1997

In February of 1997, Linux Bliss, the first virus for the Linux operating system appeared. Viruses had moved to yet another environment. Although Linux viruses are a rarity, they have evolved since their first appearance. Viruses which run in the background have been developed for Linux, as well as a number of viable Trojans for this platform. If Linux were even half as popular asWindows obtained, the number of viruses for Linux would be far greater than the actual number of viruses which exist for this platform.The release of Microsoft’s Office 97 was noteable for the fact that macro viruses almost immediately migrated towards this application. The limited payloads (or in some cases the total absence thereof) of macro viruses created for MS Word 5.0 and Excel 5.0 resulted from a completely new version of Visual Basic for Applications, VBA 5.0 which differed significantly from Word Basic and VBA 3.0. The first viruses for MS Office 97 turned out to be almost identical to their predecessors, simply converted into a new format. Nevertheless soon new macro viruses developed exclusively for MS Office 97 appeared.

March 1997 was notable for the appearance of the ‘ShareFun’ macro virus for MS Word 6/7 which started a new chapter in computer history It became the first virus of its kind to spread using email, in particular MS Mail.

In April of 1997 the Homer virus was detected; this was the first network worm which used FTP to propagate.June 1997 brought the first self_encrypting virus for Windows 95, Win95.Mad. The virus, of Russian origin, was sent out to several BBS stations in Moscow causing a major epidemic.The ‘Esperanto’ virus was born in November 1997. It was an attempt, fortunately unsuccessful, to create a multi-platform virus which would be able to infect DOS, Windows and MacOS.The development of the Internet, and in particular the appearance of mIRC (Internet Relay Chat) sparked a great deal of interest, including that of virus writers. It didn’t take long for the malicious programs to start appearing.In December of 1997, the antivirus world publicized the appearance of a fundamentally new type of computer worm which spread via IRC channels. An analysis of mIRC, one of the more popular IRC utilities showed a dangerous security loophole. The directory for files downloaded via IRC coincided with the directory which held the SCRIPT:INI command file. The SCRIPT:INI file , which contained the body of the worm, could therefore be transferred to a remote computer, where it would automatically replace the original command file. When restarted, mIRC would activate the malicious code, and the worm would then send itself to other users. This error was quickly corrected and the rather primitive IRC worms had disappeared by summer. However, multi-component IRC worms which actively searched for SCRIPT.INI files (in mIRC clients), EVENTS.INI (in pIRCh) clients, and others. later appeared, working in a similar way to email worms; the user would receive anEXE, COM, BAT, file, which when launched, would replace the original command file.One of the more important events of 1997 was the split-off of one of the KAMI firm’s divisions led by Evgenii Kaspersky. This division became an independent company known as ‘Kaspersky Labs’ which is, today, recommended as a recognized technical leader in the antivirus industry. Since 1994, the company’s main product, AntiViral Toolkit Pro, consistently shows high results in numerous tests conducted by various testing laboratories across the world. The formation of an independent legal entity allowed a small group of developers to become, within two years, one of the its own country’s domestic leaders in addition to being generally well-known internationally. Little time was required to develop and release versions with new antivirus security technologies for virtually all popular platforms, and create a network of international distribution and technical support.

In October 1997, Kaspersky Lab and Finnish company Data Fellows (later renamed as F-Secure Corporation) signed an agreement to licensing an antivirus engine in their newest development product, FSAV (F-Secure Anti-Virus). Prior to this, Data Fellows had been well-known as the developer of F-PROT antivirus.

1997 will also long be remembered as a year of petty squabbles. Several scandals evolved at the same time between some of the larger antivirus manufacturers. Atthe beginning of the year, McAfee announced that they had discovered a ‘bookmark’ in the programs of one of their main competitors, antivirus firm Dr. Solomon’s. McAfee’s announcement continued in saying that if Dr. Solomon’s antivirus program discovered several viruses during a scan-check, then it completed its work in an elevated mode. In other words, if the program worked in a normal mode in normal conditions, then in testing for several viruses it switched to an intense mode (or in McAfee’s words, a ‘cheat mode’) which allowed the detection of viruses previously invisible to Dr. Solomon’s in normal scanning mode. As a result, the testing of uninfected discs showed good speed results and the scan tests of virus collections showed good detection results.

Dr. Solomon’s response was not long in the waiting, and the company soon filed suit against McAfree’s recent marketing campaign which claimed that McAfee was, ‘The Number One Choice Worldwide. No Wonder The Doctor’s Left Town’. This was an obvious reference to Alan Solomon, the founder of Dr. Solomon’s who had in fact, earlier transferred control of his company to its senior management.

Perhaps even more scandalous was the affair of the Taiwanese developer Trend Micro who accused two of the leading antivirus companies, McAfee and Symantec, of violating its patent on virus scan-checking technology via Internet and electronic mail. Shortly afterward Symantec leapt into the fray with its own accusations, alleging that McAfee was guilty of using code from Symantec’s Norton AntiVirus.

The year came to a close with MacAfee Associates and Network General announcing their intent to merge into a single Network Associates Inc (NAI) in order to diversify into other computer security systems as well (such as encryption, multi-networked screens, network scans, etc. However, at the end of 1999 NAI’s management decides to bring new life into the McAfee brand and line of antivirus products and the company reverted to its old name.