On November 3, 1983, two computer scientists made history by calling a malicious program “computer virus” for the first time. Today, ESET has marked November 3 as Antimalware Day in honour of the work of Dr. Cohen and Prof. Adleman and the foundations they laid for research of computer threats. The day itself is designed to help reinforce the importance of antimalware globally in a world where threats seem to lie around every corner. Malware has been around longer than the web itself and, since 1983, has gone from strength to strength.
Michelangelo and Melissa are often seen as fairly simple by today’s sophisticated malware standards yet both marked significant turning points for computer security. Michelangelo, named after the famous renaissance painter who shared the same March 6th birth date, was a pre-internet era virus which in 1992 caused arguably the first ever public malware scare in history. Michelangelo was a boot sector virus, one that infects the start-up sectors of storage devices, often the boot sector of a floppy disk or the master boot record of a hard disk. Once it had infected a computer, it laid dormant until a specific date (March 6th) whereby critical data on the boot disk of any computer infected was overwritten, damaging the disk and rendering it unusable and the data nearly unrecoverable. The Michelangelo virus gained notoriety for its supposedly large-scale impact as there were estimations that the malware could have infected as many as 5 million computers - a significant amount in the early 90s. It was turned it into major news by mainstream media as a devastating security incident that could potentially wreak havoc on computers around the world. The impact of Michelangelo differed from what was expected with only several thousand computers being infected, however the news caught the public’s attention during a time when malware awareness was still low.
And on March 26, 1999, the world saw the spread of Melissa, a Visual Basic macro virus designed to “parasitize” Microsoft Word documents and to send itself to the first 50 email addresses in the Outlook address book of the infected computer. Unlike Michelangelo, the Melissa mass-mailing virus wasn’t created to cause damage but rather to spread itself around the internet via an infected email attachment which contained 80 pornographic websites. Compared to Michelangelo, the impact of Melissa was felt worldwide and due to the nature of being spread through email it was, at that time, the fastest-spreading virus in history. 100,000 computers and 300 different organizations were affected and the economic consequences were estimated in 80 million dollars in North America and in 1.1 billion dollars worldwide.
Attacks like these have brought increased malware awareness and the people are no longer easily fooled. These days attackers need to put more effort into social engineering in order to make potential victims fall into the trap. Now it is a money-making industry, encompassing networks of developers who are working full-time to create new ways of spreading unwanted, harmful software. We are seeing evermore advanced malware trends like IoT malware, with attacks being used as a gateway to implement a DDoS attack using botnets. Attacks have also become increasingly targeted and focused around monetization which we can see from the rise of malicious cryptomining, whereby cyber attackers take advantage of the current popularity of cryptocurrencies. Malware is continually evolving and becoming more technologically advanced, however Michelangelo and Melissa were also technologically advanced for their time. And so as malwares continues to evolve, so do the knowledge, software and strategies to better protect ourselves.