A Look At The Growing Need For Anti-virus Software


Computers are becoming a commodity in today’s world. It is becoming more difficult not to have one than it is to have one. Many people have more than one computer available to them, especially when you include the mobile devices that are becoming ubiquitous in our society. Very few of the people who operate computers truly understand the complexity of the systems or the dedication required to keep them safe. Most users are only interested in leveraging the technology for a specific task and then putting it away.

The convenience of having a computer to do simple tasks makes them desirable. The barrier to entry is now limited by financial means, rather than inherent knowledge of a system. Like a car, most people can operate devices without special training. Also like a car, people now need to consider safety devices to keep them safe if something bad happens; anti-virus software is as important for keeping our technology safe as seat belts and airbags are for keeping our vehicles safe. This paper explores what a virus is, their evolution, and where they may be encountered today.

What Is A Computer Virus?

The American Heritage Dictionary defines computer virus as “A program that enters a computer usually without the knowledge of the operator. Some viruses are mild and only cause messages to appear on the screen, but others are destructive and can wipe out the computer’s memory or cause more severe damage.” (The American Heritage® New Dictionary of Cultural Literacy, Third Edition Copyright © 2005 by Houghton Mifflin Company.) These programs are so named because they behave similarly to the biological viruses that infect plants and animals: they are self-replicating once they infect their host and they can cause infections ranging from the innocuous to systemic failure.

To be considered a virus, a computer program must have two defined parts: search routine and copy routine. (Ludwig, 1996) The purpose of the search routine is to find the next resource to infect; this could be a file on disk, a program running in memory, or data moving across a network. The copy routine is designed to place the virus in the desired location. Copying a virus is a complicated activity; it is not as simple as copy and paste, like making a photocopy. Rather, it involves placing code inside existing files and making modifications to avoid detection. This often requires calculating check sums to ensure that the file does not appear changed to any other entity. For a virus to successfully spread, both the search routine and the copy routine must be written carefully to avoid being detected or the virus will be caught before it can reproduce and spread.

Many viruses include a third piece; computer viruses can include code that allows them to employ anti-detection techniques. Anti-detection might take the form of a trigger to start the virus so it does not run all of the time or to limit the scope of the search routine so that it will not draw attention to itself. (Ludwig, 1996)

The components described above were nearly sufficient for the computing world of the 1990’s. Computers were not found on every desk, much less in many pockets as technology advances in smart phones. Varieties and connectivity of individual devices were not abundant. Today, the world is much more connected with the proliferation of hardware devices and inter-connectivity.

Vendors of anti-virus software would go out of business today if they only protected against programs that searched and copied. Viruses of today include a variety of types of software that are malicious and/or unwanted: rootkits, trojan horses, spyware, and adware. These types of software are generally missing the self-replicating piece that is required to be considered a true virus; they are often transferred to the infected computer by another piece of software or script, generally over a network.

Just because these software categories are not considered viruses, does not mean they are not just as destructive and dangerous for a computer or its user.

  • Rootkits are written to gain control over the whole computer instead of just part of it. This allows the software to hide itself from detection quite well.
  • Trojan horse software appears to be valid software, but has other uses. Often, it can be software that does something useful for the user, but works towards meeting the hidden agenda of the attacker as well.
  • Spyware is software that collects information about the user and sends it on to an unknown third party. This software is often used for stealing user account information.
  • Adware is software that serves unsolicited advertisements to the end users.

For the purposes of this paper, these four additional categories of software are included in the umbrella term of computer virus.

Evolution Of Viruses

The first computer virus is attributed to Fred Cohen, a USC graduate student who created a virus in 1983. (Chen & Robert, 2004) Cohen’s virus was created for his master’s thesis to describe a computer security issue called a virus. (Cohen, 1987) Cohen’s thesis references many works from other authors doing similar work. Up to the point of his thesis, this type of software didn’t have a name as a virus. His work resulted in coining the phrase “computer virus”. The thesis goes on to note that the primary measure used by the military to protect their systems was isolationism. Unfortunately for the military, there are viruses like Stuxnet that can still infect a computer in isolation.

