Cybersecurity and Malicious Software: A History of Malware

malware featured

In the earliest days of what could be considered cybersecurity, the primary threats were malicious programs that would operate against the wishes of the machine and its operator. These programs, referred to as viruses, served as the progenitors of what we generally refer to in modern parlance as malicious software or “malware.”

Because the long history of malware and anti-malware protection is often the foundation of most compliance frameworks and approaches to cybersecurity, we’re touching on the topic, including what it is and how it has evolved. 

 

What Is Malware?

Malware is a sort of catch-all term for malicious software. To be confused with web application exploits or other forms of hacking, malware refers specifically to programs that will execute on a host computer with the express intent of delivering a payload. Depending on the malware and its intent, this payload could be one of many different attack types. 

Generally speaking, malware will attempt to perform a few operations, including writing data to a host computer, taking control of operating resources and other programs, hiding its presence from the computer and its owner, and propagating itself to any connected systems. 

Some types of malware include:

  • Viruses: The earliest forms of malware were conceptual, following theories from computer scientists on academic or military networks about the feasibility of a self-replicating and damaging program. The name “virus” comes from the idea of a virus that infects a host, creates copies of itself, and uses communication vectors to transmit itself to other potential hosts. And, in many cases, earlier versions of viruses functioned precisely like this–that is, they were stored on removable disks and then spread, creating thousands of copies of themselves to clog systems.
  • Worms: The term “worm” is often used synonymously with a virus and operates identically in many cases. However, one of the critical differences is transmissibility. A virus requires a host computer or user to propagate itself, usually with specific user actions (sharing a disk, emailing a program, etc.). On the other hand, Worms are built to exploit weaknesses inherent in a system and can transmit themselves across systems without direct user or system intervention. Because of this, worms were often behind some of the fastest-spreading malware ever known.
  • Trojans: Trojans aren’t distinct from viruses, for the most part, outside their delivery mechanism. Trojans, as their name suggests, are malware delivered to systems presenting as legitimate software. In many cases, this can simply be a file named with a standard filename and icon (such as a well-known anti-malware program or a game) with the file extension hidden. In more sophisticated attacks, trojans can obfuscate their payload from anti-malware software to deliver their attack.
  • Ransomware: Ransomware is a relatively modern form of malware. Unlike viruses that may attempt to clog or hijack a system, ransomware uses unbreakable cryptography to essentially lock system data, demanding a ransom before the attacker provides the decryption key.
  • Rootkits: Some malware will drop a specific piece of software called a rootkit. Unlike other forms of malware, a rootkit is fully intended to provide long-term and secret control over a system. The name “root” comes from the nomenclature of older Unix and Linux systems, where “root” is the system’s administrative user. Rootkits seek to gain complete administrative control over the computer to run it undetected essentially.
  • Grayware: Grayware is a broader category of malware that, while not technically malicious, skirts with that intent pretty closely. Different forms of adware (unwanted software that serves ads) or spyware (unwanted software that tracks behavior) are forms of grayware. 

 

What Are Malware Attack Vectors?

malware

In the earliest days of viruses and malware, the most common attack vectors included removable media or local area networks that were air-gapped from the outside world. The advent of the modern Internet saw a parallel explosion of public malware.

Some common vectors that developers of malware exploit include:

  • Phishing and Software: Phishing is still one of the most common forms of attack, and in many cases, hackers look to gain access to the system via user credentials. Some hackers, however, will use phishing attempts to get recipients to open software–so, if an attacker pretending to be your IT department sends a trojan to a company, at least one person may run it.
  • Vulnerable Default Software: Hackers will often use system scanners or other manual attacks to identify out-of-date or unpatched systems or resources that still use default security settings. If these are attacked and breached, it’s trivial for the attacker to launch malware into the system.
  • Operating System Saturation: Hackers look for targets of opportunity, which means they seek out common vulnerabilities in a wide range of systems. Accordingly, more popular operating systems will suffer more attacks, so established systems (like Windows or Android) will suffer more malware attacks than Linux systems.

Historical Examples of Malware

Theoretical and experimental versions of computer viruses were developed and released throughout the 1970s. However, due to the closed nature of these systems and the relative simplicity of the programs, this malware didn’t impact society more broadly. 

