Be aware! Virus - Worm - Malware

No matter your socioeconomic background or age, everyone has a negative connotation of “computer virus,” one of the few transcendent technical terms everyone understands. There is usually something destructive happening to the technology we rely on, whether it is a laptop, smartphone, or application.

An overview of computer malware from the pre-internet era to today's botnets, ransomware, viruses, and worms

Virus: When you click a link, open an attachment, launch an app, or download a file, a virus cannot replicate.

Worms: can replicate on their own, tunnel deep into systems, and move between devices without human interaction.

Malware: Any malicious software-related threat falls under the umbrella of malware, which encompasses viruses, worms, botnets, ransomware, and more.

The Era Of the 70s

There was a network before the internet existed, at least in the form we know it today: ARPANET.ARPANET was started in 1967 to connect remote computers. The Network Control Program (NCP), which served as the forerunner to the current TCP/IP stack, was created in 1970, a year after the first computers were connected. Data transmission between computers was first made possible via the NCP network transport layer.

Paradoxically, 1971 also marked the debut of "The Creeper," the first Proof of Concept virus in history. The Creeper, despite being acknowledged and cited by numerous sources as the first computer virus ever, actually behaved like a worm. It was created by engineer Bob Thomas at BBN, an American research and development firm later acquired by Raytheon, and is based on an idea first put forth by German mathematician John von Neumann in the 1940s. It released the following message and spread over ARPANET computers:

"I'm the creeper, catch me if you can!"        

The Era Of The 80s

In spite of what everyone who isn't technically savvy claims, "Macs are not susceptible to viruses," the first computer virus ever discovered in the wild, called "Elk Cloner," was made specifically to attack Apple II machines. It was created by a 15-year-old who enjoyed pulling practical jokes on his buddies. When an infected disk was run, the boot sector virus spread.

Elk Cloner: The program with a personalit

It will get on all your disks

It will infiltrate your chips

Yes, it’s Cloner!

It will stick to you like glue

It will modify RAM too

Send in the Cloner!y        

Amjad and Basit Farooq Alvi, two brothers from Pakistan who designed a boot sector virus that loaded a warning to anybody using a pirated edition of their medical software, created the Brain virus. Naturally, since there was no internet, it propagated via interpersonal contact and floppy disk duplication. Unknown to the user, the victim's computer's master boot record (MBR) became infected while making an unauthorized duplicate of the software, and the infection propagated when the disk was inserted into the following system. It expanded till it was a worldwide phenomenon because there was no way to detect that an infected MBR virus was going for the ride.

Welcome to the Dungeon (c) 1986 Amjads (pvt) Ltd VIRUS_SHOE RECORD V9.0 
Dedicated to the dynamic memories of millions of viruses 
who are no longer with us today - 
Thanks GOODNESS!!! BEWARE OF THE er..VIRUS : 
this program is catching program follows after these?messages....$#@%$@!

Welcome to the Dungeon ? 1986 Basit & Amjads (pvt).
BRAIN COMPUTER SERVICES 730 NIZAM

LBOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. 
Beware of this VIRUS.... Contact us for vaccination...!        

The worm introduced a number of firsts. It carried out modern malware activities, such as searching for existing infections and exploiting holes in various programs and services. Morris coded the worm for persistence because he was concerned that system administrators would quarantine it and disregard the infestation. Nevertheless, there was no way to stop the self-replication process, thus it imposed tremendous loads on devices, rendering them unworkable, and triggered a denial-of-service (DoS) across networks as it propagated from machine to machine.

The AIDS Trojan made its debut in 1989, making it the first known ransomware. Interestingly, a United States-based ISP called TheWorld made internet connection publicly available for the first time in 1989. However, ransomware did not take advantage of internet connectivity to infect and target victims until 2005.

Similar to the news about COVID-19 today, the human AIDS virus was a hot subject in 1989. 20,000 infected floppy disks with the AIDS Trojan were mailed (yes, actual mail, not email) to AIDS researchers all around the world. After the CD was run, an AIDS questionnaire was included. However, it started hiding file names from the user and changing file names to encrypted text on the hundredth reboot. A demand for $189 for a yearly lease or $385 for a lifetime license appeared on the screen after that. It was sent to a Panama PO Box. Only cashiers' checks, money orders, or bank drafts were accepted.

The Era Of The 90s

The next well-known virus to have a major impact was Michelangelo. A boot sector malware named Michelangelo targeted DOS partitions. Because it targeted the master boot record and infected associated floppy stores, spreading during copying and loading, it was written in Assembly and, like its forerunners, spread across floppy disks.

It was given the name Michelangelo because the program contained a time bomb that was set to detonate on March 6, the artist's birthday. What made it notorious was the amount of media coverage that followed its discovery, which advised people to either turn off their computers on that day or adjust the date on their devices one day ahead to avoid being affected.

After the introduction of services like America Online (AOL), CompuServe, and Prodigy, internet usage in the United States began to take off. At the same time, frauds and phishing increased in popularity. The progz and warez (slang for programs and software, respectively) movement of the mid-1990s was revolutionary for many people who grew up in AOL chatrooms.

Novel programs that included punterz (to kick individuals offline), phishing progz (to steal user accounts), and tools for generating arbitrary credit cards started to be distributed on illegal warez chatrooms. One of the most well-known applications was called AOHell, a pun on the name of AOL, and it had a random account creator that allowed users to register an account for free for a month using credit cards that were generated at random.

In addition to the expansion of new high-tech businesses (the dotcom bubble), 1999 was a year plagued by anxiety over the "Y2K" virus. Despite not being a virus, many people were alarmed by Y2K because they were concerned that a design defect in the BIOS, which manages the motherboard of the computer, would cause legacy PCs to cease functioning after December 31, 1999.

The Era Of the 20s

The I LOVE YOU worm, which spread at an unprecedented rate over the world, was the first major media story of the new millennium. The I LOVE YOU worm was made by Onel De Guzman, a college student in the Philippines. The I LOVE YOU worm spread in a number of methods. Then, a malicious email attachment called "LOVE-LETTER-FOR-YOU.vbs.txt" was sent to users. The worm would search the victim's Microsoft Outlook address book after being opened by the victim, then send emails pretending to be the victim while attaching copies of itself.

Blaster, also known as MSBlast and lovesan, debuted on August 11, 2003. Home users and staff at major enterprises were horrified when their machines suddenly experienced the feared "Blue Screen of Death" (BSOD) and rebooted.?Blaster attempted to spread globally through a remote procedure call (RPC) vulnerability in the Microsoft Windows XP and 2003 operating systems. An SYN flood attack against windowsupdate.com was the worm's intended target in order to stop computers from accessing updates. Fortunately for Microsoft, the author misdirected Blaster to the incorrect URL. As computers used windowsupdate.microsoft.com to download updates, the windowsupdate.com domain was no longer necessary.

An unsettling message contained in the malware's payload indicated the writers' intentions.

I just want to say LOVE YOU SAN!

billy gates why do you make this possible ? Stop making money

and fix your software!!!        

Code red the hybrid worm searched for vulnerable Microsoft IIS web servers. When it discovered a weak server, it showed the following message:

In essence, Mytob combines the capabilities of a worm, backdoor, and botnet. The same programmer that made the Zotob worm also made this MyDoom variation. Two methods were used by Mytob to infect victim computers. It either arrived via email through malicious attachments or employed remote code execution by taking advantage of flaws in the LSASS (MS04-011) or RCP-DCOM (MS04-012) protocols. It also leveraged the victim's address book to disseminate itself and searched for additional devices via network scans to determine if they might be compromised.

By restricting connectivity from the victim's computer to numerous update sites, Mytob was one of the first viruses to explicitly block or work against anti-virus software. All known vendor URIs were sent to the local host IP 127.0.0.1 in order to do this. As a result, all requests to websites with public interfaces are resolved to the machine itself, effectively leading nowhere.

The first cybercrime operation to subvert Google search results was CoolWebSearch, sometimes known as "CWS," which overlaid Google search results with those from threat actors. To steal clicks from Google was done. Drive-by downloads or adware programs were the most common methods used to deliver CWS. Because it was so widespread and challenging to eradicate, volunteers created tools and ran web forums to assist in the free removal of CWS infestations. CWS Shredder was one of a number of tools that CoolWebSearch victims frequently used to clean up their computers.

A similar assault occurred in 2007, several years later. For further information, please visit the website. It was uncovered after an Ohio woman paid several thousand dollars for a car that never showed up. Investigators eventually discovered that this car had never been put up for sale and that the BayRob virus had infected her computer with bogus listings. The FBI and Symantec patiently waited years for the cyber criminals to make a mistake, which resulted in their arrests in 2016. This was a superb illustration of a cat and mouse.

The first instance of nation-state malware targeting Industrial Control Services (ICS) devices—more specifically, supervisory control and data acquisition devices—was discovered in the 2010s (SCADA). The industrial centrifuges (particularly nuclear ones) that Stuxnet targeted, causing them to spin out of control and break down, were the first vital infrastructure to be specifically targeted by nation-state malware.

Stuxnet targeted Iranian organizations directly, but it quickly spread to other SCADA systems around the globe. A study of the Stuxnet malware revealed that it wasn't unique to Iran and that it could be modified to target any enterprise using ICS devices that were similar. Stuxnet was created by the United States and Israel, according to a 2012 NY Times report.

A very modular Remote Access Trojan is called Regin (RAT). Because of this, it was able to adapt to a certain environment with great flexibility. Regin's popularity was also attributed to how harmless it operated. Exfiltrated files were frequently retained in an encrypted container. However, everything was kept in a single file rather than spread across several files, avoiding the suspicion of system administrators or antivirus software.

Der Spiegel claims that Regin was developed by the US National Security Agency with the intention of spying on the EU and its citizens. This information was made public as a result of Edward Snowden's historic classified information breach.

At the time of its discovery, Flame was regarded as the most sophisticated virus ever discovered. It could record audio and screenshots, eavesdrop on Skype chats, and record them. It could even turn Bluetooth workstations into listening beacons that could exfiltrate and move information to other beacons, finally transmitting files to a predefined C2 server. It had everything. Flame primarily targeted organizations in the Middle East.

The term "ransomware" originally appeared in the age of the Internet, not with Reveton. The credit for that honor goes to GPCODe (2005) and others. Reveton was the prototype for current ransomware, though, and it contributed to the design of the omnipresent lock screen that displays information about what occurred, how to contact the perpetrator, how to pay the ransom, how to decrypt files, etc.

Reveton also received a lot of media attention since it appeared to be controlled by a skilled group of cyber criminals. It not only looked professional, but it also made use of templates, which was a first. Lock screens would be displayed to the user depending on geolocation and present the victim with a lock screen of a local law enforcement organization along with information on how to make payment. Researchers frequently highlighted releases based on Reveton's fall/winter/spring/summer templates because the company used so many of them.

The first ransomware to request payment using Bitcoin was CryptoLocker. Two BTC, which in 2013 (depending on the moment) was roughly between $13 and $1,100, served as the decryption fee, giving the threat actors a meager profit.

2013 was the beginning of the era of evil state-sponsored assaults in addition to ransomware. On March 20, 2013, the South Korean financial system and the Korean broadcaster SBS were the targets of DarkSeoul, as one attack was known. The master boot record (MBR) of a device was targeted by the malware employed in this assault, called Jokra, and it was overwritten. Due to the disruption of their networks, many consumers of internet service providers, telephones, and ATMs also suffered.

Lazarus (North Korea), which also targeted Sony Corporation in 2014 by publishing private information in response to "The Interview," a movie that made fun of North Korean leader Kim Jong Un, was blamed for this attack. Moreover, assaults against the Bank of Bangladesh in 2016 were linked to the Lazarus team. Due to several red flags in the financial transaction chain, they attempted to steal $951 million but were only successful in stealing $81 million.

Between 1971 through the beginning of 2000, the malware was mainly limited to pranks and attempts by virus creators to test anything they had made. After more than 23 years, it is clear that the threat landscape has changed from malicious activity to lucrative cybercrime and nation-state attacks. Similar to how dangers have changed over the past 23 years, the term "virus" has evolved from its original meaning to become the all-encompassing "malware" we use today. The evolution and alterations of these attacks have corresponded with the emergence of the hyper-connected society in which we currently live, and this is not a coincidence.

Lastly, I would like to say that Be Aware, Be Safe while suffering on the internet. Don`t share sensitive information with anyone because everyone is being watched over the internet world.

Like, comment & subscribe.