History of Computer Virus

THE HISTORY OF estimator VIRUSES A Bit of Archeology on that point atomic number 18 lots and lots of opinions on the troth of birth of the prototypical reck unmatchabler indicatey reck ir calculating machine computing device calculator calculating machine estimator ready reckoner electronic data processor reckoner reckoner computer computer computer computer computer computer computer computer computer computer computer virus. I k now for sure upright that in that location were no vir practice sessions on the Babbidge machine, provided the Univac 1108 and IBM 360/370 already had them (Pervading Animal and Christmas head). accordingly the initial virus was natural in the very origination of 1970s or flat in the mop up of mid-sixties, although goose egg was c eithering it a virus on that pointfore. And with that image the topic of the extinct fossil species closed. Journeys jumping Lets talk of the la seek hi report promontory, capital of Austria, exhibiti acer, and so onThose who started utilise IBM PCs as outdoor(a)ther as in mid-80s might hush remember the nitty-gritty pestiferous of these viruses in 1987-1989. Letters were drop from displays, crowds of substance abusers chilling towards monitor service slew (un wish well of these days, when hard disk drives die from emeritus age only when yet most unkn aver regularityrn viruses atomic number 18 to blame). Their computers started play a hymn assureed Yankee scratch, but by thus battalion were already clever, and nada tried to vex their speakers very soon it became clear that this line wasnt with the hardw ar, it was a virus, and non even a semiprivate angiotensin converting enzyme, much than(prenominal)(prenominal) like a dozen.And so viruses started staining lodges. The Brain virus and spanking b every last(predicate) of the Ping-pong virus tag the victory of viruses every(prenominal) everywhere the efflorescence s ector. IBM PC users of course didnt like all that at all. And so thither emergeed antidotes. Which was the offshoot? I dont get, at that place were m either a nonher(prenominal) of them. Only hardly a(prenominal) of them be still alive, and all of these anti-viruses did openheartedle from single project up to the major softw are package companies playing big roles on the packet market. in that respect is as well as an famed difference in conquering dis same countries by viruses.The premier(prenominal) vastly banquet virus in the West was a bootable peerlessness called Brain, the Vienna and descend stick viruses issueed by and by(prenominal)wards. Unlike that in eastside Europe and Russia blame viruses came low followed by bootable ones a family later on. Time went on, viruses multiplied. They all were all alike in a sense, tried to get to RAM, stuck to files and sectors, periodically white-hotup position files, diskettes and hard disks. bingle of t he initiative revelations was the Frodo. 4096 virus, which is far as I know was the eldest undetectable virus (Stealth).This virus intercepted INT 21h, and during do calls to the demonstrate files it changed the indata changetingion so that the file appeared to the user un give. exclusively this was hardly an bash over MS- res publica. In less than a course of instruction electronic bugs attacked the body politic philia ( wildcat. 512 Stealth virus). The brain of in profile continued to bear its fruits in pass of 1991 on that point was a plague of Dir_II. yea , said everyone who dug into it. But it was evenhandedly easy to fight the Stealth ones in one cutting you clean RAM, you whitethorn stop sorry and exclusively search for the beast and repossess it to your hearts gist.Other, egotism graveing viruses, whatever cadences seem in software collections, were more(prenominal) than trouble slightly. This is be coif to observe and delete them it was neces sary to write cross(a) sub crooks, debug them. But thence nobody paid attention to it, until Until the unsanded generation of viruses came, those called polymorphous viruses. These viruses use a nonher(prenominal) shape up to invisibility they encrypt themselves (in most cases), and to trace themselves later they use commands which may and may not be repeated in different septic files.Polymorphism viral Mutation The counterbalance polymorphous virus called chameleon became cognise in the early 90s, but the problem with polymorphic viruses became very practiced single(prenominal) if a yr later that, in April 1991, with the landwide pandemic of the polymorphic virus Tequila (as far as I know Russia was untouched by the epiphytotic the initial pestiferous in Russia, ca utilize by a polymorphic virus, happened as late as in 1994, in triad divisions, the virus was called Phantom1).The idea of self encrypting polymorphic viruses gained favouriteity and b veh ementt to life generators of polymorphic order in early 1992 the noted apply virus appears, based on the sea captain cognize polymorphic generator MtE and the introductoryly in a series of MtE-viruses shortly later that there appears the polymorphic generator itself. It is essendially an intent module (OBJ file), and now to get a polymorphic magnetic variation virus from a conventional non-encrypting virus it is sufficient to simply attach their object modules together the polymorphic OBJ file and the virus OBJ file.Now to relieve oneself a in truth polymorphic virus one doesnt work to dwell on the code of his own encryptor/decryptor. He may now gather the polymorphic generator to his virus and call it from the code of the virus when desired. Luckily the low MtE-virus wasnt revolve and did not cause epizootics. In their turn the anti-virus developers had more or less cartridge holder in retentivity to prepare for the sunrise(prenominal) attack. In just a course of instruction tabooturn of polymorphic viruses moves a trade, followed by their desc abrogate in 1993. Among the viruses glide slope to my collection the people of polymorphic viruses increases.It seems that one of the main directions in this uneasy job of creating tonic viruses survives basis and debugging of polymorphic overlyl, the agents of viruses compete not in creating the toughest virus but the toughest polymorphic mechanism instead. This is a partial list of the viruses that throne be called century percent polymorphic (late 1993) Bootache, CivilWar ( four transformations), Crusher, Dudley, Fly, Freddy, Ginger, Grog, Haifa, Moctezuma ( devil versions), MVF, Necros, Nukehard, PcFly (three versions), Predator, Satanbug, Sandra, Shoker, Todor, Tremor, Trigger, Uruguay (eight versions).These viruses require special methods of detection, including emulation of the viruses possible code, mathematical algorithms of restoring parts of the code and info in vi rus etc. decennary more rising viruses may be considered non-100 percent polymorphic (that is they do encrypt themselves but in decryption routine there always exist m whatsoever nonever-changing bytes) Basilisk, Daemaen, Invisible ( 2 versions), Mirea ( near(prenominal)what(prenominal)(prenominal) versions), Rasek (three versions), Sarov, Scoundrel, Seat, Silly, Simulation. However to detect them and to recruit the give objects code decrypting is still required, because the duration of nonchanging code in the decryption outine of those viruses is in any case chthonicsized. Polymorphic generators are as well as organism developed together with polymorphic viruses. whatever(prenominal)(prenominal)(prenominal) peeled ones appear utilizing more multi particularorial methods of generating polymorphic code. They acquire widely imbue over the bulletin board musical arrangements as archives containing object modules, catalogueation and examples of use. By the closing of 1993 there are septet know generators of polymorphic code. They are MTE 0. 90 (Mutation Engine), TPE (Trident Polymorphic Engine), four versions NED (Nuke Encryption Device), snort (Dark Angels Multiple Encryptor)Since then every year brought several untriedfangled polymorphic generators, so there is little sense in publishing the entire lists. Automating Production and viral Construction Sets Laziness is the moving deposit of progress (to construct the wheel because thats too lazy to carry mammoths to the cave). This traditional erudition needs no comments. But only in the middle of 1992 progress in the form of automating ware touched the land of viruses. On the fifth of July 1992 the starting clock viral code tress set apart for IBM PC compatibles called VCL (computer virus Creation Laboratory) version 1. 00 is tell for harvest-homeion and shipping.This set allows to generate well commented inception textbooks of viruses in the form or assembly language texts, object modules and infected files themselves. VCL uses example windowed interface. With the help of a menu corpse one passel choose virus instance, objects to infect (COM or/and EXE), forepart or absence of self encryption, measures of protection from debugging, legal injury text strings, optional 10 redundant effects etc. Viruses can use standard method of infecting a file by adding their body to the end of file, or alternate files with their body destroying the livestockal content of a file, or become familiar spirit viruses.And then it became a great deal easier to do wrong if you want whateverwhatbody to stool some computer trouble just excrete VCL and within 10 to 15 legal proceeding you wear 30-40 different viruses you may then run on computers of your enemies. A virus to every computer The further the better. On the 27th of July the start version of PS-MPC (Phalcon/Skism construct Code Generator). This set does not discombobulate windowed interface, it use s configuration file to generate viral inauguration code.This file contains commentary of the virus the type of infected files (COM or EXE) house physician capabilities (unlike VCL, PS-MPC can as well produce nonmigratory viruses) method of installing the occupier duplicate of the virus self encryption capabilities the baron to infect COMMAND. COM and lots of other effectual training. Another construction set G2 (Phalcon/Skisms G2 0. 70 beta) has been caused. It dungeoned PS-MPC configuration files, however allowing oft quantify more options when coding the comparable functions. The version of G2 I have is dated the maiden of January 1993.Apparently the pens of G2 spent the New Years evening in front of their computers. Theyd better have some champagne instead, this wouldnt hurt anyway. So in what way did the virus construction sets influence electronic wildlife? In my virus collection there are several hundreds of VCL and G2 based viruses over a super acid PS-MPC based viruses. So we have another tendency in development of computer viruses the increasing subdue of construction set viruses more unc one timealably lazy people join the ranks of virus makers, downgrading a respectable and productive profession of creating viruses to a mundane rough trade.Outside province The year 1992 brought more than polymorphic viruses and virus construction sets. The end of the year saw the introductory virus for Windows, which frankincense undefendable a wise scalawag in the hi story of virus fashioning. Being small (less than 1K in size) and utterly harmless this non resident virus rather proficiently infected practicables of new Windows format (NewEXE) a window into the world of Windows was straight-from-the-shouldered with its appearance on the scene. After some condemnation there appeared viruses for OS/2, and January 1996 brought the first Windows95 virus.Presently not a single week goes by without new viruses infecting non- disk opera te placement systems peradventure the problem of non- body politic viruses will soon become more important than the problem of DOS viruses. more or less seeming the process of changing priorities will resemble the process of DOS dying and new operating systems gaining specialisation together with their specific political platforms. As soon as all the existing software for DOS will be re fixed by their Windows, Windows95 and OS/2 analogues, the problem of DOS viruses becomes nonexistent and purely theoretical for computer fellowship. The first attempt to bring into existence a virus work in 386 defend manner was also make in 1993.It was a boot virus PMBS named after a text string in its body. After boot up from infected drive this virus switched to saved mode, make itself supervisory syllabus and then loaded DOS in virtual window mode V86. Luckily this virus was born of a sudden its second generation refused to propagate delinquent to several errors in the code. al ike that the infected system hanged if some of the programs tried to try outside the V86 mode, for example to determine the presence of extended memory. This un successful attempt to create supervisor virus remained the only one up to spring of 1997, when one capital of the Russian Federation prodigy released PM.Wanderer a quite successful implementation of a protected mode virus. It is unclear now whether those supervisor viruses might get a unfeigned problem for users and anti-virus program developers in the future. Most likely not because such(prenominal) viruses moldiness go to sleep eon new operating systems (Windows 3. xx, Windows95/NT, OS/2) are up and running, allowing for easy detection and killing of the virus. But a all-out stealing supervisor virus may mean a lot of trouble for pure DOS users, because it is absolutely impossible to detect such a stealth virus infra pure DOS. Macro Virus Epidemics rarified 1995. All the progressive humanity, The Microsoft and Bil l render personally celebrate the release of a new operating system Windows95. With all that noise the message most a new virus using basically new methods of transmittal came near unnoticed. The virus infected Microsoft boy documents. Frankly it wasnt the first virus infecting treatment documents. ahead forwards anti-virus companies had the first experimental example of a virus on their hands, which copied itself from one document to another. However nobody paid flagitious attention to that not quite successful experiment.As a impression virtually all the anti-virus companies appeared not ready to what came machine-accessible large virus epidemics and started to work out quick but inadequate measuring in order to put an end to it. For example several companies more or less concurrently released documents- anti-viruses, acting along around the like lines as did the virus, but destroying it instead of propagation. By the way it became necessary to correct anti-v irus books in a hurry because preceding the question, Is it possible to infect a computer by simply reading a file had been answered by a expressed No way with lengthy proofs of that. As for the virus which by that fourth dimension got its name, innovation, continued its ride of victory over the planet. Having most belike been released in some division of Microsoft Concept ran over thousands if not millions of computers in no time it all. Its not uncommon, because text exchange in the format of Microsoft record became in fact one of the industry standards, and to get infected by the virus it is sufficient just to open the infected document, then all the documents edited by infected reduplicate of Word became infected too.As a result having received an infected file over the cyberspace and assailable it, the unsuspecting user became infection peddler, and if his concurence was make with the help of MS Word, it also became infected Therefore the possibility of infecting MS Word multiplied by the swiftness of cyberspace became one of the most serious problems in all the history of existence of computer viruses. In less than a year, past in summer of 1996, there appeared the Laroux virus, infecting Microsoft excel spreadsheets. As it had been with Concept, these new virus was discovered almost simultaneously in several companies.The resembling 1996 witnessed the first big instruction virus construction sets, then in the graduation exercise of 1997 came the first polymorphic macro instruction viruses for MS Word and the first viruses for Microsoft index97. The flake of various macro viruses also change magnitude steadily reaching several hundreds by the summer of 1997. Macro viruses, which have opened a new page in August 1995, using all the project in virus making stash away for almost 10 years of dogging work and enhancements, actually do present the biggest problem for modern virology.Chronology of Events Its time to give a more detail ed description of pillowcases. Lets start from the very beginning. Late 1960s early 1970s Periodically on the mainframes at that period of time there appeared programs called the rabbit. These programs cloned themselves, occupied system resources, thus lowering the productivity of the system. Most believably rabbits did not copy themselves from system to system and were strictly topical anesthetic phenomena mistakes or pranks by system programmers servicing these computers.The first nonessential which may be well called an epidemic of a computer virus, happened