There are currently four attributed waves of computer viruses: first wave from 1979 to early 1990s, second wave from early 1990s to 1998, third wave from 1999 to 2001, and fourth wave from 2001 to today. (Chen & Robert, 2004) The first viruses were mainly experiments designed to better understand computer security. They were simple in nature and focused on reproduction.

The second wave focused on polymorphism and toolkits. (Chen & Robert, 2004) Part of the reason that this wave had massive growth was due to the proliferation of the Windows operating system. Users began to utilize similar systems which made attacks easier to carry out and spread. During this wave, anti-virus software started appearing and using signatures to detect viruses. Virus writers combated the anti-virus software by making their viruses polymorphic. This entailed modifying the virus program slightly during each replication. When the viruses changed, early anti-virus software could no longer detect it. In 1992, a hacker created an engine to make it easier to morph a virus. (Chen & Robert, 2004)

The third wave of computer viruses focused on attacking email systems. (Chen & Robert, 2004) Virus writers started by using email attachments to send viruses. Some of the viruses were executable programs that users were convinced to start. As people got wise to not launching programs that were sent in email, virus writers tried to trick people. The most famous example of this is the Anna Kournikova virus. This virus was an email attachment that appears to be a photo of the famous tennis player, but was actually a Visual Basic script. (Chen & Robert, 2004) Virus development toolkits made it easy for less technical people to create numerous virus derivatives and send them out to unknowing people.
The fourth and current wave of computer viruses are modern worms. (Chen & Robert, 2004) Chen and Robert note five specific attributes of viruses in modern times:

blended attacks (combined infection vectors) attempts at new infection vectors (Linux, peer-to-peer networks, instant messaging, etc.)
dynamic code updating from the Internet dangerous payloads active attacks against anti-virus software.” (

The complexity of the modern worm is a testament to the quantity of tools available for their creation and the amount of financial gain that is possible from using them. There have been several notable viruses that caused substantial damage in the modern age. Some of these notable viruses include; Michelangelo, Melissa, Anna Kournikova, Nimda, SQL Slammer, Koobface, and Stuxnet. However, the anti-virus techniques that have evolved along with these ever-changing threats are nearly as specialized as the viruses themselves.

Anti-virus On The Desktop

Personal computers have been around since the Altair was introduced in 1975. (Reimer, 2005) The demand for them was much larger than initially anticipated, but still insignificant compared to today’s sales. Hobbyists played with the machines and made them do increasingly complex things. Eventually, people started writing software to make their lives easier. VisiCalc was the first “killer app” released for the Apple ][ in 1979. (Reimer, 2005) Additional PC models were created and the spreadsheet application was created on other platforms. By 1984, 2 million PCs were being sold each year. (Reimer, 2005)

The first PC computer virus didn’t show up until 1983. Until this time, computers were safe from infections. During this early computing, there was very little connectivity between machines. The only way to get information from one computer to another was to use Sneakernet (using floppy disks and walking across the room). Therefore, the earliest viruses focused on infecting floppy disks to replicate themselves. Computer users that didn’t share disks had nothing to worry about.

It seems that 1988 was the year that put computer viruses on the map for mainstream people. That year, seventeen different publications published about viruses with PC Week having over twenty articles on the subject. (Savage, 1998) I think that all of the media attention got people thinking about protecting themselves from viruses.

In July of 1989, the first issue of Virus Bulletin was published. It is a monthly publication that specializes in information about computer viruses. In that first issue, there was a review of an anti-virus product; Dr. Solomon’s Anti-Virus Toolkit was reviewed for its effectiveness and ease of use. (Jackson, 1989) While the program was effective, it was noted for being slow and limited by the definitions provided on the floppy disk.
There was one other thing of note that was quite interesting in that first published issue. There is a case study about a publishing company using Apple Mac ][ system that had two viruses in a short time. Both of the viruses were introduced to the system from floppy disks, one from a vendor and the other from a customer. After the case study, Virus Bulletin listed several anti-virus programs specifically for Macintosh computers. There is also a listing of current known Macintosh viruses out in the wild. This is very interesting as there is a perception today that Macintosh computers do not have or get viruses.
Media attention and an actual growing threat propelled the anti-virus industry into something significant. By the end of 1990, there were nineteen different anti-virus vendors including a few notable vendors that current users may recognize: McAfee, Sophos, Norton, and IBM. (Savage, 1998) Savage notes that during this same year, virus-exchanging Bulletin Board Systems were popping up, creating and spreading viruses to the masses.

