“Malware” consists of two words combined: Malicious and Software. Malware is designed to damage computers and/or networks.
Let’s learn more about the history of malware in our daily #FromZeroToHacker challenge.
| Table of contents |
| Introduction |
| What have I learnt today? |
| Stats |
| Resources |
Introduction to the History of Malware
“Malware” consists of two words combined: Malicious and Software. Malware is designed to damage computers and/or networks: Leak private information, gain unauthorised access to information or systems, deprive access to information, disrupt of programs and services, etc.
What have I learnt today?
The creeper program
Concepts of Malicious Software have been around since 1949, one of the first known theories being the one created by John Von Neumann. His design is arguably one of the world’s first computer viruses, but in reality, it is the first concept or design:
Creeper
The creeper program or Creeper worm, was the first-ever virus to be created.
Written by Bob Thomas in 1971, the program transferred itself between computers (through ARPANET). Creeper would iteratively display the following message:
While it is not technically malware as it didn’t harm any computers, it is the very first program that did something close to a virus.
Ray Tomlinson re-designed the Creeper virus to copy to each computer, instead of deleting the older copy before spreading to a new one as the initial did.
ARPANET
Originally started out with two specific protocols (Remote login and transferring files), ARPANET was the predecessor of the modern internet.
Reaper
Created by Ray Tomlinson (the one who re-designed Creeper), Reaper’s purpose was to remove any copies of Creeper that it could find.
According to Malware Wiki, Reaper is a Nematode, which is a type of malware which removes other malware, but Reaper was actually the first anti-virus software produced.
Wabbit
The Wabbit (or Rabbit…) had this name due to the fast pace in which the software could replicate itself. It would work so fast that the system would choke on its resources, ending up crashing.
Rabbit was one of the best versions of malware, as it was considered the first malicious program, growing from concepts of malware created by other computer scientists. As it would only affect the infected machine, not passing via network to others, it wasn’t classed as a worm.
Wabbit worked as a form of Denial-of-Service known as a “fork bomb”.
Wabbit created an infinite loop that creates system processes and copies of the original file, using a lot of resources, causing it to get slower and slower, until its eventual crash.
ANIMAL
ANIMAL, written by John Walker, would act as a game that asks the user a number of questions to guess the type of animal they were thinking of.
While the user plays the game, a subroutine called PERVADE, created a copy of itself and ANIMAL in each directory the current user had access to.
Despite this, ANIMAL wasn’t malicious, as it was written in a way to ensure no directory structure nor files were damaged.
Elk Cloner
Richard Skrenta, a 15-year-old high school student, created one of the first microcomputer viruses that spread outside a computer system.
This malware was spread via floppy disk, and it was created in 1982 as a practical joke to mess with his friends.
The program was placed into a game’s code until an unsuspecting victim started the game for the 50th time. This activated the virus which, instead of launching the same, would change to a blank screen that displayed the following poem:
Elk Cloner: The program with a personality
it will get on all your disks
it will infiltrate your chips
Yes, it’s Cloner!
It will stick to you like glue
It will modify RAM too
Send in the Cloner!
If the computer booted from an infected floppy disk, a copy of the virus was placed in the computer’s memory, and then spread to uninfected disks that were inserted into infected computers.
Elk Cloner wrote a signature byte to the disk’s directory, indicating that it had already been infected.
The Morris Internet worm
Released in 1988, the Morris Internet worm was created by Robert Tappan Morris. It was supposed to highlight the security flaws of the academic networks that it travelled to.
A good idea, which failed, as it didn’t check which computers it had already been to, infected many computers multiple times, causing a Denial-of-Service attack, or Fork bomb.
This worm spread simply by exploiting known vulnerabilities in Unix Sendmail, rsh (Remote Shell) and weak passwords. It caused many issues but also make global awareness of the dangers of weak passwords.
The worm was able to log in and execute commands on the system.
Morris was the first person to be arrested under the 1986 Computer Fraud and Abuse Act.
Cascade
Cascade was the first type of malware to use a form of encryption. This wasn’t used to harm the user’s data, but to keep the program undetected.
The virus would only work by executing the infected file. Each time the infected file was run, it would slowly make changes to the computer.
How would you know if your computer was infected?
The first obvious tell was checking your file sizes. Infected files would have a much larger file size (specifically by 1704 bytes in most variants. This was in the 80s), and simply checking this would allow you to properly remove it from your system. In one of these variants, a single byte had seemed to mutate causing a bug in the code, making Cascade infect one file multiple times.
The second way of telling was by checking the HOST file: Cascade changed the first 3 bites of the host file, adding it to the first three bytes of the virus’ main file. Then, between October 1st and December 31st, the payload would activate, making the text fall from the screen one by one until a head of characters was at the bottom:
Cascade was truly a big virus, with almost forty different variants.
Summary
Today we have about the following virus:
- The creeper program.
- Reaper.
- Wabbit.
- ANIMAL.
- Elk Cloner.
- The Morris Internet Worm.
- Cascade.
Stats
From 61.103th to 57.820th.
Here is also the Skill Matrix:
