Evolution of viruses: from student fun to disruption of Iran’s nuclear program
Computer viruses can cause a lot of problems. If any advertising banners on the desktop are just annoying, then the loss of money from electronic accounts and bank cards is literally a blow to the wallet. But antiviruses still do not provide one hundred percent protection, and a certain risk of infecting the computer still remains. Today we remember the history of viruses, and at the same time we will study the difference between trojans, rootkits and worms.
Apple devices are considered one of the safest for home use: due to the closeness of iOS and OS X, viruses are difficult to penetrate into the depths of these systems. However, it is also impossible to call them invulnerable. For example, in March of this year, the virus extortionist KeRanger settled on the computers of the Cupertina corporation. It penetrated into the system under the guise of the Transmission program, which is used to download files from the Internet. However, this virus and a couple of others caught in OS X in due time cannot be close equipped with an abundance of threats of all stripes for Windows. Apple uses a rather radical policy: the user cannot climb deep into the operating system. For the same reason, it is recommended to install programs from the AppStore - the local applications are checked by the company and will not do any harm, although several times this is how viruses got on Apple computers. In short, you just need to work or rest for the Mac, without trying to change something in it - they say, if the equipment functions properly, then you should not interfere with it. It is curious that the first viruses appeared in 1981 just for the Apple II computer ...
The first real virus called Brain was released in 1986. He was written by two brothers who just wanted to protect their heart rhythm tracking program from piracy. It was worth making a copy of a floppy disk, as the work of the hard disk began to slow down dramatically. In 1987, it became clear that Brain was getting out of control: he multiplied on his own and infected more and more computers. The result - 18 thousand infected systems only in the United States.
')
Brain was the first swallow in a viral epidemic, but compared to further attacks, it was not so dangerous. In November 1988, Robert T. Morris, a graduate student at Cornell University, released the first computer worm, which caused multimillion-dollar losses, to float freely. The virus should not have caused any significant damage: it simply collected data about the users of the ARPANET network, the prototype of the Internet. Having discovered the computer, the worm checked whether it was already infected or not. If the answer was positive, the program randomly decided whether to re-leave its copy. Because of the error made by the programmer, the worm was too often overwritten, which gradually caused the computers to freeze. ARPANET lay down, six thousand network nodes stopped working. The damage amounted to approximately 96.5 million dollars. The virus was named “Morris Worm”, and its creator was the first person accused of computer fraud. Robert T. Morris got off on probation, community service and a fine. This epidemic has shown that such attacks can lead to serious and costly consequences.
Surely one of the biggest fears of any computer user is data loss without the possibility of recovery. Some viruses did just that. Jerusalem, for example, was activated on a specific day - Friday of the 13th. The program has formatted the entire hard drive, which caused decent damage to universities and companies in the USA, Europe and the Middle East in 1988.
Another virus that destroyed files from the hard drive appeared in 1991 and was named in honor of the artist - Michelangelo. He had to prove himself only once - on March 6, on the birthday of Michelangelo himself. For this reason, the virus was difficult to detect: the code could sit for months in the system and not be revealed. On Day X, Michelangelo replaced the first hundred sectors of the hard disk with zeros, resulting in data integrity problems.
The year 1995 was marked by the appearance of the first macro virus - a type of virus that, as you might guess, is created in the macro language. Usually, these infections affect Microsoft Office collections. The Concept virus, released in the mid-nineties, selected MS Word documents as its victims. A year later, it became known about the virus Laroux. He attacked files with the .xls extension - that is, MS Excel. The origin of the virus is not known for certain, and it appeared only in two places - on the computers of oil producing companies in South Africa and Alaska. Probably the machinations of competitors.
Written in 1998, the CIH virus became widely known as “Chernobyl”. Taiwanese developer Chen Yin Hao was not modest and called the malicious algorithm by its initials - CIH. Like Michelangelo, CIH could sit in ambush for months until the desired hour of action occurred. The date was chosen April 26, 1999 - the thirteenth anniversary of the accident at the Chernobyl nuclear power plant. Hence the name of the virus and stuck. A computer infection infected Windows executable files, damaged hard disk data, and also disrupted the BIOS. Chen Yin Hao escaped punishment - at that time, cybercrime was not considered by the authorities of the country.
At the end of the millennium, a macro virus came out, which, according to some information, infected every fifth computer in the world. The programmer David Smith in March 1999 developed the Melissa virus, for which he applied a new distribution method at that time — via email. Once on the computer, Melissa penetrated into the mail program Outlook Express and sent a message to the first fifty contacts. Interestingly, as such, the virus did not harm the infected computer — but it didn’t disrupt the operation of the servers by sending letters to them. There were many versions of Melissa, which complicated the task of antivirus developers. David Smith was lucky: he was sentenced to 20 months in prison and a fine of five thousand dollars. The damage from the virus in this case amounted to about 80 million dollars.
In May 2000, computers were subjected to massive infection with the ILOVEYOU worm, which spread through mail. Apparently, many users did not have enough attention and care: apparently, people opened the attached file “LOVE-LETTER-FOR-YOU.txt.vbs” in the hope of receiving a love confession, and actually launched a malicious program into the system. She made changes to the files stored on the hard disk and spread through Outlook Express further. The worm hit the Guinness Book of Records as the most destructive in the world - the damage from it was, according to various estimates, from 10 to 15 billion dollars.
A year later, the Code Red worm appeared. Vulnerable were computers with a Microsoft IIS web server. Code Red even attacked the White House site. The infection replaced the hacked web pages with a message with the phrase "Hacked by Chinese", although China had nothing to do with the worm. However, there is speculation that the hackers were still Chinese, who lived in the Philippines.
Another mail worm appeared in 2004. MyDoom, he Novarg, changed the operating system, not allowing access to the sites of Microsoft and antivirus development companies. Another notable virus is Conficker, which infected the computers of the French, German and British military in 2008. Microsoft announced a reward of 250 thousand dollars for information about the developers of the virus, but the creators could not be found. The infected system was slow, could not open anti-virus sites, the Windows Update service stopped working. With a grief in half, the virus was defeated, but the likelihood of infection remains until now - Conficker is constantly changing.
While some programmers were looking for keys to antivirus and operating systems, aiming at ordinary users, others worked on tasks of a completely different level. The peak can be considered the Stuxnet virus, about which many rumors circulate, and the information is rather contradictory. It is known that in 2010 he threatened the Iranian nuclear program, disrupting the work of thousands of centrifuges that enriched uranium fuel. It is alleged that this was the first virus that had a physical impact on infrastructure facilities. In addition, Stuxnet is considered the first cyber weapon used. There is a version that behind him are the security services of the United States and Israel. If you look at the scale of the attack and the chosen target, such a statement does not seem paranoid. The last years were relatively quiet, such large attacks were not observed. Although in 2013 there was a cryptoLocker ransomware trojan that blocked some of the files and offered to “buy out” access to them.
Already after the first virus attacks, it became obvious that computers needed protection. Antiviruses began to create almost simultaneously with the viruses themselves - in 1984, the programmer Andy Hopkins introduced the programs CHK4BOMB and BOMBSQAD. The first one reads information from a floppy disk inserted into a computer and analyzes how safe the files are. The second program monitored the recording of data through the BIOS - in case of a threat, the operation could be stopped. A year later, the first antivirus appeared in the usual sense for us - DRPROTECT. This is a resident program, that is, running in the background without user intervention. The same principle is used by modern antiviruses.
In everyday life, all computer sores are called viruses, although this is not entirely correct. Malicious software is actually abundant: there are Trojans, rootkits, worms, viruses themselves, and much more. Behind these names are various malicious programs. But how do they differ from each other and how can they ruin the user's life? As in medicine, it is necessary to establish an accurate diagnosis for proper treatment, so in the computer industry you need to know what kind of threat the system faced. But, unfortunately, there are many threats.
A computer virus is often called any malware, be it a trojan, a worm, or something else. This is not entirely correct, but they do it for convenience and simplicity. In fact, the virus is distinguished by special behavior. It tries to infect as many files as possible. Once on the computer, the virus quickly spreads, gradually taking control of all the files that were in his teeth. This is its difference from the worm, which exists independently and does not attack other programs.