The majority of the personal computer population in 1995 was based on the IBM-clone. It was in this year that Microsoft released Windows 95. The significantly improved interface and new features brought a whole new level of computing to the masses. The Internet was really starting to expand and a new type of cross-platform virus took off. The macro virus “Concept” was written to attack the MS-Word environment on any platform. (Savage, 1998) This macro virus was different than anything the anti-virus world had seen before. In order to fight this virus and others like it, programmers were required to employ a new way of thinking and make significant code changes to detect it.

With the growth of computers and the Internet, anti-virus on the desktop was changed forever as well. Gone were the days of just buying an anti-virus program and only having the virus definitions that were shipped on the disk. Companies like F-Secure started using the Internet as early as 1994 to publish virus information. (“Company history,” ) Anti-virus was no longer a static entity, but an adaptive entity that could better leverage the community and better protect users.

Anti-virus vendors realized that they needed to do something more to detect and protect against viruses. New viruses were being developed and released much faster than they had the ability to detect. Vendors started investigating heuristic searches for viruses. Heuristics is the concept of using experience to solve problems that are new. This is akin to the idea of artificial intelligence, but not as advanced. Using this heuristic approach led to virus discoveries without signatures. This provided advanced protection for users.
Heuristics works by evaluating computer files for known elements and marking them. As each element appears, an idea of what a program was capable of is compiled. Each element found in a program receives a score based on what it can do. As the scores add up for a program, they are compared against a threshold to decide if a program should be considered a virus threat or not. Examples of things that are considered suspect are:

Suspicious file access. Might be able to infect a file Wrong name extension. Extension conflicts with program structure.
Contains a routine to search for executable (.COM or .EXE) files. Found code that can be used to overwrite/move a program in memory.”

Unfortunately heuristics is not a perfect solution for the virus problem. There are many instances where a perfectly normal file that is required for the operating system is also detected by heuristics. This means that the heuristic algorithm must be developed to identify common programs used for a specific system. This may seem like an easy fix, but it is more complicated.

Avira anti-virus has a heuristics engine built into it. A software developer, Daniel Herding, working on a Google Chrome browser extension recently had a run-in with the Avira heuristics engine. Herding initially submitted the source code to Avira to be identified and excluded from the heuristics scan. The problem with this approach is that each time a revision to Herding’s software is published, it must be re-submitted to the engine. This approach provides a gap from when the software is released and excluded from the scan, until the users get the latest update to the heuristics engine to prevent the false positive. (Mastracci, 2010)
Herding was not deterred by the problem. He knew that his program was not a virus and sought out to determine how to fix the issue on his own. Herding downloaded Avira and put his code file on his computer desktop. Avira provided numerous warnings that his code file was a virus, but he told the program to ignore it. Herding started removing portions of his code until the virus warnings went away. Then he started adding back code until the virus warnings went off. (Mastracci, 2010)

A Google search of the issue revealed issues for other developers. But when Herding tested the issue on a Google server, the Avira heuristics alert didn’t go off. After additional research, it was found that if his “bad” script contained the word “google” in it anywhere, then the heuristics engine ignored it. This is likely due to the fact that Google provides similar scripts for some of their tools. (Mastracci, 2010)

While there are holes in heuristic based approaches, it is still a decent way to help protect users from contracting computer viruses. Heuristics do an amazing job of detecting computer viruses without signatures. In an independent test, heuristics detected 89.67% of viruses without using signatures. In comparison, traditional signature-based detection detected 97.86% of viruses. The real benefits may be realized when the two methods are used together; combined, they scored 99.78% of detection on the same data set. (Veldman)

