A white paper published by McAfee in 2005. All citations and credits for any part or content should be for McAfee. McAfee however holds no liability for any thing in this blog since this blog is created by a third party without their express consent. This blog is created for academic purposes only.

Viruses and the Rise of the Internet

In 1969, there were four hosts on the Internet. In 2005, that number has exceeded 300 million.
It is not surprising that the evolution of computer viruses is directly related to the success and evolution of the Internet, and the comparison between the Internet and a living body that is continuously fighting viral infection and disease is both easy to understand and picture. As the Internet has assumed a life of its own, connecting computers, servers, laptops, and mobile phones around the world into a single, evolving web of inter connectivity, so, too, has malicious code quickly evolved and mutated to become a myriad of increasingly more complex malicious software programs. 

Simply put, anti-virus is the antidote to this infection. 

As the Internet has evolved, so has the nature of the threat. Viruses have spawned new forms of malicious life that thrive upon the computational technology of Internet connectivity, data, and voice communications. These new threats can rapidly recreate themselves (worms) to attack their hosts, and then spread rapidly from one host to another. Recently, independent threats have combined in the form of blended threats that conspire to identify, disable, or destroy any vulnerable carrier hosts. 

So where did this all start? 

Brain (1986) was one of the earliest viruses. It infected the boot sector of fl oppy disks, which were the principal method of transmitting fi les of data from one computer to another. This virus was written in machine code, the basic computing language for personal computers (PCs). Virus propagation was slow and depended upon users physically carrying the infection from one machine to another, and then transmitting the infection via the fl oppy disk when the PC booted up. These viruses became know as boot sector viruses because the upload executed the virus process. By the early 1990s, well-known viruses like Stoned, Jerusalem, and Cascade began to circulate. 

The first major mutation of viruses took place in July 1995. This was when the fi rst macro virus was developed. It was notably different from boot sector viruses because it was written in a readable format. The use of such macro programming within common offi ce applications resulted in the Concept virus. Viruses written in readable format, combined with the existence of macro programming manuals and the enhanced capabilities of macro viruses relative to boot sector and contemporary fi le viruses, allowed new macro viruses and variants of existing viruses to be rapidly developed and distributed. Furthermore, with computers now being connected to local area networks (LANs) that were slowly being interconnected to each other, the increased importance and feasibility of fi le sharing provided an effi cient distribution mechanism for viruses, which further attracted more writers to this new breed of malicious code. 

The next major mutation of viruses took place in 1999 when a macro-virus author turned his attention to the use of e-mail as a distribution mechanism. Melissa, the fi rst infamous global virus, was born. After Melissa, viruses were no longer solely reliant on fi le sharing by fl oppy disk, network shared fi les, or e-mail attachments. Viruses had the capability to propagate through e-mail clients such as Outlook and Outlook Express. As of a result of this and new developments in the capabilities of the Windows® Scripting Host, a devastating virus known as Love Letter was spawned on May 4, 2000. The world has never been the same since. 

Evolving, mutating, and growing in intelligence and its ability to survive and spread its infection, the virus has jumped from the humble fl oppy disk to distributing itself quickly around the internal network. The virus is presently capable of spreading seemingly unseen, effortlessly and unstoppably across the global Internet, infecting anything and everything it touches. 

As antidotes to viruses were developed and immunization programs created and deployed to counteract their effect, some viruses were able to adapt and learn to circumnavigate the efforts made to stop them, and new malicious organisms rapidly came into existence. Today we not only have to cope with viruses, but also with worms, Trojan horses, backdoors, rootkits, HTTP exploits, privilege escalation exploits, and buffer overfl ow exploits. These new threats identify and prey upon vulnerabilities in applications and software programs to transmit and spread attacks. 

In 2002, these threats began to combine, and the blended threat was born. By utilizing multiple techniques, blended threats can spread far quicker than conventional threats. And the devastation they can wreak can be far more widespread and destructive.

No comments:

Post a Comment

Subscribe to: Posts (Atom)