Redazione RHC : 12 November 2025 22:17
At first we talked about “viruses” , then “worms” appeared, followed by “macro viruses”.
These were soon joined by other types of hostile software such as keyloggers or lockers.
At some point we all started calling them malware more generically.
And just like biological viruses, malware has evolved over time; some are highly opportunistic, emerging to exploit short-term opportunities, while others have evolved to exploit more fundamental flaws and problems in IT systems that have not yet been fixed.
The first viruses in computing history date back to the 1970s and 1980s. The first piece of malware in computing history was Creeper , a program written to test the ability of code to replicate itself on remote machines.
The program called Elk Cloner is credited with being the world’s first computer virus. It was created in 1982 by Rich Skrenta on Apple ‘s DOS 3.3, and the infection was spread by exchanging floppy disks : the virus copied itself to the disk’s boot sector and was loaded into memory along with the operating system when the computer started.
During the 1980s and early 1990s , with the proliferation of floppy disks, there was a notable spread of viruses, in fact a very common practice was the exchange of floppy disks in every workplace. A few infected floppy disks were enough to start a large-scale attack.
Since the mid-nineties, however, with the spread of the Internet , viruses and so-called malware in general began to spread much more quickly, using the Internet and email exchange as a source for new infections.
The first computer virus to gain global notoriety was created in 1986 by two Pakistani brothers who owned a computer shop, supposedly to punish those who illegally copied their software. The virus, called Brain , spread worldwide, and was the first example of a virus that infected the DOS boot sector.
The first file infector appeared in 1987. It was called Lehigh and only infected the command.com file. In 1988, Robert Morris Jr. created the first Internet-wide worm , theMorris worm . The following year, 1989, the first polymorphic viruses appeared, with one of the most famous being Vienna. The AIDS Trojan ( also known as Cyborg) was also released, which is very similar to the modern-day Trojan called PGPCoder . Both encrypt data on the hard drive and then ask the user for a ransom to recover it (the operation is the same as current Ransomware).
In 1995, the first macrovirus appeared , viruses written in the scripting language of Microsoft programs such as Word and Outlook that primarily infect various versions of Microsoft programs through document exchange. Concept was the first macrovirus in history.
In 2000 the famous I Love You which started the script virus period.
In fact, they are the most insidious of the viruses spread via email because they exploit the ability offered by various programs such as Outlook and Outlook Express to execute active instructions (called scripts) contained in HTML email messages to carry out potentially dangerous actions on the recipient’s computer.
Viruses written with scripts are the most dangerous because they can activate themselves as soon as the message is opened for
reading. I Love You spread via email to millions of computers around the world, to the point that a special FBI team had to intervene to arrest its creator, a boy from the Philippines.
It was an email message containing a small program that instructed the computer to resend the newly arrived message to all the addresses in the victim’s address book, thus generating a sort of automatic chain letter that saturated the mail servers.
Since 2001, there has been an increase in worms that exploit vulnerabilities in programs or operating systems to spread without user intervention. The peaks in 2003 and 2004 were SQL/Slammer , the fastest worm in history—within fifteen minutes of the first attack, Slammer had already infected half the servers that powered the Internet, knocking out Bank of America ATMs, shutting down 911 emergency services in Seattle , and causing airline ticketing and check-in cancellations due to repeated, inexplicable errors. These include the two most famous worms in history: Blaster and Sasser.
In January 2004, MyDoom appeared, a worm that still holds the record for the fastest spread in the virus world. Once again, the vector of infection was email: MyDoom was, in fact, nothing more than a tool specifically developed (on commission) to send spam. And, according to statistics, it did its job very well.
In 2007, Storm Worm and Zeus emerged and spread. The first is a highly viral Trojan horse (thought to have infected tens of millions of machines) that allows a hacker to take control of an infected computer and add it to the Storm botnet.
The second, however, targets Microsoft Windows-based computer systems and is designed to steal banking information (account credentials and credit card details).
From 2010 onwards, the years of #cyberwar. The ever-increasing spread of computers and other computing devices made viruses and malware veritable weapons at the disposal of major world powers. This was demonstrated by the Stuxnet virus, a Trojan horse that spread in the second half of the year and was widely believed to be a weapon to attack the computer systems of Iranian nuclear power plants. In 2012, Flame, a malware likely used in espionage operations in some Middle Eastern countries and discovered by Iranian cybercriminals, was discovered.
