Tag Archive for Elk Cloner

| August 28, 2012
One comment

A History of Mac Malware: Part 1

A History of Mac Malware: Part 1Graham Cluley at Sophos recently wrote an excellent history of Apple Macintosh malware. He points out that Mac malware is a subject that raises strong emotions. There are some who believe that the problem is over-hyped and others who believe that the malware problem on Macs is underestimated by the Apple-loving community. The author writes that hopefully, this short history will go some way to present the facts and encourage sensible debate. (rb- We have just taken on a new customer which is 85% Mac and 15% PC. I have had this very conversation with my Apple certified tech who does the field support.)

Click here for part two of this series. Click here to read my recent series commemorating the 25th anniversary of the computer virus.

Apple II1982 – Apple II – The first virus to affect Apple computers wasn’t written for the Macintosh (the original Mac did appear until 1984). 15-year-old student Rich Skrenta wrote the Elk Cloner virus, capable of infecting the boot sector of Apple II computers. On every 50th boot the Elk Cloner virus would display a short poem:

It will get on all your disks
It will infiltrate your chips
Yes, it’s Cloner!

It will stick to you like glue
It will modify RAM too
Send in the Cloner!

The blog says many Apple fans are surprised that the Elk Cloner boot sector virus predates IBM (IBM) PC viruses by some years. (I got my first paying tech job using an Apple II and PFS:File to build a database).

1987 – Macintosh – The nVIR virus began to infect Apple Macintosh computers, spreading its malware mainly by floppy disk. It was a similar story to what was happening in the world of MS-DOS malware, where viruses would typically travel from computer to computer by users sharing floppy disks.

Source code for nVIR was later made available, causing a rash of variants for the Mac platform. The author writes that the first anti-virus products for Mac, some free, some commercial, began to emerge in response th this malware. (In my first tech support Job, I got very familiar with the Mac 30/SE, since there was a computer lab full of them with a SCSI chain from the Mac to an external hard drive to a scanner. They also printed to a LaserWriter 2 with AppleTalk and Phonenet. I still have a bag of terminators.)

Mac 30/SE1988 – HyperCard – Running on early versions of Apple’s Mac OS, one HyperCard virus displayed a message about Michael Dukakis’s US presidential bid before self-destructing:

Greetings from the HyperAvenger! I am the first HyperCard virus ever. I was created by a mischievous 14-year-old, and am completely harmless. Dukakis for preseident (sic) in ’88. Peace on earth and have a nice day

1990 – The MDEF virus (aka Garfield) emerged, spreading malware on application and system files on the Mac.

1991 – HC (also known as Two Tunes or Three Tunes) was a HyperCard virus discovered in Holland and Belgium in March 1991. The writes that on German language versions of the operating system it would play German folk tunes and display messages such as “Hey, what are you doing?” and “Don’t panic.”

Microsoft Office1995 – Concept Macro Virus – Microsoft (MSFT) accidentally shipped the first-ever Word macro virus, Concept, on CD-ROM. It infected both Macs and PCs running Microsoft Word. Concept was not written with malicious intent but thousands of macro viruses were to follow, many also affecting Microsoft Office for Mac. Word macro viruses turned the world of Mac *and* Windows malware on its head overnight according to Sophos.

Macro viruses are written in an easy-to-understand macro language that Microsoft included in its Office programs making it. The blog says the macro language made it child’s play to create new malware variants. Most people at the time considered documents to be non-dangerous and were happy to receive them without thinking about the security risks. Just opening a Word .DOC file could infect your computer because the macro virus’s code was embedded within.

1996 – Laroux  Excel macro virus – The Laroux virus did not affect Mac users until Microsoft released Excel 98 for Mac and then Apple users could also become victims.

QuickTime logo1998 – Hong Kong introduced the next significant Mac malware outbreak the blog says.  It was first spotted in the wild in Hong Kong. The worm – dubbed AutoStart 9805 – spread rapidly in the desktop publishing community via removable media, using the CD-ROM AutoPlay feature of QuickTime 2.5+. (rb- An AutoPlay issue – whoda thunkit?). In the same year, Sevendust, also known as 666, infected applications on Apple Mac computers.

After 1988 Mr. Cluely writes that big changes to the Mac malware scene were just around the corner. The release of Mac OS X, a whole new operating system which would mean that much of the old malware would no longer be capable of running. Mac-specific malware would have to be written with a new OS in mind.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| June 25, 2011
Comments Off on 40 Years of Malware – Part 2

40 Years of Malware – Part 2

40 Years of Malware - Part 22011 marks the 40th anniversary of the computer virus. Help Net Security notes that over the last four decades, malware instances have grown from 1,300 in 1990, to 50,000 in 2000, to over 200 million in 2010. Fortinet (FTNT) marks this dubious milestone with an article that counts down some of the malware evolution low-lights.

The Sunnyvale, CA network security firm says that viruses evolved from academic proof of concepts to geek pranks which have evolved into cybercriminal tools. By 2005, monetization of the virus scene was underway and almost all viruses developed for the sole purpose of making money via more or less complex business models. According to FortiGuard Labs, the most significant computer viruses over the last 40 years are:

See Part 1 Here – See Part 2 Here  – See Part 3 Here  – See Part 4 Here

1945 – A Bug is Born –  Grace Murray Hopper, a researcher at Harvard, notes a system failure and finds a moth trapped in relay panels.

1949 – Self-replicating programsJohn von Newman a researcher from Hungary published the theoretical base for computers that store information in their “memory”.

1962 – A group of Bell Telephone Labs researchers invents a game that destroys software programs.

1971 – The Creeper Virus appears on ARPANET, the forerunner of the Internet. It replicates itself and displays a message: “I’m the Creeper: Catch Me if You Can.”

1974 – The Wabbit – was a self-replicating program, that made multiple copies of itself on a computer until it bogs down the system to such an extent that system performance is reduced to zero and the computer eventually crashes. This virus was named wabbit because of the speed at which it was able to replicate.

Apple IIe1981 – Elk Cloner – the first widespread virus on the Apple (AAPL) II platform, spreads by the floppy disk and infects boot sectors, generating messages and impairing performance.

1983 –  The term “computer virus” comes into vogue after Professor Len Adleman at Lehigh University demonstrates the concept at a seminar.

1986 – The Brain is the first global epidemic on the PC platform and shows businesses and consumers are clueless about protection.

1987 – Jerusalem virus – On any Black Friday (Friday the 13th), it would delete any programs that were run, instead of infecting them, so it simply couldn’t be ignored,” Roger Thompson told News.com, Australia. “You couldn’t throw away your hard drive, and reformatting it didn’t remove the virus,” the chief research officer for AVG said.

BSD Daemon1988 – The Morris worm – created by Robert Tappan Morris, infects DEC VAX and Sun machines running BSD UNIX connected to the Internet and becomes the first worm to spread extensively “in the wild”, and one of the first well-known programs exploiting buffer overrun vulnerabilities.

1990 – Chameleon– the first documented polymorphic virus, malware that adapts and changes to avoid detection.

1992 – Michelangelo – was expected to create a digital apocalypse on March 6, with millions of computers having their information wiped according to mass media hysteria surrounding the virus.  Later assessments of the damage showed the aftermath to be minimal.

1995 –  Concept – the first Macro virus attacked Microsoft (MSFT) Word documents.

1996 – Laroux – the first Microsoft (MSFT) Excel virus, appears in the wild.

1999 – The Happy99 worm – invisibly attached itself to emails and would display fireworks to hide the changes being made then wished the user a happy New Year. It modified system files related to Microsoft (MSFT) Outlook Express and Internet Explorer (IE) on Windows 95 and Windows 98.

1999 – The Melissa worm targeted Microsoft (MSFT) Word and Outlook-based systems, and created considerable network traffic.

rb-

Back in the day, I had to deal with both Happy99 and Melissa, as well as the occasional Stoned. Melissa was the easiest to deal with since I was running a GroupWise shop at the time, once the news spread, we just pulled the Cat5 from the GWIA and we saw minimal blowback. Let’s hear it for technological diversity.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , ,