1990 saw several important developments in virus writing. Virus writers developed new features and establish well-publicized communities to share information.
To start with, the first polymorphic viruses appeared in 1990: the Chameleon family (1260, V2P1, V2P2, and V2P6), which evolved from two earlier well-known viruses, Vienna and Cascade. Chameleon’s author, Mark Washburn, used Burger’s book on the Vienna virus and then added features from the self-encoding Cascade virus. Unlike Cascade, Chameleon was not only encrypted, but the virus code also changed with every infection. This particular feature rendered contemporary antivirus programs useless. Up to that point, antivirus programs had depended on an ordinary context search, for pieces of known virus code. Chameleon did not have permanent code which made the development of new types of antivirus programs priority number one. These developments were not long in coming. Soon thereafter, antivirus experts invented special algorithims to identify polymorphic viruses. Later, in 1992, Eugene Kaspersky developed an even more effective method for neutralizing polymorphic viruses: a processor-emulator for deciphering codes. Today, this technology is an integral attribute of all antivirus programs.
The second important milestone was the appearance of the Bulgarian Virus Producing Factory. Throughout this year and for a number of years afterwards, a large number of viruses of Bulgarian origin were detected in the wild. They included entire virus families such as Murphy, Nomenclatura, Beast (or 512 or Number of Beast), new modifications of Eddie, and many more.
A virus writer named Dark Avenger was particularly active: he released several viruses a year, which incorporated new infection and concealment techniques. It was Dark Avenger who first employed a technique where the virus, when detected, would automatically infect all files in the computer, even if the file was opened for read-only purposes. Dark Avenger demonstrated exceptional ability, not only in creating viruses, but in spreading them as well. He actively loaded infected programs onto BBSs, distributed source codes for his viruses, and advocated the creation of new viruses in every way possible.
The first BBS (VX BBS) aiming to provide an open forum for the exchange of viruses and information for virus writers was established in Bulgaria, probably by Dark Avenger. The philosophy behind the board was simple: if a user uploaded a virus, then in exchange he was allowed to download one from the board’s catalog. If the user submitted a new and interesting virus, then he was granted full access to the board’s resources and could download an unlimited quantity of viruses from the collection. It almost goes without saying what a powerful effect VX BBS had on the development of viruses, especially since the board was open to the whole world, not just Bulgaria.
In July of 1990, a serious incident occurred with the English computer magazine PC Today. Each issue of the magazine contained a free floppy disc which turned out to be infected with a copy of DiskKiller. More than 50,000 copies of the magazine were sold. The resulting epidemic made virology history!
Two innovative stealth viruses appeared in the second half of 1990: Frodo and Whale. Both used an incredibly complex algorithm to conceal themselves in the system. The nine kilobyte Whale, in addition, employed several levels of encryption and whole array of tricky anti-debugging techniques.
The first Russian viruses appeared: Peterburg, Voronezh, and LoveChild.
In December of 1990, EICAR (European Institute for Computer Antivirus Research) was established in Hamburg, Germany. The institute is still considered one of the most respected international organizations, uniting professionals from practically all major antivirus companies.
Machine learning has long permeated all areas of human activity. I would like to warn about, or dispel, some of the misconceptions associated with the use of ML in the field of cybersecurity. Read Full Article
Kaspersky Lab researchers presented a closing keynote and three other papers related to targeted attacks and APT research at Virus Bulletin 2015 in Prague. Read Full Article