IT Security News, News 19 December 2019

How Computer Viruses have Evolved

Computer Viruses: Where they started, how they evolved, and what we've learnt

Ryan Scholes, Service Desk Engineer, Fabric IT

Viruses have been around since the early 1980s, but not necessarily as we know them today. As our computers have become more protected, viruses have had to adapt. This makes them not only harder to detect, but sometimes more harmful too.

Let’s delve into the world of PC viruses and talk about where they started, how they evolved, and what makes the viruses we know today, different from those in the past.

Early PC Viruses: Where they started.

Elk Cloner (1982)

While there are earlier known viruses, this was one of the first well-known computer viruses to be released ‘outside of a lab’ that we have information on. It was written around 1982 by Rich Skrenta, a high school student from Pennsylvania in the US. This was a root sector virus which was attached to a game on a floppy disk, targeted at computers running the Apple II operating system. The virus was released when the player started the game for the 50th time. Instead of the game playing as usual, a blank screen with a poem about the virus would be displayed. The poem read
“Elk Cloner: The program with a personality
It will get on all your disks, It will infiltrate your chips, Yes, it’s Cloner!
It will stick to you like glue It will modify RAM too
Send in the Cloner!”
Elk Cloner was not intended to cause damage; it was merely a prank made to annoy people and would only spread via floppy disks. The way the virus was written allowed it to replicate onto other disks, so as the Apple operating system at the time would boot from a floppy disk itself, the message would eventually be displayed when the computer usually booted too.

Morris Worm (1988)

The Morris Worm is one of the first computer viruses to be distributed via the internet, and to receive considerable attention from the mainstream media. It was created by Robert Tappan Morris, a university graduate from Cornell University in New York. The virus was intended to highlight security flaws rather than to cause damage. However, due to the way it was programmed, it ended up creating a lot more problems than planned.
The virus would only be effective on inadequately protected networks. It took advantage of older security practices and weak passwords. Rather than informing people that their system wasn’t secure, it ended up making computers infected and almost unusable. Morris knew that if there was a simple yes/no prompt to check if the virus was already installed on a computer, then network administrators could quickly stop the spread by simply making sure all computers answer ‘Yes’. Due to this he instead he made the virus spread once per every seven checks, thinking this would slow down the spread enough to allow the affected networks to be secured. The virus spread much faster than he had imagined, and many PC’s were infected multiple times. Each infection slowing the PC down more and more until they were unusable.
Lots of companies were unable to work and have to spend large sums of money to clear the infections. Clifford Stoll was one of the people in charge of helping to fight the virus. He was quoted saying that when surveying the network he found that more than 2000 computers were infected within fifteen hours, all of which were “dead in the water”, meaning they were unusable until the infection was removed. He also mentioned that the virus would take up to two days to remove on some machines, meaning the time for companies to get back up and running was huge.

Read more… what is a disaster recovery plan and why is it essential?

Many devices and companies were disconnected from the internet for days, while the vulnerabilities were resolved.
This virus resulted in the first-ever conviction under the 1986 Computer Fraud and Abuse Act, Morris did manage to avoid jail and instead was sentenced to 400 hours of community service and a fine of $10,000… Which doesn’t seem so bad considering the huge effect the virus he produced had.

How have viruses evolved?

Viruses have changed a lot since the ones mentioned above. Here’s some information on some well-known viruses from the last 20 years and their effects.

Computer Viruses

ILOVEYOU (2000)

This was a piece of malware spread via email, it was an email with the title ‘I love you’ with an attachment ‘LOVE-LETTER-FOR-YOU.TXT.vbs’, as malware wasn’t a known thing in 2000, people were curious and would open the attachment. The virus would overwrite system files and personal files and continue to spread itself. It was in the news around the world and was thought to cause $15billion worth of damage (£11.6billion with today’s conversion rate)

Slammer (2003)

This was a computer virus that caused a denial of service on some internet hosts resulting in much slower internet speeds, it spread via the internet and is thought to have affected 75,000 computers within 10-15 minutes. It caused Bank of America’s ATM service to crash, 911 services to go down and also flights to be cancelled due to online errors.

MyDoom (2004)

This was a computer virus spread via email, known as the fastest spreading email worm ever. The virus would cause the infected computers to send a lot of internet traffic to tech companies websites in an attempt to crash their servers. It’s estimated 16-25% of all email messages worldwide contained the virus and is considered one of the most devastating computer viruses to date. $38billion worth of damage was caused (£29.4billion with today’s conversion rate).

Cryptolocker (2013)

This is one many of us might remember, it’s a form of ransomware, these types of infections take your files hostage, usually asking for an amount of money for you to be able to reaccess them. This works because many people have important data held on a single computer with no backup, sometimes these files are worth way more to them than the amount of money being asked for, so they will pay up. Unfortunately, due to the way this ransomware encrypted the files it was a case of either pay up or lost your data altogether. Some people were luckier and were able to recover using system restores or recovery software. It is thought the creator of Cryptolocker made more than $30million in 100days, and the cost of damage caused was much higher than this.

How can you avoid being affected by these sorts of infections?

As these examples show, viruses have evolved from pranks and mostly things which were meant to be harmless, to attacks intended to either make millions of pounds or affect services across the world. Viruses are becoming more and more dangerous, and it’s important to keep yourself protected.

What we’ve learnt from computer viruses: How to protect your business IT

There are quite a few things that can be taken from this, below are some things that all businesses should consider to help to protect them from viruses:

1. Anti-virus

It’s essential to have a reliable anti-virus in place, this helps to detect viruses before they can infect your computer. But you can’t just stop there.

Read more… why traditional anti virus isn’t enough.

2. Backups

All businesses (and individuals in some cases) should have a backup solution in place. Cloud backups are the solution that most people now go for, as data is held securely online and can be accessed from anywhere. If a computer is affected with something like Cryptolocker, it’s easy enough for the files to be recovered from a backup if a right solution is in place.

3. Email security

It is essential to have sufficient email security in place. With the email solution we offer, Advanced Threat Protection scans attachments in emails to make sure they are safe before delivering them to you. This helps to stop harmful attachments getting through in emails and reduces the likelihood of staff clicking them accidentally or thinking they are legitimate.

4. Staff training

While all of the above will protect you, it’s still essential to have staff trained on what to look out for. Things like installing programs from the internet, clicking links in emails and providing logins, are all dangerous and make business more vulnerable to viruses.

Ryan Scholes, Service Desk Engineer, Fabric IT

Get in touch Back to blog