Malware History and Evolution! - A brief history and evolution with AI

Malware History and Evolution! - A brief history and evolution with AI

For more than 60 years, computer viruses have been part of collective human consciousness, however what was once simply cyber vandalism has turned quickly to cybercrime. Worms, Trojans and viruses are evolving. Hackers are motivated and clever, always willing push the boundaries of connection and code to devise new infection methods. The future of cybercrime seems to involve more PoS (point of sale) hacks, and, perhaps, the recent Moker remote access Trojan is a good example of what's to come. This newly-discovered malware is hard to detect, difficult to remove and bypasses all known defenses. Nothing is certain—change is the lifeblood of both attack and defense.

AI powered malwares

To combat AI malware, security researchers and organizations are also leveraging artificial intelligence and machine learning techniques to develop advanced security solutions capable of detecting and mitigating AI-driven threats.

Evolution:

1950	Turing Test	Often considered the father of modern computer science, Alan Turing was famous for his work developing the first modern computers, decoding the encryption of German Enigma machines during the second world war, and detailing a procedure known as the Turing Test, forming the basis for artificial intelligence
1952	The Checkers Program	The first AI program to run in the United States also was a checkers program, written in 1952 by Arthur Samuel for the prototype of the IBM 701.
1955	The Logic Theorist	December 1955 Herbert Simon and Allen Newell develop the Logic Theorist, the first artificial intelligence program, which eventually would prove 38 of the first 52 theorems in Whitehead and Russell's Principia Mathematica.
1956	Dartmouth College	The field of AI research was founded at a workshop held on the campus of Dartmouth College, USA during the summer of 1956. John McCarthy coined the term "artificial intelligence" in 1956 and drove the development of the first AI programming language, LISP, in the 1960s. Early AI systems were rule-centric, which led to the development of more complex systems in the 1970s and 1980s, along with a boost in funding Turing's theory suggests that with enough computational power and the right algorithms, we could create an AGI system that achieves parity with human intelligence. In other words, we could witness a profound convergence of human and machine capabilities, blurring the lines between what is human and what is artificial.
1966	Theory of Self-Replicating Automata	The paper was effectively a thought experiment that speculated that it would be possible for a "mechanical" organism—such as a piece of computer code—to damage machines, copy itself and infect new hosts, just like a biological virus A self-replicating machine is a type of autonomous robot that is capable of reproducing itself autonomously using raw materials found in the environment, thus exhibiting self-replication in a way analogous to that found in nature.
1971	The Creeper Program	As noted by Discovery, the Creeper program, often regarded as the first virus, was created in 1971 by Bob Thomas of BBN. Creeper was actually designed as a security test to see if a self-replicating program was possible. It was—sort of. With each new hard drive infected, Creeper would try to remove itself from the previous host. Creeper had no malicious intent and only displayed a simple message: "I'M THE CREEPER. CATCH ME IF YOU CAN!"
1974	The Rabbit Virus	According to InfoCarnivore, the Rabbit (or Wabbit) virus was developed in 1974, did have malicious intent and was able to duplicate itself. Once on a computer, it made multiple copies of itself, severely reducing system performance and eventually crashing the machine. The speed of replication gave the virus its name.
1975	The First Trojan	Called ANIMAL, the first Trojan (although there is some debate as to whether this was a Trojan, or simply another virus) was developed by computer programmer John Walker in 1975, according to Fourmilab. At the time, "animal programs," which try to guess which animal the user is thinking of with a game of 20 questions, were extremely popular. The version Walker created was in high demand, and sending it to his friends meant making and transmitting magnetic tapes. To make things easier, Walker created PERVADE, which installed itself along with ANIMAL. While playing the game, PREVADE examined all computer directories available to the user and then made a copy of ANIMAL in any directories where it wasn't already present. There was no malicious intent here, but ANIMAL and PREVADE fit the definition of a Trojan: Hiding inside ANIMAL was another program that carried out actions without the user's approval
1982	Elk Cloner	Elk Cloner for the Apple II is developed. It spreads quickly across Apple II machines through floppy disks, and displays a short taunting poem.
1986	The Brain Boot Sector Virus	Brain, the first PC virus, began infecting 5.2" floppy disks in 1986. As Securelist reports, it was the work of two brothers, Basit and Amjad Farooq Alvi, who ran a computer store in Pakistan. Tired of customers making illegal copies of their software, they developed Brain, which replaced the boot sector of a floppy disk with a virus. The virus, which was also the first stealth virus, contained a hidden copyright message, but did not actually corrupt any data.
1986	Brain	The first computer virus for the IBM Personal Computer (IBM PC) was released on January 19, 1986, called "Brain". The virus was developed by Pakistani siblings Amjad and Basit Farooq Alvi to prevent copyright infringement by preventing users from using copied versions of their software.
1987	The Jerusalem virus is released.	Designed to destroy files on every occurrence of Friday the 13th, this is one of the first time-release viruses that have appeared repeatedly since
