Understanding computer viruses.
This article brought to you by Wild Rose Technology Group. Please visit our web site for more great articles and resources for your business. You may also copy and post this article on your web site or blog providing you leave this disclaimer (including all links) functional and intact as is.
To understand the computer virus we must first understand the name and the history of computer viruses.
Computer viruses had been around for close to 40 years now. The first computer virus was discovered in 1970 and was an experiment in artificial self replication. It was a self replicating program that infected the connected network of computers and replicated itself on the infected host machine. Source: Wikipedia - http://en.wikipedia.org/wiki/Computer_virus.The similarity to a virus as a living organism is obvious (attacking the healthy organism and than using the infected host to replicate itself therefore continuing the cycle).
Over the time many programs had been written by different people and for different purposes. First generation of viruses were developed as a mean to spy and slow down the competition working or researching the same area (crashing computer system of the competitor's research department, sabotaging the competitor's software, etc.). Governments used malicious programs in their clandestine operations as well.
However the real surge of viruses as well as complexity of the infection mechanism and difficulty of removal have surfaced in late 90's and beginning of the century. With the increase of the technological advances and decrease in the price of computer equipment both the means to create viruses as well as host systems to infect have became widely available.
Viruses had since than been developed by many different and socially adverse groups from high school kids looking to prove themselves to thieves and organized crime looking to exploit and extract the potentially valuable information from host computer systems.
With merging of the computer system with entertainment and business portal (we now use computers to watch movies, pay bills, keep track of finances) the rewards for criminals have increased. Breached computer system containing the credit card numbers of customers, bank information, social security numbers, etc. were all high value targets to criminals looking to gain an access to the computer system via use of the computer virus programs.
With the above in mind the semantics of the computer virus have changed as well. While the earlier generations of viruses typically carried a destructive payload (were meant to erase or compromise the host computer system to the point where it was not operable or usable to its owner) the new generation of viruses were designed to be stealth residing in the computer memory and working silently in the background collecting the information and sending the such to the criminal individual or group that aimed to exploit the information gathered for unlawful financial gains (theft of information).
Nowadays you will rarely find the virus that will seriously harm the computer but viruses that are designed to harvest the information from the host computer are discovered daily. Some experts argue that those programs should not be called viruses since the terms "spyware" and "adware" were coined to define programs that were spying on the host computer extracting and stealing the valuable information.
The "Adware" was developed to use different strategy. Instead of stealing the information the adware was meant to deliver the information to the infected computer and the owner operating it. Bad guys have discovered that they can profit from delivering advertising for products and services that had problems in reaching the target audiences conventional ways (gambling, porn, knock-off merchandise, fake pharmaceuticals etc.). So instead of stealing the information the adware has reversed the traditional strategy of stealing the information from the infected system to delivering the information to the infected systems. The profit for the criminal elements came from advertising revenues paid to them by advertisers who used their services.
First generation of computer viruses relied on physical media as a mean of propagation from the infected system to a clean host system. Typical media used was floppy drives etc. since it was possible to alter the contents of the floppy drive without the knowledge of the owner and thus use it to transport the virus to uninfected system.
With the introduction of CD ROM it became harder to infect the clean media and use it to carry the virus. Bad guys were typically looking to stealth infect the master CD from which other media was duplicated. But the rate of success was low and thus another method needed to be found.
The answer came with the introduction of p2p sharing programs that allowed users to share and swap files such as music. Bad guys quickly figured that much more successful way of infecting computers was to hide viruses inside files being shared on p2p networks as well as the software that was used to share files (p2p programs).
While it no longer became feasible to destroy content of the infected computer system the majority of computer malicious codes switched over to adware since no matter what happened there were always plenty of advertisers who did not care how their advertisements came in front of the potential buyer's eyes as long as the person has seen the add.
As the resurgence of malicious codes over p2p networks spread so did the countermeasures. Software became available that was more robust in detecting rogue files and software infected with malicious code.
The new opportunity made itself available with the growth of use of e-mails. Bad guys quickly adopted by developing ways to fake the messages and use malicious code in the message or trick the unsuspecting recipient on visiting or downloading the malicious software (pretending it was updates of legitimate running software, pretending the site to visit was the legitimate site while it was not etc.).
Recently the identity and financial information theft became quite popular target for the criminal elements to employ. Furthermore rather than looking for ways to infect the computer systems the criminal elements have also increasingly started to research and discover the security exploits that will allow them to gain the entry to the computer systems by injecting the malicious code to the software (database and SQL inject) or by using flaws in the software code that can be used to breach computer systems (software exploits). Spam and junk mail has also increased dramatically as a mean to quickly deliver the advertisements directly to the recipient's e-mail inbox.
COMPUTER VIRUSES - CONCLUSION
As the technology advances the criminal enterprises advance with the technology to use and exploit the available resources for unlawful gains. Computer viruses, adware, spyware and spam are less and less being propagated by single individuals or small groups looking to prove themselves. Instead the entire underground industry has developed with the core business being viruses, adware spyware, spam, etc. Additionally the criminal enterprises have also fringed into distributorship and direct sale of the illicit merchandise (fake pharmaceuticals, pornography, online gambling etc.). While the security industry is racing to update the software and hardware to protect people from such criminal enterprises the very same criminal element conducts and finances their own research into how to breach or bypass such security measures.
Criminal enterprises nowadays employ and hire some of very best talent and have a great sophistication and resources (money and technology) to use at their disposal and for the purpose of researching ways to continue their operations. While many people would claim that no sane or honest person would agree to work for a criminal enterprise knowing what they are contributing to, the truth is that if the reward is great there always will be people who will look the other way and sell their expertise and know how to criminals. Furthermore, many of such operations are structured as a legitimate forefront companies conducting research and selling legitimate products while in truth being the front end for the criminal enterprises to conduct their illicit research.
Because of the sophistication of the research, complexity and size of criminal operations benefiting from such research, etc. the computer viruses and other malicious code are becoming more complex, harder to detect and capable of morphing and evolving on its own in order to evade security scanning programs (anti-virus software).
The first generation of virus that came out some 40 years ago has became sophisticated and complex far beyond the wildest imagination of the original virus code writers. The purpose has also greatly changed as well as the very delivery method. The rogue malicious code intended to harm and incapacitate the infected host system has became ambiguous combination of code to infect the systems and steal information, deliver the information to the infected system, exploit and search for weaknesses on the computer system in order to breach it, deliver the unsolicited advertising to our e-mail etc.
The single virus code developed in 1970 has evolved into a branched hierarchy of many categories (virus, adware, spyware, spam, security exploit, etc.). The rogue code writer has evolved into complex criminal organizations and the simple drive to prove what one can do has evolved into the attempt to steal, deceive, exploit and trick the end user all for the financial gain. If we could glimpse into the future ten years or twenty years from now what will the computer virus evolve into by then?