A brief history of computer malware: from fun to money hungry.
Computer viruses and malware have been around for many years. Malware creators of the late ’80s and ’90s were tech-savvy people trying to prove their skills, have a little fun, and test their limits, but times have changed since then.
It all started out as fun and games
The virus Cascade, for example, didn’t cause any real harm in the sense that it did not alter any files, spy on the infected device, or steal files. It simply caused letters to cascade on the infected device’s screen and pile up on the bottom, like leaves falling from a tree. Similarly, the Ping Pong virus showed a ball bouncing back and forth and the worst thing the virus did was crash the computer on certain types of machines.
Back then, viruses and malware spread slowly, as they mainly spread via floppy disks. That meant it could take months for a virus to reach different countries.
Around 1996, macro viruses started becoming popular. Macro viruses are viruses designed to live within Microsoft Word documents. The internet was gaining some popularity by this time, and users started sharing documents, creating an opportunity for virus creators to spread their viruses.
In 1999, email worms began, kicking off a new era in the computer virus world that would last years. The Melissa virus was the first macro virus that self-propagated by sending itself to the first 50 email addresses stored in Microsoft Outlook address books. The virus wasn’t ‘dangerous’, but it caused email servers to collapse due to the high amount of emails sent at once.
Then, in May 2000, the ILOVEYOU virus was released, infecting more than 10 million Windows computers around the world. The virus would overwrite files and also send itself to all the addresses found in an infected user’s Windows Address Book.
In 2003, viruses jumped to a whole new level with the worm Blaster, which took advantage of a vulnerability in Windows and was able to infect any unpatched Windows computer without user interaction, just having the computer connected to the internet was enough.
But then, money got involved
As more aspects of life migrated to the online world, new avenues for profit arose for hackers. Not long after financial entities started offering internet banking services, the first phishing attacks and banking Trojans – malware designed to steal banking credentials – appeared. It was the start of the cybercrime era.
In 2004, we saw the first banking Trojans in the wild. These attacks evolved to the point where you could see the professionalism of the developers behind the malware.
A good example of this was Zeus (aka ZBOT). First seen in 2007, Zeus grabbed user credentials, altered web page forms, and redirected users to fake sites, among other things, and evolved over time. Zeus was pervasive across the internet until 2010 and its offspring still is widespread. Many others followed suit (including Gozi, Emotet, and SpyEye) and even today attackers continuously develop new variations to thwart detection by security solutions on devices.
Another type of Trojan that became very popular in the early 2000s was the so-called “police virus”, which showed a message saying there was illicit content on your computer (porn, downloaded movies, etc.) and in order to avoid prosecution, you had to pay a fine. The malware even used the IP address of the computer to locate the user and show a personalised message. For example, if you were in the US the fake warning came from the FBI in English and used the US flag, in Spain it was in Spanish with the local flag.
After that, hackers continued to target people’s personal data in different forms and making money by using it, selling it in the black market or even encrypting it and holding it hostage in exchange for a ransom (ransomware).
Getting more bang for their buck
Over time, hackers became more ambitious and soon they turned to targeting bigger entities and major businesses with assets to protect and money to spend on ransoms.
Hackers can now gain access to business networks and data, steal them, and either encrypt them or make a copy and threaten to release them to the public unless a ransom is paid. And this has proved to be a very profitable business.
Over 2020, there was a huge increase in the number of ransomware attacks, which factors related to the COVID-19 pandemic have further exacerbated. Stats from Avast confirm that ransomware grew by 20 per cent during March and April when compared to January and February in 2020. Organisations like Isentia, BlueScope, MyBudget, Toll Group, Lion, the Northern Territory government and Services New South Wales were among some of the organisations that confirmed that they had been subjected to a ransomware attack in 2020.
With the number of internet users and software and app innovation increasing, cyber criminals have turned into true businessmen working independently and in gangs. As a result, their motives have changed from showing off, testing their abilities, and playing around to being financially driven.
Rather than proving their skills, breaking the rules, and raising chaos, most of today's cybercriminals just want to make more money. A recent global study confirmed that 86 per cent of data breaches in 2020 were financially motivated. It's now our job to protect ourselves and others the best we can and make sure that we make it as difficult as possible for cyber criminals to make a living.
Luis Corrons is a security expert at Avast.