The history of Malware and Viruses | Division, Terms and definitions explained

Undefined
Junior Member

05-10-2025, 12:21 AM

What is malware?

Malware, short for "malicious software," is a term that encompasses various forms of harmful or malicious software. This can include computer viruses and other unwanted software that infiltrates a user's computer or network without their consent.

In short, malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy.

Researchers tend to classify malware into one or more sub-types (i.e. computer viruses, worms, remote administration tools(trojan horses), ransomware, spyware, adware, keyloggers and more, however malware can be also categorized by the operating system (OS) that it targets. Each OS has specific vulnerabilities that malware can exploit. Later on we will try to explain you different types of malware.

Nowadays malware poses serious problems to individuals and businesses on the Internet and plays a significant and evolving role in the digital world. It's employed by a range of actors for a variety of purposes, including financial gain, information theft, disruption of services, and even state-sponsored cyber warfare. Here are some ways malware is currently shaping the digital landscape:

- Cybercrime: Malware is a key tool in the arsenal of cybercriminals, who use it to steal sensitive personal information, commit fraud, and extort money. Ransomware attacks, in which data is encrypted and held hostage until a ransom is paid, have become particularly prevalent. These attacks can target individuals, corporations, and even public infrastructure.

- Cyber Espionage and Warfare: Advanced persistent threats (APTs), often state-sponsored, utilize sophisticated malware to infiltrate networks, steal information, and disrupt operations. The Stuxnet worm, which targeted Iran's nuclear program, is one notable example of malware used in cyber warfare.

- Disinformation Campaigns: Malware can also play a role in spreading disinformation. For instance, social media platforms can be infiltrated by botnets (networks of infected computers) to amplify divisive content or propaganda.

- Economic Impact: Malware attacks can lead to significant economic losses due to downtime, loss of data, and the cost of remediation efforts. The WannaCry ransomware attack in 2017, for example, resulted in estimated losses in the billions of dollars.

Short malware history.

Malware and viruses have a long and fascinating history. Let's take a brief look at how they've evolved over time.

Early 1940s - 1990s

The history of malware begins with the concept of self-replicating programs, which would later become foundational in computer virus design, was first discussed in the lectures in 1949 by the renowned mathematician and physicist John von Neumann. The concept was elaborated and resulted in "Theory of self-reproducing automata" paper which was published posthumously in 1966 by one of his students. In this work, von Neumann explored the idea of machines that could build copies of themselves. Although he didn't specifically write about computer viruses or malware as we understand them today, his ideas about self-replication have certainly influenced the field.

The Creeper program dated back to 1971, created by Bob Thomas is often cited as the first computer virus. It was originally intended as a security test for the U.S. Department of Defense’s Advanced Research Projects Agency Network (ARPANET), the precursor of the modern Internet we know, love, and sometimes hate, to see if a self-replicating program was possible. The virus was just an experiment and not designed to do any harm, those types of viruses and malware came later, but did foretell the future of malware with its quick spread through systems. As mentioned creeper had no malicious intent and only displayed a simple message: "I'M THE CREEPER. CATCH ME IF YOU CAN!".

In 1986, two brothers from Pakistan wrote the first PC-specific virus. It spread via floppy disk and marked the start of what we would now call the malware era. The virus was intended to make multiple copies of itself, severely reducing system performance and eventually crashing the machine.

Early 1990s - 2000s

In this decade, the world witnessed a significant increase in the number and variety of malware. The first worm distributed via the internet, the Morris Worm, was released in 1988, infecting around 6,000 computers.

The 90s also saw the emergence of macro viruses, like Concept (1995), which exploited Microsoft Word. Other notable viruses included CIH (1998), also known as Chernobyl Virus, which had a devastating payload capable of overwriting data and rendering PCs unbootable.

The early 2000s were marked by a series of email-based worms, including ILOVEYOU (2000), which caused billions in damage worldwide, and Sobig (2003), which was at one point the most rapidly-spreading email worm. Also notable were network worms like Code Red (2001) and Blaster (2003) that exploited vulnerabilities in Microsoft's software.

Mid to Late 2000s

Malware increasingly began to be used for financial gain. One of the first examples of ransomware, GpCode (2005), encrypted users' files and demanded a ransom for their return. This period also saw the rise of botnets like Storm (2007), which used infected computers to distribute spam or carry out attacks.

In this along with previous decades many more malicious viruses were created and basically they became more the norm.

Early 2010s -2020s

Advanced persistent threats (APTs), state-sponsored cyberattacks aimed at stealing information, rose to prominence. Stuxnet (2010), which targeted Iranian nuclear facilities, was one of the most famous examples. Discovered in 2010, was the first documented attempt by sovereign nations to use malware to attack other sovereign nations. Stuxnet was designed to disrupt Iran’s nuclear facilities, in an apparent attempt to slow the country’s progress on developing an atomic bomb. This attack successfully delayed Iran’s efforts, managing to destroy 1,000 of the 6,000 centrifuges the nation was using to enrich uranium, but it neither stopped nor slowed Iran’s build-up of low-enriched uranium.

