1992

Viruses for non IBM-compatible and non MS-DOS systems fade from the foreground at this time. Loopholes in global networks were closed, errors corrected, and network worms lost the conditions they required to spread – at least for the time being!

Instead, boot sector viruses were gaining popularity on the more commonly used operating systems (MS-DOS) on the most widely used platforms (IBM-PC). The number of viruses grew astronomically and security incidents occurred almost every day. New antivirus programs continued to appears as did several books and a number of regular publications dedicated to viruses. This was the background for some important developments in virus writing.

In the beginning of 1992 the first polymorphic generator, MTE appeared. Its primary purpose is to integrate with other viruses to facilitate their polymorphism. The author of this program, the infamous Dark Avenger, did everything possible to ease the work of his colleagues in this area. The MTE generator was delivered in the form of a ready to use module and was accompanied by documentation.

Due to MTE, several polymorphic viruses immediately appeared. MTE was also the forerunner of several other polymorphic generators, creating a headache for many antivirus companies. Even after months of work, many antivirus companies were unable to reach 100% results in detecting well-known versions of polymorphic viruses created with the help of MTE.

The first anti-antivirus programs appeared during this year. Peach was one of the first: it deleted the database of Central Point AntiVirus’s change inspector. If the antivirus program was unable to locate its database, then it acted as if it had been installed for the first time, recreating the database. In this way viruses avoided detection, and slowly infected the entire system.

Law enforcement agencies worldwide began developing departments specializing exclusively in computer crimes. For example, the Computer Crime Unit of The New Scotland Yard successfully disarmed the English virus group, ARCV (Association for Really Cruel Viruses). Great Britain’s proactive law enforcement position practically neutralized computer underground activity and even now, we are unaware of any serious organized groups of virus-writers there.

In March of 1992, we witnessed the Michelangelo (or March6) outbreak and the media hype in advance (the virus itself was first detected in 1991, but caused an outbreak in 1992) Though some experts predicted that over 5 million machines would be infected, only a few thousand machines actually suffered.

The VCL and PS-MPC virus constructors first appeared in July 1992. They allowed people to create their own viruses by adding a range of malicious payloads to the constructors This increased the number and potentially destructive effect of viruses, as did MTE.

1992 also brought Win.Vir_1_4, the first virus for Windows. Win.Wir_1_4 infected operating system executable files Despite the fact that the virus was poorly coded, had limited propagation ability, and had no special Windows functionality, it nevertheless opened a new chapter in the history of computer viruses.

On the antivirus vendor front, Symantec bought Certus International along with their proprietary antivirus product, Novi.