It seems surprising at first that many anti-virus vendors don’t use heuristics in their product offerings. However, there are a few technical and business reasons why this may be so. Technically, issues like the Avira one presented are a real threat to detection. It is difficult to come up with a solid method to detect viruses and not provide too many false positives. Probably the bigger reason is related to the revenue stream of anti-virus vendors.
Anti-virus software is big money. It was expected that, in 2010, growth would reach 8.7 percent, bringing sales to an estimated US$22.9 billion worldwide. (Kirk, 2011) This is a large industry that is intent on continuing its revenue stream in the future. One of the primary revenue streams for many software companies including the anti-virus companies is maintenance revenue. This is the money charged from year to year after the initial purchase to maintain the software. Anti-virus companies focus on their signature model to ensure that they continue to get paid. If users want to stay protected against the latest threats, they need to pay for signature updates. Typically, when users’ subscriptions run out, the software still runs, but does not download any new signatures to protect against newer threats. If these software offerings were to have a high-quality heuristics engine, the need for signatures would not be as great and potentially threaten their income.

To be fair the the anti-virus vendors, they have spent a significant amount of resources to create the virus signature files and these files require a significant effort to maintain. In the early days, signatures were created manually. Files of potential viruses would be gathered by the company to be evaluated and a person would have to manually dissect each sample to decide whether or not it was a virus. The researcher would have to develop the signature for it to be detected and provide a method for their software to remove the virus from the system.

When the number of viruses in the wild was small, this was an acceptable task. It would take anywhere from a few hours to a few days, but then a solution was available during an update to remedy the virus. The evolution of viruses and the creation of tools to mutate viruses and make them polymorphic became an issue. A backlog of viruses was created for researchers to work on. The problem was only going to get worse.

In 1992, there was the threat of the Michelangelo virus. It was set to deliver its virus payload on March 6, corresponding with birthday of the artist Michelangelo. During the two-week period before and after this date, the anti-virus industry saw approximately five times as many viruses as they normally would on a daily basis. (White, Swimmer, Pring, Arnold, Chess & Morar, 1999) This caused a flood of files to be analyzed by anti-virus researchers during this period. The media hype around this event was great for business, but bad for the researchers trying to keep up.

In 1999, the Melissa virus came out. This virus was a macro virus that caught security workers by surprise. It was cross-platform and spread rapidly through email. Two things ended up helping industry significantly for this threat. First, the virus was released on a Friday, allowing IT departments the whole weekend to work on the problem and take corrective measures, limiting the financial impact to businesses. Second, the anti-virus researchers were fascinated by this new type of virus and worked non-stop to develop a solution to a different type of problem. Anti-virus companies were so overworked and overloaded dealing with this issue, that it took several days to distribute the fix as their servers were flooded. (White, Swimmer, Pring, Arnold, Chess & Morar, 1999)

IBM researchers answered the call of being able to process a significant backlog of computer viruses. They created a commercial-grade digital immune system. This system was important not only because it could combat the large number of new viruses being created daily, but because it also allowed the human virus researchers to focus on the truly unique and difficult cases. The system was also designed to be theoretically faster to identify and cure viruses than they would be able to spread. This would enable customers to get a cure before they got the virus itself. The system was designed to scale to the needs of the work presented, making it a precursor to the cloud.

The IBM system took into account many factors that caused failure of other systems when they designed their digital immune system. The majority of issues revolved around a flood of requests incoming or outgoing for the system to look at something or retrieve signatures. If the system they designed could not accept or respond to requests, then it would not be good enough.

The digital immune system does have four considerations that can somewhat limit its usefulness: the case of the computer being ignorant, assumption of popularity, manual intervention, and first victim required. (“Digital immune system,” 2011)

Digital immune systems require that viruses are submitted to them; they do not go out and acquire the viruses in the wild. Therefore, the computer must include a mechanism to provide viruses to the system for evaluation. While researchers can upload collections of known and previously collected viruses, this does not add to the value of the system. Symantec partnered with IBM to provide data or viruses to the immune system. But if the Symantec anti-virus product does not find potential viruses, then the system won’t work. As addressed previously, current heuristics currently detect about 90% of viruses, which still leaves 10% of viruses undetected in the wild with no solution.

The assumption of popularity is the concept that multiple vendors must use the single system if it is to have enough sample data to provide useful results. While Symantec is a partner, if they do not have a significant market share, then the system will not do them much good. The system also does not do any good for anti-virus companies that don’t use this service, or provide their own less popular service.

The automation that differentiates a digital immune system from a similar system run by human researchers is the main reason that it is better than prior systems. Unfortunately, these systems are not 100% automated. While it is quite efficient, there are times where a human researcher must become involved to solve the virus issue. As new strains of viruses evolve or are released, the digital immune system may need to be improved using manual intervention to handle the different types of threats.

Another issue related to automation is the sophistication of new viruses. It has been noted that the TDL4/TDSS virus is able to detect if the virus is being launched on a virtual machine. If the virus detects a virtual machine, then the virus will not execute. In addition, the virus will not be activated if debug hooks are present. (Matrosov, 2011) Automation systems typically use virtual machines or debug hooks to control them. In these instances, it would be very difficult for the automated system to detect and process the TDL4 virus. This type of virus would instead remain undetected as a false negative and would likely not considered a virus by the digital immune system.

The last and possibly most disturbing aspect of the digital immune system is the fact that there must be a first victim of a virus. In order for the system to work, it must find a victim that had the virus and send that sample to the system. Where there is a first victim, the virus may spread to a second and third, until the digital immune system processes and returns a signature to handle the virus. This delay in the digital immune system opens the possibility that a very fast-spreading virus like SQL Slammer may spread rapidly during the initial outbreak. SQL Slammer spread to about 120,000 servers within ten minutes of being released(Chen & Robert, 2004).

If a consumer questions whether or not they should be leveraging anti-virus software, the answer is yes. The 2011 Security Labs Report notes a very interesting trend; Figure 1 shows that the majority of the most common security exploits effecting users today are very old issues. Many end users continue to be vulnerable to viruses found and patched more than three years ago. For example, a 2006 issue with Microsoft Internet Explorer RDS ActiveX is responsible for 17.7% of overall exploits in 2011.

Figure 1: Common Exploits in 2011 (“Security labs report,” )

There is a serious case to be made that many users unfortunately do not understand or care about computer viruses. Figure 1 demonstrated that users do not understand the security risks that viruses present. It could be argued by users that if they do not notice problems on their computers, then why even worry about viruses.

The issues for these users are related to common software that has not been updated to prevent the exploit. It should not be surprising that these users have contracted computer viruses; if they don’t take care to update and manage their operating system and their other applications, they are not likely to install and/or maintain anti-virus software.

Many people complain about email Spam. On a daily basis, millions of Spam email messages are sent out. When checking email, many people are faced with a large number of messages that waste time and bandwidth. What users may not realize is that when they contract a virus or type of malware on their computer, they have the potential to become a source for sending out these unwanted messages to themselves and others.
Many end users will believe that their system is fine and that they don’t have anything to worry about, but malware is spreading at an alarming rate. Figure 2 shows a nearly exponential growth of malware since 1984. Something must be done to protect users since they are largely unable to protect themselves.


Figure 2: The Growth of malware (“Total malware,” 2012)

To deal with the threat of malware, anti-virus vendors have returned to the idea of heuristics. Several vendors are now scanning programs that are installed on a computer when their anti-virus software is installed. They are leveraging heuristics to better categorize and identify potential threats. In a recent technical support call at my current employer, a customer complained that our software stopped working after AVG was installed. After reviewing system logs, it became apparent that AVG heuristics identified our software product as a potential virus and prevented it from running. While the extra protection for consumers is nice, it also caused a problem in this instance. After white-listing our application in the AVG console on the system, the customer was able to run the software again without issues.

Anti-virus In The Cloud

One of the more recent buzz-words in technology is ‘the cloud’. In addition to its many benefits, the cloud represents a new means for infection and spread of viruses. These may be spread via advertisements or links in social media. The cloud also offers new opportunities to fight viruses before they make it onto users’ computers.

