1993-1995

1993

Virus writers began to take their work seriously. The computer underground had already mastered an array of new polymorphic generators and constructors, and founded new electronic publications. This year saw new viruses which employed new techniques to infect files, penetrate systems, destroy data and conceal themselves from antivirus applications.

One such example is the PMBS virus which worked in the secure regime of Intel 80386 processors. Another example was the Strange (or Hmm) virus, the only stealth virus, however, executed on the level of device interruption at INT 0Dh and INT76h.

Carbuncle signaled a new generation of companion viruses. A number of other viruses like Emmie, Bomber, Uruguay, and Cruncher employed fundamentally new techniques to conceal themselves in the code of infected files.

The spring of 1993 turned out to be a nerve-wracking time for many antivirus vendors: Microsoft released its own antivirus program. Microsoft AntiVirus (MSAV) was based on the former Central Point AntiVirus (CPAV). The program was included in the standard delivery of MS-DOS and Windows operating systems. The first tests conducted by independent testing laboratories showed a high level of effectiveness. However, later on, its quality began to slowly decline and the project was discontinued.

1994

More and more significance is attached to the problem of viruses on CDs. Having quickly become popular, this removable storage media became one of the primary ways of spreading viruses. Several incidents were registered when a virus was discovered on the master-disc of a compact disc producer. As a result, the computer market was flooded with relatively large shipments (tens of thousands) of infected discs. Naturally, such carriers could not be disinfected, they can only be destroyed.

At the beginning of the year, two extremely complex polymorphic viruses appeared in the UK: SMEG.Pathogen and SMEG.Queeg - even now, not all antivirus programs are able detect these programs with 100% certainty. The virus writer placed the infected files on BBS boards and caused both an outbreak and a panic in the mass media.

The GoodTimes hoax caused yet another panic. GoodTimes allegedly spread via the Internet and infected computers via email. However, sometime later, an ordinary DOS virus containing the text Good Times appeared and was named GT-Spoof.

Many other unusual viruses appear this year:

• January: Shifter - the first virus to infect OBJ files.
• Phantom1 becomes the first polymorphic virus in Moscow
• April - ScrVir-a family of viruses which infects source code programs in C and Pascal.
• June - OneHalf - a complex and dangerous polymorphic virus causes a significant outbreak: in fact, this virus is still active and can cause real damage to this day.
• September - Zaraza - an MS-DOS file-loading virus caused a significant outbreak by using a unique installation method: the new technique temporarily stumped the antivirus experts.

This year also marked several significant developments in the antivirus field.

In June, one of the leading antivirus vendors was purchased by Symantec, who had already earned a reputation for aquiring other antivirus projects.

AntiViral Toolkit Pro was launched in September. Eugene Kaspersky's first product immediately won top marks in a series of independent tests conducted by Hamburg University.

1995

Nothing significant occurred in the field of DOS-viruses this year, although several complex virus such as Nightfall, Nostradamus, and Nutcracker appeared. There were also some interesting new viruses such as the 'bisexual' RMNS virus and the BAT virus, Winstart. There were also two widespread, but not severe outbreaks caused by ByWay and DieHard2.

In February, Microsoft sent infected versions of Windows 95 to beta-testers, but only one person thought to run an antivirus check. He discovered that the discs were infected by From and testing was put off until clean discs were issued.

In the Spring of 1995, two antivirus companies announced an alliance: ESaSS (the developer of ThunderBYTE Anti-Virus) and Norman Data Defense Systems (Norman Virus Control). These companies, both with their own very strong independent antivirus products, decided to combine efforts to develop a single antivirus system. Later on, in 1998, this alliance would crumble with a buy-out of the Dutch ESaSS by a Norwegian company.

In August, the Concept virus struck MS Windows: the virus circled the globe in only a month and was number one on antivirus vendors lists of most common viruses.

In the first half of September, one of the world's largest computer manufacturers, Digital Equipment Coporation (DEC) accidentally distributed copies of the Concept virus to delegates at a DECUS conference taking place in Dublin. Fortunately, the virus was quickly detected and the outbreak contained. Over a hundred known versions of the Concept virus are still in circulation today.

Green Stripe, a virus for AmiPro, a then popular word-processing program, also spread rapidly. The source code for Green Strip was published as a free supplement to Mark Ludwig's magazine Underground Technology Review.

The advent of macro viruses posed a new set of challenges for antivirus vendors. New technologies were needed to detect macro viruses; first in MS Word and eventually in other MS Office applications.

The English affiliate of the Ziff-Davis publishing house distinguished itself twice in 1995. The first time was in September when the publishing house's PC Magazine (English version) distributed a diskette containing the Sampo virus to its subscribers. This was soon discovered and the company offered its apologies and offered readers a free antivirus utility. The irony of the event lay in the fact that the diskette was a supplement for an issue which contained articles the results of antivirus tests for Novell NetWare products.

Later, in the middle of December, another Ziff-Davis publication, Computer Life, sent its readers a diskette containing a Christmas greeting. Unfortunately, it turned out that the diskette also contained the Parity Boot virus.

Law enforcement agencies also pressed onward in the struggle against cyber crime. On January 16, The New Scotland Yard's Computer Crime Unit took Christopher Pile to court for writing and distributing viruses. The unemployed Pile, or the Black Baron, as he was known in the underground was accused of authoring the Queeg and Pathogen viruses as well as the SMEG polymorphic generator. After ten months Pile pleaded guilty and was sentenced to 18 months in prison.