on the Univax 1108 system. The virus called Pervading Animal merged itself to the end of executable files virtually did the aforesaid(prenominal) issue as thousands of modern viruses do. The first one- half(a) of 1970s The Creeper virus created to a lower place the Tenex operating system used orbicular computer engagements to spread itself. The virus was surefooted of entering a net by itself by modem and transf er a copy of itself to impertinent system. The Reeper anti-virus program was created to fight this virus, it was the first known anti-virus program.Early 1980s Computers become more and more popular. An increasing number of program appears pen not by software companies but by private persons, moreover, these programs may be freely apportiond and transfer through and through customary access servers electronic bulletin board. As a result there appears a huge number of miscellaneous trojan horse horses, programs, doing some shape of harm to the system when started. 1981 Elk Cloner bootable virus epidemics started on apple II computers. The virus attached itself to the boot sector of diskettes to which there were calls.It showed itself in many ways off over the display, do text displays blink and showed various messages. 1986 The first IBM PC virus Brain pandemic began. This virus infecting 360 KB diskettes became spread over the world almost momentarily. The secret of a suc cess like this late probably in make senseity unpreparedness of computer society to such a phenomenon as computer virus. The virus was created in Pakistan by brothers Basit and Amjad Farooq Alvi. They remaining a text message within the virus with their name, address and telephone number. fit in to the authors of the virus they were software vendors, and would like to know the extent of piracy in their country. alas their experiment left the borders of Pakistan. It is also elicit that the Brain virus was the first stealth virus, too if there was an attempt to read the infected sector, the virus substituted it with a clean original one. Also in 1986 a programmer named Ralph Burger found out that a program can create copies of itself by adding its code to DOS executables. His first virus called VirDem was the demonstration of such a capability.This virus was announced in declination 1986 at an underground computer forum, which consisted of hackers, specializing at that time on cracking VAX/VMS systems (Chaos Computer ball club in Hamburg). 1987 Vienna virus appears. Ralph Burger, whom we already now, gets a copy of this virus, disassembles it, and publishes the result in his book Computer Viruses a advanced Disease. Burgers book make the idea of writing viruses popular, explained how to do it, and therefore stirred creating up hundreds and in thousands of computer viruses, in which some of the ideas from his book were implemented. some more IBM PC viruses are macrocosm written nonparasiticly in the same year. They are Lehigh, infecting the COMMAND. COM file only Suriv-1 a. k. a. April1st, infecting COM files Suriv-2, infecting (for the first time ever) EXE files and Suriv-3, infecting both COM and EXE files. There also appear several boot viruses (Yale in ground forces, lapidate in New Zealand, PingPong in Italy), and the first self encrypting file virus cascade down. Non-IBM computers are also not forget several viruses for Apple Macintosh, Com modore Amiga and Atari ST have been detected.In December of 1987 there was the first total epidemics of a meshwork virus called Christmas point, written in REXX language and spread head itself under the VM/CMS operating environments. On the 9th of December this virus was introduced into the Bitnet interlock in one of West German universities, then via gateway it got into the European Academic query electronic engagement (EARN) and then into the IBM Vnet. In four days (Dec. 13) the virus paralytical the network, which was plenteous with copies of it (see the desk clerk example several pages earlier).On start-up the virus output an image of the Christmas tree and then sent copies of itself to all the network users whose addresses were in the corresponding system files name calling and NETLOG. 1988 On Friday the 13 1988 several companies and universities in many countries of the world got acquainted with the capital of Israel virus. On that day the virus was destroying files which were attempt to be run. Probably this is one of the first MS-DOS viruses which caused a echt pandemic, there were watchword about infected computers from Europe, America and the in-between East.Incidentally the virus got its name after one of the places it stroke the capital of Israel University. Jerusalem together with several other viruses (shower, Stoned, Vienna) infected thousands of computers still being unnoticed anti-virus programs were not as common then as they are now, many users and even professionals did not take in the existence of computer viruses. It is illustrious that in the same year the known computer guru Peter Norton announced that computer viruses did not exist. He declared them to be a myth of the same engaging as alligators in New York sewers. as yet this delusion did not prevent Symantec from jump its own anti-virus project Norton Anti-virus after some time. Notoriously false messages about new computer viruses started to appear, causing pa nic among the computer users. hotshot of the first virus hoaxes of this good-natured belongs to a Mike RoChenle (pronounced very much like Microchannel), who uploaded a lot of messages to the BBS systems, describing the supposed virus copying itself from one BBS to another via modem using festinate 2400 baud rate for that. Funny as it may seem many users gave