1992	Michelangelo Worm	A media frenzy is created as the Michelangelo worm threatens to wipe machines around the world on March 6th. Damage is minimal, but the public profile of malware is raised
1999	Happy99 virus The Melissa worm Kak worm	More advanced malware such as the Happy99 virus, the Melissa worm, and Kak worm are released. These spread very quickly through Microsoft environments used by many internet users
2000	The LoveLetter Virus	The introduction of reliable, speedy broadband networks early in the 21st century changed the way malware was transmitted. No longer confined to floppy disks or company networks, malware was now able to spread very quickly via email, via popular websites or even directly over the Internet. As a result, modern malware began to take shape. The threat landscape became a mixed environment shared by viruses, worms and Trojans—hence the name "malware" as an umbrella term for malicious software. One of the most serious epidemics of this new era was the LoveLetter, which appeared on May 4, 2000. As Securelist notes, it followed the pattern of earlier email viruses of the time, but unlike the macro viruses that had dominated the threat landscape since 1995, it didn't take the form of an infected Word document, but arrived as a VBS file. It was simple and straightforward, and since users hadn't learned to be suspicious of unsolicited emails, it worked. The subject line was "I Love You," and each email contained an attachment, "LOVE-LETTER-FOR-YOU-TXT.vbs." The ILOVEYOU creator, Onel de Guzman, designed his worm to overwrite existing files and replace them with copies of itself, which were then used to spread the worm to all the victims' email contacts. Since the message often came to new victims from someone familiar, they were more likely to open it, making ILOVEYOU a proof-of-concept for the effectiveness of social engineering.
2000	Yahoo DDOS Attack	A 15-year-old Canadian boy crashes Yahoo.com via a DDoS attack. Yahoo was the number one search engine at the time
2001	The Code Red Virus	The Code Red computer worm was first observed on July 15, 2001, and infected more than 359,000 computers on July 19, 2001. It was the first malware to be classified as fileless, and it attacked computers running Microsoft's IIS web server. The worm is believed to have originated in Makati, Philippines.  Code Red infected computers worldwide, particularly in Europe, North America, and Asia. The worm included the text string "Hacked by Chinese!" on web pages defaced by the malware.  Code Red was discovered by eEye Digital Security employees Mark Maiffret and Ryan Permeh. They named it Code Red because they were drinking Code Red Mountain Dew at the time of the discovery.  The Code Red worm was a "file less" worm—it existed only in memory and made no attempt to infect files on the system. Taking advantage of a flaw in the Microsoft Internet Information Server, the fast-replicating worm wreaked havoc by manipulating the protocols that allow computers to communicate and spread globally in just hours. Eventually, as noted in Scientific American, compromised machines were used to launch a distributed denial of service attack on the Whitehouse.gov website.
2001	Nimda	Worms like Nimda are released, building off vulnerabilities and backdoor entrances created by earlier worms
2004	Santy	Santy, the first "webworm", spreads through phpBB and uses Google to find new targets.
2007	Estonia DDoS Attack	Estonia is hit by a deliberate DDoS attack, crashing the prime minister's site as well as several government-run organizations such as schools and banks.
2008	Conficker	Conficker, one of the most widespread and notorious pieces of malware ever created, infects approximately 10 million Microsoft server systems, including government and military machines. The media attention garnered by Conficker helps further raise the idea of network security in the public consciousness.
2008 - 2009	Scareware	The number of "Scareware" programs - a program that looks like an anti-malware program but is in actuality a form of malware itself - rises rapidly. These programs continue to plague internet users with offers to scan their machines or remove supposedly serious viruses, while spreading their own malware when downloaded.
2010	Stuxnet	Stuxnet appears, and is alleged to have targeted Iranian nuclear facilities. It is widely viewed as the most advanced form of malware ever created. Stuxnet is a well-known example of AI-powered malware. It was discovered in 2010 and specifically targeted industrial control systems, particularly those used in Iranian nuclear facilities. Stuxnet's AI capabilities allowed it to evade detection and spread efficiently by analyzing and exploiting vulnerabilities.
2012	Zappos	Zappos, a popular online ecommerce site specializing in shoes is hacked. During the security breach, the site's 24 million customers names, email addresses, partial credit card numbers and other information was exposed
2001	The Code Red Virus	The Code Red computer worm was first observed on July 15, 2001, and infected more than 359,000 computers on July 19, 2001. It was the first malware to be classified as fileless, and it attacked computers running Microsoft's IIS web server. The worm is believed to have originated in Makati, Philippines.  Code Red infected computers worldwide, particularly in Europe, North America, and Asia. The worm included the text string "Hacked by Chinese!" on web pages defaced by the malware.  Code Red was discovered by eEye Digital Security employees Mark Maiffret and Ryan Permeh. They named it Code Red because they were drinking Code Red Mountain Dew at the time of the discovery.  The Code Red worm was a "file less" worm—it existed only in memory and made no attempt to infect files on the system. Taking advantage of a flaw in the Microsoft Internet Information Server, the fast-replicating worm wreaked havoc by manipulating the protocols that allow computers to communicate and spread globally in just hours. Eventually, as noted in Scientific American, compromised machines were used to launch a distributed denial of service attack on the Whitehouse.gov website.
