The Windows Special – viruses and other malware

Allikas: KakuWiki
Redaktsioon seisuga 2. august 2006, kell 15:05 kasutajalt Kakk (arutelu | kaastöö)
Mine navigeerimisribaleMine otsikasti

The computer and the knife

A knife can be used to kill people, when used by a murderer. It can also be used to save people's lives, when used by a doctor. A computer is rather similar in this sense. Computers and Internet have brought us lots of benefits - one can buy things from another continent from home, read news from all the wide world, communicate with more people than it was ever possible. And yet we have the negative side too.

Looking back

Early days

Before there were viruses, there used to be Trojan horses (now mostly simply called trojans, although it would not be accurate considering the origin of the 'Trojan horse' - Trojans did not use the horse, it was used against them!). In the 80s, there was no widespread Internet yet: it was the privilege of universities and government agencies. The network of the young hackers of the day was Fidonet (and other similar bulletin board systems) - this was a dial-up based system where the network 'nodes' were ordinary PC-s dialing to each other. Usually at least two phone lines were used at nodes - one for periodically exchanging messages with other nodes, the other for users to dial in; heavy line use was the reason why Fidonet was popular mostly in the places with free local calls like the US and also the former USSR (Fidonet was popular in Estonia too). Fidonet messages allowed attachment of a single file and it was soon used for smaller-scale file transfer as well.

Besides decent users, there were also bad guys, who made malicious programs that would e.g. erase files from the user's drive, but labelled them as something beneficial (like compression software; one of the known Trojan horses of the day tried to pass as a new version of popular PKZIP program). These evil pieces of code got to be known as Trojan horses. Actually the term was first used (in computer context) as early as 1972 and the first similar program was found in Multics system in 1974 [1].

Early Trojan horses were mostly simple and easily detected, so their influence was limited. But then, a new kind of malicious software appeared which was able to copy itself. They were soon dubbed 'computer viruses'. Internestingly enough, the first freely-spreading virus did not run on Microsoft platform - the Elk Cloner used Apple DOS 3.3. But it was IBM PC and Microsoft operating system that became the main playground for viruses.

Brain (Pakistani Brain, (c)Brain, Pakistani Flu, Lahore, UIUC)

Dating back to 1986 and considered to be the first PC virus. It was written by two Pakistani brothers initially to make it harder for people to copy their software illegally. Brain was a boot sector virus, infecting the starting sector of diskettes. The brothers included their contact data to the virus body - soon they had to regret it as a large number of users from other countries contacted them and demanded disinfection. The virus, while being otherwise relatively simple, did attempt to hid itself (being what nowadays is called a stealth virus).

Lehigh

Lehigh, named after a university in the US where it was first spotted in November 1987. It was one of the first viruses to attack the central part of MS-DOS, the COMMAND.COM file. A typical file virus, it was the first one to use TSR (Terminate and Stay Resident) technology - after running an infected program, the virus stayed in the computer memory, infecting all the subsequently run programs.

Jerusalem

Found in Jerusalem at the end of 1987, it was a resident file virus which infected all running programs except COMMAND.COM (as the countermeasures started to develop, the 'heart of the system' was among the first places to be checked - so the virus did not touch it). On a Friday the 13th, the virus would delete all programs attempting to run. Jerusalem infection also slowed the machine very noticeably down.

Stoned

First discovered in 1989 and most widespread in Australia and New Zealand around 1991, Stoned was named after the message it used to display when an infected computer was started: "Your PC is now stoned." It was the first real MBR (Master Boot Record; the place on a disk where reading starts at) virus, being also able to infect hard disks.


The PC falls ill: the first virus outbreaks

Yankee Doodle

The virus was probably written in Bulgaria (which at that time was one of the major sources of viruses) and was discovered in 1989. It had many variants and was very widespread, also perhaps due to be seen as 'harmless' - its only effect besides spreading was playing 'Yankee Doodle' from the PC speakers. It was not uncommon to see whole university computer labs to burst into singing.

Cascade (Falling Letters)

  • Dark Avenger
  • DIR II

MS Office vs the macro viruses

The heyday of macro viruses

Hijackers

  • Back Orifice
  • NetBus
  • SubSeven

In 1999, NetBus was used to plant child pornography on the work computer of Magnus Eriksson, a law scholar at Lund University. The 3,500 images were discovered by system administrators, and Eriksson was assumed to have downloaded them knowingly. Eriksson lost his research position at the faculty, and following the publication of his name fled the country and had to seek professional medical care to cope with the stress. He was acquitted from criminal charges in late 2004, as a court found that NetBus had been used to control his computer. [2] [3] [4]


I Love You, Melissa

Michelangelo

A derivative of Stoned which surfaced in 1991.

  • I Love You
  • Melissa
  • CIH


The New Millennium: worms and spyware

Why?

The motivation of virus writers


The Windows Special

Windows vs other systems: why does it get beaten so hard?


References

Links