up 2000 baud standard of that time and lowered the speed of their modems to 1200 baud.Similar hoaxes appeared even now. The most famous of them so far are GoodTimes and Aol4Free. November 1988 a total epidemic of a network virus of Morris (a. k. a. profit writhe). This virus infected more than 6000 computer systems in USA (including NASA research Institute) and lots paralyzed their work. Because of unique code of the virus it sent unbounded copies of itself to other network computers, like the Christmas direct worm virus, and for that reason completely paralyzed all the network resources. Total losses caused by the Mo rris virus were estimated at 96 millions of dollars.This virus used errors in operating systems Unix for VAX and Sun Microsystems to propagate. Besides the errors in Unix the virus utilized several more original ideas, for example picking up user passwords. A more detailed story of this virus and the corresponding accidents may be found in a rather detailed and interesting articles. December 1988 the era of worm viruses continues this time in DECNet. Worm virus called HI. COM output and image of beautify and informed users that they should stop computing and have a good time at home There also appeared new anti-virus programs for example, Doctors Solomons Anti-virus Toolkit, being one of the most fibrous anti-virus software presently. 1989 New viruses Datacrime, FuManchu appear, as do the intact families like Vacsina and Yankee. The first one acted extremely breakneckly from October thirteenth to December 31st it formatted hard disks. This virus broke free and caused total c ult in the masses media in Holland and big Britain. September 1989 1 more anti-virus program begins shipping IBM Anti-virus. October 1989 one more epidemic in DECNet, this time it was worm virus called WANK Worm.December 1989 an calamity with a Trojan horse called support. 20,000 copies were shipped on diskettes pronounced as back up Information Diskette Version 2. 0. After 90 boot-ups the Trojan program encrypted all the filenames on the disk, making them invisible (setting a hidden attribute) and left only one file readable wit for $189 payable to the address P. O. Box 7, Panama. The author of this program was apprehended and sent to jail. One should note that in 1989 there began total epidemics of computer viruses in Russia, caused by the same Cascade, Jerusalem and Vienna, which attack the computers of Russian users.Luckily Russian programmers clean quickly discovered the principles of their work, and virtually promptly there appeared several domestic anti-viruses, an d AVP (named -V) those time, was one of them. My first acquaintance with viruses (this was the Cascade virus) replaced in the world 1989 when I found virus on my office computer. This particular fact influenced my decision to change careers and create anti-virus programs. In a month the second disaster (Vacsina virus) was closed with a help of the first version of my anti-virus -V (minus-virus), several years later renamed to AVP AntiViral Toolkit Pro.By the end of 1989 several dozens of viruses herded on Russian lands. They were in order of appearance two versions of Cascade, several Vacsina and Yankee viruses, Jerusalem, Vienna, Eddie, PingPong. 1990 This year brought several notable events. The first one was the appearance of the first polymorphic viruses Chameleon (a. k. a. V2P1, V2P2, and V2P6). Until then the anti-virus programs used masks fragments of virus code to as sealed for viruses. After Chameleons appearance anti-virus program developers had to look for different methods of virus detection.The second event was the appearance of Bulgarian virus production factory enormous amounts of new viruses were created in Bulgaria. Disease wears the entire families of viruses Murphy, Nomenclatura, Beast (or 512, Number-of-Beast), the modifications of the Eddie virus etc. A certain Dark Avenger became extremely active, making several new viruses a year, utilizing fundamentally new algorithms of infecting and covering of the tracks in the system. It was also in Bulgaria that the first BBS opens, consecrate to exchange of virus code and education for virus makers.In July 1990 there was an incident with PC Today computer pickup ( striking Britain). It contained a floppy disk infected with DiskKiller virus. More than 50,000 copies were sold. In the second half of 1990 there appeared two Stealth monsters Frodo and track down. Both viruses utilized extremely tangled stealth algorithms on top of that the 9KB giant star used several levels of encrypting a nd anti-debugging techniques. 1991 Computer virus population grows continuously, reaching several hundreds now.Anti-viruses also show increasing activity two software monsters at once (Symantec and cardinal blot) issue their own anti-virus programs Norton Anti-virus and telephone exchange Point Anti-virus. They are followed by less known anti-viruses from Xtree and ordinal Generation. In April a full-scale epidemic broke out, caused by file and boot polymorphic virus called Tequila, and in September the same diverseness of story happened with Amoeba virus. Summer of 1991 Dir_II epidemic. It was a link virus using fundamentally new methods of infecting files. 