COMPUTER VIRUS

History of computer viruses

Like any other field in computer science, viruses have evolved -a great deal indeed- over the years. In the series of press releases which start today, we will look at the origins and evolution of malicious code since it first appeared up to the present

Going back to the origin of viruses, it was in 1949 that Mathematician John Von Neumann described self-replicating programs which could resemble computer viruses as they are known today. However, it was not until the 60s that we find the predecessor of current viruses. In that decade, a                                                                                                                            John Von Neuman

group of programmers developed a game called Core Wars, which could reproduce every time it was run, and even saturate the memory of other players' computers. The creators of this peculiar game also created the first antivirus, an application named Reeper, which could destroy copies created by Core Wars.

However, it was only in 1983 that one of these programmers announced the existence of Core Wars, which was described the following year in a prestigious scientific magazine: this was actually the starting point of what we call computer viruses today.

At that time, a still young MS-DOS was starting to become the preeminent operating system worldwide. This was a system with great prospects, but still many deficiencies as well, which arose from software developments and the lack of many hardware elements known today. Even like this, this new operating system became the target of a virus in 1966: Brain, a malicious code created in Pakistan which infected boot sectors of disks so that their contents could not be accessed. That year also saw the birth of the first Trojan: an application called PC-Write.                                         Michael Angelo

Shortly after, virus writers realized that infecting files could be even more harmful to systems. In 1987, a virus called Suriv-02 appeared, which infected COM files and opened the door to the infamous viruses Jerusalem or Viernes 13. However, the worst was still to come: 1988 set the date when the"Morris worm" appeared, infecting 6,000 computers.

From that date up to 1995 the types of malicious codes that are known today started being developed: the first macro viruses appeared, polymorphic viruses... Some of these even triggered epidemics, such as MichaelAngelo. However, there was an event that changed the virus scenario worldwide: the massive use of the Internet and e-mail. Little by little, viruses started adapting to this new situation until the appearance, in 1999, of Melissa, the first malicious code to cause a worldwide epidemic, opening a new era for computer viruses.

The creator of the first computer virus

Elk Cloner creator Rich Skrenta looks back

308

113

90

14 Dec 2012 at 11:02, John Leyden

To the author of ‪Elk Cloner‬, the first computer virus to be released outside of the lab, it’s sad that, 30 years after the self-replicating code's appearance, the industry has yet to come up with a secure operating system.

When Rich Skrenta, created Elk Cloner as a prank in February 1982, he was a 15-year-old high school student with a precocious ability in programming and an overwhelming interest in computers. The boot sector virus was written for Apple II systems, the dominant home computers of the time, and infected floppy discs.

If an Apple II booted from an infected floppy disk, Elk Cloner became resident in the computer’s memory. Uninfected discs inserted into the same computer were given a dose of the malware just as soon as a user keyed in the command catalog for a list of files.

Infected computers would display a short poem, also written by Skrenta, on every fiftieth boot from an infected disk:

Elk Cloner: The program with a personality
It will get on all your disks It will infiltrate your chips Yes it's Cloner!
It will stick to you like glue It will modify ram too Send in the Cloner!

Elk Cloner, which played other, more subtle tricks every five boots, caused no real harm but managed to spread widely. Computer viruses had been created before, but Skrenta’s prank app was the first to spread in the wild, outside the computer system or network on which it was created.

Rich Skrenta today

“I was a geek and a computer nerd, interested in all aspects of technology,” he says. “I wanted to build a robot but there was no kit available and I had no mechanical skills. At elementary school, I used to experiment with vacuum tube radios but the slightest mistake during construction meant they didn’t work. I didn’t even find it easy putting together railway sets.”

“With programming I discovered a way to mimic things I saw in the movies,” Skrenta says, noting that some of his favourite films at the time were2001: A Space Obyssey and Colossus: The Forbin Project.

“The physical stuff was frustrating by comparison,” he added.

Skrenta received an Apple II Computer as a Christmas gift in 1980. “It took over my life. I spent every waking hour immersed in computer games and programming.”

Skrenta wrote his own text-based adventure game, the opening of which placed the gamer into the role of a survivor of an airliner crash. This taught him to program in Basic and he later picked up assembly language skills.

The Apple II came with two floppy disk drives, and enthusiasts shared software and games through computer clubs. Software piracy was rife, and Skrenta was right in the middle of the scene.

“I was a member of a computer club in Pittsburgh. I used to copy software and share it with friends. There was a thriving pirate software market and people used to exchange games and software on floppy discs,” he explains.

It was this that got him thinking about how he could use this mechanism to play tricks on his pals. He sometimes altered the floppy discs he shared with friends so that they would display on-screen messages or shut down thier computer.

