Effective Strategies for Handling Malware

Malware history is long due to its volume and variety. Instead, here are some notorious malware moments.

1966: Malware theory

Mathematician and Manhattan Project contributor John von Neumann developed the idea of a program that could replicate and propagate throughout a system when the first modern computers were produced. Posthumously published in 1966, Theory of Self-Reproducing Automata is the theoretical foundation for computer viruses.

1971: Crawler

Within five years of John von Neumann’s theoretical work, Bob Thomas produced Creeper, an experimental software that moved between ARPANET computers, a predecessor to the Internet. His colleague Ray Tomlinson, the email inventor, adapted the Creeper program to copy itself between computers. Thus began the first computer worm.

Although Creeper is the first known worm, it is not malware. As a proof of concept, Creeper only displayed the whimsical message: “I’M THE CREEPER : CATCH ME IF YOU CAN.” The following year, Tomlinson created Reaper, the first antivirus software designed to delete Creeper by moving across the ARPANET.

Elk Cloner virus, 1982

Rich Skrenta created the Elk Cloner program at 15 as a prank. Skranta was known to change games and other software shared in his high school’s computer club, so many members refused to take disks from the prankster.

Skranta created the first Apple computer virus to change disk software he couldn’t access. Elk Cloner, a boot sector virus, infected Apple DOS 3.3 and copied itself to the computer’s memory from an infected floppy drive. Elk Cloner would transfer itself to an uninfected disk used later in the machine and spread to majority of Skranta’s friends. Elk Cloner could accidentally erase floppy disks while malignant. The beautiful message read:

ELK CLONER:

THE PROGRAM WITH A PERSONALITY

IT WILL GET ON ALL YOUR DISKS

IT WILL INFILTRATE YOUR CHIPS

YES IT’S CLONER!

IT WILL STICK TO YOU LIKE GLUE

IT WILL MODIFY RAM TOO

SEND IN THE CLONER!

1986 Brain virus

On the ARPANET, the Creeper worm could propagate across computers, although most malware was spread via floppy disks like Elk Cloner before the Internet. Elk Cloner affected one little computer club, but the Brain infection spread globally.

Brain, the first IBM Personal Computer virus, was created by Pakistani medical software distributors and brothers Amjad and Basit Farooq Alvi to prevent copyright theft. To prevent software copying, the virus was designed. Brain would tell pirates to phone the brothers for the vaccination when installed. Underestimating how extensive their piracy problem was, the Alvis received their first call from the US and many more from throughout the world.

1988: Morris Worm

Another malware forerunner, the Morris worm, was constructed as a proof-of-concept. The worm was more effective than MIT student Robert Morris expected, unfortunately. Internet access was limited to 60,000 machines, largely in colleges and the military. The worm, designed to exploit a Unix backdoor and stay secret, quickly copied itself and infected 10% of networked machines.

Because the worm transferred itself to other computers and frequently on infected machines, it unwittingly ate up RAM and froze many PCs. Some estimates put the damages in the millions as the first widespread internet strike. Robert Morris was the first US cybercriminal convicted of cyber fraud.

1999: Melissa worm

Melissa proved how rapidly malware can spread via email a decade later, infecting an estimated one million email accounts and at least 100,000 office machines. The fastest-spreading worm of its time, it overloaded Microsoft Outlook and Exchange email servers, slowing more than 300 corporations and government agencies, including Microsoft, the Pentagon’s Computer Emergency Response Team, and 250 others.

2000: ILOVEYOU virus

When 24-year-old Philippines resident Onel de Guzman couldn’t afford dialup internet, he created ILOVEYOU, the first significant piece of malware, to collect passwords. The attack is early social engineering and phishing. De Guzman exploited psychology to exploit curiosity and trick individuals into downloading love letter-like email attachments. De Guzman remarked, “I figured out that many people want a boyfriend, they want each other, they want love.

Aside from stealing passwords, the worm erased information, cost millions in damages, and briefly shut down the UK Parliament’s computer system. De Guzman was detained but acquitted since he had not breached any local laws.

