A brief history of computer malware: from fun to money hungry

By Luis Corrons, Security Evangelist at Avast

Computer viruses and malware have been around for many years. Malware creators of the late-’80s and the ‘90s were tech-savvy people trying to prove their skills, have a little fun, and test their limits. Some of the early malware were harmless, while others were really damaging.

It started out as all fun and games

The virus Cascade, for example, didn’t cause any real harm in the sense that it did not alter any files, spy on the infected device, or steal files. It simply caused letters to cascade on the infected device’s screen and pile up on the bottom, like leaves falling from a tree. Similarly, the Ping Pong virus showed a ball bouncing back and forth and the worst thing the virus did was crash the computer, but this only happened on certain types of machines.

Back then, viruses and malware spread slowly, as they mainly spread via floppy disks.That meant it could take months for a virus to reach different countries. In fact, some of the early viruses are named after cities, like the Vienna virus or Sevilla2.

Around 1996, macro viruses started becoming popular. Macro viruses are viruses designed to live within Microsoft Word documents. The internet was gaining some popularity by this time, and users started sharing documents, creating an opportunity for virus creators to spread their viruses more widely and at a quicker rate.

In 1999, email worms began making their rounds, kicking off a new era in the computer virus world that would last for years. The Melissa virus was the first macro virus that self-propagated by sending itself to the first 50 email addresses stored in Microsoft Outlook address books. The virus wasn’t dangerous per se, but it caused email servers to collapse due to the high amount of emails sent at once. Then, in May 2000, the ILOVEYOU virus was released, infecting more than 10 million Windows computers around the world. The virus would overwrite files and also send itself to all the addresses found in an infected user’s Windows Address Book.

During this time, “script kiddies,” which are typically young people with little programming skills, began creating their own malware by modifying script viruses, like the ILOVEYOU virus.

In 2001, viruses started exploiting vulnerabilities on a wider scale. Nimda, Code Red, and Klez are some of the most popular ones. Two years later, in 2003, viruses jumped to a whole new level with the worm Blaster, which took advantage of a vulnerability in Windows and was able to infect any unpatched Windows computer without user interaction; just having the computer connected to the internet was enough. Blaster carried out widespread DDoS (Distributed Denial of Service) attacks.

But then, money got involved

As more aspects of life migrated to the online world , new avenues for profit arose for hackers. Not long after financial entities started offering internet banking services, the first phishing attacks and banking Trojans — malware designed to steal banking credentials — appeared. It was the start of the cybercrime era.

In 2004 we saw the first banking Trojans in the wild using basic but effective techniques. These attacks evolved to the point where you could see the professionalism of the developers behind the malware.

A good example of this was Zeus, also known as ZBOT. First seen in 2007, Zeus grabbed user credentials, altered web page forms, and redirected users to fake sites, among other things, and it evolved over time. Zeus was pervasive across the Internet until 2010 and its offspring still is widespread. Many others followed suit (including Gozi, Emotet, and SpyEye) and even today attackers continuously develop new variations to thwart detection by security solutions on user devices.

Another type of Trojan that became very popular in the early 2000s was the so-called “police virus.” When this type of malware infected your computer, a message would appear saying there was illicit content on your computer (porn, downloaded movies, etc.) and that, in order to avoid prosecution, you had to pay a fine. Many changed the background image of your windows desktop to show that message, even using the IP address of the computer to locate the user and show a personalized message. For example, if you were in the US the fake warning came from the FBI in English and used the USA flag; in Spain it was in Spanish with the local flag and impersonated either Guardia Civil or Policia Nacional, etc.

After that, hackers continued to target people’s personal data in different forms and making money by using it, selling it in the black market or even encrypting it and holding it hostage in exchange for a ransom. (This is what we call ransomware.) But not only people’s bank accounts and personal data were being targeted.

Getting more bang for their buck

Over time, hackers became more ambitious and soon they turned to targeting bigger entities and major businesses with more assets to protect and more money to spend on ransoms.

Hackers gain access to business networks and data, steal them, and either encrypt them or make a copy and threaten to release them to the public unless a certain amount of money is paid to the cybercriminals. And this proved to be a very profitable business.

Over the course of 2020, there was a huge increase in the number of ransomware attacks, which several factors related to the Covid-19 pandemic have further exacerbated. Stats from Avast confirm that ransomware grew by 20% during March and April when compared to January and February in 2020. Organizations like Travelex, University of California San Francisco, Communications & Power Industries (CPI), and City of Florence Alabama, to name a few, all had to pay millions of dollars in ransom after being attacked in 2020.

Conclusion

The share of households with a computer at home reached 27% and grew to nearly 50% by 2019 worldwide, and the number of internet users worldwide reached 3.97 billion in 2019. The increase in the number of Internet and PC users, along with the innovation of software and apps people use — but more importantly what they use them for — caused a shift in hacking. Cybercriminals turned into true businessmen that began working independently and in gangs. As a result, their motives changed from showing off, testing their abilities, and playing around to being financially driven.

Rather than proving their skills, breaking the rules, and raising chaos, most of today’s cybercriminals just want to make more money. A recent global study confirmed that 86% of data breaches in 2020 were financially motivated. It is our job to protect ourselves the best we can and make sure that we make it as difficult as possible to make a living out of spreading malware and taking advantage of other people.