January marks the 25-year anniversary of the first mainstream computer virus. Known as Brain, it was actually developed to prevent software piracy by Pakistani brothers who famously included their address and phone numbers in the code. It was a relatively benign beginning for technology that would become the scourge of the computing world.
Since Brain's release in 1986 there have been countless advances in the technology viruses use to hide and spread themselves.
This has also driven countless advances in networking and security, causing an evolution not only of the way we protect ourselves from malicious software — or malware — but also of the methods through which we are attacked.
"Today, PCs are connected to each other and connected to the internet," said Bill McGee, vice-president of data centres and emerging technologies at computer security company Trend Micro. "From an attacker's point of view, they're reaching out to multiple devices much more easily than 25 years ago."
Simple viruses have given way to a wide category of threats. Different kinds of so-called malware can do a range of things, from logging your keystrokes and sending passwords to a thief, to letting hackers take control of a computer so they can use it for a variety of illegal activities.
The prevalence of malware growth is shocking. According to the Symantec 2010 Annual Security Report, the rate of infected emails in 2010 was one in every 284.2 messages. It adds that in 2010, the company identified 339,600 different types of malware in email messages, "over a hundredfold increase over 2009."
Where does Canada stand?
- Symantec's Intelligence Quarterly Report for July to September 2010 said Canada was ranked No. 10 in terms of countries where the "highest amount of malicious activity took place or originated." The U.S. was No. 1.
- Trend Micro's 2010 rankings, which are adjusted for population, rank Canada 6th with 5.622 targets per 1 million people. Russia was 1st with 634 per 1 million people.
Emails and physical media have taken a back seat to the primary method for transmission of malicious software: websites. Users are now constantly exposed to potentially infectious viruses and spam while simply surfing the web. The Symantec report says that in 2010, the average number of malicious websites blocked each day rose to 3,188 compared with 2,465 in 2009 — an increase of 29.3 per cent — and almost 90 per cent were legitimate, but compromised websites.
"The type of attacker has also changed from one that was doing it as a hobby to now people who are doing as their job," said McGee.
This is a far cry from the two Pakistani brothers who innocently included their contact information with the original Brain virus.
Sam Masiello, director of threat management at McAfee Inc., agrees that cyber crime is becoming more organized. The industry is seeing fewer "en masse" threats because they were becoming increasingly easy to detect, he said.
"The advantage to criminals today is that they can change the virus on the fly. They can change it every couple of minutes, every couple of hours, or they can even write it so that every single download changes it," he said.
Today's front line
Digital security now requires the same attention that one's physical security demands against thieves. Though cyber security may not necessarily be a case of life or death, identity theft or compromised financial information is not always traceable and can cripple an individual.
According to McGee, the sheer volume of networked computers has grown so dramatically over the past decade that it has become impractical to attempt to secure compromised systems solely by reacting to threats.
"For 15 years, using a reactive method of antivirus was sufficient to protect computing environments, but we found that this is just not scalable given how widely connected the internet is," McGee said.
A reactive approach refers to the process where an attacker releases malware, security companies recognize the threat and then move to patch a security hole or address ways to identify and neutralize a virus. But these days there are too many threats, and they evolve too quickly.
"There's a lot of proactive technology we have to look at, because malware is changing very quickly," Masiello added. Attacks can now focus on organizations, small groups or even individuals, he said.
This realization has caused security companies to adopt preventive techniques as their primary weapon against malicious code. Protection now involves not only detecting viruses and other threats, but also flagging websites that could be infected and warning users in advance that they could be at risk so that they can avoid sketchy sites entirely.
"We needed to complement reactive protection with proactive measures. Proactive methods of protecting users are becoming more and more critical to providing good protection," said McGee.
Masiello says security companies are also taking a page from property-crime investigators. He says traditional law enforcement methods can often identify criminals based on patterns they have demonstrated in crimes previously committed.
"In the cyber world it works pretty much in the same way. There are criminals that style their code in a certain way. If you can identify what those patterns are, then it can help to identify new variances in malware," said Masiello.
Focus shifts to mobile
Cyber criminals also have mobile systems in their sights. Modern smartphones and tablets have much of the same computing capabilities as home computers, and people who use phones to store data and do online transactions without being aware of the risks could be targeted.
"We are seeing more diversification with browsing technologies, operating systems and devices. Attackers are going to move to these new devices as the volume of use of them is increasing so dramatically," said McGee.
Web services like Facebook and other products that are not hosted locally already have significant security measures in place. But in the event that they were compromised, a very large population of users could be affected.
Masiello says users must be careful and sceptical, particularly with regard to mobile platforms and geo-location technology.
"Users have to be really conscious of the fact that there's a lot of people out there potentially writing malicious applications and trying to take over your phone," he said.
To help combat this epidemic of computer viruses and malware, Masiello advocates greater international oversight. As developing countries begin to establish broadband infrastructure, they must do so with security in mind, he said, but unfortunately many are not.
- Love Bug: In 2000, users who opened emails with the subject ILOVEYOU were infected.
- Melissa: In 1999, programmed in Microsoft Word macro, infected users emailed contacts in your address book.
- Creeper: In 1971, what was likely the first virus ever, targeted only ARPANET systems and did not cause any damage.
- Elk Cloner: In 1982, this virus was written by a high school student and affected Apple II floppy disks.
This leaves a significant entry point for criminals, and malware and cyber crime are not limited by political or geographical borders.
For example, the Symantec Global Security Threat Report ranked the U.S. as the No. 1 country where malicious activity originated or took place in the third quarter of 2010, which might be expected given its technological and economic influence. But it was followed by Brazil and India, with Germany in fourth place and China fifth. Canada came in at No. 10.
Jurisdictional limitations serve to harbour criminals and threaten sensitive data on a global scale, regardless of nationality.
"We need to have better collaboration and better co-operation across government and law enforcement," Masiello said. "In a lot of cases, these criminals are hiding out in countries that don't have reciprocity with Canada or the United States."