However, moving into the 1980s, malware became a reality. Threats rapidly evolved, and the next forty years saw giant leaps in innovation, bringing plenty of stress to security experts. 

Some of the more famous versions of malware released in the past few decades include:

 

  • Elk Cloner (1982): Elk Cloner is often considered the first publically-released virus. Initially written for Apple II systems by a high school student, it was transmitted through the exchange of floppy disks. It used the features of disk reading to load into a host computer’s memory automatically. This virus didn’t cause any harm, offering a silly poem instead.
  • Morris Worm (1988): The Morris worm exploited buffer overrun vulnerabilities to propagate over Unix systems using the Sendmail program. More a proof of concept, the delivery mechanism of the work quickly grew out of control, and it began rapidly infecting DEC VAX machines, bogging down system performance with out-of-control copying of itself. It is considered the first example of a virus spreading in the wild and the first example of a felony conviction for cybercrime.
  • Melissa Virus (1999): A powerful, Windows-based worm, Melissa spread by tricking users to open a file attachment (a trojan written in Visual Basic) that would execute the malicious code. Upon execution, the malware sent copies of itself via email to the first 50 contacts in the user’s Outlook program. This program eventually infected 1 million systems and served as an example of how cultural ignorance of security best practices (and developers’ ignorance of patching vulnerabilities) led to widespread viruses.
  • ILOVEYOU: Similar to Melissa, ILOVEYOU used Visual Basic and Outlook to propagate itself. This worm would delete and hide files with specific extensions, rendering systems difficult or impossible to use. Within a few hours of its release (by a student in the Phillapeans), it spread across the globe, following the rising sun Westward as office workers in Asia, Europe, and America turned on their computers in the morning. This virus is estimated to have caused almost $9 billion in damages and another $10-$15 billion to remove.
  • CryptoLocker (2013): One of the earliest forms of ransomware, CryptoLocker is a trojan distributed through a large-scale botnet. Experts believe that this trojan has been responsible for roughly $3 million in ransoms stolen from users, but it has now been isolated. Many other hackers, however, followed the idea for other ransomware variants.

 

Enterprise, Industrial, and Potential State-Sponsored Attacks

  • W32.Dozer (2009): This malware is better known for its part in a large, Distributed Denial of Service (DDoS) attack against websites in the U.S., U.K., and South Korea. Targets included websites for the White House, the Pentagon, NASDAQ, and the South Korean Ministry of Defense. Many large enterprise infrastructures were unintentionally hosting the virus, including those for government-associated companies.
  • Stuxnet Worm (2010): A sophisticated worm that targets SCADA systems in heavy industrial and research machinery. This worm is considered responsible for an attack against the Iranian nuclear centrifuge program, and global security experts consider it a cyberweapon gone out of control during an attack created by the United States (although this has never been confirmed).
  • WannaCry (2017): During the 4-day outbreak of this ransomware 9which ended in the discovery of a killswitch), 200,000 computers and caused potentially billions of dollars in damages. This ransomware is notable for utilizing the EternalBlue exploit–a well-known vector used to compromise older versions of windows.

 

Equip Your Security and Compliance Against Malware with Continuum GRC

Malware is often always in the background of our security efforts. With the right anti-malware programs, we consider ourselves relatively safe. However, modern malware like Advanced Persistent Threats (APTs) are utilizing old tricks like phishing and backdoors to continue to wreak havoc.

Continuum GRC is cloud-based, always available and plugged into our team of experts. We provide risk management and compliance support for every major regulation and compliance framework on the market, including:

  • FedRAMP
  • StateRAMP
  • NIST 800-53
  • DFARS NIST 800-171
  • CMMC
  • SOC 1, SOC 2, SOC 3
  • HIPAA
  • PCI DSS 4.0
  • IRS 1075
  • COSO SOX
  • ISO 27000 Series
  • ISO 9000 Series

And more. We are the only FedRAMP and StateRAMP-authorized compliance and risk management solution worldwide.

Continuum GRC is a proactive cyber security®, and the only FedRAMP and StateRAMP Authorized cybersecurity audit platform worldwide. Call 1-888-896-6207 to discuss your organization’s cybersecurity needs and find out how we can help your organization protect its systems and ensure compliance.

Continuum GRC

Website: