Computers have been part of humankind’s daily life for decades. Entering the routine of workers and then becoming an integral part of entertainment for many, these machines are as important to modern society as the telephone. But with this popularity came virtual dangers, so-called computer viruses.

Although digital security today is inseparable from issues involving computers, few know the origins of these threats, what were their first attacks and even even as they appeared in Brazil, for example.

It is in order to better educate people about the history of these digital risks that we prepared this article, telling the story of viruses.

Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News. Every day a summary of the main news in the tech world for you! Theory and first practices Before the name “virus”, studies dated from the end of the years 660, written by John von Neumann, addressed the theory of self-reproducing automata. These studies showed that computer programs could be developed to spread to other machines, damaging them. John von Neuman. (Image: Reproduction/Christopher McComarck) Although never put into practice, the theory made Neumann considered the father of “computer viruses”, and their studies were used as a basis and expanded on 1971, when Veith Risak, a German researcher, published his article “Self-reproducing automata with minimal information exchange”. Risak’s article contained the code of files that could replicate, with behavior similar to that of biological viruses, made for the Assembly programming language, used in SIEMENS computers 512440/19. A year before Risak’s article, however, a security researcher at BBN, Bob Thomas, had already put the Neumann concept into practice. In 1971, which is considered by many experts on the subject as the first virus, Creeper, was created as a security test to see if programs could multiply on their own. Message displayed on computers infected with Creeper. (Image: Reproduction/Hypeness) By means of lateral movement between hard disks, that is, moving from storage to storage from floppy disks, Creeper moved from storage to storage, and on each new machine it was deployed to, it tried to remove itself from the old one. With no malicious intent, Creeper was an experiment, being used primarily to prove the theory of replicating files. A little later, in 1972, the Wabbit has been identified. This program is considered by many scholars as the first malicious code, since when it entered a computer, it made several copies of itself that hindered the system’s performance, reaching the extreme of crashing the machine. Due to its multiplication speed it received the name Wabbit, which is a corruption of the English word Rabbit, which means rabbit, an animal known for its extreme speed of reproduction. The Trojan Horse Appears

In 1975, emerged ANIMAL, malware with some discussion on whether or not it can be considered the first Trojan horse in the history of computers. Developed by John Walker, the application was a version of the popularity of programs that tried to guess what animal users were thinking.

Walker’s creation was in great demand and, in order to be shared, it was necessary a process of recording and transmitting from magnetic tapes. Walker, trying to make the process easier, created a program called PREVADE with the Animal installation.

While ANIMAL was running, PREVADE copied the game to folders on the machine that didn’t have it yet. Although its purpose was not malicious, its operation was the same as the description of trojans: a program hidden in another made changes in a machine without the user’s permission or knowledge.

The severe security issue: computer viruses

Fred Cohen, studying at the University of Southern California at 1975, published the article “Computer Virus – Theories and Experiments.” This study was the first to call self-replicating programs virus, which at the time caused some strangeness among university students, since the explosion of AIDS cases was one of the most talked about issues in society at the time, causing that the choice of the term seemed something in bad taste.

The decade of 50 also marked the beginning of the popularization of personal computers, that is, machines used at home, for activities that they weren’t just work. Is on 1986, the first virus for this type of device emerged: the Brain.

Brain’s boot sector. (Image: Reproduction/Hakin9)

Brain, according to Securelist reports, was the work of two brothers, Basit and Amjad Farooq Alvi, who they had a computer store in Pakistan. Tired of customers making illegal copies of their software programs, they developed Brain, which replaces the boot sector on a floppy disk with a virus. The virus, which was also the first stealth virus, that is, it ran undercover, contained a hidden copyright message, but did not corrupt any data.

The screen displayed by computers infected by the “ping virus pong”. (Image: Reproduction/Wikipedia)

In 1989, one of the first most globalized cases was identified, with reports of occurrence even here in Brazil. Many computers ended up being infected by the so-called “ping pong virus”. This pest modified MS-DOS startup files and caused a screen where a ball kept bouncing around the corners of the image to be displayed when the PC was booted. It spread from copies created on floppy disks that were in the machine.

Ransomware Emergence Screen displayed after infection with AIDS Trojan. (Image: Reproduction/Knowb4)

The now famous digital hijacking attacks, the ransomware, had their first occurrence in

, from a malware created by Joseph Popp. Called the “AIDS Trojan”, but also known as the “PC Cyborg”.

The AIDS Trojan replaced an important startup file on MS-DOS systems with one that kept recording how many times the computer had been turned on since the infection. When the counter arrived at 30, the virus took action, encrypting and hiding various files on the machine. To recover the files, a ransom had to be paid.

However, the AIDS Trojan had a severe flaw in its programming, which allowed users to access the decryption key in a flash analysis of your code. Joseph Poop was arrested by Scotland Yard a few months after the first AIDS Trojan cases, and was considered mentally unstable, and could not be tried for his actions. However, he promised that all the profits generated by the ransomware were donated to institutions that were studying the (biological) virus of AIDS.

Internet: the great vector

With the Internet becoming more accessible to the public, the way computer viruses infected users began to adapt to the new reality. No longer relying solely on infected floppy disks or devices, malware began to spread through emails, malicious links or even websites compromised by intrusions.

