Timeline: A Decade of Malware

An evolution from script kiddies to syndicates

With first decade of the millennium coming to a close this year, it seems a good time to take a look back at some of the malware that has helped shape the current-day attacks on the Web. Modern malware is commercially motivated. Instead of writing malware for ego gratification, today's attackers are using malware to make money.

Looking back at the most notable malware of the last ten years, we begin to see how the industry has taken shape. From pesky spam pranks to a multi-million dollar 'black hat' industry, malware continues to evolve at a rapid pace, with no signs of slowing.

1. 2001: Loveletter steals free Internet access Modern malware is commercially motivated. Instead of writing malware for ego gratification, today's attackers are using malware to make money. In hindsight, the May 2000 Loveletter worm was a harbinger of things to come. The Loveletter worm combined social engineering (love letter for you) with a password-stealing trojan designed to harvest ISP usernames and passwords. The intent: to provide free Internet access to the worm's author (Read about current social engineering tactics in CSO's social engineering guide).

2. 2002: JS/Exception bombs usher in malicious marketing In mid-September 2001, the Nimda worm began its rapid spread around the globe, facilitated by multiple means of propagation. One of the methods included modifying any .htm, .html, or .asp pages found on infected systems. The worm also spread by exploiting several vulnerabilities in Microsoft IIS, furthering the worm's ability to infect Web pages. As such, Nimda can be viewed as a pioneer in malware's eventual move to the Web.

3. 2003: Sobig worm popularizes spam proxy trojans January 2003 ushered in the Sobig worm, a significant threat not fully appreciated until Sobig.E and Sobig.F appeared in the summer of that same year. Sobig-infected computers were outfitted with a spam proxy, enabling mass-mailers to send large volumes of unwanted email via victim computers; even harvesting the victims own email contacts to add to the spammers' mailing lists.

4. 2004: Bagle worm vies for dominance to harvest addresses and account information The monetary gains to be had from harvesting email addresses became even more apparent during the subsequent email worm wars in early 2004. Beginning with MyDoom and the Bagle worm, an interloper (Netsky) quickly jumped into the fray. The authors of Bagle then began coding variants of their worm that, in addition to dropping their own malware, would also remove Netsky. In turn, the Netsky author began neutering the MyDoom/Bagle infections while adding his own malicious code to the system. This prompted a response from the Bagle authors; hidden in Bagle.K's code was the message, "Hey Netsky, f*ck off you b*tch, don't ruine our business, wanna start a war?"

5. 2005: Bot-delivering breaking news alerts Following the worm wars, named threats became fewer as attacks became more overtly criminal and profit motivated. To bypass technology, clever attackers began incorporating a much higher degree of social engineering in their attacks. In January 2005, following the previous month's tsunami in the Indian ocean, scammers began targeting people's fear and curiosity through breaking news alerts. Links in the email that claimed to point to headline news actually pointed to malicious malware that turned victim computers into bots (Read about how botnets are hunted and destroyed in The Botnet Hunters).

6. 2006: The as-yet-unnamed Storm worm emerges By 2006, the Storm botnet was formally underway, though not named as such until January 2007, after a bogus breaking news alert claimed "230 dead as storm batters Europe." Coincidental to the alert, a very real storm in Europe did cause loss of life, thus earning the trojan family (and its associated botnet) its new name, Storm (Also see: How a Botnet Gets its Name).

7. 2007: MPack publicity popularizes exploit frameworks In 2007, publicity around MPack led to heightened adoption of exploit frameworks in general, laying the groundwork for managed Web attacks. The release of free or low cost SQL injection tools in the Fall of 2007.

8. 2008: Goolag and automated injection attacks complete cloud-based malware-as-a-service In 2008, remote discovery tools such as Goolag further cemented cloud-based malware delivery via the Web. These attacks quickly proved profitable and shifted the value proposition from spam and malicious marketing to stolen FTP credentials and intellectual/financial property theft. Cloud-based distribution of malware also increased the sophistication of malware creation kits, thus doubling the volume of malware with exponential year-over-year increases

9. 2009: Gumblar incorporates and expands a decade's evolution of malware The 2009 Gumblar attacks can be viewed as the culmination of a decade's evolution of criminal/profit-motivated malware. Gumblar creates two sets of botnets: client-side traditional backdoors and a second, never before seen botnet compromised of thousands of backdoored websites. Gumblar includes a forced redirect revenue stream for the Gumblar creators thus providing instant monetization, as well as long term potential profits via its ability to intercept, tamper with and steal Internet and network communications. Gumblar also includes the ultimate in social engineering; turning perfectly good, reputable websites against their visitors.

10. 2010: ? If the poorly coded and fairly innocuous Loveletter ushered in the beginning of the decade, and the highly sophisticated, multi-pronged Gumblar is ending the decade, one can only wonder, and worry, at what the next ten years may bring (Also see: 10 IT Security Predictions for 2010).

Mary Landesman is a senior security researcher with ScanSafe, a provider of SaaS Web security products.

Read more about data protection in CSOonline's Data Protection section.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags securitymalware

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Mary Landesman

Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?