the National Computer Security Center, a division of the National Security Agency (NSA), released a piece of code designed to map the size of the then embryonic internet, a network used by the military and academics known as Arpanet.
The code was self-replicating so that it spread through the internet to all of the computers that were connected and then reported back. The replication proved to be the problem. The problem was that he did not turn the command off and the program started to write itself over and over again between machines infecting them, over and over again and bringing the network to a grinding halt as each computer tried to pass on the rogue code.
Morris is now a Professor at the Massachusetts Institute of Technology in the department of Electrical Engineering and Computer Science but he will forever be known for the creation of the piece of code called ‘the Morris worm’.
The virus writers now had an example of a way that they could spread their software over networks. All that remained was for the internet to take off, which it did from around 1996.
Computer viruses could now start to reach computers via emails and no longer needed the medium of the floppy disk.
As a result the first macro-viruses appeared – these were just viruses that were hidden inside an application itself, like the code in an Excel spreadsheet.
Once they had infected machines they hid on the computer and then opened a program called a Trojan that looked for the email address book and then started to send out copies of the virus to everyone in it.
Several viruses in particular achieved the world –wide attention craved by their creators – ‘I love you’, ‘Melissa’, ‘Code Red’, ‘Blaster’ and ‘Slammer’.
But though intensely irritating due to the time they took to remove, the threat from these viruses has been largely removed by the deployment of firewall technology.
These viruses were not criminal in intent, a development that according to computer security experts, only took place around 2002.
What prompted the criminal entry into the market was the appearance of money and commerce on the internet.
In 1995, eBay started up from Pierre Omidyar’s spare room and in the same year the First Network Bank in Pineville, Kentucky, launched as the first pure internet bank, while the Presidential Savings Bank launched a service that allowed its customers to view account information and perform some transactions.
By 2002 people had embraced trading and banking online, a trend that inevitably lead to the development of cyber crime and a change in the social dynamic of the virus writer.
With around two billion people online – nearly a third of the world – the internet is mainstream and has broken out of the hands of a technologically literate few.
Crime gangs in Russia, the former Eastern bloc, the US, South America, Asia and Africa all started to develop methods for exploiting this new bonanza, with the Russian crime gangs achieving a formidable reputation in the area.
Part of the reason for this was the collapse of the old economy of the Soviet Union. The newly-emerging Russian mafias were able to recruit former members of the KGB who brought with them the computer expertise that they had been developing, and their awareness of the potential of computer viruses.
Some observers have commented that if Silicon Valley is the light side of the internet then the Russians contributed the dark side.
Whether true or not, it is indisputable that it is easy to find underworld websites in Russia that are the equivalent of criminal online stores where stolen financial information and hacking services are available. These include stolen credit card details and bank account details for individuals and businesses, identities, tailored computer viruses, infected computers and in some cases intellectual property.
Now, rather than damaging machines, the modern criminal virus has been made to steal from them. They seek out unprotected computers that either do not use anti virus software – some 50 percent of home machines and 14 percent of small businesses do not – or which are poorly maintained and do not apply the regular software patches to their operating systems. They then install viruses onto these machines and steal information and take over the computer and its internet access.
This is now done by criminal gangs operating on an industrial scale, using automated software to broadcast around 100,000 new viruses a day. These are simply parts of an old virus that have adapted by changing the code slightly.
As anti-virus (AV) programs are only set up to identify programs that they recognise these variants can often slip through until the AV companies find them and update their programs – the reason for the daily updates of AV programs.
These viruses now combine most of the techniques that the early virus writers developed through the web. In recent years the major trend has been the theft of information and identity details.
The automated systems are made up of networks of infected computers belonging to home users and businesses and are known as ‘botnets’. They either broadcast viruses continuously or to order.
They are spread by using pirated software, music or films from the web, by accessing a website that has been ‘poisoned’ or by opening an email attachment.
The modern computer virus will first find a machine it can infect. It will then install a Trojan program onto the computer which in turn installs a cocktail of software.
This includes a key logger, which is designed to sit on a machine and monitor key strokes and look for passwords to your system and any financial websites.
Other software may look for databases and commercial information. This financial and commercial information is then transmitted back to the botnet system and actually may not involve a human operator. In some cases a computer-matching technique developed by the counter fraud industry, and known as ‘fuzzy –matching’, is used to find other similar data on name and address to add value to an identity. This is then sold on a cyber crime website.
Once the computer has been ‘fleeced’ it is turned into a ‘zombie’ and set to work as part of the botnet itself and is used to store and transmit stolen information, junk email and viruses.
In some cases AV software will be installed to prevent other groups from taking over the machine.
From a criminal point of view the machine has become a cash cow.
Firstly, it can yield stolen financial information, commercial information and databases that can be used to add to the fuzzy matching systems run on their zombie computers.
Secondly, it is used to send out the unwanted spam junk mail for Viagra, penis enhancers, fake watches and a host of other products that have become one of the main sources of income for the gangs.
Thirdly, it provides another source of income by becoming part of the botnet itself as the gangs rent these out. This is either to people wanting to broadcast spam or to people wanting to use them to attack other computer networks, for example those of a competitor.
The computers do this by being ordered to send continuous, automated messages to a computer or a website. When perhaps 40,000 computers do this at the same time it overloads the computer and brings it down.
Over the past three years criminals have started to target computer viruses at specific individuals.
Stuxnet, the most recent development of this trend, was a computer virus that damaged an Iranian nuclear power station. This means that viruses have now shown that – because of our dependence on technology – they can do very real damage.
Protecting yourself against computer viruses
Preventing computer viruses is very much like protecting yourself against biological world viruses. In general you will be safe if you practice good hygiene, and awareness.
1. As with biological viruses, quarantine is the best option and to achieve this you should buy an internet protection suite that includes a firewall and other measures such as email protection and keep it updated by paying an annual renewal fee. If your anti-virus system is not updated it is useless. Many internet protection suites contain software that will also alert you to unsafe websites.
2. Make sure that your computers are patched to meet computer threats. Windows offers a service that automatically patches computers with essential updates. Again, if this is not done you risk your computers being attacked as viruses that target precise weaknesses – such as computers which have not installed a particular update – now circulate on a permanent basis on the internet. These are known in the industry jargon as ‘toxic waste’.
3. Implement a computer security policy among staff which tells them of the measures that you are insisting on and the reasons for that policy. This policy should stress that opening spam email attachments can send you to ‘poisoned websites’- now a favourite source of infection – or that spam email can contain links that do the same thing. That visiting dubious websites such as sex sites can often load virus software. That you should not open email from someone you do not know. If you receive an email you are not expecting check with the person who sent it by either sending an email or ringing them. Be very wary of chain letters, jokes and other unsolicited material that you do not know the origin of. Finally implement a policy on social networking and instant messenger systems and again do not accept connection from anyone you do not know or you are unsure about.
4. Be aware. Often computer viruses will need some form of permission to run – this can be given by clicking on a link or being told that to view something on a website that you will need to run special software. If you did not ask the computer to do something then do not let it. If a box appears saying that it is installing a program – use the internet to check what that program is and what it does. Remember if you want to stay in control, be in control.