Computer worms and viruses of the 2000s

Damaging, self-replicating computer codes that can access, modify, or destroy programs and information on a computer

Beginning in the late 1990s, Internet access rapidly expanded, as did the prevalence of computer viruses and worms. In May 2000, the ILOVEYOU worm, a VBScript program embedded in e-mail attachments, infected tens of millions of Windows computers, highlighting the dangers of using the Internet without an efficient antivirus program. Throughout the 2000s, worms and viruses found new and more esoteric ways to attack computers connected to the Internet, but increasingly sophisticated protection software was developed to counter these threats.

In 1966, mathematicianJohn von Neumann published the book Theory of Self-Reproducing Automata, one of the earliest publications to describe the nature of computer viruses and worms. In 1971, American computer programmer Bob Thomas developed a program called the Creeper to demonstrate the ease with which a self-replicating program could be written. The Creeper did no damage, it just displayed the message “I’m the Creeper. Catch me if you can!” But when the program spread to a number of computers connected to the ARPANET, the forerunner of today’s Internet, it demonstrated the potential danger of worms. Shortly after that, Ray Tomlinson, a colleague of Thomas, wrote the first antivirus program, the Reaper, to remove the Creeper from infected systems.

By the late 1990s, most computers were connected to corporate networks or modems, so virus and worm attacks on networked computers became more common. By the 2000s, most virus and worm attacks were launched against computers connected to the Internet, especially through e-mail attachments.

Much of the malware produced during the 2000s contained a virus or worm as part of a complicated blended attack. For example, most Trojan horse attacks, which trick users into downloading malware by presenting a seemingly legitimate file or program, work by loading a virus to a browser helper object, such as a toolbar or web application, which then loads a virus or worm to the temporary Internet files, causing the main damage. These types of attacks can give hackers access to infected computers, who may then steal data, modify files or codes, record keystrokes, cause system crashes, or launch automated spam or denial-of-service (DoS) attacks.

DoS attacks work in a number of different ways to prevent users from accessing a particular program or network, most commonly by overwhelming or “flooding” the targeted network or program with information. In 2007, millions of computers were linked to the Storm botnet through infected e-mail attachments. A botnet is a group of infected computers that can be controlled remotely by the attacker. In January 2007, all the computers connected to the Storm botnet launched a distributed DoS attack on a number of antispam websites at a predetermined signal, causing the sites to slow or crash.

Viruses and Worms Attack in Many Ways

USB portable storage devices (key drives) have become very popular as a way to backup work offline or transfer files from one computer to another, but they are vulnerable to virus and worm attacks. Since most operating systems support booting from a key drive, the technique of embedding a virus or worm in the boot sector of the key drive (which copies itself to the hard drive when inserted into a computer and can then infect the next key drive inserted into the system) works effectively as a Trojan. For example, in 2009, more than nine million computers running on Windows were attacked by the Conficker worm, making this one of the most widespread worm attacks of all time. A major component of the Conficker’s attack spread from infected key drives to corporate servers. Once a computer was infected by the Conficker worm, the attacker could remotely download and install additional malware to the computer. In 2007, the W32/LiarVB-A worm found a different way for a key drive to infect a computer. W32/LiarVB-A placed a file, autorun.inf, on a key drive. When the key drive was inserted on a Windows system, the file automatically ran and infected the computer, which then infected both new key drives and shared network drives.

Files have always been used to spread viruses and worms. Some files, like Microsoft Word, contain an execution engine which runs embedded scripts called macros. Hackers quickly learned how to write malicious scripts, called macro viruses, into such files. For example, in the early 2000s, the Melissa virus used both Word document files and Outlook Express e-mail messages to trigger mass mailings from infected computers, causing congestion for a number of e-mail servers.

