History of malware
A brief history of viruses, worms and Trojans
The 20th birthday of the first officially announced virus has just passed. Many other "milestones" in the development of viruses, worms and Trojans are contained in the following summary.
The theoretical preliminary work on computer viruses goes back as far as 1949. John von Neumann (1903-1957) developed the theory of self-reproducing automatons. However the details of the technical implementation were not conceivable at this time.
In Core Wars programs written in so-called Redcode are at war with each other. They fight to survive in the memory area. So-called impulses spread through memory and delete addresses at random. There were also a few versions which could copy themselves. This is where the roots of computer viruses lie.
Professor Leonard M. Adleman employs the term "computer virus" for the first time in conversation with Fred Cohen.
The first viruses for Apple II computers are exchanged within a small circle via diskette. Due to an error, the virus caused program crashes. This error was rectified in later versions..
As the first "in the wild" Apple / DOS 3.3 virus, the "Elk Cloner" virus plagues users with spoonerisms, inverted or false displays and clicking noises. It spread via diskettes, which with other operating systems - probably inadvertently - were made unusable.
In the Xerox Alto Research Centre, Jon Hepps and John Shock program the first worms. They are used for distributed calculations and spread independently in the network. Because of a program error, this spread took place in an uncontrolled manner, which after a short time crippled the computers.
In November Fred Cohen presents the concept of a virus for the first time in his seminar. For the implementation of a first functional virus running on UNIX, he needed only 8 hours. Within a few minutes he had full access rights to all computers.
Fred Cohen publishes his first articles about "Experiments with Computer Viruses," which were incorporated in his PhD thesis "Computer Viruses - Theory and Experiments" published in 1986. His rather mathematically-oriented definition of a virus is still recognised today and does not encompass the negative connotation that the term virus has acquired nowadays.
There is not long to wait before other viruses appear in the wild. Often these are just joke programs, which only annoy the computer user.
The Trojan horse Gotcha is truly virulent. After the EGABTR program starts, which supposedly enables graphical displays, the data on the hard drive are deleted and "Arf, arf, Gotcha" appears on the screen."
The "Surprise" program, written in BASIC, used the line command "kill *.*" to ensure that all accessible files were deleted. At the same time the text "Surprise" was displayed.
The source code of a virus for Apple II computers is printed in the journal "Apples". At the same time, the German hacker scene was getting to grips with viruses. The "BAYERISCHE HACKERPOST" is the first German magazine to report on computer viruses and Cohen's dissertation. At the time, the danger associated with computer viruses, relates only to mainframe computers. The danger to personal computers is not yet taken seriously.
The brothers Basit and Amjad Farooq Alvi run a small computer business called "Brain Computer Services" in Lahor, Pakistan. In order to punish illegal copying of their software, they created a boot sector virus for the DOS operating system. Spread by Pakistani students, the virus spread like an epidemic and even reached American universities. The program was, however, relatively harmless as all it did was rename the TOC of the infected diskettes to Brain. It remains to this day, the only virus program, which contains the author's address.
With "Virdem", Ralph Burger introduces the first file virus at a forum of the Hamburg Chaos Computer Club.
"PC-Write" was the first Trojan horse.
Thanks to the "Pakistani Brain", viruses entered into the public consciousness. John McAfee and other computer specialists founded the first anti-virus companies.
The first mainframe computer is attacked with viruses at the Free University of Berlin. The Chaos Computer Club warns of a virus epidemic within the next 18 months. The source code of a virus for Apple II computers is printed in the magazine "Computer Persönlich". The source code for the virus "Rushhour" (by B.Fix ) for MS-DOS computers is printed in the magazine "Datenschleuder".
Now viruses appear ever more frequently that infect files (at first only .COM files). The virus "Lehigh" arouses public interest for the first time. Lehigh infects "command.com" and is therefore, from a technical point of view, the first memory resident virus. After the virus has been copied to 4 diskettes, the data on all data media contained in the computer are deleted. This radical action leads however, to its rapid extinction. In connection with "Lehigh", the VIRUS-L/comp.virus mailing list and newsgroup is created and becomes an important source of information in the fight against viruses.
A student in Wellington, New Zealand writes the first, and one of the most successful, boot sector viruses called Stoned/New Zealand. It has no destructive harmful function. Form is just as successful as a boot sector virus.
After the first Macintosh viruses have surfaced in the form of nVir and Peace, Apple decided to load the virus search program Virus-Rx on every computer.
The so-called "Cascade-Virus" is the first encrypted virus. This causes, for the first time in Germany, the letters on a page to slide downwards where they collect in a little heap. The files were destroyed.
The first virus for Amiga (SCA) infects the boot sector and displays a message from time to time.
In December, a well-meaning American student crippled e-mail communication and networks worldwide with the first computer worm. The "Christmas tree" worm draws a Christmas tree on the screen while in the background, it sends itself to all the e-mail addresses it can find on the system.
in "c't" (German computer technology magazine), an article appears about computer viruses for the Atari ST, in which a source code listing is also printed. The virus can easily be adapted by the non-specialist. The subsequent wave of new viruses triggers a discussion about the publication of virus source codes.
Links for more information:
|CoreWars & Redcode|