Malware matures into control-hungry menace

Malicious code took decades to evolve but now threatens whole enterprises

“I’m the creeper! Catch me if you can!” taunted a rogue program called Creeper, written by Bob Thomas, of the BBN (Bulletin Board Network), in 1971. His creation has the dubious honor of being the first worm that spread through many of the early global networks.

The first malicious computer programs surfaced as generalized computing in the 1960s with online games called Life and Core Wars. They were essentially executable environments where each user’s programming instructions tried to live as long as possible before being killed off by someone else’s program.

Fast forward to 1982, when Richard Skrenta, a ninth-grade high school student from Pittsburgh, Pa., wrote the first PC-based virus, a 400-line Apple II boot program called Elk Cloner. Several other computer worms followed, and the Apple computer became the platform of choice for virus writers.

It wasnt until 1986 that the Pakistani Brain boot virus became the first malware program capable of infecting IBM-compatible PCs. It only spread on 360K floppy diskettes, but it had stealth features. Like Elk Cloner, it spread around the world.

In 1988, the Morris worm became the first malware program to spread across the Internet. It used a collection of documented flaws in Unix to do its work and eventually infected 60,000 computers. By the end of 1989, there were 56 viruses thriving on the PC/DOS platform alone. A few of them used simple encryption and crude stealth in attempts to avoid anti-virus scanners -- attempts which often failed.

In 1992, as the Michelangelo virus was making headlines, a hacker called the Dark Avenger released the first polymorphic virus capable of generating hundreds of thousands of variants. It marked the end of simple virus signature-scanning. Unable to cope with the growing sophistication, several anti-virus vendors called it quits. The first Windows virus appeared the same year.

In 1995, macro viruses appeared, with a preference for targeting Microsoft Office. They remained the biggest malware problem for the next five years, as other threats receded. The Melissa macro virus in March 1999 became the first malware program to outspread the Morris worm of 1988. During the same period, Internet and Web-specific malware made their debut, including malicious HTML applications, JavaScript, Java applets, and ActiveX controls.

VBScript viruses arriving as e-mail file attachments began to overtake macro viruses as the most popular type of malware in 2000. For reasons not fully understood, administrators were unsuccessful at convincing end-users not to click every file attachment they received. E-mail worms spread faster and wider than any of the preceding threats. Practically all companies -- even anti-virus vendors -- were under siege.

The next significant jump in automated mobile code occurred within the past year as professional-type criminals got into the act. Hackers began using their hobbyist tricks to earn a living. Malware programs were coded to capture confidential information and use it for financial gain.

Today, the intruder modifies the user’s PC so that the malware coder has complete control. Remote access control and key-logging Trojans are common. Spam is more prevalent than legitimate e-mail, and spyware programs abound (both commercial and freeware). Hackers are converting tens of thousands of PCs into bot nets, which the hackers then rent to third parties for nefarious means. Most are just criminal implementations learned from previous malware programs, leaving many security experts to wonder: Why did the metamorphosis take so long?