This month marks a particularly inauspicious anniversary for the business world – it is 20 years since the discovery of the first PC computer virus.
Known as Brain, it was created in 1986 by two Pakistani brothers and infected computers via floppy disk. The virus itself was relatively innocuous – it merely changed the disk volume label to “@ brain”. It was also very slow to spread, as it could only be passed from computer to computer by sharing disks. It was not until a year after its launch, for example, that the virus had made its first appearance in the US.
But while Brain was in itself harmless, it set off a chain of development leading to today, when there are estimated to be more than 120,000 viruses threatening computers, many capable of doing serious harm, such as crashing corporate networks, hijacking computers or stealing personal data such as credit card details.
One of the big differences from 20 years ago is speed. With more than a billion people now estimated to be connected to the internet – many of them via a high-speed broadband link – viruses are spreading much more quickly.
Experts estimate, for example, that the MyDoom worm, which spread itself via e-mail messages in 2004, infected a quarter of a million computers in a day.
Graham Cluley, senior technology consultant at IT security company Sophos recalls the early days of viruses fondly. “We used to send a virus update to our clients every three months and considered that adequate protection. Now we are suggesting to companies that they update their anti-virus software every five minutes.”
As for the huge proliferation of viruses. Sal Viveros, security specialist at McAfee, says his team discover new viruses every day. Home and office computers are literally under siege from these programs. Mr Cluley estimates that if a computer is connected to the internet for just 15 minutes without anti-virus protection there is a 50 per cent chance it will be infected by a virus – even if the computer is not used to open any e-mails or visit any website.
Anti-virus software programs have become reasonably effective at keeping out the intruders, but the effort of holding off the onslaught is a huge drain on time and computer processing power – and comes at a high cost.
Gartner, the research group, estimates that about $3.4bn was spent on anti-virus and anti-malware software globally in 2005 and it believes that spending will grow to $5.9bn by 2009.
The biggest change, however, has been in the character of viruses, which have become progressively more malicious.
Early viruses were little more than “cyber-graffiti” – generally written by the lone teenager in the bedroom showing off to friends. Some were even amusing – the Green Caterpillar, for example, featured a green caterpillar eating the text on the screen and excreting it from the other end.
However, from the early 1990s things became more disruptive. Virus writers, keen to make headlines, released viruses that caused serious damage to computers.
The Michaelangelo virus released in 1992, for example, was set to wipe all the information from the hard disks of computers it infected on March 6, Michaelangelo’s birthday. The discovery of the threat caused mass hysteria, although in the end only a small number of computers – about 10,000 – were affected.
In 1999, the infamous Melissa virus caused an estimated $80m in damage to businesses by generating such an enormous volume of e-mail traffic that many companies were forced to switch off their networks. Melissa’s creator, David L. Smith, was later sentenced to 20 months in prison by the US courts.
The years from 1999 to 2003 were the heyday of headline-making outbreaks, when worldwide viruses, such as Love Letter in 2000 and Anna Kournikova in 2001, and worms, such as Blaster and SoBig in 2003, affected millions of businesses across the world.
In the past few years, there have been fewer headlines, but viruses have by no means disappeared. They have become quieter and stealthier but a lot more destructive, as now they are chiefly being written by organised criminal gangs.
“Certainly the most significant change has been the evolution of virus writing hobbyists into criminally operated gangs bent on financial gain,” says Mikko Hypponen, chief research officer at F-Secure. “And this trend is showing no signs of stopping.”
“Now that the goal is for profit, we are seeing fewer big outbreaks of viruses. The virus writers don’t want to make headlines, they want to target a smaller number of people for specific information. It’s more of a slow burn,” says Mr Viveros.
There are many ways in which criminals can put viruses to use. At their simplest, viruses can be used to hijack computers allowing gangs to control large numbers of machines remotely. The computers can then be set to send out junk e-mail or spam messages, or mount attacks on corporate networks.
Criminal gangs can threaten to bring internet-reliant businesses such as online banks or e-commerce sites to a standstill by deluging their networks with information requests from these hijacked computers. A number of businesses have been blackmailed by gangs threatening this kind of attack.
Viruses can also be used to introduce other types of harmful program, such as Trojans or spyware, on to computers. Spyware will monitor the websites a computer user visits or the information that is typed in the computer – such as online banking passwords.
Trojan horses, similarly, can direct computer users to fictitious websites – a fake version of an online banking site, for example – where account numbers and passwords can be harvested.
The growth of this type of crime has been phenomenal. Last November a US Treasury adviser said that the proceeds from cybercrime – including virus-related activity but also including other activities such as child pornography and copyright offences – had exceeded proceeds from the illegal drugs trade.
New technology, as well as the criminal involvement, is increasing the danger from viruses. Viruses sent over wireless internet connections will be a key problem within a couple of years, Mr Viveros predicts.
Virus writers have shown little interest in mobile phones and PDA devices but, as the machines become more complex and more people begin using them, this could easily change.
Mr Viveros says wireless devices are becoming vulnerable to attack. For example, many handsets are now using standardised operating systems such as Symbian, which, much like Microsoft’s Windows operating system, make for more effective targets for virus writers.
In addition, the sheer number of connections envisioned for the “digital home” – where everything from the television set-top box to the toaster is linked to the internet – will make the job of monitoring against viruses ever more onerous.
“The more connected you are, the more susceptible you are to threats,” says Mr Viveros.
But though technology is making viruses increasingly complicated, at heart, the virus world is kept alive by very human traits – a desire to communicate and share information, as well as the overwhelming urge to look at pictures of comely young women.
As Mr Cluley puts it: “Viruses are primarily a human problem. That is why we haven’t been able to get rid of them. You can patch a firewall as much as you like but you can’t patch people’s brains.
“Most blokes, if you send them an e-mail saying, ‘Here is a picture of Anna Kournikova’, will open it.”
YOUR DEFENCES AGAINST DIGITAL MENACES
■ The minimum protection a network needs is an anti-virus program, an anti-spyware program and a firewall.
■ PC users should download the latest security patches from Microsoft, whose Windows operating system is most often attacked.
■ Companies can also invest in an intrusion protection system that monitors all traffic going into and out of a network, stopping anything suspicious.
■ For networks where users have remote connections, a network management system can check that all the devices connecting to the system comply with security protocols.
■ Companies should draw up guidelines on internet use, such as prohibiting downloading of online games or any unsolicited e-mail attachments.
■ Companies should also consider prohibiting the use of unauthorised electronic devices.
BEWARE ZOMBIES, WORMS AND TROJAN ATTACKS
Virus: a program that can spread across computers or networks by replicating itself, typically without the user’s knowledge.
Worm: similar to viruses but they do not need to be attached to a carrier program or document. They make exact copies of themselves and use communications between computers – such as e-mail or instant messaging – to spread.
Trojan: programs that pretend to carry legitimate software but actually carry out hidden harmful functions. Trojans are not viruses but, on infecting a computer, work hand in hand with them.
Spyware: software that allows advertisers or criminals to gather information about what a computer user does on his machine – such as the websites visited or account numbers and passwords typed into the computer.
Zombie: a computer that has been taken over and is being controlled remotely by a third party. Zombies are often used to send spam e-mail messages or attack computer networks by flooding them with traffic.