Possibly the most dangerous words on the internet today are “FREE, you may be a winner”, according to Mr. Bill Pytlovany. (Pytlovany, 2021) His blog entry goes on to restate the old adage that anything that seems too good to be true, probably is. Many times, the act of clicking on an advertisement for something free will probably enable malware. Several researchers have found that there are occasional malware links that get through advertisements on the web. When they do, unsuspecting users can click and get infected. This has happened with sensational links in Facebook recently. People see something shared by somebody they know and click on it thinking that it is okay. The reality is that their account is also infected to share the same infected message and their computer may be compromised as well.

While Bill was correct in has assessment that advertisements have the potential to be dangerous and should not be clicked on, the problem can actually be worse. Researchers at Avast have discovered that ads were delivered on several top tier online advertising networks that would infect machines from just being downloaded and displayed in the user’s browser. (Mills, 2010) This malware advertising exploit was mainly linked to an older browser that had not been patched, but it is scary to note that it is so simple to infect a computer with some sort of virus.

University of Michigan researchers conducted an experiment in 2007 to create an anti-virus engine that did all of its computations in the cloud. The research was based on two ideas: anti-virus as a network service, and N-Version protection. (Cooke, Jahanian & Oberheide, 2008) The researchers recommended keeping the current desktop anti-virus during this process, but wanted to test the effectiveness of a cloud-based solution. They ran this system at the university for a year to see the results.

Rather than depending on heuristics or virus signatures at the client, the three-tiered system focused on individual files. All files accessed on a system are given a unique ID and logged in a repository. Any new, unknown, or changed files generated a new ID. This new ID was sent to the cloud to see if it was already known. The response from the cloud would state if the file was good, bad, or unknown. Because most systems use the same files, this cloud system sent an average of 217 unknown files to the cloud each day. The rest of the files were already known and cataloged.

The unknown files were then sent in whole to the cloud for analysis. Once there, the system ran ten different anti-virus engines against the file. The idea was that each engine has its strengths and weaknesses; combined, the engines cover a very high percentage of threats. There is also the advantage of avoiding vendor lock-in with respect to the scanning engine used on the cloud.

While using anti-virus software on the cloud is important, its also important to note that anti-virus software was listed as one of the SANS top 20 cyber threats for 2007. (Dhamankar, 2007) The list suggests mitigating this risk by making sure that all software has the latest patch or update on it. Additionally, if you can, use a different anti-virus vendor on the cloud than used on the desktop, providing an additional layer of security in case one of these anti-virus programs do not detect the threat.

Anti-virus At Your Hand

Consumers have had viruses in their hands for much longer than they realize. The first recorded handheld Trojan horse was found in 2000 and the first mobile virus, Cabir, was found in 2004. (Lawton, 2008) Users have been increasingly asking more of their mobile devices as they have become more powerful. Many people use their cell phones for banking and social media. With the increased use and information available on them, it was just a matter of time before viruses started taking advantage of them.

In 2011, 5,255 new modifications of mobile threats and 178 new families of malware were created with 65% of them targeted towards the Android platform. (Schwartz, 2012) Security researchers agree that because Android is an open platform, it is easier for virus writers to understand how it works and create viruses to take advantage of its security flaws. Ignoring the open platform, there are two other reasons that Android devices are attacked: users expect their mobile devices to be automatically updated by the provider and Android systems represent approximately half of the mobile market. (Schwartz, 2012) Because the mobile devices are not always automatically updated by the mobile carrier, the unpatched systems are an easier target.

Early mobile malware focused on leveraging the basic functionality of cell phones. The devices were designed to make occasional SMS or text messages to services that charged extra money. This is similar to how a 1-900 number works. With enough users making a small number of SMS messages that only slightly change their bill, criminals stand to make a large amount of money.

Mobile carriers have tried to protect their customers when possible. Some vendors employ malware firewalls for the data coming over their networks, but that does not protect the users when they switch to a Wi-Fi connection. (Lawton, 2008) Other ways that vendors protect their users is by providing official applications, or app stores. The app stores have a vetting process to exclude software such as malware that could compromise the device. However, the app stores are not perfect; Google and Apple have both approved apps that should not have been, allowing them to be sold to the public. In cases when this has been identified, the app was pulled from the store to protect other users. Anti-virus researchers have found that the majority of mobile malware is found in third party app stores. (Lawton, 2008)

Anti-virus vendors have already started releasing products for mobile users. Like their desktop counterparts, there is no reason not to install it. For individuals, many vendors offer a free product for protection. Their ultimate goal is for the users to recommend that product to their administrators. The business editions of the anti-virus software costs money to purchase. This business model makes it affordable to all end users.

Protection From Government

Starting in the early 20th century, there were three dimensions of war: air, land, and sea. In the late 20th century, a fourth dimension of war was added: space. This was not to be the end as a fifth dimension was recently added in the form of cyber warfare. (Fry, 2010) Because of this new element, national governments have entered the game in order to protect their citizens. This means that many governments will do whatever it takes in the name of their citizens to ensure that the people and the country’s borders are protected.

Cyber warfare is the digital equivalent of waging a war or fighting a battle with another entity. Many public utilities are connected to the grid and vulnerable to potential viruses. This means that it is possible for one nation to attack the infrastructure of another through cyber methods. Many governments are preparing for this possibility, both offensively and defensively. Some of them are forthcoming about their capabilities while other are quiet.

The Japanese government started official work on a cyber weapon in 2008. The creation of this weapon was outsourced to a private company for $178.5 million yen (approximately $2.2 million USD). This cyber weapon is designed as an offensive response to a cyber attack on Japan. The weapon will follow the attack back to the originator, disabling the attacking program on every machine it gets to in the process. The virus is built and has been tested in a closed environment. (“Govt working on,” 2012)

The Japanese government is not the only one in the cyber warfare game. The New York Times reported that the US government considered the option of an offensive cyber attack against Libya in March of 2011. The type and specification of the cyber portion of the attack that was considered is still classified information. Ultimately, US administration and military officials decided not to commence the attack. They did not believe that they were ready to set the precedent of cyber attacks. There was also significant concern of whether or not the administration and military would have the legal authority to commence the attack. (Schmitt & Shanker, 2011)

If you are still thinking that the government is not after you and there is no need to worry, please think again. The Chaos Computer Club (CCC), a large European hacker club has found a German “lawful interception” malware. This software has numerous flaws that allowed the CCC to take control of the malware and use it for themselves. Some of the things that this malware can do is activate the microphone, camera, and take screen shots of what the user of the computer is doing. One of the legally questionable things the malware does is leverage a server in the US as a proxy to hide the location of the controller. This lawful interception software has the ability to upgrade itself. That means that it can control the infected computer and upload evidence to that computer. The German government has made claims about the safety and use of this program that the CCC has refuted. (“Chaos computer club,” 2011)

Another potential government virus that was never confirmed is called Stuxnet. Stuxnet was designed to attack Siemens programmable logic controllers used to control Uranium enrichment. Based on many of the facts of the virus, it is postulated that the virus was designed to specifically attack Iranian weapons development facilities. The virus researchers were able to intercept the calls that the virus made to its server and found that a disproportionate amount of the calls were coming from Iran. (Zetter, 2011) Based on the amount of complexity found in the virus, it is improbable that a single person could have written this it. The virus program required in-depth knowledge of several systems.


Computer viruses have been around for a long time. The started off as simple proof of concept ideas. The beginning viruses were often hobbyists playing around to see what computers are capable of. As computers became more widespread, it didn’t take long for people to figure out that they could make money illegally using computer viruses. Gaining money is not the only purpose of viruses, governments use them to war with other nations.

People will always be out to take advantage of people that are not protecting themselves. By having a quality anti-virus solution on your computer, whether its a desktop, laptop, tablet, or mobile phone is the best way to ensure that you are not a victim.


(2012). Total malware. (2012). [Web Graphic]. Retrieved from http://www.av- test.org/en/statistics/malware/

Chaos computer club analyzes government malware . (2011, October 08). Retrieved from http://www.ccc.de/en/updates/2011/staatstrojaner

Chen, T., & Robert, J. (2004). The evolution of viruses and worms. Informally published manuscript,

Engineering, SMU, Dallas, Texas. Retrieved from http://lyle.smu.edu/~tchen/papers/statmethods2004.pdf

