The first computer virus wasn't much of a threat. Created by a mischievous Pittsburgh high school student, Elk Cloner annoyed unwitting Apple II users with a brief poem extolling its power to proliferate:

It will get on all your disks
It will infiltrate your chips
Yes it's Cloner! …

The year was 1982. The IBM personal computer had only been born the year before (its first virus would not crop up until 1986), the worlds of science and business had yet to adopt computer technology on a wide scale and computer users were primarily a gaggle of tech-savvy hobbyists who swapped files by floppy disk.

In the 25 years since the irksome but relatively benign Cloner, the growing World Wide Web of computer networks and high-speed Internet connections has left just about everyone with a PC or laptop vulnerable to malware (malicious software). In the process, malware has evolved from a minor irritant into big business.

The costs of malware are hard to quantify, but estimates range from tens to hundreds of billions of dollars in lost profits and fraudulently acquired gains annually, says computer security expert Eugene Spafford, a professor of computer science in the Center for Education and Research in Information Assurance and Security at Purdue University.

Like viruses and similar programs called worms, modern malware copies itself onto unsuspecting computers via e-mail attachments, Web pages or more direct attacks. But instead of causing those machines to crash, it may monitor keystrokes to detect social security numbers or deliver spam peddling bogus get-rich-quick schemes. So-called bots even allow attackers to remotely control infected systems.

Old-style malware, seemingly written for bragging rights, made headlines for knocking out swaths of the World Wide Web. The SQL Slammer worm briefly slowed Internet traffic to a crawl in early 2003. Financial motives often drive newer malware, which is subtler, more like a parasite, Spafford says. It sticks around inflicting damage but "it doesn't want to kill the host because that kills it," too, he says.

In a commentary published online this week in Science, Spafford and computer scientist Richard Ford of the Florida Institute of Technology warn that the problem will widen in scope as cell phones and other household electronics become increasingly sophisticated and connected (think iPhone). Proof-of-concept viruses could in principle hop between cell phones via the Bluetooth wireless standard. "Virulent cell-to-cell malware is not far off," the researchers caution.

Malware has no single cause or solution, and is likely to get worse before it improves, Spafford says. "A lot of the problems have to do with human nature," he says. Consumers demand more and fancier computer functions, creating more spaces for viruses and bots to hide. Software and machines could include tools to make them more resistant to malware, but people would probably switch them off to play games, he says.

A National Research Council report published in late June called for more research to improve cybersecurity technologies and policies. Spafford says a concerted effort by governments and industry could rein in the growth of malware in the coming decade—if the subject received sustained attention.

"We don't see malware going away," he says. "The question is, how much is it with us?"

Comments