Booby trap

“I decided to booby trap new games to put up a message,” he recalls. “I gave a floppy to one of the guys at the computer club, and it worked. At the time I though it was hysterically funny.

“I did a couple of more pranks before people wouldn't let me touch their discs any more.”

This got him thinking: could he alter the contents of a floppy disc without touching it? His experiments led him to develop program that would run in the background, checking for the presence of a new disk and, if it found one, could modify files stored on the disk.

The result of this work was a program that, in effect, was coded to hop from disk to disk, propagating itself from machine to machine. The first virus, Elk Cloner, was born.

“Tech books on hacking the Apple II covered system entry points, such as turning on the disc drive motor. One of the core applications, System Monitor, had holes in it. Elk Cloner used those holes.”

Floppy target: Brain A was the first Windows virus
Source: Mykko Hypponen, F-Secure

Elk Cloner took about two weeks to write in assembly language, Skrenta recalls. And if it’s mode of operation sounds simple, making it actually happen was quite a technical challenge. His earlier adventure game took longer but was more creative, like making a puzzle.

“It worked like a charm and spread all over the place,” Skrenta remembers with a chuckle. His cousins in Batimore and - years later, he discovered - a friend in the US Navy were among those whose computers caught the virus.

Not that there weren’t ways of avoiding infection.

“Elk Cloner created a rattling noise when the program started. If a disc was infected you could hear it. If you inserted an infected disc in an Apple II you can hear the head swoosh sound, an audible signature.

“It would infect a new disc if machine wasn’t rebooted. If an Apple II was rebooted every time, Elk Cloner wouldn’t have spread. But, given people computer habits

Author of Computer 'Virus' Is Son Of N.S.A. Expert on Data Security

By Jhon Alfred A. Doguiles

Published: march 09,2014

• FACEBOOK
• TWITTER
• GOOGLE+
• EMAIL
• SHARE
• PRINT
• SINGLE PAGE
• REPRINTS
• 

The ''virus'' program that has plagued many of the nation's computer networks since Wednesday night was created by a computer science student who is the son of one of the Government's most respected computer security experts.

The program writer, Robert T. Morris Jr., a 23-year-old graduate student at Cornell University whom friends describe as ''brilliant,'' devised the set of computer instructions as an experiment, three sources with detailed knowledge of the case have told The New York Times.

The program was intended to live innocently and undetected in the Arpanet, the Department of Defense computer network in which it was first introduced, and secretly and slowly make copies that would move from computer to computer. But a design error caused it instead to replicate madly out of control, ultimately jamming more than 6,000 computers nationwide in this country's most serious computer ''virus'' attack.

The dent's program jammed the computers of corporate research centers including the Rand Corporation and SRI International, universities like the University of California at Berkeley and the Massachusetts Institute of Technology as well as military research centers and bases all over the United States. Meeting with the Authorities

The virus's creator could not be reached for comment yesterday. The sources said the student flew to Washington yesterday and is planning to hire a lawyer and meet with officials of the Defense Communications Agency, in charge of the Arpanet network.

Friends of the student said he did not intend to cause damage. They said he created the virus as an intellectual challenge to explore the security of computer systems.

His father, Robert T. Morris Sr., has written widely on the security of the Unix operating system, the computer master program that was the target of the son's virus program. He is now chief scientist at the National Computer Security Center in Bethesda, Md., the arm of the National Security Agency devoted to protecting computers against outside attack. He is most widely known for writing a program to decipher symbols, or ''passwords,'' that give users access to computers and their data. 'Very Well Trained'

The elder Mr. Morris, in a telephone interview yesterday, called the virus ''the work of a bored graduate student.''

Speaking in the presence of officials and lawyers of the National Security Agency, he would not discuss the case in detail. He said his son was ''for his age very well trained in computer science: he studied it in college and held various summer jobs at various places.''

The sources said the 56-year-old Mr. Morris had no prior knowledge of the virus attack.

Mr. Morris said he believed that the virus might ultimately have a positive effect. ''It has raised the public awareness to a considerable degree,'' he said. ''It is likely to make people more careful and more attentive to vulnerabilities in the future.''

Managers at hundreds of research and military facilities around the country yesterday continued efforts to cleanse their systems, while computer scientists studied the virulent program in an effort to prevent a recurrence. Several computer sites were spared from the virus because system managers had rewritten security programs in light of at least three separate security flaws in computers running the Unix operating system. Most of the loopholes have only recently been discovered.

One site that escaped infection was the American Telephone and Telegraph Company's Bell Laboratories. Computer scientists there said the program with the principal flaw was rewritten about a year ago. Exploitation of Flaws

The student's virus, actually a group of small programs, entered systems by exploiting the flaws, said Clifford Stoll, a computer security expert at Harvard University. Once it entered a given computer it was designed to hide itself in the computer's memory then systematically search for ways to enter other computers linked through communications networks.

