Thursday, December 14, 2017
Home Tags Cyber

Tag: Cyber

The network-security executive argues that the high-profile botnet takedowns in recent years are not helping the Internet, but are more of a distraction. Kelihos keeps coming back, Citadel is hard to kill, and Z...
Cyber attackers are using new methods to circumvent digital signature app validation on PCs and Android-based devices, according to the latest threat report from security firm McAfee. The firm’s researchers have identified a new family of mobile malware that allows attackers to bypass the digital signature validation of apps on Android devices. The researchers said this new security control evasion technique has contributed to a 30% increase in Android-based malware. At the same time, traditional malware signed with digital signatures grew by 50% to more than 1.5 million samples. At McAfee Focus 2013 in October, researchers said digitally signed malware was a fast-growing threat aimed at bypassing whitelisting and sandboxing security controls. “We found 1.2 million pieces of new signed malware in the last quarter alone,” said David Marcus, director of advanced research and threat intelligence at McAfee. This is malware that is signed using legitimate digital certificates that have not been stolen or forged, but acquired from certificate authorities (CAs) or their sub-contractors, he told Computer Weekly. The latest report reveals the top 50 certificates used to sign malicious payloads, noting that this growing threat calls into question the validity of digital certificates as a trust mechanism. Researchers said efforts to bypass code validation on mobile devices and commandeer it altogether on PCs represent attempts to circumvent trust mechanisms upon which digital ecosystems rely. McAfee Labs researchers identified one new family of Android malware, Exploit/MasterKey.A, which allows an attacker to bypass the digital signature validation of apps, a key component of the Android security process. McAfee Labs researchers also found a new class of Android malware that downloads a second-stage payload without the user’s knowledge. “The industry must work harder to ensure the integrity of these technologies as they become more pervasive in every aspect of our daily lives,” said Vincent Weafer, senior vice president , McAfee Labs. The third quarter also saw notable events in the use of Bitcoin for illicit activities such as contract killings, drugs, weapons, and other illegal goods on websites such as Silk Road. The growing presence of Bitcoin-mining malware highlights the increasing popularity of the currency. Researchers found malware designed to infect systems, mine their processing power, and produce Bitcoins for commercial transactions “As these currencies become further integrated into our global financial system, their stability and safety will require both financial monetary controls and oversight, and the security measures our industry provides,” said Weafer. The International Cyber Security Protection Alliance (ICSPA) has called for international collaboration in outlawing currencies such as Bitcoin because they are enabling a large proportion of cyber crime. John Lyons, ICSPA chief executive told the ISSE 2013 security conference in Brussels that if US and European financial institutions collaborated, they could shut down virtual currencies overnight by requiring all financial transactions to go through auditable channels only. “This is the safest and most secure way of shutting down funding to criminal groups,” he said. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
Businesses should note that many UK mobile users do not take security precautions and do not know how to guard against data theft, says a report by security firm Trend Micro. A survey of 2,500 UK mobile users found that 27% have lost up to three company devices and 52% regularly carry a mobile device containing sensitive work data, putting their employers and customers at risk of fraud. The survey revealed that 61% who use their devices for work do not use password protection, 20% use their personal smartphones for business, and 63% use the same or similar passwords for all accounts. Nearly a third said they regularly use Wi-Fi hotspots, but 56% do not check security before connecting to them, with 22% accessing work emails and 10% accessing confidential documents in public places. The survey highlights a culture of carelessness among the UK population in their attitude to corporate data and mobile devices used for work purposes, the report said.   The survey revealed that 44% of respondents were more concerned about losing personal content such as photos and banking details than about enabling cyber criminals to access sensitive business data. Only 3% of respondents were concerned about the theft of corporate data, while 47% do not worry about losing customer details and 55% do not worry about losing intellectual property. This indicates a lack of awareness around financial and reputational cost to business when sensitive data is leaked, the report said. Of further concern to businesses should be the fact that 56% were not sure what to do to protect the data on their devices if they are lost or stolen. Only 10% said they would notify their company IT department first if their device were lost or stolen, only 13% said they would notify their manager, and only 3% would notify human resources (HR). This highlights the lack of awareness around the need to notify the business about data loss to enable it to limit or avoid reputational and financial impact, the report said. Vinod Bange, partner at law firm Taylor Wessing, believes proposed EU data protection regulations will help drive change by potentially introducing fines. In October, MEPs proposed increasing fines of up to €1m or 2% of annual worldwide turnover to €100m or up to 5% of annual worldwide turnover, whichever is greater. “Currently UK data protection authorities can impose penalties of only up to £500,000, but much bigger EU fines will encourage organisations to embed security in their systems and processes,” he said. However, Bange said the survey demonstrates the need for education to help employees understand the importance of protecting corporate data on mobile devices and notifying employers of potential breaches. “Businesses that are unaware of data breaches will fail to act, which will diminish their ability to protect customers and avoid monetary penalties or contractual claims from third parties,” he said. Rik Ferguson, global vice-president of security research at Trend Micro, said it is the duty of a business to ensure it is educating employees on the secure use of mobile devices. “Employees should be made fully aware of the procedures and risks, and in the event of loss or theft, it is critical to notify the company’s IT department,” he said. If a device that is used for work purposes is stolen, Ferguson said the first people who need to know are those in the company IT department. “They can lock and wipe a device – and they need to act quickly,” he said. To prevent data being stolen through public Wi-Fi, Ferguson said it is essential to ensure connections to websites are encrypted. “Look for 'https://' at the beginning of a URL and a padlock symbol next to the URL for added reassurance,” he said. Anyone connecting to webmail should also ensure the connection is encrypted because cyber criminals are looking for usernames and passwords transmitted in clear text, said Ferguson. “Most ISPs do not offer an encrypted connection unless they are asked, so users need to be vigilant when on a shared network,” he said. Ferguson also warned against enabling shares on computers when joining a public network, he said IT departments should allow only secure devices to connect to corporate networks and provide virtual private networks (VPNs) to create a secure connection for all corporate traffic. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
Senior managers at small and medium enterprises (SMEs) are failing to prioritise cyber security, preventing them from establishing a strong IT security posture, a study reveals. Many SMEs are at risk because of uncertainty over their security and cyber-attack threats, according to a study by the Ponemon Institute. The Risk of an Uncertain Security Strategy study polled 2,000 SMEs globally, of which 58% of respondents said management does not see cyber attacks as a significant risk to their business. Some 44% report IT security is not a priority, while 42% said their budget is not adequate for achieving an effective security posture and only 26% said their IT staff have sufficient expertise. Despite this, IT infrastructure and asset security incidences, and wider security-related disruptions, were found to have cost these SMEs a combined average of $1.6m (£990,000) in the past 12 months. The study also revealed a third of respondents were uncertain if a cyber attack had occurred in the past 12 months, and 42% said their organisation had experienced a cyber attack in the past 12 months. The research, sponsored by UK-headquartered security firm Sophos, also identified that those in a more senior position were likely to be more uncertain of the seriousness regarding a potential threat. “The scale of cyber attack threats is growing every day,“ said Gerhard Eschelbeck, chief technology officer at Sophos, “yet this research shows that many SMEs are failing to appreciate the dangers and potential losses they face from not adopting a suitably robust IT security posture.” According to the research, there are three main challenges preventing the adoption of a strong security posture: failure to prioritize security, insufficient budget and a lack of in-house expertise. In many SMEs there is also no clear owner responsible for cyber security, with 32% of respondents saying the CIO is responsible for setting priorities, while 31% said no single function is responsible. “Today in SMEs, the CIO is often the only information officer, managing multiple and increasingly complex responsibilities within the business,” said Eschelbeck. “However, they can’t do everything on their own and as employees are demanding access to critical apps, systems and documents from a diverse range of mobile devices, it would appear security is often taking a back seat,” he said. The study also reveals uncertainty around whether BYOD (bring your own device) policies and the use of the cloud are likely to contribute to the possibility of cyber attacks. Some 77% of respondents said the use of cloud applications and IT infrastructure services will increase or stay the same over the next year, but a quarter said they did not know if this was likely to impact security. Similarly, 69% said mobile access to business critical applications would increase in the next year, despite only half believing this will diminish security postures. “Small and midsize organisations simply cannot afford to disregard security,” said Larry Ponemon, president of the Ponemon Institute. “Without it, there is more chance that new technology will face cyber attacks, which is likely to cost the business substantial amounts,” he said. According to Larry Ponemon, CIOs are under pressure to implement new technology that informs agile and efficient ways of working, but this should not take precedence over security. “The industry needs to recognise the potential dangers of not taking cyber security seriously and create support systems to improve SMB security postures,” he said. The study found that uncertainty about security strategy and the threats faced by organisations varies by industry, with respondents in financial services reporting greater confidence. The technology sector is also more security aware, but retailing, education and research, and entertainment and media are subject to the highest level of uncertainty. The report recommends that SMEs: Concentrate resources on monitoring their security situation to make intelligent decisions. Establish mobile and BYOD security best practices.  Look for ways such as a move to cloud and security consulting to bridge the gap created by a shortage of information security professionals. Measure the cost of cyber attacks and work with senior management to make cyber security a priority. Invest in solutions that restore normal business activity faster for a high return on investment. Consider consolidated security management to gain a more accurate picture of threats to help focus on problem areas. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
With forecasts of heavy demand for cyber-security professionals through 2020 and beyond, private- and public-sector organizations continue to develop outreach programs. In an effort modeled after the 1950s push to educate Americans in hard sciences and mathematics, U.S. private and public organizations have launched a number of initiatives to build cyber-security expertise this year, including partnerships with universities to develop cyber-security training programs and coursework to build a steady supply of technical graduates. This week, IBM expanded its Cyber Security Innovation Program, a program through which the company works with universities to develop courses, provide tools to educators and fund cyber-security research and academic programs.

