An Abridged History Of Malware

uh hello uh so thank you all for coming uh I'm down here hello so I'm be talking about the bridge history of malware it's a bridge because I've got like uh 74 years to cover and about 15 minutes to do it in uh first hi uh I'm Liv um a un student at University of York my other hobbies include fall enough climbing walls and fall of in real estates but like enough about me why are you here well hopefully you're here to hear what I have to say um but like I'm not talking about news I'm talking about very very old in some cases like this is not modern development or anything but I think it's like why study any history

and it's because we don't really know where we're going if we don't know where we've been cyber security is so focused on like new things new threat actors new malware new vulnerabilities but I think it does dis we all sometimes need to sit down and be like well how did we get here and in outst as only starts in the 40s uh the Popular Mechanics magazine has just predicted that computers in the future may weigh no more than one and a half tons well the world uh 49 to be precise John Von Norman of Von Norman architecture FM is just given a series of lectures at the University of Illinois what he calls a self-

reproducing autometer not just a machine that can make a thing those are easy like machines commit small things all the time but he means a machine that commit a copy of itself of equal or possibly even greater complexity like almost like the evolution of an actual animal surely no consequences will come of this one and they don't actually in the 50s uh now all happens then blood ped Allen invents the curing test uh we go straight on to the 60s 606 to be exact um Von Norman's paper about a decade after his uh death and just under two after his lectures has been published it's available to read online fascinating read would highly recommend um no one's putting this into practice

yet um until now uh things are all sting to tick off in the 70s uh sci-fi has made up two new words as sci-fi loves doing uh computer viruses that featured in Gerald's 1972 book when Harley was one and worms that featured in Brunner's 75 book The Shot Wave Rider not necessarily the first times these terms are used but definitely like one of the wildly published ones we don't have a numberella term yet for this you know Mal software but I'm sure one's coming soon um we start in 71 actually uh the preer the first worm created by Bob Thomas well it will be the first worm in 1972 when red Tom lington like update it

and so it instead of just moving itself around aret it can move toppies of itself um all it really does is display the message I'm the twer Catch Me If You Can um it doesn't do much other than that it's just to prove the concept uh next year we'll also see R tomin and mid Reaper which is the first antivirus well anti-worm software which is specifically designed to do what creeper does but then scrub it from the system in a thrilling D of worm and worm in 74 uh we see an animal in its natural habitat uh animal it's uh 20 Questions d this is what animal you're thinking of uh it can kind of learn from itself and also like

the Eliza chatbot of the late 60s before it it can like almost randomize what it's saying to give a slightly natural uh communication uh it also copies itself into like every directory in your computer uh it's told a few things uh the first Trojan quite frequently or in the words of its creator a neat idea uh Trojan Horse it's been around since about you know Homer publishes Iliad 8th Century BC but it was first used to talk about malware in about the 1972 Anderson report credited to a computer scientist uh by uh DJ Edwards this is not the first time computer scientists will make up words um because a computer scientist has just made up a word uh Fred toen has

invented the word viruses he was not the first to get there sorry Fred but like he's defined it academically as a program that like infect other programs to modify it and include a copy of itself um we still don't have any sort of umbrella term yet but we are done a need one uh the AIDS virus troan actually comes out this decade and well the first Ransom word although we don't have that word yet either um well do straight to 1988 actually October and December is the past d virus uh if you're on your computer um or you texted past a down the screen um these screenshots actually from the YouTube channel of a d called

danot one who just infects VMS with various viruses Great die um if you're fan of the brain virus the first ibmc compatible virus which was released 2 years ago 86 you may notice I missed it out that's because it doesn't cause all the Texs to tasted on your screen and I think if the Alie Brothers wanted to be included in this presentation they should have thought of that um speaking of IBM casted was coded specifically not to infect any IBM machines um I possibly not the first one to do it but definitely the one I know about um which quite interesting the problem is every known variant of tasted can infect IBM machines they didn't quite that that one

right um 88 though that's two slides cuz it's also Morris worm time one of the first malware to really get widespread media attention and also got a conviction for Mr Morris under the USA 86 comp foren Abuse Act um tough Lo map it's often said that about the tenth of the internet was infected about 6,000 of 60 major units machines uh moris toly Paul ra on his personal blood reckons that he was there and this number was made up and just kind of plucked it as a reasonable best Des also actually in the same same footnote even um he talked about well the way they dealt with the Morris worm was just turning things off

and on again and like rebooting them which is great to get rid of the Morris worm it's less good to have an accurate number of how many machines are infected but oh well 90s though huge nude for fans of things starting into categories Israel rad has just invented the word malware thank God cuz I was getting fed up of not having it um not only that Yun and Yun have created the term crypto viral attacks which is not very taty but it will one day mean rans somewhere and someone on uset has made up the term spyware uh specifically they're talking about Microsoft Hardware in this Cas but very soon it will also refer to software