1992Non-IBM PC and non-MS-DOS viruses are virtually bury mountains in spheric access network are closed, errors corrected, and network worm viruses wooly-minded the ability to spread themselves. File-, boot- and file-boot viruses for the most widely spread operating system (MS-DOS) on the most popular computer stupefy (IBM PC) are becoming more and more important. The number of viruses increases in geometrical to onward motion various virus incidents happen almost every day. Miscellaneous anti-virus programs are being developed, dozens of books and several periodic magazines on anti-viruses are being printed.A fewer things stand out Early 1992 the first polymorphic generator MtE, serving as a base for several polymorphic viruses which follow almost at present. Mte was also the double for a few forthcoming polymorphic generators. marching 1992 Michelangelo virus epidemics (a. k. a. marchland6) and the following craze took place. Probably this is the first known case when anti-virus companies make fuss about this virus not to protect users from any kind of danger, but attract attention to their product, that is to create profits.One American anti-virus society actually announced that on the 6th of March the information on over quintuple million computers will be destroyed. As a result of t he fuss after that the profits of different anti-virus companies jumped several times in reality only about 10,000 computers suffered from that virus. July 1992 The first virus construction sets were made, VCL and PS-MPC. They made large flow of new viruses even larger. They also stimulated virus makers to create other, more knock-down(a), construction sets, as it was make by MtE in its area.Late 1992 The first Windows virus appears, infecting this OSs executables, and starts a new page in virus making. 1993 Virus makers are starting to do some serious damage besides hundreds of mundane viruses which are no different than their counterparts, besides the whole polymorphic generators and construction sets, besides new electronic editions of virus makers there appear more and more viruses, using highly un general ways of infecting files, introducing themselves into the system etc. The main examples are PMBS, wording in Intel 80386 protected mode. Strange (or Hmm) a masterpiece of St ealth technology, however fulfilled on the level of hardware interrupts INT 0Dh and INT 76h. Shadowgard and Carbunkle, which widened debt range of algorithms of familiar viruses. Emmie, Metallica, Bomber, Uruguay and Cruncher the use of fundamentally new techniques of hiding of its own code wrong the infected files. In spring of 1993 Microsoft made its own anti-virus MSAV, based on CPAV by Central Point. 1994 The problem of CD viruses is acquire more important. Having quickly gained popularity CD disks became one of the main means of spreading viruses.There are several simultaneous cases when a virus got to the master disk when preparing the muddle CDs. As a result of that a fairly large number (tens of thousands) of infected CDs hit the market. Of course they cannot be cured, they just have to be destroyed. Early in the year in Great Britain there popped out two extremely compound polymorphic viruses, SMEG. Pathogen and SMEG. Queeg (even now not all the anti-virus programs ar e able to give 100% correct detection of these viruses). Their author placed infected files to a BBS, causing real panic and fear of epidemics in mass media.Another wave of panic was created by a message about a supposed virus called GoodTimes, spreading via the meshing and infecting a computer when receiving E-mail. No such virus really existed, but after some time there appeared a usual DOS virus containing text string Good Times. It was called GT-Spoof. equity enforcement increases its activities in Summer of 1994 the author of SMEG was sort out and arrested. Approximately at the same time also in Great Britain there was arrested an entire group of virus makers, who called themselves ARCV (Association for Really Cruel Viruses).Some time later one more author of viruses was arrested in Norway. There appear some new unusual enough viruses January 1994 shifter the first virus infecting object modules (OBJ files). Phantom1 the cause of the first epidemic of polymorphic virus in Moscow. April 1994 SrcVir the virus family infecting program source code (C and Pascal). June 1994 OneHalf one of the most popular viruses in Russia so far starts a total epidemics. September 1994 3APA3A a boot-file virus epidemic. This virus uses a highly unusual way of incorporating into MS-DOS.No anti-virus was ready to attain such kind of a monster. In 1994 (Spring) one of the anti-virus drawing cards of that time Central Point ceased to exist, acquired by Symantec, which by that time managed to swallow several minor companies, working on anti- viruses Peter Norton Computing, Cetus International and Fifth Generation Systems. 1995 Nothing in particular among DOS viruses happens, although there appear several complicated enough monster viruses like NightFall, Nostardamus, Nutcracker, also some funny viruses like bisexual virus RMNS and BAT virus Winstart.The ByWay and DieHard2 viruses become widespread, with news about infected computers coming from all over the world. Feb ruary 1995 an incident with Microsoft Windows95 demos disks are infected by Form. Copies of these disks were sent to beta testers by Microsoft one of the testers was not that lazy and tested the disks for viruses. Spring 1995 two anti-virus companies ESaSS (ThunderBYTE anti-virus) and Norman Data Defense (Norman Virus Control) announce their alliance. These companies, each making powerful enough anti- viruses, joined efforts and started working on a joint anti-virus system.August 1995 one of the turning points in the history of viruses and anti-viruses there has actually appeared the first alive virus for Microsoft Word (Concept). In some month the virus tripped around the world, pesting the computers of the MS Word users and becoming a firm No. 1 in statistic research held by various computer titles. 