Malware
In 1986, the Farooq Alvi brothers in Pakistan created a boot sector virus named (c)Brain. This program became the first IBM PC virus to appear in the wild. It spread by infecting the boot sectors of floppy disks used with personal computers before Internet access was widespread. The virus inserted itself into machine code instructions within programs or boot sectors. When a user booted from an infected disk, the malicious code executed automatically. Anyone who then attached that same USB stick to another computer set to autorun would become infected as well. Early viruses targeted Apple II and Mac systems but gained dominance through the IBM PC and MS-DOS platforms. Malware distributors tricked users into running software from these infected devices. A single floppy disk could carry enough infection to compromise entire networks of machines.
Before broadband internet existed, malware relied on physical media like floppy disks for propagation. Old email software opened HTML emails containing potentially malicious JavaScript code without asking permission. Users often executed disguised attachments thinking they were safe documents. The 2018 Data Breach Investigations Report by Verizon stated that emails accounted for 96% of malware delivery worldwide. Macro viruses emerged when Microsoft Windows applications allowed infectious code written in macro languages. These infections targeted Word documents rather than executable files directly. They exploited the fact that macros functioned as executable code inside word processing templates. Modern supply chain attacks now exploit quality control failures during manufacturing. Devices such as lights, fans, speakers, toys, or digital microscopes can spread malware if plugged into a port. Inadequate checks allow malicious firmware to enter systems before reaching end users.
Since 2003, most widespread viruses and worms have been designed to take control of computers for illicit purposes. Infected zombie computers send spam email or host contraband data like child pornography. Distributed denial-of-service attacks serve as forms of extortion against businesses. Cybercrime including malware attacks was predicted to cost the world economy US$6 trillion in 2021. This figure represents an increase at a rate of 15% per year. Click fraud generates money by making it appear that users clicked advertising links on websites. Estimates from 2012 suggested about 60 to 70% of all active malware used some form of click fraud. Ransomware prevents access to files until a payment is made. Programs like CryptoLocker encrypt files securely and only decrypt them upon receiving substantial sums of money. Lock-screens block screens with false accusations of harvesting illegal content to scare victims into paying fees. Jisut and SLocker impact Android devices more than other lock-screens. Jisut makes up nearly 60 percent of all Android ransomware detections. In 2024, a botnet owner was arrested for engaging in pay-per-install operations for financial gain.
Malware has been deployed as a tool for sabotage often driven by political objectives. A notable example is Stuxnet which interfered with specific industrial control systems. The attack targeted critical infrastructure such as electricity distribution networks since 2021. High-profile incidents included mass deletion of files and damage to master boot records described as computer killing. The attack on Sony Pictures Entertainment occurred in November 2014 involving malware known as Shamoon. A similar strike hit Saudi Aramco in August 2012. Stuxnet introduced itself to target environments via USB drives causing damage without needing data exfiltration. US government agencies diverted computers purchased by targets to secret workshops where software permitting remote access was installed. These operations were considered among the most productive methods to obtain network access worldwide. Politically motivated attacks have targeted entire networks causing widespread disruption to stability.
The first well-known worm was the Morris worm of 1988 infecting SunOS and VAX BSD systems. Unlike viruses, this worm did not insert itself into other programs but exploited security holes in network server programs. It started running as a separate process using behavior still used by today's worms. Trojan horses misrepresent themselves to masquerade as regular benign programs to persuade victims to install them. They carry hidden destructive functions activated when applications start. Modern Trojans often disguise within legitimate-looking applications making them effective at bypassing basic user awareness. In spring 2017 Mac users were hit by Proton Remote Access Trojan trained to extract password data from browser auto-fill or keychains. Rootkits modify host operating systems so malware stays concealed from users. They prevent harmful processes from appearing in system lists or keep files unreadable. Backdoors allow attackers persistent unauthorized remote access to victim machines often without knowledge. Some backdoors are side effects of software bugs exploited by attackers to gain entry.
An estimated 33% of malware is not detected by antivirus software due to advanced evasion techniques. The most commonly employed anti-detection method involves encrypting the malware payload to prevent signature recognition. Tools called crypters come with encrypted blobs of malicious code and decryption stubs that load it into memory. Advanced malware transforms itself into different variations known as polymorphic malware to avoid detection. Other common techniques include timing-based evasion where malware runs during vulnerable periods like boot processes while remaining dormant otherwise. Fileless malware runs within memory instead of using files utilizing existing system tools for malicious acts. This technique reduces forensic artifacts available for analysis. Such attacks saw a 432% increase in 2017 and made up 35% of attacks in 2018. Sandbox escaping targets vulnerabilities in sandbox mechanisms or operating system features to break free from controlled environments. Information hiding techniques like stegomalware embed data within other files to evade automated tools.
Anti-malware programs block and remove some or all types of malware including Microsoft Security Essentials and Windows Defender. Real-time protection scans incoming network data for threats blocking them before installation occurs. Removal functions scan registry entries operating system files and installed programs listing any found threats. Sandboxing confines applications within controlled environments restricting operations to authorized safe actions. Browser sandboxing isolates web browser processes preventing malicious code from exploiting vulnerabilities. Website security scans detect malware note outdated software report known issues reducing compromise risks. Network segregation structures networks as smaller sets limiting traffic flow between legitimate subnetworks hindering replication across wider areas. Computers can be protected by imposing air gaps completely disconnecting them from all other networks. However malware still crosses air gaps via USB drives causing damage to assets without exfiltrating data. Techniques like AirHopper leak data using electromagnetic thermal acoustic emissions from air-gapped computers. Keeping browsers and operating systems updated mitigates vulnerabilities exploited by attackers.
Common questions
Who created the first IBM PC virus named Brain in 1986?
The Farooq Alvi brothers in Pakistan created the boot sector virus named Brain. This program became the first IBM PC virus to appear in the wild.
What percentage of malware delivery worldwide was accounted for by emails according to the 2018 Data Breach Investigations Report?
Emails accounted for 96% of malware delivery worldwide according to the 2018 Data Breach Investigations Report by Verizon. Old email software opened HTML emails containing potentially malicious JavaScript code without asking permission.
How much did cybercrime including malware attacks cost the world economy in 2021?
Cybercrime including malware attacks was predicted to cost the world economy US$6 trillion in 2021. This figure represents an increase at a rate of 15% per year.
When did the attack on Sony Pictures Entertainment occur involving malware known as Shamoon?
The attack on Sony Pictures Entertainment occurred in November 2014 involving malware known as Shamoon. A similar strike hit Saudi Aramco in August 2012.
Which Android ransomware makes up nearly 60 percent of all Android ransomware detections?
Jisut makes up nearly 60 percent of all Android ransomware detections. Jisut and SLocker impact Android devices more than other lock-screens.