Digital epidemics

Digital epidemics
The first computer viruses appeared back in the 1970s. They were conceived as harmless and more like games, the purpose of which was to distribute the program to the largest number of players. The participant whose program will make more copies of its own and fill the computers of others faster was declared the winner.
Today, viruses have become a serious threat to the stability of computer networks around the world. Approximately 450,000 new malware are detected daily. All of them cause damage not only to ordinary Internet users, but also endanger corporate networks.

It is worth saying that computer viruses are just one type of malware (we tell you more about malware here). However, in fact, classical viruses are not so widespread: many well-known cyberattacks were caused by computer worms, more contagious and independent.

In this article we will talk about the differences between viruses and worms, as well as about the large-scale computer pandemics that have gone down in history.

Virus or worm? Let's figure out what is what
A computer virus is a type of malware that spreads by inserting its copy into another program (“infecting”) and becoming part of it. Almost all viruses are attached to a host ("host” - for example, an executable file or document), which means that a virus can exist in the system, but remain inactive until the user launches or opens a malicious host file or program. When the host code is executed, the virus code is executed.

The virus spreads if the software or document to which it is attached is transferred from one computer to another. Transfer methods: shared network or disk, email, social networks and messengers, shared files.

Computer worms are similar to viruses in that they copy their functional copies, but unlike viruses that require the distribution of an infected host file, worms are autonomous and do not require the participation of a person or a host program.

To spread, the worm uses either a vulnerability in the target system, or deceiving the user to force him to launch himself. Also, the malware uses the functions of transferring files or information in the system to move without assistance. More advanced worms use encryption, cleanup, and ransomware technologies.

The first viruses
The Creeper program, which is often referred to as the first virus, was created in 1971. Having infected the new hard drive, Creeper tried to delete itself from the previous computer. Creeper was not a malware in the general sense, since it did not harm the data — it only displayed a simple message: "I'M THE CREEPER. CATCH ME IF YOU CAN!" (I'M A CREEPER. CATCH ME IF YOU CAN!)

And the first computer worm Reaper was developed as an antivirus, which was supposed to remove the Creeper program.

The most high - profile epidemics
Brain
The first epidemic was caused by the Brain virus, which infected the boot sectors of floppy disks. The virus was developed by brothers Amjat and Bazit Alvi in 1986, and was first discovered in the summer of 1987. The malware was supposed to punish local pirates stealing software from the brothers' company. However, unexpectedly for everyone, Brain went beyond the borders of Pakistan and infected hundreds of computers around the world.

The Morris Worm
On November 2, 1988, Robert Morris distributed a malware that was later named after him. The Morris worm disrupted the work of over 6,200 computers, most networks went down for up to five days.

Initially, the virus was conceived as harmless, but the worm proved to be more destructive on the network than planned. Morris' coding error, which instructed the worm to copy itself regardless of the infection status of the computer, turned the worm from a potentially harmless computational exercise into a denial-of-service virus attack. And Morris himself became the first person in history to be convicted under the Computer Fraud Act.

I LOVE YOU
ILOVEYOU (aka Love Bug or Love Letter) is listed in the Guinness Book of Records as the most dangerous virus of all time. The virus was spread by social engineering via email. The victims received an email with the subject "ILoveYou" and opened a malicious attachment, because the messages, as a rule, came from familiar addresses. The malicious attachment posed as a harmless TXT file and did not arouse suspicion, because at that time Windows was hiding the actual file extension. After launching, the worm was automatically distributed to all contacts in the Microsoft Outlook address book and overwritten files on the computer with its own copies, as a result of which the system could not boot at the next startup.

Within 10 days, 45 million cases of infection were registered. It is believed that at least 10% of the world's computers connected to the Internet have been affected by this virus. Many large corporations have decided to completely disable the mail system to protect themselves. At that time, it became one of the largest computer disasters. The worm caused almost $15 billion in damage.

Mydoom
Mydoom (aka Novarg) is the fastest spreading mail worm in the world. In 2004, it caused $38 billion in damage (adjusted for inflation - $52.2 billion) and infected more than 50 million computers worldwide. At some point, the Mydoom virus was responsible for 25% of all emails sent. To date, Mydoom is the most destructive worm in history.

Mydoom was distributed mainly by email. The worm collected addresses from infected machines and sent its copies to these addresses. It is also known that the virus connected infected machines to a botnet (a network of other infected computers), which carried out distributed denial of service attacks (DDoS). These attacks targeted certain websites or servers (for example, a large-scale attack on Google in July 2004 completely stopped the search engine). Also in 2004, in the period from February 1 to February 12, Mydoom conducted a DDoS attack on the Microsoft website.

The worm contained a text message "andy; I'm just doing my job, nothing personal, sorry" ("Andy, I'm just doing my job, nothing personal, sorry"), which suggests that the creator of the worm was paid.

Despite the announced reward of $ 250,000 for any information about the creator of the worm, the developer of this dangerous malware has not been found.

Mydoom exists today, generating about 1% of all phishing emails. This is quite a lot, considering that 3.4 billion phishing emails are sent daily.

WannaCry
WannaCry is a mixed threat that combines aspects of a worm and a ransomware program.

In 2017, WannaCry infected the victim's computer using a vulnerability in the Microsoft SMB File Sharing Protocol version 1. To infect the system, WannaCry used EternalBlue, a publicly available vulnerability exploit. WannaCry then scanned the network to find other devices with the same unpatched security vulnerability. As soon as he found a new victim, he installed himself on a new device and repeated the process.

WannaCry has spread to the systems of 150 countries around the world, infecting 10,000 computers every hour. Russia, Ukraine, India and Taiwan suffered the most.

The attack affected many large companies. Among them are Telefónica, FedEx and Deutsche Bahn. Nissan and Renault have stopped production. National Health Service hospitals in England and Scotland were affected (70,000 devices were affected, including computers, MRI scanners, blood storage refrigerators; medical services were forced to abandon emergency care in non-critical situations, and some ambulances were diverted).

In Russia, the attack affected the Ministry of Internal Affairs, Rosneft, Russian Railways, Sberbank, MegaFon.

The total damage from WannaCry amounted to $1 billion.

Conclusion
Over the decades, viruses have evolved. They have turned from "computational exercises" with elements of practical jokes and intellectual competition into dangerous tools used for espionage and blackmail, theft of funds and intellectual property.

The methods of delivery of malware have also changed. Today, not only e-mail, but also all kinds of messengers and social networks, vulnerable IoT devices give attackers the opportunity to roam. However, it is fair to note that mail remains the most common malware delivery channel.