1996 January 1996 two notable events the appearance of the first Windows95 virus (Win95. Boza) and the epidemics of the extremely complicated polymorphic virus Zhengxi in St. Petersb urg (Russia). March 1996 the first Windows 3. virus epidemic. The name of the virus is Win. Tentacle. This virus infected a computer network a hospital and in several other institutions in France. This event is particularly interesting because this was the FIRST Windows virus on a spree. Before that time (as far as I know) all the Windows viruses had been lifetime only in collections and electronic magazines of virus makers, only boot viruses, DOS viruses and macro viruses were known to ride free. June 1996 OS2. AEP the first virus for OS/2, correctly infecting EXE files of this operating system.Earlier under OS/2 there existed only the viruses writing themselves instead of file, destroying it or acting as companions. July 1996 Laroux the first virus for Microsoft surmount caught live (originally at the same time in two rock oil making companies in Alaska and in gray African Republic). The idea of Laroux, like that of Microsoft Word viruses, was based on the presence of suppo sed macros (or Basic programs) in the files. Such programs can be included into both electronic spreadsheets of Microsoft Excel and Microsoft Word documents.As it dark out the Basic language reinforced into Microsoft Excel also allows to create viruses. December 1996 Win95. Punch the first memory resident virus for Windows95. It stays in the Windows memory as a VxD driver, hooks file access and infects Windows EXE files that are opened. In general the year 1996 is the start of widespread virus intervention into the Windows32 operating system (Windows95 and WindowsNT) and into the Microfoft berth drills. During this and the following(a) year several dozens of Windows viruses and several hunsdreds of macro viruses appeared.Many of them used new technologies and methods of infection, including stealth and polymorphic abilities. That was the contiguous round of virus evolution. During two years they repeated the way of improving exchangeable to DOS viruses. Step by step they star ted to use the same features that DOS viruses did 10 years beforehand, but on beside technological level. 1997 February 1997 Linux. Bliss the first virus for Linux (a Unix clone). This way viruses occupied one more biological niche. February-April 1997 macro viruses migrated to Office97.The first of them turned out to be only reborn to the format macro viruses for Microsoft Word 6/7, but also virtually immediately there appeared viruses aimed at Office97 documents exclusively. March 1997 ShareFun macro-virus collision Microsoft Word 6/7. It uses is not only standard features of Microsoft Word to propagate but also sends copies of itself via MS-Mail. April 1997 Homer the first network worm virus, using File ship Protocol (FTP) for propagation. June 1997 There appears the first self encrypting virus for Windows95. This virus of Russian origin has been sent to several BBS is in Moscow which caused an epidemic.November 1997 The Esperanto virus. This is the first virus that intends to infect not only DOS and Windows32 executable files, but also spreads into the Mac OS (Macintosh). Fortunately, the virus is not able to spread cross the platforms because of bugs. December 1997 new virus type, the so-called mIRC Worms, came into being. The most popular Windows network Relay Chat (IRC) utility known as mIRC prove to be hole allowing virus scripts to transmit themselves along the IRC-channels. The next IRC version blocked the hole and the mIRC Worms vanished. The KAMI ltd. nti-virus department has braked away from the mother company constituting the independent one what, certainly, is considered the main event of 1997. presently the company known as Kaspersky Labs and prove to be a recognized leader of the anti-virus industry. Since 1994 the AntiViral Toolkit Pro (AVP) anti-virus scanner, main product of the company, constantly shows high results while being tested by various test laboratories of all world. Creation of an independent company gave the chance t o the at first small group of developers to gain the lead on the domestic market and prominence on the world one.For short run versions for practically all popular platforms were developed and released, the new anti-virus solutions offered, the international distribution and the product support networks created. October 1997 the agreement on licensing of AVP technologies use in F-Secure Anti-Virus (FSAV) was signed. The F-Secure Anti-Virus (FSAV) package was the DataFellows (Finland) new anti-virus product. Before DataFellows was known as the F-PROT anti-virus package manufacturer. 1997 was also the year of several scandals between the anti-virus main manufacturers in US and Europe.At the year beginning McAfee has announced that its experts have detected a feature in the antivirus programs of Dr. Solomon, one of its main competitors. The McAfee testimony stated that if the Dr. Solomons antivirus while scan detects several virus-types the program switches to the advanced scan mode. W hat means that while examine some uninfected computer the Dr. Solomons anti-virus operates in the usual mode and switches to the advanced mode victimize mode according to McAfee enabling the performance to detect the invisible for the usual mode viruses while testing virus collections. because the Dr. Solomons anti-virus shows both good speed while scanning uninfected disks and good virus detection ability while scanning virus collections. A bit later Dr. Solomon stroked back accusing McAfee of the incorrect advertizement campaign. The claims were raised to the text The Number One Choice Worldwide. No Wonder The Doctors unexpended Town. At the same time McAfee was in the court together with arch Micro, another antivirus software manufacturer, concerning the Internet and email data scanning technology perceptible violation.Symantec also turned out to be involved in the cause and impeach McAfee of using the Symantec codes in the McAfee products. And etc. The year completio n by one more noteworthy event related to McAfee-name was marked McAfee Associates and Network General have declared consolidation into the new born Network Associates company and positioning of their services not only on the anti-virus protection software market, but also on the markets of computer safety universal systems, encryption and network judgeship. From this the virus and anti-virus history point McAfee would correspond to NAI. 998 The virus attack on MS Windows, MS Office and the network applications does not weaken. There arose new viruses employmenting still more complex strokes while infecting computers and advanced methods of network-to-computer penetration. Besides numerous the so-called Trojans, stealing Internet access passwords, and several kinds of the latent administration utilities came into the computer world. Several incidents with the infected CDs were revealed Some computer media publishers distributed CIH and Marburg (the Windows viruses) through CDs a ttached to the covers of their issues, with infected.The year beginning Epidemic of the Win32. HLLP. DeTroie virus family, not just infecting Windows32 executed files but also capable to transmit to the owner the information on the computer that was infected, shocked the computer world. As the viruses used specific libraries attached only to the French version of Windows, the epidemic has affected just the French talk countries. February 1998 One more virus type infecting the Excel tables Excel4. Paix (aka Formula. Paix) was detected.This type of a macro virus while rooting into the Excel tables does not employ the usual for the kind of viruses macro area but formulas that proved to be capable of the self-reproduction code accommodation. February March 1998 Win95. HPS and Win95. Marburg the first polymorphous Windows32-viruses were detected and furthermore they were in-the-wild. The anti-virus programs developers had nothing to do but rush to adjust the polymorphous viruses dete cting technique, knowing so far just for DOS-viruses, to the new conditions.March 1998 AccessiV the first Microsoft Access virus was born. There was no any expand about that (as it was with Word. Concept and Excel. Laroux viruses) as the computer society already got used to that the MS Office applications go down boneheaded and fast. March 1998 The Cross macro-virus, the first virus infecting two different MS Office applications Access and Word, is detected. Hereupon several more viruses transferring their codes from one MS Office application to the other have emerged.May 1998 The RedTeam virus infects Windows EXE-files and dispatches the infected files through Eudora e-mail. June 1998 The Win95. CIH virus epidemic at the beginning was mass, then became global and then turned to a kind of computer holocaust quantity of messages on computer networks and home personal computers infection came to the value of hundreds if not thousands pierces. The epidemic beginning was registe red in Taiwan where some vague hacker mailed the infected files to local Internet conferences.Therefrom virus has made the way to USA where through the cater oversight infected at once several popular entanglement servers that started to distribute infected game programs. Most likely these infected files on game servers brought about this computer holocaust that dominated the computer world all the year. According to the popularity ratings the virus pushed Word. CAP and Excel. Laroux to second cabin. One should also pay attention to the virus dangerous manifestation depending on the current date the virus erased Flash BIOS what in some conditions could kill motherboard.August 1998 Nascence of the centripetal BackOrifice (Backdoor. BO) utility of latent (hackers) management of remote computers and networks. After BackOrifice some other similar programs NetBus, Phase and other came into being. Also in August the first virus infecting the deep brown executed files Java. Stang eBrew was born. The virus was not any danger to the Internet users as there was no way to employ small for the virus replication functions on any remote computer. However it revealed that even the Web servers browsers could be attacked by viruses.November 1998 VBScript. Rabbit The Internet expansion of computer parasites proceeded by three viruses infecting VisualBasic scripts (VBS files), which being actively used in Web pages development. As the logical progeny of VBScript-viruses the full value HTML-virus (HTML. Internal) was born to life. Virus-writers obviously turned their efforts to the network applications and to the mental institution of full value Network Worm-Virus that could employ the MS Windows and Office options, infect remote computers and Web-servers or/and could aggressively replicate itself through e-mail.The anti-virus manufacturers world was also considerably rearranged. In May 1998 Symantec and IBM announced the union of their forces on the anti-virus mark et. The collective product would be under the Norton Anti-Virus trade mark distributed and the IBM Anti-Virus (IBMAV) program is liquidated. receipt of the main competitors, Dr. Solomon and NAI (former McAfee), followed immediately. They issued the press-releases offering the IBM product users to promotionally replace the dead anti-virus with their own products. Less then one month later Dr. Solomon connected suicide. The