The program is not about creating cyber warriors, but about training the architects of future security solutions, Marisa Viveros, vice president of IBM's Cyber Security Innovation, told eWEEK. "It is really about creating a new set of talent in future employees so they will understand security, no matter their background," she said. "It does not have to be an engineer; it could be on the business side; it could be in management." Cyber-security professionals continue to enjoy strong demand and low unemployment, especially in the United States.

The International Information Security System Certification Consortium, or (ISC)2, predicts that the rolls of U.S. cyber-security professionals will grow by 11 percent each year through 2020.

The U.S. Department of Labor estimates the growth to be twice that. The Obama administration has flagged cyber-security education as a major part of its Comprehensive National Cybersecurity Initiative, recalling the push to develop mathematics and engineering expertise in the nation's school children in the 1950s. "Existing cyber-security training and personnel development programs, while good, are limited in focus and lack unity of effort," the administration stated on its site. "In order to effectively ensure our continued technical advantage and future cyber-security, we must develop a technologically-skilled and cyber-savvy workforce and an effective pipeline of future employees." In the latest expansion of its program, IBM announced partnerships with 11 universities, including Fordham University, Georgia Institute of Technology, Technische Universität Darmstadt in Germany, Temasek Polytechnic in Singapore, Universidad Cenfotec in Costa Rica, Universiti Kebangsaan in Malaysia, and Wroclaw University of Economics in Poland.

The company now has partnerships with more than 200 schools worldwide. The University of South Carolina, another of the schools partnered with IBM, teaches security as part of its integrated information technology program. Enrollment in the program has grown by 20 percent each year for the past few years, says Mark Harris, assistant professor of integrated information technology at the University of South Carolina. "Security is a pervasive theme throughout all the tracks," he said. Other initiatives include the National Security Agency's certification of certain schools as Cybersecurity Centers of Excellence and the Cybersecurity Challenge, which seeks to create training opportunities and cyber-security competitions to drive interest in the field.
IBM remains aggressive in pursuing innovation in its key areas of focus, including cloud computing, big data and analytics, mobile and security, among others. IBM has been busy of late with several major announcements in areas including cloud computing, big data, security and more. In any given week, IBM is in the thick of it with new technology announcements, partnerships and other news, but over the last couple of weeks Big Blue seems to have had a little extra going on. For instance, on Nov. 15, IBM announced that scientists at ETH Zurich, a prominent Swiss university, and IBM Research, in collaboration with the Technical University of Munich and the Lawrence Livermore National Laboratory (LLNL), have set a new record in supercomputing in fluid dynamics using 6.4 million threads on LLNL's 96-rack "Sequoia" IBM BlueGene/Q, one of the fastest supercomputers in the world. IBM said the team of scientists performed the largest simulation ever in fluid dynamics by employing 13 trillion cells and reaching an unprecedented, for flow simulations, 14.4 Petaflop sustained performance on Sequoia—73 percent of the supercomputer's theoretical peak. In the security space, IBM recently announced that it is adding 11 additional schools to its more than 200 partnerships with universities around the globe, focusing on collaborating to bring cyber-security skills into the classroom.

