Computer viruses are now being used as a tool in warfare, a sort of cyber-driven war, according to Guillaume Lovet, senior manager for Fortinet’s threat response team in Europe, the Middle East and Africa. Fortinet is a security appliance provider and analysis firm.
In honor of the 40th anniversary of the computer virus, Lovet wrote a blog post detailing the evolution of viruses, and he explained in an interview that what was once used as a way for computer techs to show off their coding skills is now being used as a way for governments to spy on and attack one another.
It all started in 1971 and has now emerged as a lucrative, underworld business of cybercrime where bots can be purchased and released into the Web in order to cause damage and steal personal information.
1971 – Creeper, catch me if you can
Creeper was released in a lab in 1971 by an employee working on ARPANET, the predecessor to the Internet. The virus was based on the theory of self-replicating automation created by the Hungarian mathematician, John von Neumann, in the 1950s, Lovet explained.
This virus jumped from system to system via a network, displaying the message “I’m the creeper, catch me if you can!” through the system. It showed that viruses are tied to the Internet through their need for networked systems.
1982 – Elk Cloner
This virus was written by a 15-year-old as a way to disable his friends’ Apple II computers without gaining physical access to them. It was spread via floppy disk. The infected machines displayed a poem, showcasing the skills of the virus author. This is significant, according to Lovet, because it was the first virus to spread outside of the lab it was created in.
1987 – Jerusalem
This virus was detected in the Hebrew University of Jerusalem, and every Friday the 13th, it deletes every single program running on the infected system. Lovet said this is the first destructive virus (as earlier viruses were meant to showcase skill), and it is the first to have a global impact.
1991 – Michelangelo
This virus erased critical parts of infected computers’ hard drives when it “awakened” on March 6, Michelangelo’s birthday. The media, according to Lovet, sensationalized this event and continued to forecast that 5 million computers would definitely go down. In the end, only a few thousand losses were reported. This was the first time, Lovet noted, that the media got involved, making the hype larger than the virus itself.
1999 – Melissa
Melissa sent infected Microsoft Word documents to the Outlook contacts of infected computer systems, then continued to infect users via the attachment. It was named after a stripper the virus’ author had met in Florida, according to Lovet. Additionally, according to him, is that it started the trend of “ransomware.”
“The virus author of the variant on Melissa demanded US$100 be wired to an [offshore account] for decryption. This was when [virus authors] realized that viruses could be used for profit,” Lovet said.
2000 – ILOVEYOU
This worm infected tens of millions of computers via an e-mail attachment. Although the author’s motivation wasn’t financial gain, the virus itself cost billions of dollars in damage by overwriting critical files and causing shutdowns of mail servers during its removal.
2001 – Code Red
This infected Web servers and was automatically spread by exploiting a vulnerability in Microsoft IIS servers, according to Lovet. In less than one week, 400,000 servers were infected, causing homepages to display “Hacked By Chinese!” It is the first example of “hacktivism,” because it was designed to flood the White House Website with traffic from the infected servers, according to Lovet.
2004 – Sasser
This exploited a vulnerability in Microsoft Windows. The infected systems would be shut off every couple of minutes, which is what makes this unique in Lovet’s mind, because it is the first time a computer’s function—turning on and off—was affected even though that function is not related to being connected to the internet. The author, on whom Microsoft placed a $250,000 bounty, turned out to be an 18-year-old German student.
2005 – MyTob
Lovet said MyTob represents a “turning point” in the history of computer viruses.
“This is precisely the moment when all the virus writing falls into cybercrime. Before this it was as a prank, or for coders to test their own skills,” he said.
MyTob was one of the first “botnets,” something Lovet said can be purchased today for $800 to $2,000. “You can create a botnet virus with little or no tech knowledge. They range in size from 100,000 bots to 200,000, while some have 5,000 or less,” he said.
2007: Storm botnet
Now that cybercriminals had monetized their botnets, they wanted to secure them, according to Lovet. Storm was the first botnet with a decentralized command center, and had infected up to 50 million systems and represented 8% of all malware running in the world at that time at its peak.
This virus spreads by pretending to be the infected user on social networks, prompting friends of infected users’ to update their Flash player (in actuality, sending them a copy of the virus). Lovet said this was the first to use zombie computers across a variety of social networks.
Lovet said that this sophisticated virus—both a worm and bot—had a poorly calibrated propagation algorithm, allowing it to be discovered more frequently. It saturated networks, causing French fighter planes to be grounded, and impacting hospitals and military bases. Approximately 7 million systems were infected worldwide.
This virus did not, however, attack Ukrainian IPs or machines with Ukrainian keyboards, Lovet said. “This suggests authors were playing by the cybercriminal golden rule, which implicitly states, ‘Don’t target anything in your own country, and the arm of justice won’t be long enough to reach you.’ ”
This is the next phase of bugs and computer viruses, in Lovet’s opinion.
“Mobile is the next frontier,” he said. “There are more smartphones in the world than PCs, and [smartphones] do the same things as PCs, but they have integrated payments [such as stored credit card information for one-click payments in an app store]. They also have a camera, microphone and GPS,” which enables them to be used for spying.
Antiviruses, Lovet added, are much more difficult to implement in mobile devices because the software must run at all times, which would drain the batteries on smartphones and other mobile devices.
Stuxnet shows that only governments have the necessary resources to design complex viruses. It exploited Microsoft Windows and had the ability to neutralize industrial systems edited by Siemens. This is the first time, Lovet said, that the target of a virus is the destruction of an industrial system, which is what he refers to as the cyber war.
“Attribution is the main issue,” Lovet said. He added that viruses can now be linked to different IP addresses and users, making attribution and detection the biggest issue in finding these virus authors today, as it is almost impossible to determine who is designing the virus, let alone determine what computer or even country it is coming from.
Social media profiles, he added, aids virus authors in creating viruses for infiltrating certain systems or companies. A virus author can look up an employee’s social media profile and determine what type of e-mail he or she would be most willing to open, and the author can link the virus to that e-mail, enabling the virus to impact entire companies and infrastructures.