Computer Viruses Throughout History

Cleber E. de Griff Bueno Ayres        Ayres 1

Professor Vishal Anand

CIS 421 – Computer and Network Security

2/18/2014

Computer viruses throughout history

1. Introduction

        According to United States Computer Emergency Readiness Team, “A computer virus is a program that spreads by first infecting files or the system areas of a computer or network router's hard drive and then making copies of itself.” They are a concern to users and companies since a long time ago, due to the catastrophic effects, stealing users’ information or even deleting files. A computer virus can also give total access to determined computer via remote access.

        During this presentation, some of the most famous virus will be explained, creating a timeline where could be possible to identify the computer viruses evolution of objectives, targets, and the way how they work.

1. The first virus and the first antivirus

        The computer viruses’ history started in 1971 with Bob Thomas at BBN Technologies programming an experimental self-replicating program known as “Creeper”. Its original design was not malicious, but to demonstrate the Theory of self-reproducing automata created by John von Neumann. After gaining access to a DEC PDP-10 computer running the TENEX operating system and replicating itself via ARPANET, the program broadcast “I’m the creeper, catch me if you can!” on the terminal screen. The subsequent computer worm was “The Reaper”, designed in 1973 to delete “Creeper” from infected computers. Therefore, we can conclude that the first antivirus was a virus designed to destroy another.

1. Jerusalem (1987) - Assembly

        Jerusalem is a DOS virus detected for the first time in Israel, in October 1987. Written in the language Assembly, this virus remains in memory resident using 2kb, and its main purpose is to infect .COM and .EXE files, except for COMMAND.COM. When a .COM file is loaded in memory, Jerusalem make the file grows 1,813 bytes. COM files are not re-infected, different than EXE files, which grows by 1,808 to 1,823 bytes for each time it is loaded into memory. This process occurs until the file size is too large to load into memory.

        This virus has other effect, which is a payload programmed to delete every infected program file in every Friday 13th after 1987. Due to this, this virus is known as “Friday 13th”. It also has another nickname, “BlackBox”, due to the blackbox showed during the payload sequence.

        The effects of this virus could be observed in some aspects of the operational system, as.exe and .com file size, and also debugging an infected file. The images below compare a normal DOS system and an infected DOS system:

[pic 1]

[pic 2]

1. Morris (1988) – Language C

        Considered the first computer worm on the internet and created by Robert Tappan Morris, Morris Worm (also known as Internet Worm) was accidentally flawed, sending millions of copies to different network computers when Robert was trying to zmeasure the size of the internet. Even though the main body of the worm could only infect DEC VAX machines running 4BSD, and Sun-3 systems, the damages caused by this worm had cost almost 100 million dollars to be repaired.

        Robert T. Morris was convicted of

violating the computer Fraud and Abuse Act (Title 18), and sentenced to three years of probation, 400 hours of community service, a fine of $10,050, and the costs of his supervision.

        [pic 3]

                worm.c, part of the source file of Morris

1. Chernobyl (CIH) (1998) – Assembly

        Created by Chen Ing Hau in 1998, CIH (also known as Chernobyl or Spacefiller) affected computers with Windows 9x Operating Systems. This virus overwrites important informations in infected drives, and in most cases also overwrites the system BIOS.

        In Korea, it was estimated that as many as one million computers were affected, resulting in more than $250 million in damages. In worldwide, 60 million of pcs were believed to be infected, and the total commercial damage was estimated in US$1 billion.

[pic 4]

BSoD right after Virus.Win9x.CIH execution

1. Lovebug/ILOVEYOU (2000) – VBScript

        This worm created by the Philippine student Onel de Guzman attacked uncountable Windows PCs starting in 5 May 2000. It comes via email, as a Love Letter asking to the user to download and open a VBScript. The main effect of this worm was overwrite all the JPEG and JPG files in user’s computer, as well as send the worm email to the first 50 contacts in user’s Windows Address Book, used by Microsoft Outlook.

        The worldwide damage costs were estimated between US$5.5 billion and US$8.7 billion.

[pic 5]

1. The Code Red Worm (2001) – Assembly

        Originated in China, this worm attacked computers running Microsoft's IIS web server, infecting webpages with the message “Hacked by Chinese”. This virus acted between 13 July 2001 and 28 July 2001, when it entered in “Infinite Sleep Mode”.

        [pic 6]

1. Conficker (2008) – Language C

        This worm, which origin is probably from Ukraine, infected computers with Windows System, blocking the access to antivirus websites and changing the computer settings.

...