Malware has come a long way in 30 years. Back in the 70s, the idea of malicious software was an interesting thought experiment. What if computer programs could take control of a computer? What if they could create gigantic data-harvesting networks of thousands… or even millions of computers? What if someone could control that network and use it for illegal activities?
Today, the early days of malware seem like a simpler, more innocent time—a time before botnets, worms, and ransomware. It was a time when you could browse any old website with impunity, and you didn’t see every night on the news that another major retailer had a few million credit cards stolen (including yours). Let’s take a quick look back at the last 30 years, and see how we got to where we are today: the age of malware.
The Good Old Days
Let’s set the stage: It’s 1986. Madonna is everywhere. The word “virus” being applied to computer programs was uttered only in the dark corners of the tech companies of the day. New microchips are making home computers more affordable (but not too affordable). And in Pakistan, a 19-year-old boy and his brother release one of the earliest boot sector viruses.
The program, called Brain, is considered to be the first IBM compatible virus and was responsible for one of the first “real” virus epidemics. Spread via floppy disks, the virus replaced the boot sector of the disk with a copy of the virus. And what was the outcome of this epidemic? Well, not much besides a little bit of lost memory and some annoying messages. It turns out the authors had intended the program to protect their medical software from piracy (the virus displayed a message with their phone number and copyright information) and had no intention of spreading it across the entire world.
But, what started as harmless thought experiments and programmer hijinks quickly morphed into something much more serious.
Escalation
Fast forward to the early 90s. It’s time for viruses to go mainstream. Somewhere along the line in 1992, the news media got ahold of a story about a computer virus named Michelangelo that, supposedly, was going to pretty much blow up the entire business world on March 6th, the birthday of the Renaissance artist.
The story went like this: an unknown number of computers in the world were infected with the virus, which few people realized because the virus was dormant for 364 days of the year. On March 6th, the virus would spring to life, and any infected computers booted on that day were kaput. Since no one knew how many computers were infected, or where those computers were, there was wild speculation in media sources about how much damage it would cause, with some would-be experts citing millions and millions of computers.
What happened on March 6th, 1992? Not much, really. Somewhere between 10 and 20 thousand computers reported data loss, and the media realized, once again, that computers and viruses are boring. All the while, malware writers are getting more and more sophisticated, and they’re getting closer and closer to real breakthroughs that are going to shape the cybercrime industry we know in 2015.
Things Start Looking Scary
In the early 2000s, we start to see the dramatic escalation and explosive growth of malware. In short, it was the beginning of the modern malware era. Although they had been around for a while, autonomous malicious programs called worms were just starting to make a big impact via personal email, reaching thousands or millions of home users.
Cybercriminals had gotten more and more savvy at utilizing exploits on a massive scale, instigating drive-by downloads, buffer overflows, and all manner of mayhem. As the number of threat vectors, malware varieties, and popularization of web-based exploits increased, so too did the number of infections, and cybercriminals started using massive networks of infected computers in concert called botnets.
Cybercriminals use these to create gigantic spam bots or display advertisement revenue machines. Or, they use these to initiate denial of service attacks—when they tell their millions of zombie computers to repeatedly ping or query servers or websites, crashing them in the process.
Today
Malware growth since the early 2000s has been explosive, and exponential. Today, cybercrime is its own industry, with pay-2-hack services, pre-made, easy-to-use kits for consumers, and completely automated malware design (viruses making viruses?!!).
Cybercriminals are getting professional. For example, encrypting ransomware, a popular form of malware that locks personal or sensitive files and demands a payment to unlock them, has been making money for cybercriminals for years. But, recently, cybercriminals released variants that have very specific targets, like infecting PC gamers with ransomware that encrypts save files and crucial game files. That’s some highly targeted marketing.
It’s kind of wild to think that in the course of 30 years—less than half of the average human lifespan—that malware has evolved from silly jokes that programmers played on one another into a worldwide, thriving, multi-billion dollar industry with the equivalent of CEOs, managers, and frontline employees.
Malware isn’t the only thing that’s invading this summer. Webroot has teamed up with Pixels to feature a totally different kind of invasion. Find out what’s going on and fight back against all your favorite 8-bit arcade nemeses (and a few heroes) that are invading the cities of the world in Pixels!
How are you going to protect yourself from the invaders?
The post A Brief History of Malware appeared first on Webroot Threat Blog.