It began spreading in the same year in 2012. Based on the Citadel Trojan (which was in turn based on the Zeus Trojan) , its payload displayed a warning that appeared to come from the federal police (hence the name “police Trojan”), stating that the computer had been used for illegal activities (for example, downloading pirated software or child pornography).
The warning informed the user that to unlock their system they would have to pay a fine using a voucher from an anonymous prepaid credit service, for example
or Paysafecard. To further the illusion that the computer was under federal police surveillance, the screen also displayed the machine’s IP address , and some versions even showed footage from the PC’s webcam to make it appear as if the user was also being filmed by the police.
Despite the opening of a new front, ordinary Internet users remain a favorite target of virus creators. This is demonstrated by the Cryptolocker malware, which first appeared in 2013 and is still active, albeit under different forms and names.
2014 saw the proliferation of the Sypeng Trojan, which was capable of stealing credit card data, accessing call logs, messaging, browser bookmarks, and contacts. The malware was initially distributed in Russian-speaking countries, but due to its unique distribution dynamics, it put millions of web pages that use AdSense to display advertising at risk. Spread over the Internet, it allows hackers to encrypt all data on the hard drive and demand a ransom for the unlock code.
Ransomware Evolution – Sophos 2020 Threat Report – https://www.sophos.com/threatreport2020
After the news events of 2019, ransomware has undoubtedly become the most well-known and feared type of malware. While many people may not be aware of what a bot or a RAT is, virtually everyone has heard horror stories of entire municipalities, businesses, or healthcare providers being taken down by ransomware. They may not know exactly what it is, but they know it’s a current problem for some reason.
Although ransomware dominates the headlines (especially in the mainstream press), it’s not the only threat. Keyloggers, data stealers, RAM crawlers, bots, banking Trojans , and RATs continue to be at the center of many security incidents and cause significant damage.
Keyloggers are surprisingly simple yet extremely effective and dangerous. They attach themselves to the data stream coming from our keyboards, allowing them to intercept everything we type. The primary target is usually login credentials, but this malware can also intercept other types of information.
They can be implemented in many different ways, both in hardware and software. For example, some are designed to be hidden in the USB connector of the keyboard cable.
“Data Stealers” is the generic name used to define any malware that enters our machine and hunts our hard drive, and perhaps even our entire network, if possible, looking for files that contain data that is valuable to criminals.
Malware can’t always find what it wants in the files on our computers, even if the malware has administrator or root access. This is because useful data may only exist temporarily in memory before being deliberately deleted without ever being written to disk.
For example, the permanent storage of certain data is now prohibited by regulations such as PCI-DSS, which is the payment card industry’s data security standard.
But computers MUST, for example, have a private key in RAM to perform decryption. Secret data MUST exist temporarily in RAM, even if only for a short time. Therefore, things like decryption keys, cleartext passwords, and website authentication tokens are typical targets for RAM scrapers.
A bot is a program that accesses the internet through the same channels used by human users (for example, accessing web pages , sending messages in a chat room , navigating video games , and so on). Programs of this type are widespread in connection with many different online services, with various purposes, but generally related to the automation of tasks that would be too burdensome or complex for human users. Essentially, a bot establishes a semi-permanent backdoor in a computer so that attackers can send commands from anywhere.
A collection of bots is called a botnet. The other popular term for ” bot” is ” zombie” because they can also act somewhat like sleeper agents. Bots can send out spam from your IP address, search for local files, steal passwords, flood other machines on the Internet with traffic, and even click online ads to generate pay-per-click revenue.
Banking Trojans deserve their own malware subclass due to their specialized nature. They target only the victim’s online banking information. Banking Trojans typically include a keylogger component to capture passwords as they are entered, and a data-stealing component to find unencrypted passwords or account details.
The RAT – short for Remote Access Trojan – has much in common with a “bot”, but differs from it in that it is not part of a massive campaign to see how many “bots” can be summoned and operated for mass attack events.
RATs are typically used in more targeted attacks, potentially to perform malicious intrusions. They can capture screenshots, listen to audio in our rooms through our PC’s microphone, and turn on our webcams.
Redazione