According to the U.S. Bureau of Labor Statistics, employment in the cyber-security field is expected to grow rapidly, increasing 22 percent by 2020.

As organizations transmit and store more sensitive information electronically, the need for employees with experience in cyber-security will be imperative in order to protect data in the cloud, mobile devices and traditional computing. As part of IBM's Academic Initiative, the company is launching new curriculum and programs focusing on cyber-security with Fordham University, Georgia Institute of Technology, San Jose State University, Southern Methodist University, Technische Universität Darmstadt in Germany, Temasek Polytechnic in Singapore, Universidad Cenfotec in Costa Rica, Universiti Kebangsaan in Malaysia, The University of South Carolina, University of Texas at Dallas and Wroclaw University of Economics in Poland. In a move aimed at spurring innovation outside IBM, the company also recently announced plans to open its Watson cognitive computing technology up to developers. IBM said it will make its Watson technology available as a development platform in the cloud, to enable a worldwide community of software application providers to build a new generation of apps infused with Watson's cognitive computing intelligence. The move aims to spur innovation and fuel a new ecosystem of entrepreneurial software application providers—ranging from startups and emerging, venture capital-backed businesses to established players. Together with IBM, these business partners share a vision for creating a new class of cognitive applications that transform how businesses and consumers make decisions. To bring this vision to life, IBM will be launching the IBM Watson Developers Cloud, a cloud-hosted marketplace where application providers of all sizes and industries will be able to tap into resources for developing Watson-powered apps.

This will include a developer toolkit, educational materials and access to Watson's application programming interface (API). Meanwhile, in another major move, on Nov. 13 IBM announced a definitive agreement to acquire Fiberlink Communications, a mobile management and security company, to boost the IBM MobileFirst platform.
Many organisations may find that years of irreplaceable tape backups are inaccessible because modern machines cannot handle legacy formats. Speaking at a launch event for EMC's latest research, David Cripps, chief information security officer (CISO) at Investec, said: "People will find that they have the tape, but they won't be able to read it back." Investco keeps some old hardware purely for the purpose of restoring legacy tape backups. The inability to access legacy tapes is part of a wider IT problem relating to the availability of systems.

The EMC research estimated that unscheduled downtime costs $611,375 (£379,519) per year in the UK. EMC also reported that security breaches cost UK businesses an average of $1,158,077 per year, while the annual cost of data loss is $1,302,895. The global study of 3,300 IT and senior business executives found that reduced investments in critical areas of IT – such as continuous availability, integrated backup and advanced security – were hampering the resilience of IT infrastructure and recovery time after downtime.  “At Investco, we use security as a business risk, just like the risk [assessment] in the liquidity market," said Cripps. "It is a risk event. My reporting line is into risk, and business makes an assessment of the risk impact.” Challenges of being a CISO From a security and availability perspective, Cripps said that if systems are down for a second, there is an immediate impact on the business.  Among the issues he is tackling are cloud computing, cyber crime and requests from staff to use their own devices. Cripps warned that from a CISO perspective, legislation is increasingly affecting how organisations are run. Changes to the EU Data Protection Directive, for example, will mean that a business has a time limit of 24 hours to report data loss to a regulator.  Cripps said the security industry was failing businesses by selling fear, uncertainty and doubt (FUD).  “As an industry, there is still a great deal of FUD by vendors to sell a product. People phone up and say they have a solution for APT [advanced persistent threats].

