The Anti-virus Times

Wednesday, April 28, 2021

On April 22, Dr.Web Anti-virus celebrated its birthday. The starting point in the history of the green spider was 1992, when the Spider's Web anti-virus application was released—it incorporated the resident protection module and scanner created somewhat earlier by Igor Danilov (he also celebrated his birthday on April 22!). Today our anti-virus is celebrating its 29th anniversary—and we want to take this occasion to recall, together with our readers, the main challenges that Dr.Web overcame during those years.

Strictly speaking, the early history of the anti-virus’s development was associated with responding to emerging computer threats. There were not quite as many of them as they are now, but it was obvious that the worst was yet to come.

In 1993, with the emergence of polymorphic viruses, which can change their code, Dr.Web became the first anti-virus in the world to learn to recognise that threat—and thus came to enjoy worldwide popularity. With fame comes great responsibility—not only to continually improve the anti-virus, but also to strive to remain at the forefront of the industry and to be among the first to successfully cope with new intrigues of cybercriminals. In particular, Dr.Web became the first anti-virus to include incremental updates for its virus databases—this saved users from having to download the entire product every time and significantly increased the frequency of updates.

The team that formed around Igor Danilov in 2003 became Doctor Web Ltd. The company steadily expanded and continually provided the anti-virus with new features, allowing it to keep up in the "race" against cybercriminals, which was gaining momentum from year to year.

So, back in 2003, Dr.Web discovered the network worm SQL.Slammer—at that time, Dr.Web was the only anti-virus that had the technology to detect this threat in the memory of infected PCs. The worm caused a severe epidemic that affected computers all over the world within just a few hours.

In early 2010, an epidemic of ransomware lockers, which extorted money from users to unlock their systems, was raging —and for a long time, the free assistance provided to the victims of these trojans became one of Doctor Web’s most important areas of work. At the same time, a huge number of new modifications of that malware were added to the Dr.Web virus database. This saved a huge number of our users from encountering Winlocks.

Meanwhile, the Apple operating system was gaining popularity. For a long time, it was considered invulnerable to viruses and other digital dangers, and not all users took the anti-virus for "macs" (we debuted it in 2009) seriously. The macOS developers themselves underestimated the danger. But thanks to the Dr.Web anti-virus and the work of our virus analysts, in 2012 the first botnet consisting of infected Macs was detected—at the peak, the number of botnet nodes (infected Macs) exceeded 800,000. Just recently, the Anti-virus Times recalled that story.

By the way, a similar situation occurred with "androids" and other mobile OSs: when the Dr.Web anti-virus for mobile devices was released in 2007, many users thought these systems were unlikely to affected by threats. But today, when Android is very popular among users, no one dares speak about this mobile OS being free from danger. This is the flip side of any platform’s popularity: when users show interest in a platform, attackers pay attention.

But let's get back to Windows. By 2015, the encryption ransomware epidemic gained speed. After compromising files, encryption ransomware demanded money to make user systems operational again. There was a time when more than half of the requests our technical support service received involved encryption ransomware problems. Tellingly, the requests were mainly from users of other anti-viruses. Moreover, we had many thousands of cases where we successfully decrypted user files. As for Dr.Web products, they’ve been equipped with new technologies and continue to be equipped with new anti-encryption ransomware technologies in a timely manner.

It is no surprise that in May 2017, when many computers around the world were infected by a dangerous worm called WannaCry, one component of which was encryption ransomware, no user whose system was protected by Dr.Web was affected.

Having been from the start at the forefront in the fight against cybercriminals, Dr.Web developers have been involved in investigating complicated malware-related computer incidents for more than a decade. One such investigation related to Trojan.Skimer programs even led to attacks on our offices in 2014.

Research undertaken by our analysts reveal the actual extent of cybercrime activity (including the most dangerous targeted cyber attacks), identify all new malware programs, and thereby extend Dr.Web's features to protect against them. Thus, in 2020, we published a long article about the attacks carried out against public institutions of Kazakhstan and Kyrgyzstan. It detailed the penetration scenarios and technologies used and made recommendations on how to counter such attacks.

Today, Dr.Web remains one of the world’s best anti-viruses: for example, a few days ago, our company's security experts were the first to discover malicious applications on AppGallery—the official HUAWEI Appstore.

What will happen next? New threats replace old ones, and the experience of Doctor Web's security researchers shows that they are increasing in number daily, and cyber attacks are becoming more sophisticated and targeted. In our monthly virus activity reviews on Doctor Web's site, you can read about our observations on the latest cyberthreat trends. We also publish final annual reviews, in which our specialists by tradition share their predictions for the future.