Cohen, F. (1987). Computer viruses: Theory and experiments. Computers and Security, 6(1), 22–35. Retrieved from http://www.facweb.iitkgp.ernet.in/~shamik/spring2007/i&ss/papers/Computer Viruses Theory and Experiments.pdf

Company history. (n.d.). Retrieved from http://www.f-secure.com/en/web/home_global/about/history

Cooke, E., Jahanian, F., & Oberheide, J. (2008). Cloudav: N-version antivirus in the network cloud. Informally published manuscript, Electrical Engineering and Computer Science Department, University of Michigan, Ann Arbor, MI. Retrieved from http://jon.oberheide.org/files/usenix08- cloudav.pdf

Dhamankar, R. (2007, November 28). Top 20 internet security problems, threats and risks. Retrieved from http://www.sans.org/top20/2007/

Digital immune system. (2011). Retrieved from http://bohknet.tm.tue.nl/section82/41.html

Fry, R. (2010, July 21). Fighting wars in cyberspace . Retrieved from http://online.wsj.com/article/SB10001424052748703724104575379343636553602.html

Govt working on defensive cyberweapon / virus can trace, disable sources of cyber-attacks. (2012, Janurary 03). Retrieved from http://www.yomiuri.co.jp/dy/national/T120102002799.htm

Jackson, K. (1989, July). Technical review. Virus Bulletin, 13. Retrieved from http://vx.netlux.org/vx.php?id=zv16

Kirk, J. (2011, December 20). Antivirus software sales expected to show strong growth in 2012. Retrieved from http://www.networkworld.com/news/2011/122011-antivirus-software-sales- expected-to-254270.html?source=nww_rss

Lawton, G. (2008, May). Is it finally time to worry about mobile malware? Computer, 41(4), 12-14.

Ludwig, M. (1995). The giant black book of computer viruses. Mark: American Eagle Publications, Inc. Retrieved from http://vxheavens.com/lib/vml01.html

Ludwig, M. (1996). The little black book of computer viruses. (electronic ed.). Mark: American Eagle Publications, Inc. Retrieved from http://vxheavens.com/lib/vml00.html

Mastracci, M. (2010, July 07). [Web log message]. Retrieved from http://grack.com/blog/2010/03/17/the-sorry-state-of-avira-anti-virus-heuristics/

Matrosov, A. (2011, April 19). Tdss part 1: The x64 dollar question. Retrieved from http://resources.infosecinstitute.com/tdss4-part-1/

Mills, E. (2010, March 22). Malware delivered by yahoo, fox, google ads. Retrieved from http://news.cnet.com/8301-27080_3-20000898-245.html

Pytlovany, B. (2021, February 01). [Web log message]. Retrieved from http://billpstudios.blogspot.com/2012/02/most-dangerous-words-on-internet.html

Savage, J. (1998, August 8). Virus timeline . Retrieved from http://www.research.ibm.com/antivirus/timeline.htm

Schmitt, E., & Shanker, T. (2011, October 17). U.s. debated cyberwarfare in attack plan on libya. Retrieved from http://www.nytimes.com/2011/10/18/world/africa/cyber-warfare-against-libya- was-debated-by-us.html

Schwartz, M. (2012, March 01). Android malware continues to surge. Retrieved from http://www.informationweek.com/news/mobility/security/232601868

Security labs report july – december 2011 recap. (n.d.). Retrieved from http://www.m86security.com/documents/pdfs/security_labs/m86_security_labs_


Reimer, J. (2005, December 14). Total share: 30 years of personal computer market share figures. Retrieved from http://arstechnica.com/old/content/2005/12/total-share.ars

Veldman, F. (n.d.). Heuristic anti-virus technology. Retrieved from http://vx.netlux.org/lib/static/vdat/epheurs1.htm

White, S., Swimmer, M., Pring, E., Arnold, W., Chess, D., & Morar , C. (1999). Anatomy of a commercial-grade immune system. Retrieved from http://ebookbrowse.com/anatomy-of-a- commercial-grade-immune-system-doc-d143976665

Zetter, K. (2011, July 11). How digital detectives deciphered stuxnet, the most menacing malware in history. Retrieved from http://www.wired.com/threatlevel/2011/07/how-digital-detectives- deciphered-stuxnet/all/1