The Phases of Malware: The Virus is another year older!

Having done virus research first hand and having been involved in the industry for nearly 20 years, I am never surprised at the doom saying around viruses.  I have also seen (and presented) many different “virus” timelines (like this well-done article from Wired reporter Kim Zetter). Today, I saw another one because it’s November 10th.  Why does that day matter?  It’s the day that viruses finally got a name, and it was our own Len Adleman (the “A” in RSA) who coined it in 1983.

Viruses didn’t start in 1983. They had been around a long time.  My father tells me Shaggy Dog stories of viral or at least malicious applications for “cracking” Pegasus and other old iron systems.  Even the PDP series had malware, though generally not self-replicating.  Then came the proof-of-concepts, and 1982’s Elk Cloner, which was the first “self-replicating” malicious code.  Step 27 years into the future, and there are countless sites dedicated to the various glossaries, approaches, FUD and marketing around malware (“malicious software”).  Here’s a good example at Compsci.ca, similar to most sites out there.

So what’s happening here?  I think, broadly, we can point to a “Dark Timeline” to match the generally bright computer / Internet evolution timeline.  What does it look like? I’ll post it here at some point, but at its most basic level, here are the phases I see:

Phase I: stand-alone, no “best” practices and isolated incidents with unethical programmers, usually at work or in Academia (prior to 1982)

Phase II: first self-replicating viruses, normally mischievous in nature (1982 and on) – hacking gangs and organization emerge (e.g. CCC) and government labs expand for national computing in intelligence.  Disks and direct dial (acoustic coupling) modems

Phase III: Macro-viruses (which were king in the early 90s) and worms “phase I” (light worms, starting in the late 80s)

Phase IV: Worms “phase II” (late 90s) – when the virus hit the big time in the news with Melissa, loveletter, Kournikova (no offense to Anna!), Nimda, CodeRed and their ilk

Phase V: Spyware phase I (early “grey” areas of malicious software like AdWare prompting a dark Internet business, starting in the early 2000s)

Phase VI: Fraud is King – the Dark Cloud (check out the excellent Mr. Rivner in action here with his Finextra story (about 2004 and on)

Note that the populations and practices in earlier phases exist in later phases too, the emphasis just moves as the new type grows.

So as with most anniversaries, it’s time to remember that it is very rare for any events or eras to be binary in nature (see my blog on determinism and probabilism) and we should have a notion of context as we move forward.  I think the breakthrough for some of my peers came when I said “people don’t buy Anti-Virus to stop viruses, they buy it for an insurance policy – in the end it has to be there for a check box, for best practices and to have something, anything, to help when they get infected.”

[Editorial note: In a conversation with Uri recently, he said “Here’s another theory: people buy anti-virus so their computer will not crash. Five years from now they will buy anti-virus so their online bank accounts and social network activities will not be tapped.]

Now, I believe the Dark Cloud is going to further evolve and malware will seek to take the victims and make them “bleed slowly” rather than an orgiastic slaughter and feast on victims.  Imagine if compromised identities only stole pennies a month instead of a lot at once or if malware had benefits like improving PC performance…would people removing it want it back…and would pennies a month be a reasonable fee for a really fast running, efficient computer?  Of course, this takes it to the other extreme.  Unfortunately, some people will get used to it. It will be just a curious fact of life, like knowing that a human body is teeming with trillions of germs, most of them benign.

Post A Comment

Your Name
Your Email	Publish email?: Yes No
Your Blog
Subject
Comment
Verification Word