Usually, viruses penetrate the executable file, that is, they are not able to multiply and harm the system until the process is started by the user. Distribution is the traditional way: attached to the e-mail documents, links in chat rooms, flash drives, downloads from the Internet.
Understanding the principle of this program is easy if you recall the legend of the Trojan Horse, which was described by Homer in the Iliad. Guards besieged Troy opened the gate in front of a huge statue of a horse made of wood. Inside, frozen, there were soldiers who, under cover of night, got out of the structure and helped the allies get inside the city.
A computer trojan operates according to the same principle: under the guise of an innocuous program, there is a threat that can destroy your data or, worse, steal it. Also, a utility without the user's demand is able to upload its files, substitute for sites previously opened by the user in advance prepared - often of an advertising nature. The Trojans share one thing in common - they pretend to be ordinary programs or files, although they are not at all. The vast majority of successfully caught antivirus. Basically, the Trojans are no longer a serious threat, but they can spoil the mood.
One of the most difficult to detect threats. Rootkits hide deeply in the system, they can enter into any program and select a part of resources for their functioning. Worst of all, when the rootkit was in the depths of the operating system - in fact, he gets access to any processes without restrictions. This malware gets on the computer in the same way as many others: through external drives, security holes in browsers, opening questionable files.
The rootkit is difficult not only to detect but also to delete. The problem with the search lies in the fact that the virus hides deeply in the OS, and in addition it knows how to mask its presence so that the antivirus does not suspect anything. The outcome of the user's battle with the rootkit depends largely on the specific type of program that is on the computer. In some cases, only the reinstallation of the operating system remains.
Worms are sometimes classified as a type of virus, but the principle of action is different. While the virus seeks to infiltrate as many programs as possible, the worm does not infect other files. He seeks to produce more of his copies. Since the worm does not hide in the structure of other files and programs, it is usually easier to detect it than a virus or rootkit. The speed of the worm is higher. Many of them find the addresses of other computers through your email accounts or instant messengers, and without the knowledge of the user send the link to their copy to the entire contact list. The gullible people, having seen the message from the familiar person, will surely click, after which the infection of the computers will begin.
In 2003, the Blaster worm made a lot of noise, attacking computers running Windows 2000 and the newer XP. Once on the computer, Blaster was looking for weaknesses in the system, infecting it and moving on. The worm was aimed at Microsoft servers, and did not pose a serious threat to ordinary users - of the side effects was a spontaneous restart of the computer. Microsoft suspended the servers on the day of the attack, so the worm practically did no harm. Not Chinese hackers from the Xfocus group, who developed Blaster, but an American schoolboy, were on the dock. He had nothing to do with the creation of the worm, but had a hand in refining the code - at least, the guy said so. The teenager was punished with imprisonment for one and a half years and 225 hours of community service.
***
There are plenty of threats, and the more you learn about them, the greater the chances of becoming a computer hypochondriac. Antiviruses struggle well with popular malware, scanning a system deep enough. In general, the opposition of viruses and antiviruses is unlikely to ever end - for every action there is opposition, and the representatives of both camps are good in their craft. Most common problems can solve antiviruses, and it is not necessary to choose options with a paid subscription. Sometimes free, like our 360 Total Security antivirus, provide a high level of protection. At the same time and decently saving. In addition, you can install it on all popular platforms.
Much more serious things are with viruses that target infrastructure objects and corporate servers. A virus that has hit the corporate server can easily disrupt the operation of the company - for example, it will block access to the system. He is also able to delete or copy information, including confidential. If this happens with home computers, then globally, nothing terrible will happen. But when it comes to, say, banks, economic exchanges, large companies with large funds - the consequences of a virus attack, in theory, can lead to the bankruptcy of these organizations. Or, as in the case of Stuxnet, the viruses would jeopardize the national security of the country: who knows what would have resulted in a complete shutdown of the cooling system of the nuclear power plant and the inability to start the centrifuges. It remains to be seen what else has been developed over the past six years since the moment of the Stuxnet attack - and what consequences more modern malware can cause.
