Norman Safeground Blogs

insight, opinion & information


Virus History

Bjorn-smallBjørn Lilleeng, Technical Integration Manager

I remember back in the mid-nineties I was booting my PC in the morning, and went for a cup of coffee (booting a PC took a really long time by then…). When I came back there was a text on the screen: “Your PC is now Stoned”. It appeared that I had booted my PC with a floppy in the slot, a floppy which boot sector was infected with the virus “Stoned”. The virus also infected the master boot record on my hard disk, leaving my PC unbootable.
Since I already worked in the computer security business by then, I fortunately was able to remove the virus relatively easy.

Norman SafegroundThis situation is a typical example on how viruses and other malware functioned by then. They were created with the sole mission of proving the technical excellence of the virus author. The more attention the virus created, the more prestige and respect would come to the virus author. The total number of viruses was relatively small, 3-4000, and all typically created by single persons or hacker groups who wanted to show how good they were at this.

Norman and other security companies distributed signature updates via floppies on a monthly basis. That was considered sufficient to keep the anti-virus system update enough to protect against the threat of that time.
There was a steady growth in the number of malware until the beginning of this century. From 1996 signature updates was done via internet, but malware was still characterized by:

  • Relatively limited spread
  • Malware was made to prove technical excellence. Hacker group competed to make viruses destructive enough to give them fame and attention.
  • A user would know immediately if he was infected. The payload of viruses could leave the computer unbootable or delete or destroy files.

From about 2002/2003 there was a paradigm shift. Criminal actors discovered that malware business had big potential. The number of malware started to grow exponentially. And they used Internet technologies to spread much more effective that previously. A recent report by Microsoft and IDC states that the total cost of fighting malware now spirals to $ 114 billion a year.
The malware of today typically have the following characteristics:

  • Dominated by criminal actors with “unlimited” resources
  • Massive spread
  • Produces malware to achieve economical or political gain
  • Almost impossible to know if infected. They won’t break your system, but they steal your money

Although money is the driving factor here, there are also other motivations for taking  Norman Safegroundadvantage of the new potential of malware.
Groups that fight for the “good cause” , now have tools where they can threaten to punish businesses with DDOS attach if they don’t change their behavior.  National states create advanced malware to spy on other national states or businesses, and can even sabotage industrial control systems if they want.
After all, if we try to see the big picture, the different threat actors we see today can be sorted into three groups:

The amateurs:

  • Idealistic organizations that uses hacking to support “the good cause”. Typical examples of such groups would be Anonymous and LulzSec.
  •  The technical level on the attacks varies a lot, from the really advanced to the more trivial

Commercial hackers – the only motif is making money:

  • Focus on economical criminality: Steal and exchange credit card data and other personal information like passwords and other identity information
  • Massive spread and significance. The FBI states that the cybercrime business is larger than drug trafficking these days
  • The technical level on such malware varies a lot, from the really advanced to the more trivial

Hacking staged by national states:

  • NSA, M16, Mossad ++
  • Usually extremely advanced malware, often almost impossible to detect

At the time I conclude this, the big thing in the news is the newly discovered hack potential in Internet Explorer.  Microsoft just released a temporary fix to protect the users.  A permanent solution is not available yet.
I also read that security advisors recommend people to use a different browser, at least until a permanent fix is released.
I sincerely believe they are missing the point. What will happen next week? A new vulnerability in Firefox?  And we all know the vulnerability history of Chrome.

New vulnerabilities have been found in the browsers very often in the past, and it is less likely that this will end soon.  This means that the answer is not to change browsers all the time, but rather use a Layered Defense Strategy:

  • Secure patch. At the bottom make sure you have your OS and applications updated with the latest patches.
  • Secure endpoint. Verify that your anti-virus system is using the latest updates at all times.
  • Secure surf. There should be a separate module monitoring and verifying the urls that are fed into the browser
  • Secure email. Emails should be checked and verified before they are allowed into the system
  • Secure backup. Implement backup routines that are secure and automatic.

Using a vendor like Norman, that uses different technologies in the different layers, makes it even harder for the “bad guys” to enter your network.

Tags: , ,

2 Responses to Virus History

  1. sidepixel says:


    nice article,

  2. Norman says:

    Thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>



The Author:

Made up of various contributors' opinions and insights - the power of the collective.

Business Bloggers

Norman Safeground Blogs Archive