2014	Heartbleed	One of the most recent of the major viruses came out in 2014, Heartbleed burst onto the scene and put servers across the Internet at risk. Heartbleed, unlike viruses or worms, stems from a vulnerability in OpenSSL, a general purpose, open source cryptographic library used by companies worldwide. OpenSSL periodically sends out "heartbeats" to ensure that secure endpoints are still connected. Users can send OpenSSL a specific amount of data and then ask for the same amount back—for example, one byte. If users claim they're sending the maximum allowed, 64 kilobytes, but only send a single byte, the server will respond with the last 64 kilobytes of data stored in RAM, notes security technologist, Bruce Schneier, which could include anything from user names to passwords to secure encryption keys.
2018	Deeplocker	DeepLocker is an AI-powered malware developed by IBM Security. It uses AI techniques, specifically deep learning algorithms, to target specific victims and remain undetected until specific conditions are met. DeepLocker's AI capabilities make it highly sophisticated and difficult to detect by traditional antivirus systems. “What is unique about DeepLocker is that the use of AI makes the 'trigger conditions' to unlock the attack almost impossible to reverse engineer. The malicious payload will only be unlocked if the intended target is reached. It achieves this by using a deep neural network (DNN) AI model,” Stoecklin writes.
2017	Mylobot	Mylobot is a complex botnet malware that uses AI techniques to evade detection and maintain persistence on infected systems. It employs machine learning algorithms to analyze the system's behaviour and adapt its attack accordingly, making it highly resilient and persistent. Mylobot is a malware that first appeared in 2017, and has been used to infect Windows systems for over two years. It was discovered and named by Deep Instinct in 2018. Mylobot has three stages: First stage: Embeds an encrypted resource and performs anti-debug checks Second stage: Contains two resources: an encrypted resource and a small RC4 key Third stage: Turns the infected computer into a proxy
2016	Mirai	Mirai is an infamous malware that targeted Internet of Things (IoT) devices, such as routers and cameras. While not strictly AI-based, Mirai used machine learning techniques to identify and infect vulnerable IoT devices, creating a massive botnet that was later used to launch DDoS attacks. The Mirai malware was first used in September 2016, when the authors launched a DDoS attack on the website of a security expert. The malware was named after the anime series Mirai Nikki and was developed by Paras, Josiah, and Dalton, who finished the first version in August 2016. The malware infected vulnerable devices like smart cameras, DVRs, and routers, and scanned the internet for targets by trying default username and password combinations. In September 2017, Anna-senpai, who some believe is the author of Mirai, released the source code to a hacking forum. Other cybercriminals quickly replicated the code.
2014	Emotet	Emotet is a sophisticated banking trojan that has continually evolved its capabilities. While not primarily based on AI, it has shown AI-like behaviour, such as self-propagation and bypassing security measures by learning from its environment. Emotet has been highly successful in infecting systems globally and spreading other malware payloads. Emotet was first discovered in 2014 by security researchers who were tracking a malicious network traffic pattern. It was quickly identified as a Trojan virus that could gain access to computers through email attachments or malicious links sent via email campaigns or social media messages. It's a modular banking trojan that can gain access to computers through email attachments or malicious links sent via email campaigns or social media messages. It's also known as Heodo and Geodo Emotet has evolved into the go-to solution for cybercriminals over the years. It's operated by a cybercrime group known as Mealybug or TA542. Emotet spreads through spam emails (Malspam) via infected attachments and embedded malicious URLs. Once Emotet has access to a network, it can spread by cracking passwords to accounts using the brute force method.  Emotet has had notable infections in the following years: 2018: Allentown, Pennsylvania 2019: Heise Online, Kammergericht Berlin, and Humboldt University of Berlin 2020: Department of Justice of the province of Quebec and Lithuanian government  Security researchers and companies released small indications of Emotet's activity on social media from late 2021 to late 2022.
2021	WormGPT	Emergence of malicious AI toolkits, which are AI large language models (LLMs) WormGPT first came into existence in March 2021, and the creator began offering access to the platform on a hacker forum in June 2021. FraudGPT is a tool that cybercriminals use to create undetectable malware and malicious content. The tool is built on ChatGPT-3 technology and can produce coherent texts based on user prompts. FraudGPT can: Create undetectable viruses or malware Generate phishing pages and hacking tools Find non-VBV bins Craft scam pages or letters Uncover leaks, vulnerabilities and access active cards
2023	FraudGPT	FraudGPT: The dark evolution of ChatGPT into an AI weapon for cybercriminals in 2023 | Data Science Dojo FraudGPT has been circulating in darknet forums and Telegram channels since July 22, 2023, and is available through subscription at a cost of $200 per month, $1,000 for six months, or $1,700 for a year.