Mar 102011

Fortinet has recently posted a blog post on the history of computer viruses at 40th Anniversary of the Computer Virus | Fortinet Security Blog. From a historical perspective it is a fascinating read. A couple of ones from a personal note:

Creeper: Catch me if you can. This was an experimental virus developed in 1971. It is the grand daddy of viruses. It was a relatively benign virus. And, it was actually a demonstration of mobile code. It would pick itself up and move to the next computer, vs. replicating like today’s viruses.

The article does not deal with The Morris Worm. However, I feel it needs to be mentioned in any discussion about malware. The worm utilized known vulnerabilities in a variety of UNIX services. Unfortunately, it got out of control and ended up performing a Denial of Service attack across the young Internet in 1988. The CERT was created by DARPA as a result of this worm.

When I was a UNIX administrator back in the mid 1990s, we would laugh about all of the forwards people would send about warning of viruses from email. After all, how could you get a virus from reading an email in Pine or Elm. The I Love You virus in 2000 changed all of that with help from Microsoft’s desktop security model. This was one of the first full scale viruses to affect normal users.

In 2001, IIS, Microsoft’s web server was attacked via Code Red. This is different than the traditional virus or worm which attacks the desktop. It exploited a buffer overflow in the indexing system of IIS. I remember being on the front end of the fight of this battle. Our Internet connection was acting slow. While troubleshooting, we decided to reboot our firewalls. When this happened our IIS servers crashed. Funny coincidence we thought. An hour later, we did it again. They crashed again. It was not until the chatter on the security mailing lists picked up late that afternoon that we figured out what was going on. At that point, we were able to take the appropriate action.

Just last year, Stuxnet appeared and targeted Iran’s nuclear industrial machines in a very subtle way. I am not going to get into the details of Stuxnet, as there are plenty of sources out there who can explain it better than I. What is fascinating about it is that it appears to be the start of nations writing malware to directly attack another nation’s specific resources. The effort, skill, and knowledge needed to implement this malware successfully is quite amazing… and scary.