• History of computer viruses. The first computer viruses What is a computer virus and when did it first appear

    The first studies of self-reproducing artificial structures were carried out in the middle of the 20th century: in the works of von Neumann, Wiener, and others. A definition was given and a mathematical analysis of finite automata, including self-reproducing ones, was carried out. The foundations of the theory of self-reproducing mechanisms were laid by an American of Hungarian origin John von Neumann , which in 1951 proposed a method for creating such mechanisms. WITH 1961 working examples of such programs are known.

    The term " computer virus "appeared later - it is officially believed that it was first used by an employee of Lehigh University (USA) Fred Cohen in 1984 at the 7th conference on information security held in the USA.

    There are many different versions regarding the date of birth of the first computer virus. However, most experts agree that computer viruses, as such, first appeared in 1986, although historically the emergence of viruses is closely related to the idea of ​​creating self-replicating programs.

    The appearance of the first computer viruses capable of appending themselves to files is associated with an incident that occurred in the first half of the 70s on the system Univax 1108. The virus named Pervading Animal", added itself to executable files - did almost the same thing as thousands of modern computer viruses.

    NOTE :Each virus has its own name. Having discovered a new virus, anti-virus companies give it names in accordance with the classifications adopted in each particular company, and each company has its own classification.

    For example , Worm.Win32.Nuf is the same as

    Net-Worm.Win32.Mytob.c.

    Often the name is given by some external features:

      at the place of detection of the virus (Jerusalem);

      user submission method (AnnaKournikova);

      effect (Black Friday).

    It can be noted that in those days significant events related to computer viruses occurred once every few years. Since the beginning of the 80s, computers have become more and more popular. More and more programs appear, global networks begin to develop. The result of this is the appearance of a large number of various "Trojan horses" - programs that, when launched, cause some harm to the system.

    One of the "pioneers" among computer viruses is the virus " brain", created in 1986 by a Pakistani programmer named Alvi. In the US alone, this virus infected over 18,000 computers.

    The virus that infects a 360Kb floppy disk quickly spread all over the world. The reason for this "success" was, most likely, the unpreparedness of the computer society to meet such a phenomenon as a computer virus.

    At the beginning of the era of computer viruses, the development of virus-like programs was purely research in nature, gradually turning into an openly hostile attitude towards users of irresponsible, and even criminal "elements". In a number of countries, criminal legislation provides for liability for computer crimes, including the creation and distribution of viruses.

    The first known viruses were Virus 1,2,3 And Elk Cloner For PCApple II that appeared in 1981 . in winter 1984 the first antivirus utilities- CHK4BOMB And BOMBSQAD by Andy Hopkins EnglishAndy Hopkins).

    At first 1985 Guy Wong ( EnglishGee Wong) wrote the program DPROTECT is the first resident antivirus.

    The heyday of viruses in their classical sense fell on the operating system MS DOS and took place in the 80s and early 90s. At that time, viruses infected the boot areas of hard and floppy drives and executable files. Viruses were spread by transferring floppy disks infected with viruses or containing infected executable files from computer to computer. In their evolution during that period, viruses went from simple viruses to encrypted ones (the body of the virus was encrypted, so that the signature of the virus changed from instance to instance).

    Of the virus technologies developed during that period, the following should also be noted. :

      "stealth" technology that ensured the "invisibility" of viruses for standard tools that provide information about the system;

      the direction of some viruses to destroy or block the operation of anti-virus programs on the affected user's computer;

      the development of virus generators, which allowed low-skilled users to automatically create viruses.

    At the same time, the main classes of binary viruses took shape. :

      network worms (morris worm, 1987),

      « Trojan horses » (AIDS, 1989 ),

      polymorphic virus s(Chameleon, 1990),

      stealth viruses (Frodo, Whale, 2nd half of 1990).

    The first viral epidemics date back to 1987-1989:

      Zotkin.A,(more than 18 thousand infected computers, according to McAfee ),

      Jerusalem(appeared on Friday may 13 1988, killing programs as they run),

      morris worm (over 6200 computers, most networks were out of order for up to five days),

      DATACRIME(about 100 thousand infected PCs in the Netherlands alone).

    On Friday, May 13, 1988, several firms and universities from several countries of the world "got acquainted" with the virus at once. Jerusalem"– on this day, the virus destroyed files when they were launched. Together with several other viruses, the virus " Jerusalem"spread through thousands of computers, remaining unnoticed - antivirus programs were not yet as widespread at that time as they are today, and many users and even professionals did not yet believe in the existence of computer viruses.

    Less than six months later, as in November 1988. appeared network Morris virus(other name - Internet Worm) and for a short period of time paralyzed the work of many Internet hosts. The endemic epidemic of this virus has infected more than 6,000 computer systems in the United States and practically paralyzed their work. Due to an error in the virus code, it sent copies of itself unlimitedly to other computers on the network and, thus, completely took over its resources. The total losses from the Morris virus were estimated at $96 million.

    The Morris worm was a self-propagating program which distributed its copies over the Internet, obtaining privileged access rights to network hosts by exploiting vulnerabilities in the operating system. One of the vulnerabilities used morrison worm, was a vulnerable version Sendmail programs(the security breach was due to the use of a non-standard command) and the other is Fingerd program(it contained a buffer overflow error). The worm also used the command vulnerability to attack systems. rexe c and rsh, as well as incorrectly chosen user passwords.

    This worm is a "classic" of malware, and the attack mechanisms developed by the author when it was written are still used by attackers.

    In parallel, organized movements of both pro- and anti-virus orientation are being formed:

      in 1990, a specialized BBS Virus Exchange,

      « The Little Black Book of Computer Viruses» Mark Ludwig,

      first commercial antivirus SymantecNorton AntiVirus .

    Since the 1990s, the problem has become global in nature. In 1991, the first virus generator appeared - VCS v.1.0. Now anyone could design their own virus in 10-15 minutes.

    In 1992 there were :

      the first virus designer for PC - VCL(For Amiga constructors existed before),

      ready-made polymorphic modules ( MtE, DAME And TPE);

      encryption modules for embedding in new viruses.

    In 1992, the first virus constructors appeared VCL And PS-MPC, which increased the already rather large flow of new viruses. At the end of this year, the first virus for windows, that infects the executable files of this operating system has opened a new page of computer viruses.

    In 1992 the operating system Windows 95 was almost ready and beta- version was sent to 160 testers. All disks were infected with a boot virus Form, and only one tester was not too lazy to check the disk with an antivirus. 1993 Virus Satan bug hits hundreds of computers in Washington DC.

    With the advent of the Windows family of operating systems in the 90s, the situation changed. It seemed that the situation should improve, because. Windows is a system of a more complex structure, it has some protection mechanisms, and, therefore, it will be more difficult to create viruses for this operating system than under MS DOS. Indeed, for some time the number of viruses created decreased (the number of viruses infecting the boot record increased, since this type MS DOS viruses was compatible with the operating system Windows 3.1, but the number of file viruses has decreased).

    In the next few years there were :

      finally honed stealth And polymorphic technologies (SMEG.Pathogen, SMEG.Queeg,One Half , 1994; NightFall, Nostradamus, Nutcracker, 1995),

      tried the most unusual ways penetration into the system and infection of files (Dir II - 1991, PMBS, Shadowgard, Cruncher - 1993),

      viruses have emerged that infect object files (Shifter, 1994) and source codes of programs ( Srcvir, 1994).

    During this period, a new factor appeared that caused the rapid growth of malware. Complex software packages have become widespread (the brightest representative is Microsoft office) containing built-in interpreted languages.

    August 1995 one of the turning points in the history of viruses and antiviruses - the first virus for Microsoft Word ("Concept").

    Virus Concept, first macro virus(a virus that uses an interpreter built into the application software). Thus began the era of macroviruses. With the distribution of the package Microsoft Office spread macro viruses (Concept, 1995). From now on, viruses that infect documents Microsoft Office became the most popular in the world.

    In 1996, the first viruses appeared for:

      Windows 95 -Win95.Boza,

      resident virus for Win95.Boza - Win95.Punch.

    After the appearance in 1997 of the next version of the product Microsoft Office, viruses have ceased to be specific to a particular office application, but have become "common" for all products of the family, due to the introduction of a built-in interpreted language into the package Visual Basic. In theory, any application that supports Visual Basic, can be used to spread viruses in documents.

    Thus, there are currently the following prerequisites for the wide distribution of macro viruses:

      wide distribution of the package Microsoft Office

      lack of protection mechanisms in macros;

      the prevalence of information exchange in files created by office applications, in mail attachments between users;

      convenient language for writing viruses.

    Modern macro viruses try to use technologies similar to those used by viruses for the MS DOS operating system:

      hiding your body by intercepting calls to menu items that allow you to view macros in the document;

      macro text encryption;

      fight against antivirus software.

    The virus problems described existed sometime before 1998. And then there was another "viral" revolution associated with the use of the Internet for the spread of viruses.

    At this stage, virus programs begin to have worm-like features, so it is often difficult to clearly identify whether a virus or a worm is malware.

    With the spread of networks and the Internet, file viruses are increasingly oriented towards Win95.Boza and Win95.Punch as the main channel of work:

      ShareFun, 1997- macrovirus MS Word using MS-Mail for distribution;

      Win32.HLLP.DeTroie, 1998- family spyware ;

      Melissa 1999- a macro virus and a network worm that broke all records in terms of propagation speed

    Melissa virus appeared in May 1999 and affected about 100,000 hosts connected to the network internet, including in networks protected by firewalls. The virus was spread using a program attached to an email message. Even if the network under attack was checked for viruses in email messages, anti-virus tools could not recognize the signature Melissa virus.

    Let's take a quick look at how this virus works. Melissa virus cannot be classified as a pure worm, because it requires user action to propagate. In order for the virus to infect the attacked network host, the user had to open the document attached to the mail message using the program Microsoft Word. After the infected document was opened, the virus sent a copy of itself to the first fifty recipients in the address book Microsoft outlook, stored on the host. This method of distribution was the main one (despite the fact that the virus could also spread as a result of the fact that users themselves passed the infected document to each other). Using the host's address book to propagate the virus increased its ability to spread because attacked users tended to trust email messages from known users and opened attached documents.

    In January 1999, the Caligula virus appeared, which was distributed with the help of documents Microsoft Word / 97. This virus tried to find on the infected system a file containing information used by the program PGP. At the same time, to communicate with the offender, ftp session, initiated from the infected machine, which often made it possible to bypass the firewall.

    Virus Marker appeared in April 1999 years and used the technique similar to Caligula virus to obtain information about users working on the infected host. marker checked whether the system was already infected, based on checking the registry key that it set when it was infected

    Era of heyday Trojan horses" opens the hidden remote administration utility Back Orifice (1998) and subsequent analogues ( netbus , Phase).

    Virus Win95.CIH reached a climax in the application of unusual methods, overwriting FlashBIOS infected machines (the epidemic in June 1998 is considered the most destructive in previous years).

    In 1998, the first polymorphic windows32-viruses-"Win95.hps" And " Win95. Marburg. The developers of anti-virus programs had to hastily adapt to the new conditions the methods for detecting polymorphic viruses, which had previously been designed only for DOS viruses.

    Most notable in 1998 was the epidemic of the virus "Win95.CIH", which first became mass, then global, and then endemic - reports of infection of computer networks and home personal computers numbered in the hundreds, if not thousands. The beginning of the epidemic was registered in Taiwan, where an unknown person sent infected files to local Internet conferences.

    Since the mid-1990s, the global Internet has become the main source of viruses.

    The end of the 1990s - the beginning of the 2000s were marked by:

      complication of software and system environment,

      mass transition to relatively protected Windows NT family ,

      fixing networks as the main channel for data exchange,

      as well as the success of anti-virus technology in detecting viruses based on complex algorithms.

    During this period, viruses became:

    1) replace injection into files with injection into the operating system (unusual autorun , rootkits );

    2) to replace polymorphism with a huge number of species (the number of known viruses is growing exponentially).

    However, detection in Windows and other common BY numerous vulnerabilities opened the way exploit worms .

    Since 1999, macro viruses have begun to gradually lose their dominance. This is due to many factors. First, users have become aware of the danger lurking in simple doc- And xls files. People have become more attentive, learned to use the standard macro virus protection mechanisms built into MS office.

    In 2000, very important changes take place on the world "viral scene". A new type of harmful codes is born - network worms. At the same time it appears supervirus - "Chernobyl".

    "Chernobyl" is an executable virus for Windows with the following features:

    1. Firstly , the infected file does not change its size compared to the original version. This effect is achieved thanks to structure of Windows executable files: each exe-file is divided into sections, aligned to strictly defined boundaries. As a result, there is almost always a small gap between the sections. Although this structure leads to an increase in the space occupied by the file on the disk, it can also significantly increase the speed of the operating system with such a file. "Chernobyl" either writes its body into one such gap, or splits its code into pieces and copies each of them into an empty space between the boundaries. As a result, it is more difficult for an antivirus to determine whether a file is infected or not, and it is even more difficult to disinfect an infected object.

    2. Secondly , "Chernobyl"became a pioneer among programs that can damage hardware. Some microcircuits allow you to overwrite the data stored in their mini-ROM. This is what this virus does.

    The first computer viruses, what were they, why were they created?
    The very first known virus, or rather a file worm, is considered to be Pervading Animal. It was created in 1975 for the Univac 1108 computer, as a refinement of the previously created game "Animal", which was very popular at one time. The distribution of programs and files at that time was a very laborious task, since it was necessary to record it from one magnetic tape to another. When the programmer John Volker got tired of such a long copying process, he wrote a special subroutine "Pervade". It was launched into the computer's memory as an independent subprocess, looked for possible directories for writing, and in the absence of a copy of the Animal game, wrote it there.

    However, such an innovation brought discord in the work of the program, and it began to append itself to other executable files, copying itself uncontrollably to all directories until the disk was full. The distribution of the game stopped after UNIVAC released a new version of the operating system in 1976, in which the virus game could no longer work.

    One of the first viruses found on the computer of ordinary users, which could spread in other people's computers, and not in the system where it was developed, is "Elk Cloner". This virus was written in 1981 by fifteen-year-old schoolboy Richard Skrenta for Apple II computers.
    The virus spread by infecting the DOS operating system for the Apple II via floppy disks. After starting the computer from an infected floppy disk, a copy of the Elk Cloner virus was automatically loaded into the computer's memory. The virus did not affect the operation of the computer and other programs; it could only monitor disk drives. When access to an uninfected disk or floppy disk appeared, the program copied itself. In this way, it slowly infected more and more computers. And, although the virus did not specifically harm the user, it was able to corrupt discs with a non-standard DOS type, destroying the backup tracks of the disc, regardless of the contents. Every 50th Elk Cloner download ended with a short poem displayed on the computer screen.

    Creeper is considered the first network virus. In 1973, he infected the military computer network Arpanet, the prototype of the Internet. The virus was written by BBN (Bolt Beranek and Newman) Bob Thomas. This program could independently access the network via a modem and leave its copy on a remote computer. He did not perform any destructive actions, only when he hit the computer he displayed the inscription: "I" M THE CREEPER ... CATCH ME IF YOU CAN "(I'm a Creeper ... Catch me if you can).
    A little later, another BBN employee, Ray Tomlinson, developed the Reaper program, which also roamed the network freely and, if Creeper was found, deleted it.

    The first viral epidemics took place in 1987-1989. By this point, many could afford to buy relatively cheap IBM PCs, which led to a sharp increase in computer virus infections. It was in 1987 that three major epidemics of computer viruses broke out at once. The virus that caused the epidemic, called Brain (also known as the Pakistan virus), was developed in Pakistan to punish local pirates who steal programs from the developer. But, unexpectedly for everyone, it spread very quickly around the world.

    For reference.
    A computer virus is such a malicious program that can create copies of itself, as well as inject its code into other programs, disk boot sectors, and into system memory. The virus can spread copies of itself over the Internet. Viruses are created to disrupt the operation of a computer, delete or steal data, block users from working, or disable computer hardware.

    Computer virus- This is a special computer program that is distinguished by the ability to reproduce. In addition, the virus can damage or destroy the data of the user on whose behalf the infected program is launched.

    Some inexperienced users consider viruses and spyware, trojans and even spam.

    Gradually, viruses began to spread, and introduced into themselves the executable code of programs, or replaced other programs. For some time it was assumed that a virus, like a program, can only infect programs, and that any changes to non-programs are only data corruption.

    But in the future, hackers proved that not only executable code can be a virus. There were viruses written in the language of batch files, macro viruses that were introduced into office programs through macros.

    Then viruses began to appear that took advantage of vulnerabilities in popular programs, they spread using a special code that was embedded in a data sequence.

    There are many versions about the birth of the first computer virus. But based on the facts, we can say that there were no viruses on Charles Babbage's first computer, but in the mid-1970s, on IBM 360/370 they already were.

    In the 1940s, the works of John von Neumann devoted to self-reproducing mathematical automata became known. This can be considered the starting point in the history of computer viruses. In subsequent years, a number of studies were carried out by various scientists aimed at studying and developing the ideas of von Neumann. Naturally, they did not seek to develop a computer virus, but to study and improve the capabilities of computers.

    In 1962, the Darwin game was created by a group of engineers at the American company Bell Telephone Laboratories. The essence of the game was reduced to the confrontation of two programs that had the functions of reproduction, exploration of space and destruction. The winner was the one whose program removed all copies of the opponent's program and captured the battlefield.

    But after a few years it became clear that the theory of self-reproducing structures can be used not only for the entertainment of engineers.

    A Brief History of Computer Viruses

    Today, computer viruses are classified into three types:

    traditional viru c - when it enters the computer, it reproduces itself and starts causing problems, such as destroying files. The I Love You virus caused the greatest damage in 2000 - $ 8 billion.

    « Worms» - get into computers through the network and cause the e-mail distribution program to send letters with a virus to all addresses stored in memory. The Blaster worm in 2003 managed to infect more than a million computers.

    « Trojan horse"- the program does not harm the computer, but once it enters the system, it provides hackers with access to all information on the computer, as well as to control the computer. In 2002, using the QAZ Trojan, hackers managed to gain access to Microsoft code.

    1949 The scientist John von Naumann developed a mathematical theory for creating self-replicating programs, which was the first theory for creating computer viruses.

    1950 A group of American engineers creates a game: programs must take away each other's computer space. These programs were the forerunners of viruses.

    1969 The first computer network ARPANET was created, to which computers from leading research centers and laboratories in the United States were connected.

    Late 1960s. The first viruses appear. The victim of the first virus created for extraction was a Univax 1108 computer.

    1974 A commercial analogue of ARPANET was created - the Telenet network.

    1975 The Creeper, the first network virus in history, spread through the new network. To neutralize it, the first anti-virus program, The Reeper, was written.

    1979 Xerox engineers created the first computer worm.

    1981 Apple computers are affected by the Elk Cloner virus, which spreads through "pirated" computer games.

    1983 The term "computer virus" is used for the first time.

    1986 The Brain is created - the first virus for the IBM PC.

    1988 Created a "worm" that massively infected ARPANET.

    1991 The VCS v 1.0 program was written, which was intended only for creating viruses.

    1999 First world epidemic. virus Melissa tens of thousands of computers were infected. This provoked a jump in demand for antiviruses.

    May 2000 Virus I Love You!, hit millions of computers in a few hours.

    2002 Programmer David Smith was sentenced to prison.

    2003 A new speed record was set by the Slammer worm, which infected 75,000 computers in 10 minutes.

    The first computer viruses were completely different from modern pests - they were ordinary harmless programs, however, very self-willed. They worked in the system, doing only things known to them and completely disobeyed the administrators of computer systems. However, for the time being, the harmlessness of these "viruses" allowed them not to attract much attention to themselves.

    Everything changed on April 19, 1972, when the work of computers that were part of the Airpanet network was stopped in the United States. This stopped many computerized processes and disrupted traffic lights, causing a huge number of car accidents, resulting in millions of dollars in losses.

    All this was conceived as an ordinary joke - a malicious program was written by one of the students of an American university, whose name is unknown. He was only trying to impress his colleagues by creating a program that would replicate and traverse computer networks. The prank was clearly "successful", but the creator of this virus could hardly have imagined the scale of destruction that his brainchild would cause.

    Fred Cohen is the official creator of the first virus

    Officially, the creator of the first virus is a student from California, Fred Cohen, who wrote it in 1983 as part of the defense of his dissertation on computer security. He provided this program for review to his teacher, Leonard Edlman, who, according to some sources, was the first to use the term "".

    Despite the fact that the Cohen virus did not bring any harm, the specialists had no doubts about the consequences of the massive creation of such programs. Fred Cohen also understood this, proposing in 1984 to create the first anti-virus program, and a few years later, in 1987, he proved that it was impossible to create an algorithm that would protect against absolutely.

    It was at this time that the computer world was struck by the first virus epidemic. In three years, more than a hundred thousand machines were infected, computer networks around the world went down for several days or more, jeopardizing the reliability of computers and undermining people's faith in the safety of their use.

    True, the creators of antiviruses also did not doze off, gradually gaining power and repelling hacker attacks more and more successfully. This battle continues to this day, and Fred Cohen remains one of the best specialists in the field of computer viruses today.

    Good afternoon friends. We again return to the topic of computer viruses. As you know, a virus is a pest program that can harm a computer quite a lot.

    It can be said that this is the nightmare of a modern man. At the same time, this nightmare has been present in our world for about seventy years. During this time, quite a lot of viruses appeared.

    It can be said that a number of books can be written about computer pests. But, let's get back to our topic, how, and, most importantly, when did the first one first appear?

    When did a computer virus appear? Computer pests on the Internet first began to appear with the advent of the Internet itself. The background for the first virus was laid by the programmer John von Neumann in 1949. This scientist created a theory about programs that can reproduce themselves.

    In 1969, the American company AT & T Bell Laboratories creates a multi-level operating system - UNIX. At the same time, another company Research Projects Agency creates an operating system - ARPANET. Since these operating systems are multitasking, it became possible to use them to create more complex programs, and, consequently, viruses.

    First computer virus

    In 1979, programmers from the Xerox Palo Alto Research Center created a program that was, in fact, the first computer worm. According to modern concepts, the program is quite simple and elementary. Its essence was to search for computers on the Internet.

    A little later, in 1983, a scientist at the University of California created the concept itself - a computer virus. This concept describes a program, the essence of which is to influence other programs and introduce changes into their code, thanks to which you can effortlessly reproduce yourself.

    Creator of the first computer virus

    In 1986, the first malware came out of Pakistan. It was called The Brain. This "Brain" made the first destruction in the network in 1988. It hit mainly computers on the ARPANET.

    A certain Robert Morris came up with a pest that infected about 6,000 PCs worldwide. Robert at that time was only 23 years old. After that, a gigantic scandal took place all over the world. Three years after this incident, Symantec developed the first antivirus, Norton Anti-Virus software.

    In 1998, approximately five hundred US governments and military departments were infected. Iraq was blamed for this hack. However, it was revealed that a couple of California teenagers were involved in this infection of the systems.

    In 1999, the Melissa pest appeared. This virus was able to infect several thousand computers very quickly, causing damage of approximately $80,000,000. At the same time, antiviruses broke sales records. In the same year, a certain Melissa Robot infected office documents, mainly Word programs. The infection occurred through a mailing list - Outlook.

    Note! Text files have been infected! This is me to the fact that many users believe that text files cannot contain a virus!

    I think you have heard about the virus: - "I love you." At one time, he managed to become famous. This pest appeared in 2000. If I may say so, this is a successful virus. In just one day, it infected several million computers.

    This malware sent various passwords, ciphers, confidential data about the owner of the computer to its creator. Anna Kournikova in 2001 stated that the pest was created using tools. It is noteworthy that even an inexperienced programmer can create a similar virus using this toolkit.

    Viruses even threaten the White House government website. For example, the Code Red virus in 2001 infected several tens of thousands of PCs. The damage amounted to more than $200,000,000. Infected computers produced the White House at some point.

    The virus managed to beat off in time. In the same year, 2001, the Nimda virus appeared. It is considered a particularly sophisticated virus. In 2003, the Slammer malware managed to infect several hundred thousand computers within three hours.

    This is a unique virus, it could delay the flight of almost any aircraft in the world. Also, it spread very quickly.

    In 2004, the MyDoom malware claimed to be the fastest spreading email virus. But, it did little damage. I described the history of computer pests up to 2004.

    After that, there were no such large-scale damages, with the exception of isolated cases. Mainly thanks to improvements in anti-virus software and firewalls!

    Video virus "I love you"

    P.S. It is now the end of 2018 and it has been two years since I purchased ESET Antivirus. The official website has various options for this antivirus, for home, business, phone and more.

    Read more: