Jul 26, 2019
Welcome to the History of Computing Podcast, where we explore the history of information technology. Because by understanding the past, we’re able to be prepared for the innovations of the future! Todays episode is not about Fear, Uncertainty, and Death. Instead it’s about viruses. As with many innovations in technology, early technology had security vulnerabilities. In fact, we still have them!
Today there are a lot of types of malware. And most gets to devices over the Internet. But we had viruses long before the Internet; in fact we’ve had them about as long as we’ve had computers. The concept of the virus came from a paper published by a Hungarian Scientist in 1949 called “Theory of Self-reproducing automata.” The first virus though, didn’t come until 1971 with Creeper. It copied between DEC PDP-10s running TENEX over the ARPANET, the predecessor to the Internet. It didn’t hurt anything; it just output a simple little message to the teletype that read “I’m the creeper: catch me if you can.” The original was written by Bob Thomas but it was made self-replicating by Ray Tomlinson thus basically making him the father of the worm. He also happened to make the first email program. You know that @ symbol in an email address? He put it there. Luckily he didn’t make that self replicating as well.
The first antivirus software was written to, um, to catch Creeper. Also written by Ray Tomlinson in 1972 when his little haxie had gotten a bit out of control. This makes him the father of the worm, creator of the anti-virus industry, and the creator of phishing, I mean, um email. My kinda’ guy.
The first virus to rear its head in the wild came in 1981 when a 15 year old Mt Lebanon high school kid named Rich Skrenta wrote Elk Cloner. Rich went on to work at Sun, AOL, create Newhoo (now called the Open Directory Project) and found Blekko, which became part of IBM Watson in 2015 (probably because of the syntax used in searching and indexes). But back to 1982. Because Blade Runner, E.T., and Tron were born that year. As was Elk Cloner, which that snotty little kid Rich wrote to mess with gamers. The virus would attach itself to a game running on version 3.3 of the Apple DOS operating system (the very idea of DOS on an Apple today is kinda’ funny) and then activate on the 50th play of the game, displaying a poem about the virus on the screen. Let’s look at the Whitman-esque prose:
Elk Cloner: The program with a personality
It will get on all your disks
It will infiltrate your chips
Yes, it's Cloner!
It will stick to you like glue
It will modify RAM too
Send in the Cloner!
This wasn’t just a virus. It was a boot sector virus! I guess Apple’s MASTER CREATE would then be the first anti-virus software. Maybe Rich sent one to Kurt Angle, Orin Hatch, Daya, or Mark Cuban. All from Mt Lebanon. Early viruses were mostly targeted at games and bulletin board services. Fred Cohen coined the term Computer Virus the next year, in 1983.
The first PC virus came also to DOS, but this time to MS-DOS in 1986. Ashar, later called Brain, was the brainchild of Basit and Amjad Farooq Alvi, who supposedly were only trying to protect their own medical software from piracy. Back then people didn’t pay for a lot of the software they used. As organizations have gotten bigger and software has gotten cheaper the pirate mentality seems to have subsided a bit. For nearly a decade there was a slow roll of viruses here and there, mainly spread by being promiscuous with how floppy disks were shared. A lot of the viruses were boot sector viruses and a lot of them weren’t terribly harmful. After all, if they erased the computer they couldn’t spread very far. The virus started “Welcome to the Dungeon.” The following year, the poor Alvi brothers realized if they’d of said Welcome to the Jungle they’d be rich, but Axl Rose beat them to it. The brothers still run a company called Brain Telecommunication Limited in Pakistan. We’ll talk about zombies later. There’s an obvious connection here.
Brain was able to spread because people started sharing software over bulletin board systems. This was when trojan horses, or malware masked as a juicy piece of software, or embedded into other software started to become prolific. The Rootkits, or toolkits that an attacker could use to orchestrate various events on the targeted computer, began to get a bit more sophisticated, doing things like phoning home for further instructions. By the late 80s and early 90s, more and more valuable data was being stored on computers and so lax security created an easy way to get access to that data. Viruses started to go from just being pranks by kids to being something more.