2004: Mydoomworm

Email helped the Mydoom malware self-replicate and infect computers worldwide, like ILOVEYOU. Upon infection, Mydoom would commandeer a victim’s machine to send new copies. Mydoom spam once made up 25% of all emails sent worldwide, a record that’s never been broken, and caused $35 billion in losses. It remains the most financially devastating malware, adjusted for inflation.

Mydoom uses compromised machines to establish a botnet and launch DDoS assaults in addition to hijacking email programs to infect as many systems as possible. The cybercriminals behind Mydoom have never been captured or identified, despite its impact.

2007, Zeus virus

In 2007, Zeus attacked home computers via phishing and drive-by-downloads, demonstrating the dangers of a trojan-style malware that can unleash multiple unwanted programs. In 2011, its source code and instruction manual leaked, benefiting cybersecurity experts and hackers.

2013, CryptoLocker ransomware

CryptoLocker, one of the earliest ransomware attacks, spread quickly and used sophisticated asymmetric encryption. CryptoLocker from Zeus-infected botnets systematically encrypts PC data. If the infected PC is a library or office client, shared resources are targeted first.

The authors of CryptoLocker demanded two bitcoins, worth $715 USD, to decrypt these materials. Fortunately, in 2014, the Department of Justice and international agencies took control of the botnet and decrypted hostage data for free. Unfortunately, basic phishing tactics spread CyrptoLocker, a persistent danger.

Emotet trojan 2014

The Emotet trojan, termed the “king of malware” by Arne Schoenbohm, head of the German Office for Information Security, is a polymorphic spyware that is difficult to eradicate. Polymorphic malware creates a harmful variation by subtly modifying its code each time it reproduces. Polymorphic trojans are harder to detect and block, making them more harmful.

The Zeus trojan and Emotet are modular programs that spread additional malware through phishing campaigns.

Mirai botnet (2016)

Malware evolves with computers, from desktops to laptops, mobile devices, and networked devices. Smart IoT gadgets introduce new vulnerabilities. College student Paras Jha created the Mirai botnet, which infected many IoT-enabled CCTV cameras with inadequate protection.

The Mirai botnet, meant to assault gaming servers for DoS attacks, proved more powerful than Jha expected. It targeted a major DNS provider and shut out large parts of the eastern US from the internet for nearly a day.

2017: Cyberspionage

Malware had been used in cyber warfare for years, but 2017 was a banner year for state-sponsored assaults and virtual espionage, starting with Petya. Phishing disseminated Petya ransomware, which was deadly but not infectious until it was transformed into the NotPetya wiper worm, which destroyed user data even if ransom was paid. The WannaCry ransomware infection hit several high-profile European targets that year, including Britain’s National Health Service.

NotPetya may have been modified by Russian intelligence to strike Ukraine, and WannaCry may be linked to North Korean adversaries. What links these malware attacks? The National Security Agency discovered Eternalblue, a Microsoft Windows exploit, which enabled both. Microsoft found and fixed the weakness, but they chastised the NSA for not reporting it before hackers exploited it.

Ransomware-as-a-Service 2019

Ransomware malware has grown and declined in recent years. Though ransomware attacks are declining, hackers are targeting more high-profile targets and wreaking more harm. Recently, Ransomware-as-a-Service has become a worrying trend. RaaS may be purchased on dark web marketplaces and allows skilled hackers to launch ransomware attacks for a price. Previous virus attacks needed extensive technical skill, but RaaS mercenary groups empower anyone with evil will and money.

Emergency in 2021

In 2019, hackers broke into security staffing agency Allied Universal and threatened to leak their data online in the first high-profile double-extortion ransomware attack. Due to this extra layer, Allied Universal would still suffer a data breach even if they could decode their information. This incident was notable, but the 2021 Colonial Pipeline attack was more severe. The Colonial Pipeline supplied 45% of eastern US gasoline and jet fuel. The multi-day attack affected the east coast’s public and private sectors and caused President Biden to proclaim a state of emergency.

National emergency, 2022

Though ransomware attacks may be reducing, highly targeted and efficient operations remain a scary menace. Ransomware attacks in 2022 crippled the ministry of finance and civilian import/export firms in Costa Rica. Following an attack, the healthcare system went offline, affecting potentially every citizen. Costa Rica declared the first national state of emergency after a cyberattack.