This is our life. Don't try to scare me into buying something, because [if you do that], you have lost straight away,” he said. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
One-third of small and midsize businesses (SMBs) have no idea if the organisation has been the victim of cyber crime or malicious hackers in the past 12 months, while management in over half of SMEs don't see cyber attacks as significant risks. That's according to the Risk of an Uncertain Security Strategy study conducted by independent research firm Ponemon Institute sponsored by security solutions provider Sophos, which highlights that SMBs need better help to understand the potential threats of cyber attacks. "One-third of respondents admit they are not certain if a cyber attack has occurred in the past 12 months," said the report. Because of this lack of knowledge about the frequency and magnitude of such attacks, actionable intelligence appears to be deficient," it continued, adding that in order to remedy the problem IT managers "will be investing in big data analytics and network traffic intelligence over the next three years." The research claims that cyber attacks have cost SMBs an average of $1.6m (£1m) over the past 12 months, the cost of which will only rise if both the IT department and management fail to gain a better understanding of increasing cyber threats. That's especially the case if organisations can't get a grasp of changes in the workplace brought about by the likes of BYOD and cloud technology. "Small and midsize organisations simply cannot afford to disregard security. Without it there's more chance that new technology will face cyber attacks, which is likely to cost the business substantial amounts," said Larry Ponemon, president of the Ponemon Institute, who warned that security should always come first when adopting new technologies. "CIOs are under pressure to implement new technology that informs agile and efficient ways of working, but this should not take precedence over security. "The industry needs to recognise the potential dangers of not taking cyber security seriously and create support systems to improve SMB security postures," he said. Gerhard Eschelbeck, chief technology officer for Sophos, argued the research demonstrates security is increasingly "taking a back seat". "The scale of cyber attack threats is growing every single day, yet this research shows that many SMBs are failing to appreciate the dangers and potential losses they face from not adopting a suitably robust IT security posture," he said. "Today in SMBs, the CIO is often the 'only information officer', managing multiple and increasingly complex responsibilities within the business," Eschelbeck continued. "However, these OIOs can't do everything on their own and as employees are demanding access to critical apps, systems and documents from a diverse range of mobile devices, it would appear security is often taking a back seat," he added. The report recommends that organisations need to focus on monitoring, reporting and proactively detecting threats, and formulate best practice for mobile and BYOD. It also suggests organisations keep a proper record of the cost of cyber attacks, including downtime and loss of productivity caused by malicious hackers. The research surveyed more than 2,000 respondents across the US, UK, Germany and Asia-Pacific.
Prime minister David Cameron says UK and US intelligence agencies will help fight child abuse images on the dark web that is inaccessible to search engines. Under pressure from the UK government, Google and Microsoft have announced measures to make it more difficult to find child abuse images online. Child protection experts have warned that most illegal abuse images cannot be found through normal web searches because they are hidden on encrypted peer-to-peer networks. But Cameron told the BBC's Jeremy Vine that the dark web can be policed, and that the skills of the intelligence communities in the UK and US will be harnessed to do so. The prime minister said intelligence agencies have developed capabilities to get into the dark internet and decrypt files that are encrypted. “If you use the best brains – the inheritors to the people that decrypted the Enigma code in the Second World War – if you take those brains, and apply it to the problem of tackling child abuse online, you'll get results,” he said. Cameron said he was confident of progress after talking to internet service providers (ISPs) and the National Crime Agency (NCA) team that will work with US counterparts to apply the best expertise. Asked about the potential invasion of privacy that would result from the move, he said: "People understand that a crime is a crime whether it's committed on the street or the internet." Google and Microsoft have agreed to work with the NCA and the Internet Watch Foundation (IWF) in the UK to provide technical support in finding abuse images on the dark web, according to The Guardian. The newly launched NCA is investigating hidden internet operations after the arrest of four UK men in connection with online drug market Silk Road in October. News of the arrests came a week after the FBI shut down the website and arrested kingpin Ross Ulbricht in San Francisco and one of the site’s top sellers in Seattle. At the time, Andy Archibald, head of the NCA’s National Cyber Crime Unit (NCCU), said the investigation into Silk Road would provide insights into how criminals use the hidden internet. These criminal areas of the internet, he said, are also used for fraud and trafficking in people and other illicit goods such as firearms and images of child abuse. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
Prosecutors say the defendants participated in a crime ring that robbed thousands of ATMs using bogus magnetic strip cards. November 18, 2013 7:30 PM PST Five more people have been arrested in connection with a global cybercrime ring blamed for...
The UK National Crime Agency’s National Cyber Crime Unit (NCCU) is warning of a mass email-borne malware campaign aimed at small and medium enterprises (SMEs) and consumers. The emails appear to be from financial institutions, but carry malicious attachment that can install Cryptolocker malware, a type of ransomware. The NCA warning comes a week after the US computer emergency response team (US-Cert) issued a similar warning to US computer users. Security firm BitDefender found that in the week starting 27 October 2013, more than 12,000 computers in the US were infected with the Cryptolocker malware, reports the International Business Times. The malware is designed to encrypt files on the infected computer and any network it is attached to and then demand the payment of a ransom of around £500 in Bitcoins to unlock the files. Cryptolocker will encrypt files not just on the hard disk, but also any connected drives, including mapped network shares, and even folders that might sync up with the Cloud such as DropBox, said independent security advisor Graham Cluley. CryptoLocker is a Trojan that is typically distributed by mass email messages with attachments that install the malware and targets computers running versions of Microsoft’s Windows operating system, but does not affect computers running Apple's Mac OS, he wrote in a blog post. The NCA said it would never endorse the payment of a ransom to criminals and warned that there is no guarantee the files will be unlocked. "The NCA is actively pursuing organised crime groups committing this type of crime,” said Lee Miles, deputy head of the NCCU. “We are working in co-operation with industry and international partners to identify and bring to justice those responsible and reduce the risk to the public," he said. Miles said anyone who is infected with this malware should report it through ActionFraud, the UK’s national fraud and internet crime reporting centre. The NCCU said prevention is better than cure and that UK SMEs and consumers should: - Not click on any such attachment. - Update antivirus software and operating systems. - Backup files routinely to a location off the network. - Disconnect any infected computers from the network. - Seek professional help to clean infected computers. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com
eWEEK 30: It was just 30 years ago that the word "virus" changed in meaning from infectious microorganisms to malicious computer code that can destroy data while costing billions to clean up and prevent. At the beginning of the PC era, Internet security was not much of a concern as people simply booted their machines and loaded programs without worry. In that earlier, more innocent era, the term "virus" was relegated strictly to the realm of clinical biology and only living things could actually get viruses. That all changed 30 years ago this month when University of Southern California graduate student Fred Cohen coined the term "computer virus." The world's first computer virus had actually appeared a year before in 1982, with the debut of the Elk Cloner, which affected the Apple II operating system.

