cube writes: For many computer users, the computer viruses are mysterious and ask for the attention because every time a new virus hits, it spreads quickly and quickly. This way, viruses show us how vulnerable we are, but also they show how unknowingly interconnected human beings are nowadays. For example "Melissa" virus in March / 1999 -- was that powerful that it forced Microsoft and number of other large companies to completely turn off their e-mail servers, and it took a while, until they could handle it.. "ILOVEYOU" virus had a similarly devastating effect in 2000, not mentioning Sircam, which heavily flooded whole world this year, causing massive overload of e-mail servers and terrible traffic. That's quite impressive when you realize how simply coded this viruses are.

This brings up a several related subjects to dicuss :

• What reasons or motivation are behind creating them.
• Something really interesting about their history, and how dangerous they are
• More detailed information on those ones, which are most dangerous nowadays - viruses, which spreads themselves via e-mail.
• An interview with advanced original viruses writer, in which you could learn some interesting tips and tricks about coding of virii

Computer Viruses

• What's a virus
  
• What's a motivation behind creating viruses
  
• Abbreviated history of the computer virus
  
  
  
  • Boot sector virus
    
  • Hitting the bigtime
    
  • Polymorphic virus
    
  • Macro virus
    
  • Worms
    
    
    
    • 'Melissa'
      
    • 'I Love you'
      
    
    
  • Footnotes
    
  
  
• Email Viruses
  
  
  
  • Coming to life
    
  • Hall of fame
    
  • Protection against email viruses
    
  
  
• An interview with original virus writer
  

:: What's a virus ::

:: What's a motivation behind creating viruses ::

:: Abbreviated history of the computer virus ::

Throughout the early 1990's variants of the stoned virus were prevalent. The most ballyhoo was created over the Michelangelo variant in 1991. The Michelangelo virus had a vicious payload of wiping out the hard disk of the infected machine on March 6, (Michelangelo's birthday). The first media uproar occurred over the anticipation of the doom that this little bit of malicious code would create. The words "computer virus" were introduced to Joe and Jane Aoluser and antiviral products began to really sell.

Of course, all of the hoopla resulted in an anticlimax. The infection rate was very low for Michelangelo. Much lower than expected. This prompted many of the more jaded members of the computer community to theorize that the whole thing had been created by AV companies, to instill fear in the minds of its customers. While that may be a bit off the mark, it was quite a popular theory of the time. There were many other boot sector viruses, as well as others that infected command.com and exe files. Examples included Jerusalem and Lehigh, two of the more infamous viruses.

To read more about the Stoned virus and its variants Click Here

To read more about the boot sector virus in general Click Here


THE POLYMORPHIC VIRUS

Polymorphic viruses are viruses which change slightly each time they are executed. These are meant to defeat anti-virus scanners which search for certain strings of code to identify viruses. Some virus writers have written toolkits so that novice users can write their own viruses. (1)

What we now call the polymorphic virus was first created by Mark Washburn, who modified the source for a virus called "Vienna" to change itself. These were not very infectious, however, and did not make much of an impact. The first widely reported polymorph was called Tequila. Tequila erupted out of Switzerland, spread through a shareware company. Tequila used full stealth when it installed itself on the partition sector, and in files it used partial stealth, and was fully polymorphic. A full polymorphic virus is one for which no search string can be written down, even if you allow the use of wild cards.(4) This was, of course a huge problem for anti-virus vendors to deal with. It took several months and more than one company closing its doors to get the best of Tequila.

To read more about polymorphic virii Click here


THE MACRO VIRUS

Macro viruses are relatively new but experts now estimate that they are the most common type of virus. A macro is a set of instructions within an application that can be used to automate tasks. While this sounds relatively harmless, macros can often perform system operations such as creating or deleting files, or writing into already existing files, and thus have the potential to cause a great deal of damage. Most macros are written for Microsoft Word and Excel. These often work by infecting the template for a new document. Therefore, each time a new document in created, the virus replicates and executes. Macros are especially dangerous because they can often be cross platform, unlike most viruses, which are written for the PC only.(1)

The first macro virus was discovered in August of 1995, when several large companies began having to deal with the rather annoying nuisance of a MS WORD macro that copied and reproduced itself. It was called "Concept". Once again, it was believed to be created without malicious intent. Part of the payload was displaying a message from the author reading "That's enough to prove my point"

Since most Macro viruses are also worms, we will discuss two of the most famous macro viruses in the following section on worms.


WORMS
Worms are spread over computer networks, and are distinct from viruses in that they do not have a host file. However, worms today are commonly spread through e-mail. Oftentimes, there is an attachment to the e-mail, and when the user opens the attachment, the worm is executed.

Worms commonly attempt to send copies of themselves to everyone in the user's address books. (1) Worms generally use security holes in operating systems to gain access. Since Windows is the most used operating system in the world, most modern worms are written in Visual Basic Script and fall under the definition of the MACRO VIRUS.

The term 'WORM' is derived from a science fiction novel called The Shockwave Rider, which spoke of a "tapeworm" that brought down a network of government supercomputers. This and the worms of today, certainly do not inspire kind feelings, but actually the first worms, created in the 1970's were meant to benefit networks.



