The History and evolution of malware


Malware is something that's discussed all the time these days since computers are in use, enterprising programmers are creating programs that modify their behavior. Some of these programs have malicious, and others are for entertainment. Here we are going to present a brief overview of the history of malware.
Brain A
We will Start from Brain A. Brain A is considered to be the first computer virus for MS-DOS in history, but it is actually important because we are still fighting with PC viruses today. Brain A is a boot sector virus, infecting the first sector of floppies as they are inserted into an infected computer. Brain A is only a few kilobytes in size and a quite harmless virus. Brain A was written by two Pakistanis brothers, Basit Farooq Alvi and Amjad Farooq Alvi, in January 1986. The brothers told TIME magazine they had written it to protect their medical software from piracy and it was supposed to target copyright infringement only. The virus shows the brothers' address and three phone numbers, and a message that told the user that their machine was infected and to call them for inoculation:    

                                                                  brain A            

In 1986, 1987, 1988 viruses like BrainA, Stoned, Cascade and Yankee Doodle they all are basically the same thing. In 1986 the computers were not the same as we are using in this modern world, and they were not connected to each other (i.e. internet connections) in any way, in fact, most computers didn't have a hard drive. So if u want to move data around you had to put it in a floppy there are no other means of doing it.That's why floppy based infectors spread so quickly.
Disk Killer (1989) 
Disk Killer, was a virus that introduced people to the potential power of malware. According to virus testing at The University of Hamburg, Disk Killer would "infect any boot sector it [came] in contact with”. As far as viruses go, it was a slow but steady bug, gradually destroyed the hard disks onto which it was released.
The Joshi Virus was isolated in India in June 1990. Joshi has some similarities to two other boot sector infectors. Like the Stoned virus, it infects the partition table of hard disks. Similar to the Brain A virus' method of redirecting all attempts to read the boot sector to the original boot sector. On January 5th of any year, the Joshi virus activates, the screen will turn green and the text "Type Happy Birthday Joshi" will appear. The system will not respond until "Happy Birthday Joshi" is typed.
No piece of malware is worthy of the name of a great artist. However, there was a reason for this name: Just as the famous artists' birthday was on March 6, the malware only worked on that day. What this meant is that computers infected with the virus had to boot up their computers on March 6 in order to trigger it. The Michelangelo virus was discovered on 4 February 1991 in Australia. The virus was designed to infect DOS systems. This was a malware strain that got people's attention. 
Casino virus:
This is another good example that virus play games with the users. The casino virus is a malicious virus. It actually takes a copy of your file allocation table to memory then it overwrites it on your hard drive so you just lost all your files because the file allocation table is done. But it have a copy in RAM now it lets you played a game you have 5 CREDITS. If you want your files back so you need to win the game otherwise you will lose your all data.
This is an important difference, today when you got infected by malware you will not know that you are infected you will not see funny images, your PC will not play music, your CD-ROM tray will not open and close all the time nothing like that .It's running silently in the background. They won't even crash your systems nowadays.
Virus making
The virus is getting more and more advance, things like (MtE) Mutation Engine or VCL (virus creation laboratory) was the first one which had the user interface you could use to create viruses.
First windows virus is written for Window 3.0 in 1992, very first one was called WinVir did nothing special it infecting the PE file structure the windows was using at the time. Other viruses  like Monkey and Luena  are mostly encryption boot sector viruses. And then we got Concept in 1995 which was a virus that did not infect your floppies, binaries but it infected your documents. The concept actually infect word documents using the VBA (Visual Basic for Applications) scripting language inside the office at that time. That's actually a big deal because most computer users spend their days handling documents creating and reading files excel sheets, word documents power point slides and if shared, virus transferred automatically and that's a big deal. So concept became the most common virus in the world within the first 30 days. Laroux was the close follower "Laroux" did not infect the Word files it infected the Excel spreadsheet files. In fact, later there is a variety of "Laroux" not just infect your excel spreadsheet but it also randomly rounds your random numbers inside your spreadsheet by 0.01% down or up once a day so it slowly corrupts the numbers you are working with. More advanced malware such as the "Happy99" virus, "The Melissa" worm, "funlove", "ZippedFiles" and "Loveletter" are released in 1999. These spread very quickly through Microsoft environments used by many internet users

This is one of the first Windows Network shares replicating virus. Nimda was found in September 2001. Nimda utilized several types of propagation techniques and this caused it to become the Internet's most widespread virus/worm within 22 minutes.
The first "webworm", spreads through phpBB and uses Google to find new targets
Code Red
In 2001 to 2004 Worms like "Nimda", "Swen", "Mimail" and "Santy" are released, But then things started to change. We entered in the era of internet worms or webworms like Code Red. Code Red did not infect Windows workstations. Code Red infected the windows servers. Specifically, infected windows web servers running IIS using a remote exploit. And a trend of same viruses was started including "Slapper", "Slammer", "Sasser" and "Blaster". Most of these targeting windows workstations using windows remote exploits in LSASS or in RPC.
I think that fizzer was one of the most important virus is in History because the fizzer was the first virus which conclusively proved that it was written for one motive only and that motive was money. Before 2004 everything we saw was written for fun or for the challenge. Nobody tried to make money with viruses until "Fizzer" and the way Fizzer tried to make money is by sending spams. So it would infect the computers build the proxy out of theme and that service has been sold to spammers and this is something we still see today. After fizzer many of the virus writers realize that they could actually use their skills to make money by cooperating with spammers, by starting to steal passwords with keylogger and by stealing credit card details. Some more popular money making viruses like "Sobig", "Witty", "Mydoom", "Bagle" these are spam generating viruses mostly.

More Popular Viruses  
On 17 January 2007 "Storm" Worm identified as a fast spreading email spamming threat to Microsoft systems. It begins gathering infected computers into the Storm botnet. By around June 30, it had infected 1.7 million computers, and it had compromised between 1 and 10 million computers by September.

"in 2008 July 6: Bohmini.A is a configurable remote access tool or trojan that exploits security flaws in Adobe Flash 9.0.115 with Internet Explorer 7.0 and Firefox 2.0 under Windows XP SP2"

"in September 2010 The virus, called "here you have" or "VBMania", is a simple Trojan horse that arrives in the inbox with the odd-but-suggestive subject line "here you have". The body reads "This is The Document I told you about, you can find it Here" or "This is The Free Download Sex Movies, you can find it Here"

"in February 2016: Tiny Banker Trojan makes headlines  Since its discovery, it has been found to have infected more than two dozen major banking institutions in the United States, including TD Bank, Chase, HSBC, Wells Fargo, PNC and Bank of America. Tiny Banker Trojan uses HTTP injection to force the user's computer to believe that it is on the bank's website. This spoof page will look and function just as the real one. The user then enters their information to log on, at which point Tinba can launch the bank webpage's "incorrect login information" return, and redirect the user to the real website. This is to trick the user into thinking they had entered the wrong information and proceed as normal, although now Tinba has captured the credentials and sent them to its host."
                                        As we took an overview 1987 to 2016 and realized that things have got more modernized in last 30 to 35 year. The purpose of Making and using Malware is also changed now. Before the malware was mostly made and used in America, Europe and Russia till 2003 but now its threaten the whole world.Thanks for reading the Article.




November 19, 2016


Muhammad Samaak
Latest Articles
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments
3 years ago

Very informative

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023