The malware industry has developed from the practice of a pranksters to a criminal business.
Computer malware has been in existence almost as long as computers themselves, causing damage to files and disrupting productivity since the late 1960s. However as technology has evolved, so too has the nature of the threat, and today malware forms the backbone of a global cybercrime epidemic that has become more profitable than the drug trade.
While malware has been around since the days of mainframes, these were mostly localised phenomena. The first virus to use global computer networks to spread itself emerged in 1971 and was known as 'The Creeper'. The Creeper, a laboratory built virus, was able to enter networks via modems and duplicate itself onto remote systems and is the predecessor of many of the modern malware tools seen today. Developed as a counter-measure and designed to fight The Creeper virus, 'The Reeper', became the very first anti-virus programme.
The emergence of a threat
The year 1981 saw the emergence of the very first virus 'in the wild', in other words, not developed in a laboratory. The 'Elk Cloner' was a bootable virus that attached itself to the boot sector of floppy disks, and appeared in many different guises, from flipping monitor displays to making text displays blink to showing a variety of messages on screen.
As the popularity of computers grew in the 1980s, more and more computer programmes began to be written, not only by software companies but by individuals as well. These programmes were freely distributed and widely exchanged through general access servers. Along with the first 'in the wild' virus and the growing number of computer programmes, there also emerged large numbers of malicious programmes termed 'Trojan horses', which inevitably caused some form of damage to the system when started up.
In the late 1980s the virus pandemic truly began, with the spread of stealth viruses such as the 'Brain' virus in 1986, the 'Vienna' virus in 1987 and the emergence of several boot viruses around the globe. The idea of writing viruses became a popular one and the number of malware programmes began to grow. A network virus called 'The Christmas Tree' spread across the computing world in December 1987 and the infamous 'Jerusalem' virus emerged in 1988, destroying files which users attempted to run and infecting computers across Europe, America and the Middle East. These viruses infected thousands of computers unnoticed, since anti-virus programmes were still relatively uncommon.·
Also in 1988, the first malware appeared on the Internet. The 'Morris Worm' infected thousands of systems in USA, including the computers at NASA, sending unlimited copies of itself to other network computers and completely paralysing all network resources, costing millions of dollars worth of damage.
Around the time that viruses were truly becoming a problem for computer users, increasing numbers of anti-virus software tools emerged as a counter measure and began to become more common. However, the game changed once again in the 1990s with the emergence of polymorphic viruses, which thwarted the anti-virus software of the time and forced programme developers to look for different methods of virus detection. The same pattern continues to this day, as virus writers develop increasingly sophisticated malware and anti-virus software developers counteract the new threats.
The threat landscape has evolved dramatically since the emergence of the first virus, and IT security is now challenged by thousands upon thousands of different malicious tools, with malware and spam now driven by self-propagating botnets. The malware trade too has evolved from something of a prank when it first began to a business conducted by cybercrime networks expressly for the purposes of financial gain.
The growth of the Internet and increasing connectivity has fuelled the expanding complexity and reach of threats. From malware that first attacked individual computers and then individual networks, to threats that targeted multiple and regional networks, the threat landscape now encompasses the global infrastructure and attacks are increasingly targeted. Zero day threats are a reality, as cybercriminals have focused the blanket approach of viruses to aim specifically at individuals and companies through spear phishing and denial of service attacks amongst others.
Countering the array of threats in the modern IT landscape requires a two-fold approach. While anti-virus, anti-spam, intrusion prevention, firewalls and other security software have a vital part to play, this technology simply is no longer enough on its own. Awareness and education are key in preventing users and organisations from falling victim to cybercrime.
The threat landscape now encompasses not only computers and networks but also an array of portable devices such as tablets and smartphones which increase the complexity of security. The more connected users become, the more vulnerable we are to attacks that can affect the entire home or business network. Protecting these devices is becoming increasingly important, as attackers will always target areas where the users are.
The reality is that the Internet is not a private space, and users need to educate themselves and be more vigilant to prevent malware and cybercriminals from causing serious reputational and financial damage. To use an analogy, it is all very well having the latest alarm systems and locks installed in your home, but if you leave the door open criminals will have no trouble stealing your possessions. The same is true of computers. Security software can only do so much, the rest is up to user intervention to ensure the system and the network remain protected.
Fred Mitchell, Symantec Division Manager at Drive Control Corporation