It was late 1994 when I bought my first computer. It ran on the Windows 95 operating system and contained a 512 megabyte hard drive and 16 megabytes of RAM, which was a full load in that era. Most programs were loaded by one of the two floppy drives: 3 1/2 inch and 5 1/4 inch, with a few more loading from the 2x CD drive.
That computer was not connected to the Internet until early 1996, but it became infected with a virus nonetheless, in early 1995. That virus was delivered via a floppy diskette with an infected Master Boot Record. Here is how it happened.
One day I decided to buy an inkjet printer ($329.00!). Soon afterward, one of my friends told me about a business card program he had purchased and offered to loan me his setup diskettes (3.5" floppies). I gladly accepted the offer and went about installing the business card program and designing my very first self-made business card. I was going to need some business card paper to print out the cards, so I shut down the PC and went out to find the card stock.
When I got home with the business card stock I turned on my computer. It was then that I got a real mental shock. My Windows 95 contained a rudimentary anti virus program that worked by creating a checksum of every system file, when it was first installed. As the computer booted up, that program began notifying me that "the checksum has changed" in hundreds of system files and the Master Boot Record. Panic set in!
I made a few phone calls to computer stores in my city and one of them had an anti-virus program, on a 3.5" floppy disk, named ThunderByte Anti-Virus. I bought the program for ten bucks, took it home, scanned with it and learned that my PC was infected with the Anti-Exe A virus, whose sole stupid purpose was to make a computer unusable. I followed the manual disinfection instructions to the letter and within one hour my computer was disinfected. However, I had to learn how to reinstall Windows to repair the damaged system files. That was in 1995 and it taught me how to fight the relatively simple viruses of that era.
I kept ThunderByte installed on that and my next computer, until sometime in 1998, when the company was sold and ThunderByte was retired. Without new definitions the program became useless. In addition to using definitions for known viruses, ThunderByte also kept a database with the "checksums" of all scanned good files. So, every time I upgraded a program, or ran Windows Updates and some files were changed, ThunderByte popped up a red warning box and sounded a loud annoying siren alarm tone.
Back in 1995 through 1998, anti virus programs tended to receive updates every week, or at best, every few days. They all worked by scanning hard drives and floppy diskettes for known viruses, removing them, then creating a "checksum" of each good file. The checksums are like fingerprints, with no two having the exact same definition. In those times, new viruses were being written and released a couple times a week, usually by rogue programmers looking for notoriety. It was fairly easy to protect a computer with weekly updates, downloaded over 33,600 baud modems.
My, how things have changed since then!
Fast forward 16 years, to the summer of 2014. Now, instead of having to detect and defend against a couple of new viruses a week, anti-virus companies are engaged in a cat and mouse war with countless rouge computer programmers who write, rewrite, repack, or otherwise alter malicious software code, a.k.a. "malware", not for notoriety, but for profit, or theft of identities, or credentials, or sensitive information. Nowadays, new and altered viruses, "spyware" and other types of malware are being released in such huge quantities, it is impossible to keep up by just issuing definition updates. We are talking about tens of thousands of new or altered virus definitions every week.
Enter Boris Badenov, world's greatest no-goodnik
Many of these rogue programmers live in the former Soviet Union. Brilliant, unemployed young programmers are sought out by recruiters for cyber criminals to do coding for the criminal masterminds who run the major malware and hacking gangs. These big shots pay big money to capable code writers, to write new viruses, or to alter old ones, on a daily basis. Then, they pay Botmasters, who have infected and herded tens of thousands of insufficiently secured computers into giant remotely controlled networks, called botnets. "Botted" computers are used to send spam email messages out to millions of recipients. Sometimes, these botnets are used to attack certain business or personal websites, data centers, public utility control systems, government offices and even entire countries, in what are known as DDoS attacks.
How computers become members of botnets
Plug and Pray!
At the beginning of this article I described how my first Windows computer became infected after I inserted an infected floppy disk into Drive A and ran the program on it. Today, almost nobody uses floppies or even has a floppy drive in their computer. Taking their place are USB thumb drives, removable memory cards, external disk drives and networked drives. Many a computer has become infected with botnet malware or spyware from an infected USB thumb drive. These infected PCs may go on to infect other networked computers, logical drives, or storage devices that get plugged into them.
Would you like some Spam with that?