The first notable program that can be reasonably referred to as a worm is "creeper" written by Bob Thomas in 1975. The program was intended to help air traffic controllers keep track of airplanes. The idea did not catch on.

In the 80's Xerox started to play around with worms. John Shock and Jon Hepps are the ones that actually began calling such programs 'worms'. They began implementing worms to help out with tasks around the network. Some worms were very simple and did things like traveling around the network delivering messages. Others were more complex, like "vampire", which laid dormant during the day and at night would use idle computers for processor power. (5) One night, Vampire malfunctioned, causing all the computers on the network to crash. Powering up the computers caused nothing but another crash. A "vaccine" had to be created to rid the systems of the worm and render the network useful again. Needless to say, this was the end of Xerox's experimentation with worms...

In 1988, the first malicious worm was created. It was written by a student at Cornell University named Robert Tappan Morris. The "Internet Worm" single-handedly crashed most of the internet (which of course was a lot smaller back then). The program merely copied itself and overloaded computers with invisible tasks, rendering them useless to users.

Quite a few worms followed, but nothing really took hold until the macro virus was discovered.

Macro viruses are relatively new but experts now estimate that they are the most common type of virus. A macro is a set of instructions within an application that can be used to automate tasks. While this sounds relatively harmless, macros can often perform system operations such as creating or deleting files, or writing into already existing files, and thus have the potential to cause a great deal of damage. Most macros are written for Microsoft Word and Excel. These often work by infecting the template for a new document. Therefore, each time a new document in created, the virus replicates and executes. Macros are especially dangerous because they can often be cross platform, unlike most viruses, which are written for the PC only.(1)

The first macro virus was discovered in August of 1995, when several large companies began having to deal with the rather annoying nuisance of a MS WORD macro that copied and reproduced itself. It was called "Concept". Once again, it was believed to be created without malicious intent. Part of the payload was displaying a message from the author reading "That's enough to prove my point"


MELISSA

All was relatively quiet on the Macro Virus front until 1999, when the Melissa virus began spreading at an incredible rate. Written in Visual Basic Script, it executed a macro in a document attached to an email, which forwarded the document to 50 people in the user's Outlook address book. The virus also infected other Word documents and subsequently mailed them out as attachments. At the time, Melissa was the fastest spreading virus in history. Hundreds of thousands of computers were infected. Melissa was written by a programmer from New Jersey, named David Smith. It was believed to be named after a stripper he once knew. The only stripping David now sees is the tease performed by his cellmate...


I LOVE YOU
(No, not like that. I mean the virus)

In 2000, the world was hit yet again with another macro virus. This one, called I love you or "the love bug" infected millions of machines and caused an estimated $8.5 billion damage worldwide. This nasty little bug was also written in VBS, deleted mp3 and JPG files and emailed usernames and passwords to the virus author. A suspect in The Philippines was arrested in the case, but he was released.

The history of the Computer Virus, while a long one, is a very interesting one. Unfortunately, detailing every virus and it's payload, as well as it's impact on the viral world is not feasible here in this article. If you are interested in delving deeper into virus history, I recommend these links:

http://www.securityfocus.com/frames/?focus=virus&content=/focus/virus/articles/virhist.html
http://all.net/books/virus/
http://www.cknow.com/vtutor/vthistory.htm


FOOTNOTES

(1) http://www-cse.stanford.edu

(2)http://www.ladysharrow.ndirect.co.uk/Virus%20Information/a_rough_history_of_the_computer_.htm

(3)http://www.datafellows.com/v-descs/stoned.shtml

(4)http://www.ladysharrow.ndirect.co.uk/Virus%20Information/polymorphism.htm

(5)http://www.software.com.pl/newarchive/misc/Worm/darbyt/pages/worm.html

:: Email Viruses ::

The first virus to use the MS Outlook address book to spread itself to other users.

- Worm.Explore.Zip (http://www.virusbtn.com/VirusInformation/expzip.html)

Highly destructive email virus that again uses the MS Outlook address book to spread itself. Destroys .ASM .C .CPP .DOC .H .XLS .PPT files. It can also spread without the use of email, through the LAN.

- Bubble Boy (http://www.virusbtn.com/VirusInformation/bboy.html)

The first virus (inspired by Melissa) that was able to propagate itself via email without having the need of an attachment file to be executed by the recipient.

- Love Bug (http://hackingtruths.box.sk/ilu.txt)

The infamous virus based on a master thesis of an university student, which used social engineering to spread itelf. Disguised under the name of a love letter, the attachment file was a visual basic script which included destructive procedures. It propagated itself by selecting male users from the MS Outlook address book and sending the email to them.


EMAIL VIRUS PREVENTION

(http://admin.soe.purdue.edu/support/emailstuff/email_virus/)

- Have up-to-date antivirus software installed on your computer

- Turn off html message viewing in your email client software

- Do not open any attachment file unless you know exactly what it is, whom is it from, and were you expecting it. (REMEMBER: The sender could also be infected and might have sent you the attachment file unwillingly)

:: An interview with original virus writer ::