Do you know the history of malware, what its beginnings were and how its evolution has been over time? Malicious code has existed for four decades, so it has accompanied the development of computer technology, practically, since its inception. In this post, we will guide you on a journey through the malware history so that you know the ancestors of the software most harmful that exist, the origin and types of malware and who created the malware
Malware history
To explain to you what the history of malware has been, we will do a chronological account of software most malicious that have emerged over the decades. We will start from the historic Creeper virus, to the most dangerous advanced persistent threats (APT), such as Stuxnet, Emotet and Ryuk, for example.
Creeper (1971)
The malware origin story began with an experimental virus called Creeper, which was capable of spreading through the ARPANET network. This network was used to connect the DEC PDP-10 computersused by universities and research centers of the time.
The Creeper virus copied itself and jumped through the TENEX port of these computers. Then it issued the message «I am the creeper, catch me if you can!«. The development of this malware led to the origin of the first antivirus: Reaper, in 1972.
Dubbed Rabbit (1974)
Dubbed Rabbit malware was based on a “fork bomb” methodology in order to exhaust the resources of a system until it stops working. It can be considered as the first denial of service attack in the history of malware.
ELK Cloner (1982)
ELK Cloner was one of the first computer viruses to affect personal computers. It was created by a young 15-year-old student named Rich Skrenta. The malware ran on Apple II devices and was transmitted via floppy disk. It had the ability to self-replicate to damage the device’s boot system.
Brain (1986)
It was developed by Farooq Alvi brothers from Pakistanwho are founders and owners of the telecommunications company Brain.
In 1986, the brothers were engaged in the development and sale of software. Realizing that illegal copies of his inventions were being sold, The engineers decided to develop a software malicious that was only activated in said pirated copies. Its operation affected the boot sector of the storage media: it served to slow down computers, steal data or disable their services.
Morris Worm (1988)
It was developed by Robert Tappan, who was only 23 years old. His invention affected 10% of ARPANET servers (approximately 6,000 out of 60,000). He is remembered for being the first worm-type malware (self-replicating) and its activation generated losses of up to 98 million dollars. Its impact was so worrying that it gave rise to the first CERT team (Computer Emergency Response Team).
Ghostball (1989)
Ghostball was the first multiparty malwarethat is, it was fragmented into different functionalities. Infected boot sectors (with a variant of ping-pong malware) and It was used to modify COM files (via a variant of the Vienna malware).
AIDS Trojan (1989)
AIDS Tojan was the first known ransomware in the history of malware and It was used to encrypt everything found on the C:/ drive of the hard drive. Then, he demanded a ransom that had to be paid to a company in Panama. Its propagation was done via floppy disk and they used a symmetric encryption system.
Chameleon (1990)
Chameleon acquired its name thanks to being the first polymorphic virus in the history of malware. That is, it encrypted and decrypted itself to make its analysis and detection more difficult. It infected COM files and put a 62-second mark on them, which generated a denial of service. In addition to being polymorphic, it contained a large amount of irreversible code (or junk code), which made it more difficult to analyze.
Staog (1996)
Was the first virus for the Linux operating system (which was especially used for the development of security systems). It infected executables already running, through code injection, thanks to vulnerabilities in the Linux kernel. However, the following updates to the software They eliminated the threat.
CIH (1998)
It was created by Chen Ing Han, from Taiwan, and was the first malware capable of erasing information from the system BIOS via an overwrite function. The malware was installed by injecting code into executable files. It was very difficult to detect, due to its subtle injection method, which did not modify the size of the infected files at all.
ILOVEYOU (2000)
It was the first worm virus executed on a large scale and managed to infect 50 million computers (10% of the total that were connected to the Internet at that time). It generated losses of 5.5 billion dollars. The virus managed to affect high-level organizations, such as the Pentagon, the CIA, the British Parliament and, to give an entire country an example, 80% of the companies in Spain. It spread via email.