I mentioned a couple paragraphs ago that botnets are primarily used to send email spam messages. A significant number of spam messages now contain malware "Trojans" in attachments, or clickable links leading to online exploit attacks (e.g., exploit kits). The malware attachments install their malware load by tricking the user into thinking they are viewing an invoice, failed delivery notice, suspended account alert, traffic ticket, etc. This is known as social engineering. Once a poisoned attachment is opened, or a link to an exploit site is clicked upon, various JavaScript functions are run to see if the computer, or the default web browser, has any vulnerable software installed, which that exploit kit can target.
Most of the modern day "viruses" do their thing by exploiting coding flaws in commonly installed "plug-ins" that run inside web browsers or email clients. One of the most exploited programs is Oracle Corporation's Java, which according to a January 2014 study by Cisco, accounts for 91% of exploit attacks. Other popular targets are Adobe's Flash, Acrobat, Reader, Air and Shockwave software.
The primary purpose of spam is to make easy money, by deceiving innocent or naive netizens into paying for useless or fake products, or courses, or counterfeit goods, or pirated software, or, in the case of this article, installing malicious software onto their computers.
As the nature of virus threats has evolved, so has the technology used by the good guys, in the anti-virus business. Security product companies have to keep a huge number of brilliant computer programmers on staff to analyze altered and new malware threats and write solutions for end users to stay protected.
Almost every reputable anti-malware company now uses a technology called "in-the-cloud" definitions. This is a virtual server space where companies upload definitions of freshly analyzed threats, just as fast as they are analyzed and defended against. The client computers are setup to query these cloud servers to see if a file they are about to open is a known baddie, according to the latest definitions in the cloud. This takes the load off the personal computer, as it only maintains a manageable database of well known threats. Rather that slowing your computer to a halt, from huge malware definition databases, these cloud-based anti-malware programs use your broadband Internet connection to test files in almost real time.
People who still rely upon a dial-up Internet connection would probably notice a slowdown in opening new files, as the round trip time lag at dial-up speeds could be measurable. I believe that it is better to give up a few seconds of your computer experience and remain safe from a possible new threat, than it is to instantly open a hostile packed file while unprotected.
In 1995, when I caught my first computer virus, the Anti-Exe A, it was one that was designed to harm the victim's computer by making it impossible to load the operating system There are still viruses written today that basically do the same thing, with one big exception: they do it to extort payment to fix the problems they themselves created.
One class of malware designed to scare people into paying for a useless program is known as rogue (fake) security programs. They are often professionally designed to look like real anti-spyware programs, but a really wolves in sheep's clothing. Once you download a fake anti virus program it will launch a scan, or display a notice on your computer monitor notifying you about many alleged infections that it found on the computer. It will offer to remove them once you pay a large fee to register the program. The warnings will not go away until you either remove these scareware threats, or pay the blackmail price. Some even render your executables inert, much like the ancient Anti-Exe virus of the mid-1990's.
Another more dangerous type is known as "Police" or Cryptolocker Ransomware Trojans. These malware programs are usually delivered in email attachments, or by clickable links in spam messages. Once they fool you into installing them, they encrypt particular popular file types, like office documents, music, video and pdf files and then accuse you of violating some statute in your Country. They go on to demand a ransom payable by a debit card or more recently, by Bitcoins. Many of these operations are run from The Ukraine or Russia.
Because there are so many ways one can get their computer infected, the prudent course of action is to run daily, or at worse, weekly backups of the entire C drive. I use Acronis True Image to backup and save system images. They are saved to external disk drives, which you can buy for a hundred or two hundred bucks.
Fortunately, legitimate anti-malware companies provide tools that can combat these rogue security and file locker programs, as well as most other known and emerging malware threats. But, if you choose to install a free anti-virus program, you may not receive the same frequency of definition updates, or direct access to cloud definitions. Some freeware security programs only allow one update every 24 hours. By the time you receive the next update, over 1,000 new or altered malware threats will have been released into the wild. If you are unlucky enough to stumble across one, in between definition updates, your PC may well become infected by a threat not yet recognized by your free anti virus program. Tomorrow thee may recognize it, but it will be too late for you.
My best advice regarding security programs is buy a one year subscription for a commercial security program from a reputable company. If, after your subscription expires, you feel you got your money's worth, renew it, or upgrade to its newer version (usually at a nice discount). If it lets you down, uninstall it and try out a different program. I personally use a combination of Malwarebytes Anti-Malware and Trend Micro Titanium Internet Security (for 3 PCs).
back to top ^
