April 1, 2014

Careware: Top 5 Somewhat Useful Malicious Programs


In the days of cyberwars and cybermafia, it’s hard to recall times when computer viruses and worms were just research projects or pranks.  Back then, there were no monetary incentive to write malware, and not every virus creator was evil. That’s why some programmers explored the possibility of writing “useful” viruses or tried to take care of minimizing the negative impact of their creations. In a few extraordinary cases, viruses were even thought to get rid of dangerous malware or optimize the computer’s resources. Let’s look at 5 of the most notable “careware” (as opposed to malware) viruses of the past.


5. The Creeper (1971)

The first known computer virus in history was really academic research, and, as you might expect, it was harmless. It was called the Creeper, and it appeared in 1971, written by an employee of the US Ministry of Defense’s Defense Advanced Research Projects Agency. This primitive worm looked for other computers on the network, which back then was a small, localized affair, copied itself to them and displayed the following message: “I’M THE CREEPER: CATCH ME IF YOU CAN.” If Creeper found an existing copy of itself on a computer, it simply “jumped over” to another computer. It did not cause any harm to the computer system.

4. Stoned (1988)

Stoned was another “fun” virus whose main purpose was to promote a message to the user. It was first detected in 1988 in New Zealand. It was a boot virus that was modifying the boot sector of floppies instead of executable files. Just like Creeper, it did not cause any harm to the computer. It simply displayed a message on the screen during the boot time: “Your computer is now stoned.” Some samples also contained more specific calls to action: “Legalize Marijuana.” It seems that message finally reached its desired destination (namely U.S. politics) only in 2013.


3. HPS (1997)

The “prank virus” title is deservedly held by HPS, a program that was created specifically for the Windows 98 operating system but, in fact, spread months before this environment was released. One of the odd things about this virus was that it was only active on Saturdays: once a week it reversed non-compressed bitmap graphic objects. Typically it led to Windows startup and shutdown images being displayed in the mirrored state.

2. The Cruncher (1993)

The Cruncher was a typical resident file virus of the nineties. It infected executable files and used an algorithm (stolen from then-popular DIET utility) to compress data and pack the infected file, so the infected file was shorter than the original, while remaining fully functional. This freed up room on the user’s hard drive.

1.  Welchia aka Nachi (2003)

The Welchia virus is a strong contender in the “most helpful worm” contest. Back in 2003, when personal firewalls and regular software updates were extremely uncommon, it was possible that just plugging the network cord in could infect your computer. This was enabled by serious vulnerabilities in Windows network-related components and utilized by numerous network worms. One of the most widespread malware of this type was Lovesan, aka Blaster, which managed to paralyze entire networks in some companies. Welchia utilized exactly the same vulnerabilities to infect a computer, however its next actions were very unusual. It checked if Blaster was present in the processor memory: if so, it stopped its operation and deleted the entire malicious file from the disk. This was not the end of Welchia’s mercy mission: after eliminating the malware, the “benign” virus checked if there was an update in the system to patch the vulnerability through, and the worm penetrated the system. If not, the virus initiated a download from the manufacturer’s site. Welchia then destroyed itself after completing all these operations.

Today, practically 100% of viruses are written with just one goal in mind: stealing money or confidential data

Don’t read this the wrong way though, even harmless or “useful” viruses are unwanted on your devices.  They might cause damage because of a programming mistake and even a malware creator may not be able to fix this. Even plain vanilla programs have negative side effects, like consuming your computer resources. However, the concept of “non-malicious malware” itself is not relevant nowadays.

“Today, practically 100% of viruses are written with just one goal in mind: stealing money or confidential data,” said Alexander Gostev, Chief Security Expert at Global Research & Analysis Team, Kaspersky Lab.