A few people saw the writing on the wall. Bernd Fix wrote a tool to remove a virus in 1987. Andreas Luning and Kai Figge released The Ultimate Virus Killer, an Antivirus for the Atari ST. NOD antivirus was released as well as Flushot Plus and Anti4us. But the one that is still a major force in the IT industry is McAfee VirusScan, founded by a former NASA programmer named John Mcafee. McAfee resigned in 1994. His personal life is… how do I put this… special. He currently claims to be on the run from the CIA. I’m not sure the CIA is aware of this.
Other people saw the writing on the wall as well, but went… A different direction. This was when the first file-based viruses started to show up. They infected ini files, .exe files, and .com files. Places like command.com were ripe targets because operating systems didn’t sign things yet. Jerusalem and Vienna were released in 1987. Maybe because he listened to too much Bad Medicine from Bon Jovi, but Robert Morris wrote the ARPANET worm in 1988, which reproduced until it filled up the memory of computers and shut down 6,000 devices. 1988 also saw Friday the 13th delete files and causing real damage. And Cascade came this year, the first known virus to be encrypted. The code and wittiness of the viruses were evolving.
In 1989 we got the AIDS Trojan. This altered autoexec.bat and counted how many times a computer would boot. At 90 boots, the virus would hide the dos directories and encrypt the names of files on C:/ making the computer unusable unless the infected computer owner sent $189 a PO Box in Panama. This was the first known instance of ransomeware. 1990 gave us the first polymorphic virus.
Symantec released Norton Antivirus in 1991, the same year the first polymorphic virus was found in the wild, called Tequila. Polymorphic viruses change as they spread, making it difficult to find by signature based antivirus detection products. In 1992 we got Michelangelo which John Mcafee said would hit 5 million computers. At this point, there were 1,000 viruses. 1993 Brough us Leandro and Freddy Krueger, 94 gave us OneHalf, and 1995 gave us Concept, the first known macro virus. 1994 gave us the first hoax with “Good Times” - I think of that email sometimes when I get messages of petitions online for things that will never happen.
But then came the Internet as we know it today. By the mid 90s, Microsoft had become a force to be reckoned with. This provided two opportunities. The first was the ability for someone writing a virus to have a large attack surface. All of the computers on the Internet were easy targets, especially before network address translation started to somewhat hide devices behind gateways and firewalls. The second was that a lot of those computers were running the same software. This meant if you wrote a tool for Windows that you could get your tool on a lot of computers. One other thing was happening: Macros. Macros are automations that can run inside Microsoft Office that could be used to gain access to lower level functions in the early days. Macro viruses often infected the .dot or template used when creating new Word documents, and so all new word documents would then be infected. As those documents were distributed over email, websites, or good old fashioned disks, they spread.
An ecosystem with a homogenous distribution of the population that isn’t inoculated against an antigen is a ripe hunting ground for a large-scale infection. And so the table was set. It’s March, 1999. David Smith of Aberdeen Township was probably listening to Livin’ La Vida Loca by Ricky Martin. Or Smash Mouth. Or Sugar Ray. Or watching the genie In A Bottle video from Christina Aguilera. Because MTV still had some music videos. Actually, David probably went to see American Pie, The Blair Witch Project, Fight Club, or the Matrix then came home and thought he needed more excitement in his life. So he started writing a little prank. This prank was called Melissa.