Ransomware saw a resurgence with Cryptolocker (2013) and WannaCry (2017), the latter exploiting a Microsoft vulnerability to infect hundreds of thousands of computers in just a few days. The WannaCry ransomware attack spreads globally. Exploits revealed in the NSA hacking toolkit leak of late 2016 were used to enable the propagation of the malware. Shortly after the news of the infections broke online, a UK cybersecurity researcher in collaboration with others found and activated a "kill switch" hidden within the ransomware, effectively halting the initial wave of its global propagation. The next day, researchers announced that they had found new variants of the malware without the kill switch.

More sophisticated banking Trojans, such as Zeus and SpyEye, began to steal financial information.

The trend of increasingly sophisticated attacks continues, with malware becoming more complex and harder to detect. Fileless malware, which operates in a system's memory and leaves no files on the hard drive, and ransomware targeting larger organizations and infrastructure, have become significant threats.

Present times

As mobile device usage has surged, it has inevitably become an increasingly attractive target for cybercriminals. A variety of malware types have been adapted to target mobile platforms, and new ones have also been created to exploit the unique vulnerabilities and usage patterns of these devices. Let's explore some key types of mobile malware:

- Mobile Banking Trojans: These are one of the most dangerous types of mobile malware. They are designed to steal financial information and can hijack login credentials when a user accesses a banking app. Some can even intercept and manipulate SMS messages, thereby bypassing SMS-based two-factor authentication and transaction verification.

- Mobile RATs: These Remote Access Trojans can take comprehensive control of a mobile device, just like on a PC, providing the attacker with access to files, camera, microphone, and more.

Different types of malware.

- Worms: Worms can spread without human action. They replicate themselves and use a network to send out copies to other computers on the network. Worms can also spread through instant messaging platforms and social networks like Discord, Telegram, and Facebook. They send messages or posts with malicious links or attachments to all contacts, tricking people into clicking and thereby infecting their devices. Worms can copy themselves to any removable media or shared network folder that is accessible to the host system. When this media is connected to another system, or another user accesses the shared folder, the worm can infect the new system.

- Remote Administration Tools: RATs or in other words Trojan horses were named after the wooden horse used to trick the city of Troy in ancient mythology. RATs allow an attacker to take control over a system, almost as if they have physical access to it. They can execute commands, access files, manipulate system settings, and more.

- Ransomware: This type of malware encrypts files on a user's system and then demands a ransom to restore access to the files. An infamous example is the WannaCry attack that happened in May 2017.

- Keyloggers: This type of malware records the user's keystrokes, typically in order to steal passwords or other sensitive information.

- Bots/Botnets: A bot is a type of malware that allows an attacker to take control over an infected computer. When many bots are networked together, they form a botnet which can perform large-scale malicious acts, such as distributed denial-of-service (DDoS) attacks and more.

- Stealers: Often also known as information stealers, these types of malware focus on extracting sensitive data from infected systems. They can be designed to steal a wide range of information, such as login credentials, credit card numbers, or personal identification information.

- Cryptocurrency Miners: These malicious programs use the resources of the infected machine to mine cryptocurrency (like Monero, Ethereum classic and others) without the user's knowledge or consent. This process can significantly slow down the victim's computer and can even lead to hardware damage due to the increased load on the system.

- Adware: This is software that automatically displays or downloads advertising material (such as banners or pop-ups) when a user is online. While not always harmful in itself, adware can be intrusive and annoying, and sometimes it's bundled with spyware.

- Spyware: As the name suggests, this software spies on user activity without their knowledge. It can collect various types of personal information, such as internet surfing habits and sites visited.

Malware can be also categorized by the operating system (OS) that it targets. Each OS has specific vulnerabilities that malware can exploit. Here's a division based on some popular operating systems:

- Windows: This OS has the largest user base, especially in the corporate world, making it a prime target for malware authors. Types of malware often seen on Windows include viruses, worms, Trojans, ransomware, adware, spyware, etc. Windows has historically been a common target for RATs, due to its extensive use in both the corporate and personal computing world.

- Linux: While Linux is less often targeted than Windows, it's not immune to malware. Types of Linux malware include rootkits, viruses, and ransomware. Linux servers are often targeted by botnets for DDoS attacks due to their powerful network resources. While less common, RATs can also target Linux systems as well. An example is Jynx RAT, which is capable of taking screenshots, keylogging, and executing arbitrary commands.

- macOS: While traditionally considered safer than Windows, macOS systems are not immune to malware. Types of malware often seen on macOS include adware, spyware, ransomware, and viruses. Mac malware often disguises itself as legitimate software or piggybacks on the installation of legitimate software.

- Android: As the most widely used mobile OS, Android is a common target for malware. Types of Android malware include SMS Trojans (that send unauthorized premium SMS or steal personal data), ransomware, banking malware, spyware, and adware. Android devices have been also targeted by various RATs. For instance, the AndroRAT can monitor and send device information, intercept messages, activate the microphone and camera, and more.

- iOS: Apple's closed ecosystem and stringent app review process help to protect iOS from many types of malware. However, malware that targets jailbroken devices, or that makes it past the App Store's checks, can potentially infect iOS devices. Examples include spyware and ransomware. While less common due to Apple's strict security measures, some RATs can still affect jailbroken iOS devices. For example, SpyPhone has been used to track and send information, including location, messages, and call logs, from jailbroken iPhones.