Computer Virus Timeline
1949
Theories
for self-replicating programs are first developed.
1981
Apple
Viruses 1, 2, and 3 are some of the first viruses “in the wild,” or in the
public domain. Found on the Apple II operating system, the viruses spread through
Texas A&M via pirated computer games.
1983
Fred
Cohen, while working on his dissertation, formally defines a computer virus as
“a computer program that can affect other computer programs by modifying them
in such a way as to include a (possibly evolved) copy of itself.”
1986
Two
programmers named Basit and Amjad
replace the executable code in the boot sector of a floppy disk with their own
code designed to infect each 360kb floppy accessed on any drive. Infected
floppies had “© Brain” for a volume label.
1987
The
Lehigh virus, one of the first file viruses, infects command.com files.
1988
One
of the most common viruses,
MacMag and the Scores
virus cause the first major Macintosh outbreaks.
1990
Symantec
launches Norton AntiVirus, one of the first antivirus
programs developed by a large company.
1991
Tequila
is the first widespread polymorphic virus found in the wild. Polymorphic
viruses make detection difficult for virus scanners by changing their
appearance with each new infection.
1992
1300 viruses are in existence,
an increase of 420% from December of 1990.
The
Dark Avenger Mutation Engine (DAME) is created. It is a toolkit that turns
ordinary viruses into polymorphic viruses. The Virus Creation Laboratory (VCL)
is also made available. It is the first actual virus creation kit.
1994
Good
Times email hoax tears through the computer community. The hoax warns of a
malicious virus that will erase an entire hard drive just by opening an email
with the subject line “Good Times.” Though disproved, the hoax resurfaces every
six to twelve months.
1995
Word
Concept becomes one of the most prevalent viruses in the mid-1990s. It is
spread through Microsoft Word documents.
1996
Baza, Laroux
(a macro virus), and Staog viruses are the first to
infect Windows95 files, Excel, and Linux respectively.
1998
Currently
harmless and yet to be found in the wild, StrangeBrew
is the first virus to infect Java files. The virus modifies CLASS files to
contain a copy of itself within the middle of the file's code and to begin
execution from the virus section.
The
Two
1999
The
Melissa virus, W97M/Melissa, executes a macro in a document attached to an
email, which forwards the document to 50 people in the user's Outlook address
book. The virus also infects other Word documents and subsequently mails them out
as attachments. Melissa spread faster than any previous virus, infecting an
estimated 1 million PCs.
Bubble
Boy is the first worm that does not depend on the recipient opening an
attachment in order for infection to occur. As soon as the user opens the
email, Bubble Boy sets to work.
Tristate is the first
multi-program macro virus; it infects Word, Excel, and PowerPoint files.
2000
The
Love Bug, also known as the ILOVEYOU virus, sends itself out via Outlook, much like Melissa. The virus
comes as a VBS attachment and deletes files, including MP3, MP2, and .JPG. It
also sends usernames and passwords to the virus's author.
W97M.Resume.A,
a new variation of the Melissa virus, is determined to be in the wild. The
“resume” virus acts much like Melissa, using a Word macro to infect Outlook and
spread itself.
The
“Stages” virus, disguised as a joke email about the stages of life, spreads
across the Internet. Unlike most previous viruses, Stages is hidden in an
attachment with a false “.txt” extension, making it easier to lure recipients
into opening it. Until now, it has generally been safe to assume that text
files are safe.
“Distributed
denial-of-service” attacks by hackers knock Yahoo, eBay, Amazon, and other high
profile web sites offline for several hours.
2001
Shortly
after the September 11th attacks, the Nimda virus infects hundreds of thousands of computers in
the world. The virus is one of the most sophisticated to date with as many as
five different methods of replicating and infecting systems. The “Anna Kournikova” virus, which mails itself to persons listed in
the victim's Microsoft Outlook address book, worries analysts who believe the
relatively harmless virus was written with a “tool kit” that would allow even
the most inexperienced programmers to create viruses. Worms increase in
prevalence with Sircam, CodeRed,
and BadTrans creating the most problems. Sircam spreads personal documents over the Internet through
email. CodeRed attacks vulnerable webpages,
and was expected to eventually reroute its attack to the White House homepage.
It infected approximately 359,000 hosts in the first twelve hours. BadTrans is designed to capture passwords and credit card
information.
2002
Author
of the Melissa virus, David L. Smith, is sentenced to 20 months in federal
prison. The LFM-926 virus appears in early January, displaying the message “Loading.Flash.Movie” as it infects Shockwave Flash (.swf) files. Celebrity named viruses
continue with the “Shakira,” “Britney Spears,”
and “Jennifer Lopez” viruses emerging. The Klez worm,
an example of the increasing trend of worms that spread through email,
overwrites files (its payload fills files with zeroes), creates hidden copies
of the originals, and attempts to disable common anti-virus products. The
Bugbear worm also makes it first appearance in September. It is a complex worm
with many methods of infecting systems.
2003
In January the relatively benign “Slammer” (Sapphire) worm
becomes the fastest spreading worm to date, infecting 75,000 computers in
approximately ten minutes, doubling its numbers every 8.5 seconds in its first
minute of infection. The Sobig worm becomes the one
of the first to join the spam community. Infected computer systems have the
potential to become spam relay points and spamming techniques are used to
mass-mail copies of the worm to potential victims.
2004
In January a computer worm, called MyDoom
or Novarg, spreads through emails and file-sharing
software faster than any previous virus or worm. MyDoom
entices email recipients to open an attachment that allows hackers to access
the hard drive of the infected computer. The intended goal is a “denial of
service attack” on the SCO Group, a company that is suing various groups for
using an open-source version of its Unix programming language. SCO offers a
$250,000 reward to anyone giving information that leads to the arrest and
conviction of the people who wrote the worm.
An
estimated one million computers running Windows are affected by the
fast-spreading Sasser computer worm in May. Victims
include businesses, such as British Airways, banks, and government offices,
including