Windows PCs have been under siege for 20 years. There's been a clear succession, with the means, methods, and goals changing definitively over time. As with any technology, innovative thinking points the way forward. Here's a look at how ingenuity to nefarious ends has transformed Windows hacking into a multi-billion-dollar industry, and where the Windows malware trail points to the future.
The rise of Microsoft macro viruses
Windows 3.0 hit the ground running on May 22, 1990, and soon the platform would go gangbusters. With the exception of Michelangelo, a garden-variety boot sector virus that took out Windows machines, injected the phrase 'computer virus' into almost every language on earth, and helped substantiate the lucrative antivirus industry, virus innovation stagnated. Then in the summer of 1995, an epiphany: Somebody - we still don't know who - wrote a very simple macro virus using WordBasic, the macro language behind Microsoft Word.
Documents infected with this virus, when opened using Word 6, add four macros to Word's default template, NORMAL.DOT, which then infects any subsequent Word document you save. The macro has a harmless payload, which displays an odd dialogue box with the numeral 1. The macro code contains the text 'That's enough to prove my point' - thus, the name Concept.
The floodgates burst. In late August 1995, several Microsoft employees told me that more than 80 percent of all PCs on Microsoft's Redmond campus were infected by Concept, which spread across the world in a matter of weeks. Antivirus companies scrambled, trying to protect against this completely new attack vector, and virus writers, aided by macro virus construction kits widely distributed in 1996, had a field day. Word took the initial beating, but then Excel spreadsheets came under attack, first with Laroux, then with a deluge of more than 1,000 macro viruses.
Microsoft shored up security in Office 97, but virus writers quickly figured out how to get around the controls, and many old viruses automatically converted over to the new system, using Microsoft's automatic upgrade tools. The tide didn't shift until antivirus vendors started to get the upper hand, primarily by brute force, and Microsoft finally made infection more difficult in Office 2000. Even so, Word and Excel macro attacks remained an omnipresent part of the malware landscape until Microsoft finally changed the default file formats in Office 2007.
The end of the century: Communications attacks
Windows-specific malware entered the big time when a Taiwanese programmer, Chen Ing Hau, created CIH (aka Chernobyl), thereby taking stealth infection to a new height.
Using the vagaries of the Portable Executable file format, CIH tucked itself into the parts of an EXE file between the major sections, infecting files without changing their size. Those unlucky enough to have these interstitial infections on Windows 95, 98, or ME systems woke up on April 26, 1999, with bricked PCs. CIH was a devastating virus, but it didn't spread readily.
Email emerged as a potent delivery mechanism - a point not missed by miscreants whose Good Times hoax ('if you read a message with the subject 'Good Times' your hard drive will be destroyed') scared millions.
NEXT PAGE: The next big jump in malware