Call us! 512-349-0334 or (877) INDUSOFT

A Short History of Malware Leading to Stuxnet

Following two widely publicized hacks on the DNC and DCCC in the past weeks, we thought it might be an appropriate time to look at the history of Malware. Attacks like these show that everyone is vulnerable to attacks, and it’s important to be aware of risk factors in order to mitigate the chances of a cyberattack as much as possible.

books

A (very brief) history of malware, viruses, hacks, worms, and Trojans

The theory of self-replicating code dates back to John Von Neumann, who created a theory of self-reproducing automatons. At the time, this could only be theory, as the technology did not exist to put this into any practical tests.

Around the 1970s, a game called Code Wars introduced warring factions of code that could spread through memory and either delete information or replicate themselves. This was the precursor to the computer virus.

The term “computer virus” was used for the first time in 1981 by Professor Len Adleman, and one year later, a virus for the Apple II was spread amongst a small group of people. This virus exploited an error that could crash programs on the computer. In the same year, the first “in the wild” virus appeared to attack Apple and DOS 3.3 operating systems. It introduced small and generally annoying errors into those systems, but could render other operating systems completely unusable.

Also in 1982, Jon Hepps and John Shock created the first computer worms originally means for distributed calculations. However, an error in the program caused them to spread erratically and eventually lock the computers.

In 1983, Fred Cohen defined the meaning of a “computer virus” after he introduced a virus into UNIX computers that only required eight hours for implementation, after which he had access rights to every computer in the network. A year later, his PhD Thesis included a mathematically defined definition of a computer virus that is still in use today. This is also the year that Ken Thompson coins the term “Trojan Horse.”

Viruses begin appearing in the wild with regularity in 1985. Most of these are joke programs, such as the “Gotcha” Trojan horse, and the “Surprise” program written in BASIC. In the beginning, these attacks only threatened mainframe computers. Without wide proliferation of the internet, personal computers were rarely affected. However, this same year, the Hacker’s Handbook was published in the UK.

The first anti-virus companies began in 1986 as a response to the “Pakistani Brain” virus created by a company in Lahor to combat piracy of their software. “Virdum” introduces the first file virus, and “PC-write” represents the first Trojan Horse. While John McAfee and other specialist begin looking for ways to combat the emerging threats, other publications post the source code for viruses like “Rushour” in their magazines. This year sees the first conviction for illegally accessing a computer system when Robert Schifreen and Stephen Gold are convicted of accessing the Telecom Gold account belonging to the Duke of Edinburgh. The hacker named Mentor is also arrested, and publishes his treatise called “The Hacker’s Manifesto” in the Phrack e-zine.

In 1988, the Morris worm was written to gauge the size of the internet by exploiting vulnerabilities in Unix sendmailfinger, and rsh/rexec . As an inadvertent effect of an error, a computer could be infected multiple times and each additional process would slow the machine down until it could no longer function.  This same year, the First National Bank of Chicago is hacked and loses $70 million. DARPA creates CERT (computer emergency response team) to monitor network security.

Hacking and malware become more prevalent. In 1993, DEF CON, a convention for hackers, has its first convention in Las Vegas. It was meant to be a send-off for BBS, but ended up becoming an annual event.

By 1994 hackers were beginning to adapt to the internet, and creating new hacker-oriented websites. Russian hackers manage to steal $10 Million from Citibank (most of which was recovered). AOLHell was also released as a freeware application that allowed people to send ‘email bombs’ and disrupt chat rooms. This is also the year IP spoofing rises to the attention of experts.

In 1996 and 1997 the US government sees a series of attacks in which the Department of Justice, the CIA, and the Air Force all have their websites altered. In 1997, a young hacker in Croatia managed to hack into computers at a US air force base in Guam. 1997 also began the rise of the MP3 format, and attacks on the Windows NT operating system.

In 1998 The Internet Software Consortium proposes the use of DNSSEC (domain-name system security extensions) to secure DNS servers, and hacker think tank L0pht testifies in front of the US congressional Government Affairs committee on “Weak Computer Security in Government”.

In 1999, President Bill Clinton pledged $1.4 billion to improve government computer security. In this year many high-profile hackers are tried and sentenced, and the threat of hacking is widely recognized among the public.

In early 2000, a VBScript worm known as the ILOVEYOU worm is released, infecting millions of computers within hours. It was considered one of the most damaging computer worms, and was written by an AMA college student for his thesis.

In 2001, U.S. and Chinese hackers face off against each other in what has been called “The Sixth Cyberwar”. By 2002, Bill Gates has committed Microsoft to securing its products and services against cybersecurity threats. This same year, George Bush creates the Department of Homeland Security which is responsible for IT infrastructure.

By 2006, worms rarely relied on the destruction of data, but rather a creation of many zombie computers that could be used to launch attacks. The big exception to this was the Kama Sutra worm, which replaced information in email client contact files. In 2006, Viodentia released a tool for removing DRM on music files downloaded from legal music services like Rhapsody.

2009 was notable for the Conficker worm, which infiltrated millions of PCs worldwide including high-security government computer networks.

2010 is famous for Stuxnet, which spread through a Zero Day exploit in Windows to attack a specific SCADA software. This attack was designed to cripple Iran’s nuclear capabilities, and it is widely speculated that the attack was a joint-venture between the United States and Israel.

 

Preventing Attacks

Worms, Trojans, and viruses cannot be defended against 100%, but the risk can be mitigated with preventative measures that can be taken to secure data and critical processes. Here are some of the ways to protect a system against exploits and vulnerabilities and avoid becoming collateral damage:

Prevention – Prevention is often left until it’s too late, or only implemented after a breach. It is critical to institute policies that include cybersecurity best practices, including antivirus software, updated software, vulnerability scans, and on premise measures like blocking USB ports and isolating the network that handled critical process data.

Secure Communications – Ensure that your firewall only allows necessary transfer of data. Isolate the most important information to the most secure channels.

Simplicity – Restrict your system to as few components as possible to leave open fewer potential backdoors. Keep additional software to a minimum and use only trusted software that makes security features a priority.

Download and Install Patches – Even vulnerabilities that the vendors are aware of can still be a threat if your software isn’t up to date. Keep your system on the most recent versions of the software, and always download and install patches, no matter how minor.

Intrusion Detection – Intrusion protection and other real-time monitoring can help you identify a breach as it happens.

Incident Response Protocol – Have protocols in place in case of a breach. Know which system functions are absolutely critical and prioritize the most vital aspects of your system during response.

Limit the Spread of Infected Systems – Limit connections to those that are absolutely required for business needs. By restricting access to any other parts of the network it may be possible to slow the spread of an infection and quarantine affected components.

Want more on Security from InduSoft:

Five ways to improve SCADA Security for Critical Infrastructure

InduSoft Webinars on Cybersecurity

InduSoft Application Design and SCADA Deployment Recommendations for Industrial Control System Security – This eBook provides guidance when building and implementing HMI and SCADA systems, and describes best practices to secure them against cyber-attacks and known vulnerabilities.

Framework for SCADA Cybersecurity – This eBook will provide Critical Infrastructure customers and academic students an understanding of the NIST Cybersecurity Critical Infrastructure Framework and how to apply the framework to new and existing SCADA applications and implementations.

 

Comments are closed.