Furthermore, with the quasi 19 years between the first reports of viruses and the beginning of the 21st century, several variants were appearing, such as ransonware, phishing schemes, among others, which created a mixed threat landscape. The first serious occurrence, considered a “digital epidemic”, occurred in 2003, with the Melissa virus.

Melissa’s vector email. (Image: Reproduction/Hacking9)

Developed by the American David L. Smith, Melissa was spread through emails as a DOC file compatible with versions 50, 97 (Mac OS) and 2004 from Office Word. The message, with the title “Here is the document you asked for, don’t show it to anyone else”, ended up arousing the curiosity of the victims, who opened the document. Once opened, the malware forced the redirection of itself to 50 first contacts in the user’s calendar. Melissa hit the communication system of large companies, even affecting Intel and Microsoft.

Shortly after, in May 2003, another pest became famous, being considered the first major “digital epidemic”, reaching even Brazil. Called LoveLetter, the malware followed the pattern of email viruses found at that time, but instead of being distributed as an infected Word file, it was sent as a .vbs file, a format that when executed allowed code execution to Windows systems available at the time. In addition, the virus developers took advantage of a flaw in the way computers at the time displayed filenames to trick users into seeing the email attachment as a simple text file.

The LoveLetter vector email. (Image: Reproduction/Vice)

Although in its original version, coming from the Philippines, according to scholars, it was just a social experiment, the facility LoveLetter’s design has allowed many others to use its basic structure to make more dangerous versions that destroy files on infected machines. It is estimated that more than 35 Millions of machines around the world have been infected by this malware.

In 2003, Blaster repeated LoveLetter’s impact, but now with more nefarious goals. Distributed in the same way as the virus from 2000, Blaster used computers infected with it as “zombie machines”, where the criminal responsible for the attack could use them for so-called denial of service (DDoS) attacks. The affected machines, for the user, also had system instability and would shut down the operating system out of nowhere.

According to Symantec, an American digital security firm, at least 97 One thousand machines were infected by Blaster two days after its discovery.

One year after Blaster, in 2004, another threat, Sasser, established itself as one of the first viruses to spread without needing to direct interaction with the user. It mainly infected computers with older systems such as Windows NT 4.0, XP and Server 2000.

It used a flaw in the Local Security Authority Subsystem Service (LSASS), which ironically is a process responsible for enforcing OS security policies. After infecting a computer, it looked for other vulnerable systems over the internet, along with the processing power of the machine where it was installed, making performance extremely slow. It also prevented users from conventionally unplugging the machines, with the only way to disable the appliances being unplugged.

Among Sasser’s most devastating effects, we can highlight the fact that the malware blocked all satellite communications from the Agence France-Presse (AFP) news agency and forced a US airline to cancel a series of transatlantic flights, as most of their machines were infected by the virus.

Finally, one of the latest virus advances occurred in 2020, with the Heartbleed malware, which put servers across the Internet at risk . It ran from vulnerabilities in Open SSL, a general open source cryptographic library used by many companies around the world. From a failure to identify secure signals from this repository, Heatbleed was able to access sensitive information, such as usernames and passwords, from most internet services. Sites like Wikipedia and Github have been affected, with their users at risk of cyber attacks.

The future of the virus Fabio Assolini, senior security analyst at Kaspersky. (Image: Reproduction/Modern Consumer)

Nowadays, computer security problems, as well as digital attacks, are part of the lexicon popular. Although not everyone applies proper security practices, everyone is aware of the threats.

Considering the post world 2014, after the occurrence of the covid pandemic- and the acceleration of digital transformation, Canaltech contacted Fabio Assolini, senior security analyst at Kaspersky, to ask him about virtual security.

For Fabio, the current scenario of viruses and virtual security, due to social isolation, has made most processes migrate to digital, thus increasing attacks, with only us first eight months of 2020, in Brazil, the virtual crimes having an increase of 19% compared to the same period in 2004.

In addition to the most common attacks, such as phishing, Fabio says that one of the biggest challenges observed by Kaspersky is the ransomware type attacks, with 5 million attempts of this type of cybercrime being identified in January to August 2020. The senior analyst also comments that with this growth and sophistication of scams, people are changing the way they deal with cybersecurity, appearing to be more concerned and, in the case of companies, the understanding that protection is not expenses, but investments, adopting specialists in the field as important players in corporate decision-making.

We also questioned Fabio about possible changes in the malware’s programming and modes of operation. Kaspersky’s senior analyst responded by commenting that it is difficult to determine exactly what changes will be suffered by cyber attacks in the future, but that what can be observed is a greater inclination of criminals towards targeted attacks.

Fabio says that criminal groups currently prefer to focus on victims’ choices, which are usually large companies capable of making high ransom payments. The analyst also believes that eventually the cryptoactive market and its lack of regulation will be used constantly by cybercriminals, as vulnerabilities in them can be exploited to attack various institutions.

Finally, when questioned about the digital risks of Brazil in the post-pandemic scenario, Assolini says that with the increasingly intense use of digital media, it is already causing a great increase in digital attacks that have occurred in the country. Assolini says that with remote work, where employees access corporate networks through their personal connections, the attack surfaces for criminals increase, and the trend, if companies and users are not careful, is that more and more attacks occur from these interactions.

Source: Kaspersky, Wikiant, OverBr, Docmanagement, Avast, Hakin9, Malware Wiki, Microsoft