Just Hacked to Say “I Love You”: Malware’s Made it to Your Smartphone

Do you know why most managed IT approaches fail? We do.

love-bug-malware

1982 brought us one of the first instances of malware, short for malicious software, in the form of a self-replicating virus known as the “Elk Cloner.” Surprisingly, it wasn’t created by a disgruntled military scientist, a sinister hacker, or even an agency devoted to helping you find “hot singles” in your area. It was the brainchild of a literal child: 15-year-old Rich Skrenta.

The grandaddy of malware was also a pioneer of Internet trolling, as Skrenta was known to insert code into his friend’s Apple II computer games designed to shut down their systems and generally annoy the living daylights out of them. Elk Cloner was different: a boot-sector program that would infect the computer at a more fundamental level and that also, critically, was able to self-propagate itself to other systems albeit in a primitive fashion.

Designed to display an obnoxious message on every 50th bootup, Skrenta’s malware had the innovative ability to stealthily infect any floppy disk inserted into the compromised system. While Elk Cloner was relatively harmless, except perhaps to young Mr. Skrenta’s social life, it paved the way for future generations of far more dangerous malware.

The Sneakernet, The Simpsons, and the Surge of Malicious Software

More malware programs soon followed Elk Cloner, with names like Brain, Stoned, and Michelangelo. Since the Internet was still in its early stages, mostly limited to academics, businesses, and niche enthusiasts, they were unable to make much impact. Since the main source of distribution was floppy disks passed from person to person, a phenomenon jokingly dubbed the “sneakernet,” the scope of potential infections was fairly limited.

When the Internet went mainstream in the mid-1990’s, it created a huge population of inexperienced users ripe for infection. Malware began to make headlines. 1999’s Melissa virus displayed random quotes from The Simpsons on infected computers at predetermined times. Annoying but innocuous, the Melissa virus only infected around 250,000 computers.

The resulting news coverage, however, introduced many wide-eyed and innocent Internet users to the fact that their blazing fast 28.8 kilobaud modems could bring them more than just grainy BMPs and dancing babies if they weren’t careful.

I Just Hacked to Say “I LOVE YOU”

One year after Melissa had run her course, a student in Manilla created a virus that would e-mail itself to everyone in the infected’s Outlook address book. It appeared with the intriguing subject line of “I LOVE YOU” and many inexperienced Internet users could not resist the urge to click. The Love Bug virus spread like wildfire, and this malware was no joke.

Love Bug seized complete control over your operating system and storage. Once Love Bug was in charge, it searched your drives for documents, music, images, and other files and replaced them with copies of itself. It could delete important system files, rendering a computer inoperable. It even attempted to install a trojan horse that would intercept passwords and send them to the Philippines.

Love Bug’s frightening speed of distribution combined with its devastating payload made it the ultimate malware at the time. It would eventually infect over 45 million computers, 10 percent of all computers connected to the Internet. Damage estimates range from $5 billion to $10 billion, and the resulting media blitz firmly embedded the concept of computer viruses in our cultural consciousness.

Malware, Anywhere

MyDoom, ZeuS, and Flame are just a few of the countless colorfully named viruses that wreaked havoc over the next decade, and alongside them rose a multi-billion-dollar anti-malware industry. While traditional malware is still a threat, the rise of mobile devices has led to new and even more troubling evolutions of the concept.

More people own smartphones than own computers these days, and much like the 90’s transition from sneakernet to global distribution, mobile malware has a vast pool of potential victims.  Modern smartphone operating systems—things like Android and Apple’s iOS—are somewhat more sophisticated in terms of corralling malware than PC operating systems of old.

Mobile malware is especially troubling given how much of our lives are now run from our smartphones.  It can spy on your data, from text messages and phone calls to the sites you browse and the games you play. Apps can access your GPS positioning, sending info on your movements to any number of unsavory elements. It can directly cost you money by sending hijacked, automated text messages to premium SMS numbers.

Soon, with NFC technology and Apple Pay on the horizon, our wallets will be integrated with our phones, a prospect that surely has malware developers frothing at the mouth.

Outsmarting Your Smartphone

Malware has come a long way since a teenager not even old enough to drive played a trick on his computer club buddies and unwittingly gave birth to a new generation of crime. The tools to combat malicious software have evolved a lot too, but education and caution will always be the first line of defense.

Like any security threat, avoiding mobile malware is part user savvy and part technical challenge.  Fortunately, modern smartphone ecosystems—the operating system like Android or iOS plus the apps and app stores—were designed with security in mind to a much greater extent than older generation PC operating systems.  Even given that fact though, maintaining security versus flexibility and facing off against malware authors with significant financial motivation makes for a dangerous landscape.

As we become more and more dependent on our smartphones, we need to be ever more vigilant of the threats that lurk in the deeper bowels of the app store and beyond. Stay tuned for a follow-up post in the next few weeks where we will delve deeper into the current landscape of mobile malware, common mistakes and methods by which phones get infected, and how to stay safe in a dangerous world. Or, if you don’t want to wait until then, drop us a line. We’d love to set up a free consultation to talk about how we can get your business’s IT ahead of the hackers.

1b28477f-2440-4a56-bd77-e43939186c2a

Web Analytics