Evolution of viruses
1980 - 1990: protection against piracy turned into a massive infection of computers; graduate student accidentally caused damage of nearly $ 100 million
Apple devices are considered one of the safest for home use: due to the closeness of iOS and OS X, viruses are difficult to penetrate into the depths of these systems. However, it is also impossible to call them invulnerable. For example, in March of this year, the virus extortionist KeRanger settled on the computers of the Cupertina corporation. It penetrated into the system under the guise of the Transmission program, which is used to download files from the Internet. However, this virus and a couple of others caught in OS X in due time cannot be close equipped with an abundance of threats of all stripes for Windows. Apple uses a rather radical policy: the user cannot climb deep into the operating system. For the same reason, it is recommended to install programs from the AppStore - the local applications are checked by the company and will not do any harm, although several times this is how viruses got on Apple computers. In short, you just need to work or rest for the Mac, without trying to change something in it - they say, if the equipment functions properly, then you should not interfere with it. It is curious that the first viruses appeared in 1981 just for the Apple II computer ...
The first real virus called Brain was released in 1986. He was written by two brothers who just wanted to protect their heart rhythm tracking program from piracy. It was worth making a copy of a floppy disk, as the work of the hard disk began to slow down dramatically. In 1987, it became clear that Brain was getting out of control: he multiplied on his own and infected more and more computers. The result - 18 thousand infected systems only in the United States.
')
Brain was the first swallow in a viral epidemic, but compared to further attacks, it was not so dangerous. In November 1988, Robert T. Morris, a graduate student at Cornell University, released the first computer worm, which caused multimillion-dollar losses, to float freely. The virus should not have caused any significant damage: it simply collected data about the users of the ARPANET network, the prototype of the Internet. Having discovered the computer, the worm checked whether it was already infected or not. If the answer was positive, the program randomly decided whether to re-leave its copy. Because of the error made by the programmer, the worm was too often overwritten, which gradually caused the computers to freeze. ARPANET lay down, six thousand network nodes stopped working. The damage amounted to approximately 96.5 million dollars. The virus was named “Morris Worm”, and its creator was the first person accused of computer fraud. Robert T. Morris got off on probation, community service and a fine. This epidemic has shown that such attacks can lead to serious and costly consequences.
Surely one of the biggest fears of any computer user is data loss without the possibility of recovery. Some viruses did just that. Jerusalem, for example, was activated on a specific day - Friday of the 13th. The program has formatted the entire hard drive, which caused decent damage to universities and companies in the USA, Europe and the Middle East in 1988.
1990 - 2000: the emergence of viruses with timers; first macro viruses attacking MS Office and email clients
Another virus that destroyed files from the hard drive appeared in 1991 and was named in honor of the artist - Michelangelo. He had to prove himself only once - on March 6, on the birthday of Michelangelo himself. For this reason, the virus was difficult to detect: the code could sit for months in the system and not be revealed. On Day X, Michelangelo replaced the first hundred sectors of the hard disk with zeros, resulting in data integrity problems.
The year 1995 was marked by the appearance of the first macro virus - a type of virus that, as you might guess, is created in the macro language. Usually, these infections affect Microsoft Office collections. The Concept virus, released in the mid-nineties, selected MS Word documents as its victims. A year later, it became known about the virus Laroux. He attacked files with the .xls extension - that is, MS Excel. The origin of the virus is not known for certain, and it appeared only in two places - on the computers of oil producing companies in South Africa and Alaska. Probably the machinations of competitors.
Written in 1998, the CIH virus became widely known as “Chernobyl”. Taiwanese developer Chen Yin Hao was not modest and called the malicious algorithm by its initials - CIH. Like Michelangelo, CIH could sit in ambush for months until the desired hour of action occurred. The date was chosen April 26, 1999 - the thirteenth anniversary of the accident at the Chernobyl nuclear power plant. Hence the name of the virus and stuck. A computer infection infected Windows executable files, damaged hard disk data, and also disrupted the BIOS. Chen Yin Hao escaped punishment - at that time, cybercrime was not considered by the authorities of the country.
