IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Going viral: The history of malware from Alcon to Zeus

Everyone knows about computer viruses, but where did they come from?

Malware, viruses, Trojans, ransomware. These are all words that have entered into everyday language. But what are their origins and how have we got to the situation where there are hundreds of millions of harmful programs in the wild? 

The origin of species

The origins of computer viruses lie not with criminal gangs or bored teenagers, but, perhaps surprisingly, in research. 

They are also older than one might think. 

Creeper, generally accepted to be the very first computer virus, was developed in 1971 by computer programmer Bob Thomas from BBN Technologies, as an experimental self-replicating program. 

Thomas then created the Reaper worm to track and delete his original program. 

However, while Creeper did not make it out into the wild, another worm, called Morris, did. 

Morris was developed in 1988 by Robert Tappan Morris, a student at Cornell University, who claimed it was originally written to gauge the size of the nascent Internet. 

However, a bug in the code turned it from an innocuous piece of research into a virulent denial of service worm. 

According to Marcin Kleczynski, founder of security vendor Malwarebytes, this is quite typical of the early days of computer viruses. 

"Viruses started as proofs of concept," says Kleczynski.  

"People have always wanted to do crazy things for their own entertainment or interest," adds Simon Young, VP of UK & Ireland at Trend Micro. 

However, as the Internet started to take off, so did a more nefarious uses of self-replicating software. 

The Dade Murphy archetype 

In the early 90s, viruses aimed at the general population began to emerge. According to security researcher Graham Cluley, the original virus authors were "normally teenage boys who were perhaps not very socially adept, but were talented". 

"They would hang out on bulletin boards and were really writing viruses to show off to each other, mainly engaging in graffiti and that kind of thing," says Cluley. 

"This is when you started to get some of the original worms," says James Forshaw, principal security consultant at Context Information Security. 

RATDispenser evades nine in ten anti-virus engines

"Things like the ILoveYou worm, Melissa or Michelangelo," he adds.

This was also when the fight back against viruses first began in earnest, with some of the best-known early anti-viruses, such as Symantec's Norton Antivirus, McAfee Antivirus, and AVP - later Kaspersky Anti-Virus, beginning to emerge.

The authors of this type of malware are the kind of archetype portrayed in the 1995 Angelina Jolie and Jonny Lee Miller film Hackers, albeit somewhat glamorised.  

Their work was often flamboyant, with the creators generally writing their programs in such a way that they announced themselves as soon as they were installed. 

However, as Internet commerce and banking began to take off, the profile of the attacker began to change, with lone-agents creating viruses for their own entertainment and community kudos being replaced by a more professional class of attacker.  

The era of the cybercriminal 

At around the turn of the millennium, the amount of business being done online through sites like Amazon and eBay started to take off, with smaller companies and traditional, not born-on-the-web retailers following suit a while later.  

Over the intervening 15 years there has been an exponential growth in the malware circulating in the wild. 

"The sea change came when criminals realised there was money to be made through these attacks," says Forshaw.

Instead of viruses that would corrupt a hard drive or send out spam, new malware like key loggers that sat quietly running in the background stealing data began to appear and proliferate.

"When I started working for an antivirus company in 1992, we were seeing about 200 viruses appearing a month," says Cluley. "Now it's 2,000 a month."

By the mid-2000s, malware had become a lucrative business with links to organised crime.

It is at this time that the first sophisticated banking Trojans, like the infamous Zeus and it's progeny, started to appear as well. 

Banking written in red surrounded by coding

Additionally, attacks became more sophisticated, using compromised but legitimate websites to deliver "drive by" infections for example, or highly targeted phishing techniques to get access to a particular corporate network.

In short, the cyber threat arena has changed beyond recognition to become a professionalised, black market economy.

"Cybercrime-as-a-service has become a serious industry," says Young. "SLAs are offered, there are vertically structured organisations." Services are even advertised in specialist underground forums.

There is also an awful lot of money to be made.

The CryptoLocker ransomware that appeared in September 2013 is reported to have made over $20 million in the last three months of 2013 alone.

The Trojan, once downloaded, encrypts a victim's files and demands a ransom of 400 US dollars or Euro to decrypt them.

In its appearance, the attack is somewhat reminiscent of the viruses of 20 years ago or more: a dialogue box is displayed telling the user what has happened, with a countdown timer giving them between 70 and 100 hours to make a payment. If they do not, the encryption key is deleted, the attackers claim, and their data will be lost forever.

The reason CryptoLocker has been so successful is there is no alternative but to pay the ransom in order to regain control of the files.

Into the future

In the 43 years since the development of Creeper, the world of malware has changed unrecognisably. Authors have gone from being curious academics to teenagers full of bravado to professional criminals. Malware has gone from being obvious attacks that were disruptive but preventable and curable, to silent programs vacuuming up data from the shadows, and back to the in-your-face nature of the old viruses, only this time the disruption is to your wallet as well as your files.

Given the rapidly evolving nature of the field, is it possible to predict what might happen in the future?

Many researchers are reticent to do so, however Young, Forshaw, Cluley, and Kleczynski all agree it is worth keeping an eye on the Internet of Things.

"We have been doing some research on the Internet of Things and some of these appliances are not as secure as perhaps they could be, maybe because their creators don't consider them to be a target," says Forshaw.

He also claims devices running on Android may be more susceptible to attack, as the current state of the smartphone and tablet market shows a much higher incidence of malware on Google's mobile operating system than others.

Could our connected fridges be used then to steal or extort money from us? Will our driverless cars hold us hostage? Potentially yes, once the technology takes off.

"I wouldn't like to be the first person to find out my car has been compromised by malware and I'm currently doing 70mph down the motorway," says Forshaw.

Kleczynski foresees another potential use of malware in the Internet of Things.

"One of the things I have always considered is there is a huge market for data mining," he says.

"We remove potentially unwanted programs (PUPs) now from people's computers, because who wants all of their browsing history sent to these data mining companies?

"In the future, as we start wearing things like watches that have GPS, PUPs could be used to send data on what shops you go to back to these companies, who wants that either?" he adds.

"That's a much bigger market than turning your car off and trying to hold it to ransom, because you can call a mechanic to come and fix that."

Nevertheless, history has shown us that little if anything can stop the onward march of technology, or take the edge of our hunger for gadgets.

Will there be new vectors for attack? Undoubtedly. Should we or will we let it stop us? No.

For more advice on transforming your business, visit HP BusinessNow

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download


Laser printers vs Inkjet

Laser printers vs Inkjet

2 Aug 2022
Powering through to innovation

Powering through to innovation

21 Jun 2022
HP Envy 6432e review: Beauty that’s only skin-deep

HP Envy 6432e review: Beauty that’s only skin-deep

27 May 2022
HP Deskjet 4120e review: An incredibly cheap home office MFP

HP Deskjet 4120e review: An incredibly cheap home office MFP

25 May 2022

Most Popular

Why convenience is the biggest threat to your security

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
UK water supplier confirms hack by Cl0p ransomware gang

UK water supplier confirms hack by Cl0p ransomware gang

16 Aug 2022