Infected HTML pages on web servers are also used to spread viruses and worms. For example, in 2001, the Code Red worm infected thousands of computers (using a vulnerability in Microsoft’s IIS web server) and subsequently mounted DoS attacks on a number of sites, including WhiteHouse.gov. In 2003, the SQL Slammer worm used a buffer overflow vulnerability of Microsoft’s SQLServer database to mount a DoS attack on a large number of routers. Slammer was notable for the speed with which it spread and the damage it incurred. The Slammer worm was responsible for a number of airline-flight cancellations and several ATM failures.

Social-media websites became common targets for worm and virus attacks in the late 2000s. The viral nature of social-media networks makes them an ideal way to rapidly spread a worm or virus. At the end of the decade, the Ramnit worm was responsible for stealing tens of thousands login credentials from Facebook users. Most antivirus software vendors now place a special emphasis on addressing the security issues related to social media, but more work needs to be done.

Smart mobile devices all have a standard operating system, as well as the same e-mail and browser capability, making them susceptible to viruses and worms. During the 2000s, mobile devices and smartphones proved to be relatively safe from these attacks due to their relative newness. Some mobile operating systems are open (like Android and Windows), while others are closed (like Apple’s iOS). Although there are arguments as to the security of each type of system, there have been successful malicious code attacks on both types of operating systems. For example, in 2009, iKee appeared as the first iPhone worm. Since the late 2000s, several smartphone antivirus programs and special software written to protect Facebook users have been developed.

Cyberwarfare

In cyberwarfare, one nation attacks another to destroy, degrade, or compromise its data, communications, or critical infrastructures. During the 2000s, cyberwarfare capability was developed in a number of countries, including the United States.

In May 2007, web servers supporting the electrical grid in Estonia were subjected to a powerful DoS attack, which was launched in protest against the removal of a Soviet-era monument. The attack appears to have been a worm-based attack that originated in Russia, and may have even been initiated by the government. The attack lasted more than a month, severely damaging the ability of Estonia to deliver electricity to its citizens, and it appears that the United States and Israel assisted in stopping the attack. This attack made it clear that all countries needed to develop their cyberwarfare capabilities and cybersecurity efforts. For example, NATO established the Cooperative Cyber Defense Centre of Excellence in Estonia in 2008 to improve its cyberwarfare capability.

Impact

The 2000s saw rapid growth in using the Internet to communicate, transact business, access entertainment, and obtain information. Virus and worm attacks launched through e-mail and web browsing increased throughout the 2000s, but improved antivirus software largely succeeded in combating these attacks. Throughout the decade, virus and worm attacks became increasingly clandestine, as hackers became more interested in using worms and viruses to steal personal or financial information from infected computers than in gaining fame or notoriety. In addition, many new uses of the Internet were developed during the 2000s, including social media, cloud computing applications, and mobile applications, but they all proved to be vulnerable to virus and worn attacks. Cyberwarfare also developed during the 2000s and made considerable use of virus and worm attacks. Improved antivirus software, intrusion-detection systems, and strong authentication techniques provided considerable protection against these attacks, but the cat-and-mouse game of new attacks and better defenses continues.

Bibliography

Aycock, John. Computer Viruses and Malware. New York: Springer, 2006. Print. Compares and contrasts viruses and worms, with several complete examples.

Bisong, Anthony, and Syed Rahman. “An Overview of the Security Concerns in Enterprise Cloud Computing.” International Journal of Network Security & Its Applications 3.1 (2011): 30–45. Print. Contains a good overview of the viruses and worm vulnerabilities in cloud computing.

Leavitt, Neal. “Mobile phones: The next frontier for hackers?” IEEE Computer 38.4 (2005): 20–23. Print. Presents a discussion of viruses on smartphones, including several specific examples.

Pope, Clark, and Khushpreet Kaur. “Is it Human or Computer? Defending e-commerce with Captchas.” IEEE Computer 7.2 (2005): 43–49. Print. Discusses a secure method of authentication in ecommerce.

Szor, Peter. The Art of Computer Virus Research and Defense. Upper Saddle River: Addison, 2005. Print. Contains a complete coverage of the theory of detecting and controlling worms.