Strange as it may seem, the most significant news to come out of this year was not the emergence of a new computer virus, but an announcement about the long-planned purchase of Australian antivirus vendor Cybec, by software giant, Computer Associates (CA). In was with that With this purchase, CA added another antivirus product to its collection, having purchased Cheyenne Software at the end of 1996. Both products still exist to this day: CA Vet Anti-Virus and CA InnoculateIT.
Viruses, however, did not sit idly by, and in January we witnessed the emergence of a global epidemic with the Happy99 virus (also known as Ska). This was actually the first modern-day worm, which once again opened a new chapter in the history of malware evolution. It used MS Outlook, which had become a corporate standard in Europe and the US to spread. Despite the fact that Happy99 first appeared at the beginning of 1999, it still regularly shows up as one of the top ten most widespread harmful programs to this day.
At almost the same time, a very interesting macrovirus for MS Word was detected: Caligula. It searched the system registry, forkeys corresponding to PGP (Pretty Good Privacy) programs and searched for the appropriate databases. If such databases were found, the virus initiated an FTP-Session and secretly sent files to a remote server.At the end of February. SK; the first virus which infected files using Windows HLP files.On the 26th of March, a global epidemic was caused by Melissa, the first macro virus for MS Word combining Internet worm functionality as well. Immediately after infection, Melissa scanned the address book in MS Outlook and sent copies of itself to the first 50 found addresses. Like Happy99, Melissa did this without the knowledge or consent of the user, but messages still seemed to be in the user’s name. Fortunately, this macro virus was not complex and antivirus developers quickly released the necessary additions to their databases. The epidemic was contained quickly. Despite this, Melissa still managed to inflict significant damage on a range of computer systems:industry giants like Microsoft, Intel and Lockheed Martin were forced to temporarily shut down their corporate email systems. Estimates placethe damage caused by the virus at several tens of millions of US dollars.
Law enforcement agencies in the US (or, cybercrime units, to be more precise) reacted exceptionally quickly to the Melissa virus. A short while thereafter, the author of the virus was discovered and arrested. He was 31 year old David L. Smith, a programmer from New Jersey. On December 9th, he was found guilty and sentenced to 10 years in prison and fined $400,000.
Law enforcement agencies were equally active on the other side of the Pacific ocean as well. In Taiwan, the author of the CIH virus, earlier known only as Chernobyl, was exposed as Chen Ing Hao (notice the initials), a student at the Taiwan Technical Institute. However, due to a lack of charges from any of the local companies, the police had no basis for an arrest.
On May 7th, a virus intruded on the Canadian company, Corel. Under threat was its cash cow, Corel DRAW. The Gala virus (also known as GaLaDRieL) was written in Corel SCRIPT language and became the first virus capable of infecting Corel DRAW files as well as Corel PHOTO-PAINT and Corel VENTURA.
Another epidemic broke at the very beginning of the summer with the dangerous Internet worm, ZippedFiles (also known as ExploreZip). The virus came in the form of an EXE file, which once installated would destroy files of some of the more popular applications. While the worm was not as widespread as Melissa, the damage incurred was estimated to be several times higher. Despite a quick reaction from antivirus companies in neutralizing the virus, a relapse was recorded in December. The modified version was changed so that the body of the virus was compressed using the Neolite compression utility. If the antivirus program didn’t recognize this compression format then the worm escaped unnoticed. At the time, none of the antivirus programs recognized this format. It was only in June of 2000 that AntiViral Toolkit Pro (AVP) was integrated with file-support for Neolite.
In August, an Internet worm named Toadie (or Termite) was detected. In addition to infecting files in DOS or Windows, the virus attached copies of itself to emails sent via Pegasus and attempted to spread through IRC channels.
October brought the computer industry three new surprises. First was the discovery of the Infis virus which was the first virus for this operating system, installing itself at the highest levels of platform security and affecting system drivers. This made the virus difficult to contain. The second surprise consisted of antivirus companies warning users about the first computer virus for MS Project. In actuality, this was a multiplatform virus that infected files of MS Word just as well as Ms Project. The third surprise was the emergence in July of yet another script virus, Freelinks was one of the predecessors of the well-known LoveLetter virus.
In November, the world was shaken by the emergence of a new generation of worms which spread via email without attached files and penetrated computers when infected messages were read. The first of these was Bubbleboy which was immediately followed by KakWorm. Viruses of this type exploited an Internet Explorer loophole, and although Microsoft issued a patch the same month, KakWorm remained widespread for a long time.That same month, the USA and Europe recorded several incidents of infection by FunLove, a Windows virus.
December 7th was noteable for the detection of the latest of a long line of Trojans authored by a Brazilian virus writer known as Vecna. The very dangerous and complex Babylonia virus turned a new page in the history of virus creation. It was the first worm which was capable of remote self-rejuvenation. Every minute it would connect to a server in Japan and download a list of virus modules. If it found viruses there fresher than on the infected computer, then it immediately downloaded them. Later, this same technique would be employed by Sonic, Hybris, and other viruses.
In the middle of the year, the antivirus industry officially divided into two camps in regard to their approach to potential Y2K threats. One camp strongly promoted the belief that the computer underground had prepared a surprise in the form of several hundred thousand viruses capable of shaking human civilization to its core. The subtext of this warning was clear: install antivirus software and you would be saved from attack. The second camp of antivirus companies logically opposed the first and attempted to maintain calm among scared users. Later, the warnings were proved baseless, and the year 2000 came in in the same way as any other year.A few curious stories were abroad as well. A compact disc distributed with the November edition of the Hungarian magazine, Uj Alaplap, contained, in addition to useful information, a distinctly unpleasant surprise: two macro viruses for MS Word, Class.B and Opey.A.