Member Article

Prank programs, altruistic malware and stoned viruses: Kaspersky Lab remembers ‘benign’ malware

To mark April Fools’ Day, Kaspersky Lab looks back at the ‘benign malware’ which has previously spread over the Internet. In the history of malware writing and hunting, there are a number of unusual stories involving programs which looked like typical malware, but did nothing more damaging than putting a smile on users’ faces. In a few extraordinary cases, viruses were even seen getting rid of dangerous malware or optimising the computer’s resources.

The first known computer virus in history was a harmless specimen. It was called Creeper, and it appeared in 1971, written by an employee at the US Ministry of Defense’s ‘Defense Advanced Research Projects Agency’. This primitive worm looked for other computers on the network – which back then was a small, localised affair, copied itself to them and displayed the following message: “I’M THE CREEPER: CATCH ME IF YOU CAN.” If Creeper found an existing copy of itself on a computer, it simply ‘jumped over’ to another computer but did not cause any harm to the system.

Stoned was another ‘fun’ virus whose main purpose was to promote a message to the user. It was first detected in 1988 in New Zealand. The original version of this virus landed on a computer system via the floppy disk drive, and, just like Creeper, did not cause any harm to the computer. It simply displayed the message on the screen: “Your computer is now stoned. Legalise Marijuana.”

The ‘prank virus’ title is deservedly held by HPS, a program which was created specifically for the Windows 98 operating system but in fact spread months before this environment was released. One of the odd things about this virus was that it was only active on Saturdays: once a week it reversed non-compressed bitmap graphic objects. In other words, it mirrored the entire display on the monitor.

The Cruncher virus also turned out to be absolutely benign. On the face of it, it was a regular resident file virus, and used an algorithm to compress data and pack the infected file, so the infected file was shorter than the original. This freed up room on the user’s hard drive. Moreover, it turned out that Cruncher used a compression algorithm from the then-popular utility DIET 1.10, so the user could use this absolutely legal program to unpack the files infected by the virus and regain access to the data, while still enjoying the extra space created on the hard drive.

The Welchia virus also became famous for its good deeds. This was one of the most unusual worms in the history of cyber threats. Although its creators designed it to be malicious, Welchia did not in fact cause any harm. On the contrary, it helped to remove the dangerous Lovesan worm, also known as Blaster, from the system. By imitating the behavior of this malicious program, Welchia penetrated a computer using vulnerabilities in legal software. Then it checked if Blaster was present in the processor memory: if so, it stopped its operation and deleted the entire malicious file from the disk. This was not the end of Welchia’s mercy mission: after eliminating the malware, the benign virus checked if there was an update in the system to patch the vulnerability through which the worm penetrated the system. If not, the virus initiated a download from the manufacturer’s site. Welchia then destroyed itself after completing all these operations.

“These examples of funny, innocuous and even helpful viruses are of course very rare exceptions to the general rule, and are essentially tales from bygone days. Modern malware writers are no longer cyber pranksters or newbie hackers learning the ropes in a new sphere of activity. Today, practically 100 per cent of viruses are written with just one goal in mind: stealing money or confidential data,” said Alexander Gostev, Chief Security Expert at Global Research & Analysis Team, Kaspersky Lab.

-ENDS-

About Kaspersky Lab

Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 16-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.co.uk.

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2012. The rating was published in the IDC report “Worldwide Endpoint Security 2013–2017 Forecast and 2012 Vendor Shares (IDC #242618, August 2013). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2012

This was posted in Bdaily's Members' News section by Alice Collins .