As we’ve discussed, there had been viruses before, but nothing like Melissa. The 100,000 computers that were infected and 1 billion dollars of damage created doesn’t seem like anything by todays standards, but consider this: about 100,000,000 PCs were being sold per year at that point, so that’s roughly one tenth a percent of the units shipped. Melissa would email itself to the first 50 people in an Outlook database, a really witty approach for the time. Suddenly, it was everywhere; and it lasted for years. Because Office was being used on Windows and Mac, the Mac could be a carrier for the macro virus although the payload would do nothing. Most computer users by this time knew they “could” get a virus, but this was the first big outbreak and a wakeup call. Think about this, if there are supposed to be 24 billion computing devices by 2020, then next year this would mean a similar infection would hit 240 million devices. That would mean it hits ever person in Germany, the UK, France, and the Nordic countries. David was fined $5,000 and spent 20 months in jail. He now helps hunt down creators of malware.
Macroviruses continued to increase over the coming years and while there aren’t too many still running rampant, you do still see them today. Happy also showed up in 1999 but it just made fireworks. Who doesn’t like fireworks? At this point, the wittiness of the viruses, well, it was mostly in the name and not the vulnerability. ILOVEYOU from 2000 was a vbscript virus and Pikachu from that year tried to get kids to let it infect computers.
2001 gave us Code Red, which attacked IIS and caused an estimated $2 Billion in damages. Other worms were Anna Kournikova, Sircam, Nimda and Klez. The pace of new viruses was going, as was how many devices were infected. Melissa started to look like a drop in the bucket. And Norton and other antivirus vendors had to release special tools, just to remove a specific virus. Attack of the Clones was released in 2002 - not about the clones of Melissa that started wreaking havoc on businesses. Mylife was one of these. We also got Beast, a trojan that deployed a remote administration tool. I’m not sure if that’s what evolved into SCCM yet.
In 2003 we got simile, the first metamorphic virus, blaster, sobbing, seem, graybeard, bolgimo, agobot, and then slammer, which was the fastest to spread at that time. This one hit a buffer overflow bug in Microsoft SQL and hit 75,000 devices in 10 minutes. 2004 gave us Bagle, which had its own email server, Sasser, and MyDoom, which dropped speeds for the whole internet by about 10 percent. MyDoom convinced users to open a nasty email attachment that said “Andy, I’m just doing my job, nothing personal.” You have to wonder what that meant… The witty worm wasn’t super-witty, but Netsky, Vundo, bifrost, Santy, and Caribe were.
2005 gave us commwarrior (sent through texts), zotob, Zlob, but the best was that a rootlet ended up making it on CDs from Sony. 2006 brought us Starbucks, Nyxem, Leap, Brotox, stration. 2007 gave us Zeus and Storm. But then another biggee in 2008. Sure, Torpig, Mocmex, Koobface, Bohmini, and Rustock were a thing. But Conficker was a dictionary attack to get at admin passwords creating a botnet that was millions of computers strong and spread over hundreds of countries. At this point a lot of these were used to perform distributed denial of services attacks or to just send massive, and I mean massive amounts of spam.
Since then we’ve had student and duqu, Flame, Daspy, ZeroAccess. But in 2013 we got CryptoLocker which made us much more concerned about ransomware. At this point, entire cities can be taken down with targeted, very specific attacks. The money made from Wannacry in 2017 might or might not have helped developed North Korean missiles. And this is how these things have evolved. First they were kids, then criminal organizations saw an opening. I remember seeing those types trying to recruit young hax0rs at DefCon 12. Then governments got into it and we get into our modern era of “cyberwarfare.” Today, people like Park Jin Hyok are responsible for targeted attacks causing billions of dollars worth of damage.
Mobile attacks were up 54% year over year, another reason vendors like Apple and Google keep evolving the security features of their operating systems. Criminals will steal an estimated 33 billion records in 2023. 60 million Americans have been impacted by identity theft. India, Japan, and Taiwan are big targets as well. The cost of each breach at a company is now estimated to have an average cost of nearly 8 million dollars in the United States, making this about financial warfare. But it’s not all doom and gloom. Wars in cyberspace between nation states, most of us don’t really care about that. What we care about is keeping malware off our computers so the computers don’t run like crap and so unsavory characters don’t steal our crap. Luckily, that part has gotten easier than ever.