Computer viruses are the computer equivalent of biological viruses, replicating largely on their own and spreading from computer to computer, consuming computer processing power and storage space or potentially destroying stored information.

The virus was detected in part because a design error led it to create many copies rather than a single copy on each machine it attacked. Computer researchers said the copies were like echoes bouncing back and forth off the walls of canyons.

Computer experts who were assessing the harm yesterday said there seemed to be no damage other than the thousands of hours that computer scientists and programmers were spending removing the program from their systems. 'Classic Hack That Went Wrong'

The program eventually affected as many as 6,000 computers, or 10 percent of the systems linked through an international group of computer communications networks, the Internet.

''This sounds like a classic hack that went wrong,'' said Mark Seiden, a computer scientist who is an expert on the Unix operating system.

, it spread like crazy,” Skrenta explained.Computer scientists said the younger Mr. Morris has worked in recent summers at the AT&T's Bell Labs. One of his projects there included rewriting the communications security software for part of an informal network connecting most computers that run the Unix operating system, which AT&T developed.

The scientists also said that in August the student's father submitted the abstract of a paper on Unix computer security to a computer science conference to be held later that month in Portland, Ore., but withdrew the paper several days later, apparently at the request of his employer, the National Computer Security Center.

Computer scientists who are dissassembling the student's virus program to better understand how it worked said they were impressed with its power and cleverness.

''We found it to be sophisticated, and he did a good job of obscuring information in the program,'' said Peter Yee, a computer researcher at the Experimental Computer Laboratory at the University of California at Berkeley. He was one of the first programmers to detect the virus, through special monitoring equipment at his laboratory. #47,000 Characters of Information Mr. Yee said he had spent two sleepless nights taking the program apart to understand it. He said it consisted of 47,000 characters of information. The virus infiltrates the computer by taking advantage of a flaw in a message-sending program to circumvent system security. It then hides in memory while it creates a program that tells the computer being attacked to import several other programs from the attacking computer. The new programs then help break into a specially encrypted password file and use the passwords to infiltrate other computers.

Computer security experts generally minimized the damage done by the virus. They said the attack would serve as a useful lesson that not enough attention was being paid to computer security. They noted, however, that with minor modifications the virus could have transformed itself from a nuisance into a deadly and destructive scourge that could have widely destroyed data.

''I've been trying to tell people that something like this could happen for five years,'' said Fred Cohen, a computer scientist at Cincinnati University. ''Maybe they're going to start to lose their sense of innocence.'' Concern on Mimicry

Many computer researchers were concerned that the virus attack might encourage more sophisticated attacks.

''Someone is likely to get ideas from this and mimic this virus,'' said Bruce Cole, a researcher in the computer science department at the University of Wisconsin. ''Everybody is paranoid about security now.''

Around the country at hundreds of sites that were struck with the virus, system managers said operations were beginning to return to normal yesterday afternoon.

When the virus first struck about 9 P.M. Wednesday, many computer sites did not at first identify the problem as a virus. Several universities said they believed they had become the target of pranksters. At Princeton and the University of Wisconsin programmers spent the night battling what they thought was an internal problem.

They could have been fooled, computer experts said, because the virus masqueraded as a legitimate user and then infected other systems by exploiting a legitimate user's mail privileges.

By Thursday morning word had begun to spread widely that the program was a virus, and system managers began to unhook their computers from the network.

At Carnegie-Mellon University in Pittsburgh 80 out of 100 computers tied to the Arpanet were affected. At the University of Wisconsin 200 of 300 were.

To rid computers of the virus, system managers first disconnected their machines from the network they were linked to, turned them off and then restarted them, making sure to delete the programs that the virus created. Then new protective programs were added to seal the loopholes the virus used to enter their machines. 'Everything Is Messed Up'

Some sites reported yesterday that they were still struggling with the virus. At the University of Illinois at Champaign-Urbana, officials said they thought Thursday night that they had closed the loophole the virus exploited but found that it exploited other security flaw and came back. The virus was still causing confusion there yesterday afternoon.

''We can't tell what it is doing,'' said David K. Raila, a researcher at the university.

''The computing community at large has been pretty casual about passing around codes sometimes with deliberate trap doors in,'' said H. Douglas McIlroy, a computer scientist at Bell Labs. ''These trap doors have been sitting there waiting to be exploited.''

Why do People Create viruses? Purposes:

• To take control of a computer and use it for specific tasks
• To generate money
• To steal sensitive information (credit card numbers, passwords, personal details, data etc.)
• To prove a point, to prove it can be done, to prove ones skill or for revenge purposes
• To cripple a computer or network

Diagram for computer virus