20 years of innovative Windows malware

Ingenuity to nefarious ends: The evolution of groundbreaking Windows malware sheds light on what's to come

Windows PCs have been under siege for 20 years. What a difference those two decades make.

Back when Windows was young, viruses scampered from system to system, occasionally deleting files -- which could almost always be retrieved -- and putting up dialog boxes with inscrutable contents, like the numeral 1. Nowadays, Windows malware locks up your data and holds it for ransom. It manipulates your PC into launching attacks, mines files for credit card numbers and passwords, and sets nuclear centrifuges to whirl with wild abandon -- nasty stuff.

[ Windows 7 is making huge inroads into business IT. But with it comes new security threats and security methods. InfoWorld's expert contributors show you how to secure the new OS in the "Windows 7 Security Deep Dive" PDF guide. ]

Along the way, Windows malware has spawned several billion-dollar antivirus companies, inspired enough articles to fill the Library of Alexandria, created jobs for many tens of thousands of security professionals, and caused more than half a billion king-size headaches.

These pesky programs didn't morph from toddler to kickfighter overnight. There's been a clear succession, with the means, methods, and goals changing definitively over time. As with any technology, innovative thinking points the way forward. Here's a look at how ingenuity to nefarious ends has transformed Windows hacking into a multi-billion-dollar industry, and where the Windows mailware trail points to the future.

The early rogue's gallery

Some of the most innovative and (still) pervasive malware techniques arrived at the dawn of Windows, with the years leading up to Windows 3.0 setting a strong foundation for Windows-specific malware to come.

Take, for example, VirDem, the first virus to infect an executable file. Ralf Burger created the virus in Germany in 1986 by sticking a self-replicating program at the front of a COM file and moving the original instructions to the end. This was soon followed by Cascade, which appeared in 1987 as the first virus that used encryption to disguise itself. Unfortunately, the encrypting routine was the same in all infected files, so scanners picked it up easily. #Fail.

GhostBalls (the code states proudly "Product of Iceland / Copyright © 1989") combined two infection techniques, creating the first multipartite or blended threat virus. GhostBalls attaches itself to COM files and spreads by copying itself to other COM files, but it also looks for a diskette in the A: drive and, if found, copies a modified boot sector virus onto the diskette.

Overcoming Cascade's congenital defect, in 1990 Mark Washburn came up with 1260, the first polymorphic virus. Polymorphic viruses change each time they're encrypted -- often altering the encrypting routine itself -- making detection considerably more difficult.

1 2 3 4 5 6 Page
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies