The evolution of computer malware: How did we get to where we are

Security professionals having been battling with computer viruses for decades. To date, not only have industries accumulated billions of dollars in losses, malware attacks have proven to be life threatening. How did we get to where we are right now? Well, to get a much clearer picture, we need to travel back in time. 

For the purpose of this post, we’ll cover this in three segments:

Web 1.0: Hello World!

The oldest programmable machine was a Turing machine invented by Alan Turing in 1936. In simplicity, it was a machine that captured input from humans, performed mathematical operations and produced its results. Through many iterations of development and innovation, in 1979, the Advanced Research Project Agency (ARPA) had a breakthrough in building a working computer network called Arpanet. The internet was born. Web 1.0 came to life.

The main characteristics of Web 1.0 were static web pages, content delivery networks (CDN) and the only human-computer interaction (HCI) was the consumption of information – nothing more. In the early 1970’s, Bob Thomas developed what is known now as the first computer virus, Creeper. His intention was to experiment and provide a proof-of-concept that computer programs can indeed behave like a human virus and can self-replicate. 

Other Web 1.0 viruses that followed include Elk Cloner, MacMag, Brain, Michaelangelo and a lot more others. Web 1.0 viruses had the following in common: they exploited a programming mistake, self-replicated to other machines on the network and quite naively revealed themselves to the user. The economic impact of these viruses was very minute – it was in the thousands of dollars.

Web 2.0: The World Wide Web

Web 2.0 gave birth to what is called Participative Social Web. This era transitioned users from being content consumers to Collaborators. The DotCom(e-commerce) industry exploded and many web browser technologies were developed to bring about dynamic, responsive and interactive web pages. In the midst of these web developments, as people were becoming more open and connected, the nature of computer viruses took a steep turn. 

According to Online etymology Dictionary, the first time the term malware was used was in 1997. It described a software intended to damage, disable and gain unauthorized access to other computers and systems. This was a game changer! It fuelled most unethical programmers and resulted in an array of malware programs.

Web 2.0 viruses include:

  •  ILOVEYOU worm which infected millions of Windows devices within hours of release,
  • Denial of Service attack that crashed Yahoo
  • Nimda (admin spelled backwards) which spread via mail and brought internet traffic to a crawl
  • And the notorious Conficker worm that infected about 10M Windows devices by combining malware techniques such as dictionary attacks, botnets and many others.

Computer viruses and malware such as drive-by download, adware, phishing, social engineering and backdoor attacks were inevitable. The ecommerce industry alone lost billions of dollars.

Web 3.0: The Semantic Web

Modern day applications are characterized by being mobile-friendly, cloud-backed and data-driven. Simply put: as the user demographics and demands evolve, so are the systems that meet those demands. Integration is fundamental for knowledge sharing and flexibility is key. With flexibility comes complexity – the breeding ground for modern day cyber attacks.

Because systems have become so complex, attackers are forced to innovate ways to break into systems unnoticed. Modern systems, which mostly are cloud-based, are bombarded with streams of cyber attacks daily. These include automated attacks, ransomware, phishing and its variants. We’ve also seen new entrants that are stealthy, coordinated and have proven to be life threatening. These are called Advanced Persistent Threats (APT). They are funded by nation states, incredibly difficult to defend against and their payloads are sophisticated to a point that it can take months to even comprehend what they do. These attacks cost industries billions of dollars per year.

So to answer the question, how did we get to where we are right now?

Simple. Humans! Humans make mistakes. As we continue to implement systems, they are bound to have bugs in them. It’s those bugs that malicious actors look for and exploit. However, hope is not lost – not by a long shot. Innovative security solutions such as Multi-Factor Authentication, NextGen Firewalls and Anti-malware powered by Artificial Intelligence continue to make their way into the market. As an end-user, you need to find the right security technology that works for your organization, maintain it, abide by best practices at all times and stay informed. 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.