The development of cybercrime – continued…
As the new millennium began, the world became increasingly interconnected as a result of the rapid development of the Internet. At the same time, there was also a sharp increase in the number of cyber attacks, caused, among other things, by the growing number of network users, and thus potential victims.
Fortinet experts present another part of the history of malicious code and cybercrime development, in which they discuss the turn of the 20th and 21st centuries and the first worms that spread around the world without user intervention.
The year 1999 was a time of development of new companies in the field of advanced technologies (so-called. dotcoms) and at the same time concerns about the Y2K bug. known in Poland as the millennium bug. The phenomenon caused widespread panic because there was a fear that older computers after December 31, 1999 would stop working due to a flaw in the software stored in the computer’s BIOS that controls the motherboard. There was a risk that its creators recorded the current year using only the last two digits. This would result in a situation where on January 1, 2000. The computer’s operating system was made to “think” it was January 1, 1900. It would disrupt the work of e.g. critical infrastructure: from gasoline pumps and elevators to stock exchanges and power plants. Ultimately, Y2K turned out to be less of a problem than thought. Thanks to a worldwide effort in 1999. Most companies and individuals did not feel it in any way. However, as Fortinet experts remind us, the fear of Y2K dominated news around the world for many months.
1999/2000: the first botnet appeared
In 2000. Permanent access to the Internet was becoming more and more popular. Home users and businesses could be online around the clock. For cybercriminals, this presented an opportunity not to be dismissed, thus entering the era of botnets and worms.
In the simplest terms, a botnet is a group of infected computers that are under the control of an operator. In those years, botnets were very simple. The first botnet observed was EarthLink Spam, which debuted in 2000. It had a simple task: spread
Massive amounts of spam. It was responsible for 25% of junk mail at the time, totaling about 1.25 billion messages. Its operator Khan C. Smith received a $25 million fine.
Even earlier, in 1999, GTbot was created, making it the first botnet in history. It was a very primitive tool. It would spread to other devices and receive commands via IRC chats. Its controllers used a network of infected devices to launch DDoS (distributed denial of service) attacks Distributed Denial-Of-Service).
The rise in popularity of worms
Worms are still part of the hacker arsenal, although they are no longer as common as they were 20 years ago. They differ from viruses in that no human intervention is needed to spread them. In the early 2000s, a worm infection was usually fairly easy to spot because it often made a device unusable. The worms consumed more and more of the computer’s processing power and eventually stopped working on the infected machine. Their operation was exploited m.in. to conduct DoS (denial of service) attacks. When the malicious code spread np. The worm was able to attack an entire company, disrupting its operations, regardless of whether that was the intention of the worm’s creators.
2000: I LOVE YOU
The new millennium began with a lot of media attention for the I LOVE YOU worm, which spread around the world at a record pace. It was created by Onel De Guzman, a student from the Philippines.
I LOVE YOU spread using multiple mechanisms. Most importantly, it was sent to users via email as a malicious “LOVE-LETTER-FOR-YOU” attachment.txt.vbs””. Once opened by the attacker, the worm searched the Microsoft Outlook address book and sent emails, impersonating the victim and replicating itself as an attachment. This novel approach infected millions of computers in a matter of days. Many people trusted emails from people they knew. This method is still used as part of hackers’ strategies, e.g. authors of Emotet.
2003: Blaster (MSBlast, lovesan)
In August 2003. many corporate and business users were already connected to the Internet via a broadband connection. It gave rise to record-breaking attacks by worms and similar tools. On August 11 of this year, Blaster (also known as MSBlast and lovesan) appeared. Users have been shocked when their computers suddenly started displaying the “Blue Screen Of Death” and rebooting themselves. They did not know at the time that their work was interrupted by the Blaster worm. It was the first global denial-of-service attack.
Blaster was extremely disruptive. It was not even interrupted by a continuous reboot. It then started from the beginning, leading to another device shutdown. It used a vulnerability in Windows XP and 2003 processes to spread. The aim of the worm was to launch a SYN flood attack against the windowsupdate website.com to prevent computers from accessing updates. Fortunately for Microsoft, the author made a mistake and directed Blaster to the wrong domain. In fact, update downloaders used the windowsupdate domain.microsoft.com.
The intentions of the Blaster authors were revealed in a message contained in the malware code:
I just want to say LOVE YOU SAN!! billy gates why do you make this possible ? Stop making money and fix your software!!
Importantly, Blaster did not infect devices on which patches had been applied prior to August 11. This example clearly demonstrates the importance of updating devices immediately. Unfortunately, to this day, many users continue to ignore this rule.
It was the fastest spreading email worm in history and still holds the record. It even overtook the famous I LOVE YOU.