At the end of the millennium, a macro virus came out, which, according to some information, infected every fifth computer in the world. The programmer David Smith in March 1999 developed the Melissa virus, for which he applied a new distribution method at that time — via email. Once on the computer, Melissa penetrated into the mail program Outlook Express and sent a message to the first fifty contacts. Interestingly, as such, the virus did not harm the infected computer — but it didn’t disrupt the operation of the servers by sending letters to them. There were many versions of Melissa, which complicated the task of antivirus developers. David Smith was lucky: he was sentenced to 20 months in prison and a fine of five thousand dollars. The damage from the virus in this case amounted to about 80 million dollars.
2000 - 2010: the “loving” virus is listed in the Guinness Book of Records; White House site under threat; Iran's nuclear program was nearly disrupted by a virus attack by foreign intelligence agencies
In May 2000, computers were subjected to massive infection with the ILOVEYOU worm, which spread through mail. Apparently, many users did not have enough attention and care: apparently, people opened the attached file “LOVE-LETTER-FOR-YOU.txt.vbs” in the hope of receiving a love confession, and actually launched a malicious program into the system. She made changes to the files stored on the hard disk and spread through Outlook Express further. The worm hit the Guinness Book of Records as the most destructive in the world - the damage from it was, according to various estimates, from 10 to 15 billion dollars.
A year later, the Code Red worm appeared. Vulnerable were computers with a Microsoft IIS web server. Code Red even attacked the White House site. The infection replaced the hacked web pages with a message with the phrase "Hacked by Chinese", although China had nothing to do with the worm. However, there is speculation that the hackers were still Chinese, who lived in the Philippines.
Another mail worm appeared in 2004. MyDoom, he Novarg, changed the operating system, not allowing access to the sites of Microsoft and antivirus development companies. Another notable virus is Conficker, which infected the computers of the French, German and British military in 2008. Microsoft announced a reward of 250 thousand dollars for information about the developers of the virus, but the creators could not be found. The infected system was slow, could not open anti-virus sites, the Windows Update service stopped working. With a grief in half, the virus was defeated, but the likelihood of infection remains until now - Conficker is constantly changing.
While some programmers were looking for keys to antivirus and operating systems, aiming at ordinary users, others worked on tasks of a completely different level. The peak can be considered the Stuxnet virus, about which many rumors circulate, and the information is rather contradictory. It is known that in 2010 he threatened the Iranian nuclear program, disrupting the work of thousands of centrifuges that enriched uranium fuel. It is alleged that this was the first virus that had a physical impact on infrastructure facilities. In addition, Stuxnet is considered the first cyber weapon used. There is a version that behind him are the security services of the United States and Israel. If you look at the scale of the attack and the chosen target, such a statement does not seem paranoid. The last years were relatively quiet, such large attacks were not observed. Although in 2013 there was a cryptoLocker ransomware trojan that blocked some of the files and offered to “buy out” access to them.
Already after the first virus attacks, it became obvious that computers needed protection. Antiviruses began to create almost simultaneously with the viruses themselves - in 1984, the programmer Andy Hopkins introduced the programs CHK4BOMB and BOMBSQAD. The first one reads information from a floppy disk inserted into a computer and analyzes how safe the files are. The second program monitored the recording of data through the BIOS - in case of a threat, the operation could be stopped. A year later, the first antivirus appeared in the usual sense for us - DRPROTECT. This is a resident program, that is, running in the background without user intervention. The same principle is used by modern antiviruses.
Viruses, worms, rootkits - what is it and where did it come from?
Types of viruses
In everyday life, all computer sores are called viruses, although this is not entirely correct. Malicious software is actually abundant: there are Trojans, rootkits, worms, viruses themselves, and much more. Behind these names are various malicious programs. But how do they differ from each other and how can they ruin the user's life? As in medicine, it is necessary to establish an accurate diagnosis for proper treatment, so in the computer industry you need to know what kind of threat the system faced. But, unfortunately, there are many threats.
Virus
A computer virus is often called any malware, be it a trojan, a worm, or something else. This is not entirely correct, but they do it for convenience and simplicity. In fact, the virus is distinguished by special behavior. It tries to infect as many files as possible. Once on the computer, the virus quickly spreads, gradually taking control of all the files that were in his teeth. This is its difference from the worm, which exists independently and does not attack other programs.
Usually, viruses penetrate the executable file, that is, they are not able to multiply and harm the system until the process is started by the user. Distribution is the traditional way: attached to the e-mail documents, links in chat rooms, flash drives, downloads from the Internet.
Troyan
Understanding the principle of this program is easy if you recall the legend of the Trojan Horse, which was described by Homer in the Iliad. Guards besieged Troy opened the gate in front of a huge statue of a horse made of wood. Inside, frozen, there were soldiers who, under cover of night, got out of the structure and helped the allies get inside the city.
A computer trojan operates according to the same principle: under the guise of an innocuous program, there is a threat that can destroy your data or, worse, steal it. Also, a utility without the user's demand is able to upload its files, substitute for sites previously opened by the user in advance prepared - often of an advertising nature. The Trojans share one thing in common - they pretend to be ordinary programs or files, although they are not at all. The vast majority of successfully caught antivirus. Basically, the Trojans are no longer a serious threat, but they can spoil the mood.
Rootkit
One of the most difficult to detect threats. Rootkits hide deeply in the system, they can enter into any program and select a part of resources for their functioning. Worst of all, when the rootkit was in the depths of the operating system - in fact, he gets access to any processes without restrictions. This malware gets on the computer in the same way as many others: through external drives, security holes in browsers, opening questionable files.
The rootkit is difficult not only to detect but also to delete. The problem with the search lies in the fact that the virus hides deeply in the OS, and in addition it knows how to mask its presence so that the antivirus does not suspect anything. The outcome of the user's battle with the rootkit depends largely on the specific type of program that is on the computer. In some cases, only the reinstallation of the operating system remains.
Worm
Worms are sometimes classified as a type of virus, but the principle of action is different. While the virus seeks to infiltrate as many programs as possible, the worm does not infect other files. He seeks to produce more of his copies. Since the worm does not hide in the structure of other files and programs, it is usually easier to detect it than a virus or rootkit. The speed of the worm is higher. Many of them find the addresses of other computers through your email accounts or instant messengers, and without the knowledge of the user send the link to their copy to the entire contact list. The gullible people, having seen the message from the familiar person, will surely click, after which the infection of the computers will begin.
In 2003, the Blaster worm made a lot of noise, attacking computers running Windows 2000 and the newer XP. Once on the computer, Blaster was looking for weaknesses in the system, infecting it and moving on. The worm was aimed at Microsoft servers, and did not pose a serious threat to ordinary users - of the side effects was a spontaneous restart of the computer. Microsoft suspended the servers on the day of the attack, so the worm practically did no harm. Not Chinese hackers from the Xfocus group, who developed Blaster, but an American schoolboy, were on the dock. He had nothing to do with the creation of the worm, but had a hand in refining the code - at least, the guy said so. The teenager was punished with imprisonment for one and a half years and 225 hours of community service.
***
There are plenty of threats, and the more you learn about them, the greater the chances of becoming a computer hypochondriac. Antiviruses struggle well with popular malware, scanning a system deep enough. In general, the opposition of viruses and antiviruses is unlikely to ever end - for every action there is opposition, and the representatives of both camps are good in their craft. Most common problems can solve antiviruses, and it is not necessary to choose options with a paid subscription. Sometimes free, like our 360 Total Security antivirus, provide a high level of protection. At the same time and decently saving. In addition, you can install it on all popular platforms.
Much more serious things are with viruses that target infrastructure objects and corporate servers. A virus that has hit the corporate server can easily disrupt the operation of the company - for example, it will block access to the system. He is also able to delete or copy information, including confidential. If this happens with home computers, then globally, nothing terrible will happen. But when it comes to, say, banks, economic exchanges, large companies with large funds - the consequences of a virus attack, in theory, can lead to the bankruptcy of these organizations. Or, as in the case of Stuxnet, the viruses would jeopardize the national security of the country: who knows what would have resulted in a complete shutdown of the cooling system of the nuclear power plant and the inability to start the centrifuges. It remains to be seen what else has been developed over the past six years since the moment of the Stuxnet attack - and what consequences more modern malware can cause.
Source: https://habr.com/ru/post/282047/
All Articles