For the first time in history, computers could now get "sick" with viruses, and the IT world has never been the same since. Over the past 30 years, viruses have gone from that initial Elk Cloner virus, which had extremely limited impact, to widespread attacks that cripple companies and are now even part of the modern nation-state arsenal for cyber-warfare. The timeline of viruses over the last 30 years has not been a straight line, and there have been multiple extinction events of entire classes of computer viruses as the IT industry has come to terms with virus threats. Roger Thompson, chief emerging threat researcher at ICSA (International Computer Security Association) Labs sees the past 30 years as being made up of multiple eras. The first era was the age of DOS viruses which spanned from 1987 until 1995. Thompson described the period as one with "astonishingly complicated" code. One of the key evolutions during this period was the emergence of self-replicating viruses, known as worms. On Nov. 2, 1988, Robert Morris, at the time a Cornell graduate student, unleashed the world's first worm. It was a 99-line program and was designed to infect Sun Microsystems and Digital Equipment Corp. VAX environments. In 2001, some 13 years after the Morris worm was unleashed, eWEEK ran on a story titled, "Who Let the Worms Out?" which detailed the impact that security incident had. According to Thompson, the release of Windows 95 was an extinction-level event for the first era of viruses. Windows 95 introduced a new protected mode operating system, eliminating an entire class of viruses.

At the same time, Microsoft introduced Office 95, which included a powerful macro language, which opened the door to a new era of the most destructive viruses that computing infrastructure had ever seen up to that date. While the Morris worm was mostly a proof of concept, the Melissa worm of 1999 was not. Melissa was the first mass-mailing email virus and even 10 years after it first hit, eWEEK was still lamenting its destructive impact. Melissa's impact, however, pales in comparison to the devastation of the ILOVEYOU worm, which infected machines around the world in 2000. The Melissa and ILOVEYOU viruses both overwrote and deleted files on millions of PC's worldwide.

The worm component of Melissa and ILOVEYOU accessed users' contact lists in order to replicate and widely spread the destruction. Melissa and ILOVEYOU were both macro viruses that leveraged Microsoft's Visual Basic scripting language in order to execute their destructive payloads. In April 2001, still reeling from the impact of ILOVEYOU, eWEEK reported that Microsoft restructured its entire security mantra in order to prevent a similar event from ever happening again.

As it turned out though, the worst for Microsoft was yet to come.