Code Red (2001)
Was the first worm virus in malware history to exploit the vulnerability of buffer overflow (MS01-033, in particular) of Microsoft ISS servers. It was the first metamorphic virus and was extremely complex to combat and analyze. It used up system resources and left them unavailable.
SQL Slammer (2003)
It infected almost 75,000 servers in just 10 minutes. It does not use the SQL programming language, but exploited the vulnerability MS02-039 of buffer overflow on servers with SQL Server and Microsoft SQL Server and Microsoft SQL Server Data Engine. It caused more than $1.25 billion in losses for companies.
Cabir (2004)
It was the first malware for mobile devices: spread by tracking devices through bluetooth and it transferred itself in this way. It only shortened the battery of the infected phone.
Koobface (2005)
First malware that used social networks as a means of propagation. He sent messages on Facebook, MySpace and Twitter with a link attached to an Adobe Flash update. It then monitored search engines and redirected users to malicious websites to steal financial data and passwords.
Conficker (2008)
Created in Ukraine, It was one of the most contagious computer viruses in the history of malware. It infected 6% of computers connected to the Internet worldwide and was used to steal information.
Stuxnet (2010)
One of the most advanced and interesting attacks in the history of malware. It was designed to attack SCADA systems and was tremendously complex, since required advanced knowledge of industrial systems. It directly attacked Iran’s nuclear power plants, which suggests that it was developed by the United States and Israel (although both governments deny their involvement).
Zeus (2007-2011)
Zeus was a banking Trojan that spread through hacker attacks. phishing by email. The malware consisted of installing a keylogger who stole enough data to take more than $70 million from victims’ accounts.
Cryptolocker (2013)
Ransomware spread by email, which was installed in the «Documents» directory and encrypted Office, Opendocuments, Autocad and images files. It was the first to use hybrid encryption, such as symmetric encryption (AES-256) and asymmetric (RSA 2048).
Koler (2014)
It was the first locker detected on Android in malware history. It was distributed as a fake adult app, which then locked the user’s terminal until a ransom was paid.
TeslaCrypt (2015)
The first ransomware in the history of malware targeting video game users. It affected players from Call of Duty, Assassin’s Creed and Minecraftwho saw their sessions encrypted through this attack.
Cerber (2016)
One of the first ransomware services (RaaS). It served to industrialize the use of these malwares.
Locky (2016)
Ransomware that mainly damaged American hospitals. It was developed with the infrastructure of the Dridex Trojan virus and spread through hacker attacks. phishing with macros. It encrypted all types of files and eliminated the backups of the team.
Wannacry (2017)
One of the best-known ransomware in the history of malware. Wannacry was deployed in 2017 and caused more than $4 billion in losses. It affected hospitals, police stations and more health institutions. almost 200 different countries. She stopped by means of a killswitchbut then more lethal ransomware would come.
Emotet (2018-2020)
It worked by sending macro viruses and stole information from infected users. In addition, it sent emails to all users from the infected computers to spread.
Ryuk (2018-2020)
Despite having a solution, it is one of the most active malware today. It works by encrypting files and deleting backup copies. It is the last instance of an Emotet or Trickbot attack.
Conti (2020-present)
It is the evolution of Ryuk and it is one of the most harmful viruses in the history of malware. Its operation is based on the extortion of users under threat of leaking data on a public site.
BitPaymer (current)
It is very dangerous because It is based on the previous theft of passwords to access a company’s AD and then does network reconnaissance to reach and encrypt key servers.
Revil (2019-present)
It is a ransomware service (RaaS) that extorts and generates denial of service attacks. It affected organizations such as Apple, Acer, HX5 and governments, such as those of Brazil and Argentina.
How to learn more?
Through the history of malware, you can see how these software They have been advancing and improving over time. They are becoming more and more complex, difficult to analyze, detect and eliminate. If you want to learn more about malware analysis, we have the ideal training for you. Access our Full Stack Cybersecurity Bootcamp and specialize in ethical hacking, cryptography and many more topics in a matter of months. ¡Sign up!