To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39116851,00.htm

The virus at 20: Two decades of malware
Birthday 'best wishes' will be few and far between at this party...

By Will Sturgeon

Published: Tuesday 11 November 2003

This week marks the 20th anniversary of the very first computer virus. To mark the occasion, Will Sturgeon spoke to some of the industry's leading crusaders in the battle against malware...

In November 1983, US computing student Fred Cohen created the very first computer virus as a proof of concept project during his studies. Little could he have known just what a can of worms (pun fully intended) he was opening with this discovery.

This week marks the 20th anniversary of Cohen's work on the Unix platform. To celebrate the occasion silicon.com threw a virtual birthday party and invited some seasoned campaigners from the anti-virus industry to discuss their thoughts on the previous two decades of malware.

What developments do you think have defined the growth of the computer virus over the past 20 years?

Alex Shipp, MessageLabs: Three things: Firstly, the ubiquity of the internet, secondly ease of coding, thirdly everybody using the same Windows platform.

Simon Perry, Computer Associates: Speed, intelligence and the level to which it has become a business problem versus simply a problem for the single end-user.

Graham Cluley, Sophos: Viruses have boomed in 'popularity' as computing has become more mainstream. As computers became networked, viruses began to spread more by infecting files. In 1995 Microsoft accidentally shipped the first virus which could infect Word documents and we began to see more viruses spreading via email and the internet. In the early days of viruses it would take months for a virus to spread into the wild. Today, a virus can spread around the world potentially infecting thousands in a matter of minutes.

Roger Levenhagen, Trend Micro: Viruses have grown in number and sophistication alongside the expansion of technologies. The explosion in the propagation rate and number of viruses can be linked directly to the growth in the use of email and the internet. We have also seen the increase in the use of 'social engineering' – techniques used by virus writers to encourage computer users to open emails and activate viruses. Over the years, businesses have faced significant costs due to network downtime - and the clean-up necessary - linked to computer viruses.

What would you say have been the real milestones during the past 20 years?

Cluley: The first real milestone was Brain. This was the first PC virus and this is where it all began. Next I'd say Tequila, which was a multipartite virus (infected floppy disks, hard disks and executable files). Then, Concept - the first Word macro virus in 1995. This was the first virus which could infect documents and rewrote the rules for viruses.

Then of course there was Melissa - the first successful email-aware virus - and the granddaddy of all email-aware viruses. Then came social engineering - best utilised by The Love Bug and Kournikova.

Bruce Hughes, TruSecure: Viruses that have multiple vectors are the worst. Nimda is an example. They send email, perform a distributed denial of service attack and open a backdoor.

Levenhagen: It is arguable that the Love Bug and Nimda viruses have been the worst viruses we have seen, in terms of spread and damage potential. However, the most problematic viruses have been the most recent. This year SQL Slammer broke all records for the speed at which it was able to spread, to the point of disabling ATM machines and bringing internet traffic to a halt.

Shipp: I think the biggest milestone has to be the advent of spreading malware by the internet, whether by worms, email spamming of Trojans, newsgroup postings, websites and other methods.

Peter Simpson, Clearswift: The most problematic has certainly been the hybrid variants, which survived for extraordinarily long periods due to their modular design and the ability to undergo changes by accepting encrypted plug-ins to update the code. Autonomous network worms such as Nimda, Code Red and MSBlast have set the most worrying precedents, as they operate below the AV radar and leave organisations far more open to infection. Also, the Sobig Project employed spammed worms, with post-infection 'owned' PCs used to install spyware, steal financial credentials, act as a front for spamming operations, launch DDoS attacks on anti-spam sites and recently offering spammers virtually untraceable cloaked ISP' services.

What do the next 20 years hold? How much worse is it going to get?

Perry: Twenty years is a lifetime in IT, so I am confident therefore in stating that within that timeframe, an attack that we would today classify as warfare or terrorism that includes a cyber element is a certainty.

Cluley:We'll see more viruses undoubtedly. There is no such thing as a usable virus-proof computer system. But anti-virus software is getting better at protecting against new, unknown threats and is using the internet to its advantage. I don't think viruses are going to cause the end of the world but it's not a trivial 'fluff on the jacket' problem either. We need to keep the problem in perspective and not panic.

Levenhagen: As we have seen in the past 20 years, viruses are developed in line with new technologies as writers are looking for different ways to attack businesses. With this in mind, it is likely that viruses will be increasingly targeted at mobile computing and mobile phones.

Shipp: I think talk of doom and gloom is premature. There is already technology in place that has effectively all but eliminated the problem. The issue is it costs more than traditional solutions and there is the possibility that this will create a two-tier internet. Those countries that can afford protection being by and large safe and those that cannot being at a disadvantage.

And finally... what 'birthday message' would you send the virus writers still at large?

Cluley: "Dear virus writer, Happy 20th birthday! I have sent a large birthday present to you. Please report to your local police station and identify yourself and they will be delighted to deliver it to you personally."

Levenhagen: Happy Birthday… Your days are numbered.

Perry: I am reminded of those trick birthday candles that you can never blow out no matter how hard you try. The virus writers can all take as many blows at us as they want, but we're going to keep adapting and we're going to keep the IT flame burning.

Click here for 20 Years Later - A real-life horror story