um we don't need to take things computer viruses now even when they're not like we will do that but we don't have to um we'll start in 91 with the green caterpillar virus um it just makes a little green caterpillar on your screen and eat your text and it Street it out yellow and slide to the left um green tat pillar doesn't have this is own with a PJ page it barely outs seos like real life viruses affecting real life caterpillars the reason I'm including it on here despite being quite irrelevant is that it's kind of the end of an era not only because like MS DOS is just kind of dying but we've established that

malware works now like up until now malware has been an annoyance Yun and Yun in the crypto viral attack paper discusses how viruses are an annoyance but from here on out we're going to see viruses actually start to cause damage um not yet though it's the 99 worm um it's one of the first email em attachment worms uh it spends through emails um and attaches itself to everyone in your address list and also tis them too it also uh nicely display fireworks and a happy news message which is nice um what's fun is that this one modifies register ke's for persistence like if you think back to 88 with the Morris worm that didn't have the same

level of persistence like you know if you re Beed it it was kind of fit now the these things are sticking around for l s sticking around we are it's not why they didn't kill us um good news someone's just invented the first malware from mat um it's called the leap or the impa looma worm lots of people say that like mat is kind of uniquely like you know uh protected against uh virus and Mal and stuff and it kind of is but mostly here mat and Apple has started become relevant until this point there weren't really enough users for anyone to bother actually making malware for it um 2000 we'll start with the I love

you worm um another bid worm that caus damage um millions of people got hit with this one um it would delete random fouls hide rather than delete MP3 F funny enough and also send itself to everyone in your address book what's fun about the I love you wor is that Creator n dman he's Philipino and at the time in the Philippines there wasn't a law against creating malware um so he was kind of released with all charges dropped after you know taking out much of the globe that I love you because they didn't even get him on like criminal mischief because they couldn't prove he didn't ended to cause all of this damage so fair play to him actually

uh 2003 uh history is repeating itself um if you remember Reaper and Creeper from earlier they're doing it they're doing it again uh the Blaster worm appears in August and 5 days later the Welter worm will exploit the very same vulnerability to a try and get rid of blaster and B try and Patch It Up behind it the extent to which this works is debatable people have their opinions both ways but like people do love setting a worm to catch a worm this is a very common thing theme actually as we move into the tens um I noticed I don't know if the rest of you noticed but like viruses are falling out of fashion like I know the term is

antivirus software I know virus is kind of a detal term if you're not Tau into a specifically technical audience but I mean virus specifically like coind defined it in the ' 80s I mean virus like this piece of self-reproducing code that attached itself to another program that runs like that like don't get me wrong malware is as bid as ever um stuts net 2010 once you start talking about stsn you start talking about cyber warfare um above my paid raid uh tobo stde which is not technically malware but it's very much you yeah you know it kind of is I will mention tobo stri one more because it does deserve a mention but then we

can just let it lie for a bit tobo Drive 2012 does have something else for it though thank do uh the Shimon virus um out sa in tari Old companies biggest hat in history people throw around cyber warfare here too um this is the last of the bid virus Heavy Hitters um because we just have better options now if you want to cause damage like you don't need to rely on something that's by its nature quite small and requires user um interaction to produce you have other options to TOS chaos and with that we're rapidly approaching the present day um the other way actually the ink ran somewhere um it like looks for unsecured printers on the network and actually

prints out the ransom note which is quite fun and also reminded to secure your printers CU everyone forget about that one um I did stip over a fair few attacks there was the ly rans somewhere uh February 2016 which infected about 5,000 computers per hour at its peak compared to like 6,000 total for the Morris worm uh there's a first apart pedis spyware that was AUST 2016 uh there was a treb DS attack by Mirai that was September 2016 and mainly it's m of time and stop Stu I named three things in 2016 just then compared that to 49 when we had one te thing in malware history and time is just I I don't have

time to talk about all this like once we start talking about some of these attacks we start talking about geopolitics and then you've got to you've got to the details to do it like div it justice it's easy to talk about the motives behind creeper you know can we do it it's much much harder to summarize say why a group that we think were Iranian um Happ uh products made by an Israeli company to Target companies in the US you have got an entirely new presentation at that point um that is far more detail than I have time to go into very very quickly the malware world has run very big and very complex um well you know hopefully not

that quickly cuz hopefully we'll be able to wind our way through like 74 years of History to see how we've got here like as much as things keep changing iessa is always something that's like the same as it ever was like thank you um I appreciate you coming to listen um I have apparently like three minutes for questions if anyone has any

does anyone want to complain their favorite virus was missed out yeah sorry was the one at the front honestly I like doing caterpillar I like it because it doesn't do much it seems to me very much like someone was like hey can I be slightly annoying and move everyone's text slightly to the left and make it yellow and then they failed to cause any real damage or even de notability for it but I can still respect that they put it out there and tried any other questions Co all right well thank you very again