History of Computer Viruses

List 1
1949 Theories for self-replicating programs are first developed.
1981 Apple Viruses 1, 2, and 3 are some of the first viruses "in the wild" or public domain. Found on the Apple II operating system, the viruses spread through Texas A&M via pirated computer games.
1983 Fred Cohen, while working on his dissertation, formally defines a computer virus as "a computer program that can affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself". The name 'virus' was thought of by Len Adleman.
1986 "Brain" & "PC-Write Trojan": The common story is that two brothers from Pakistan named Basit and Amjad analysed the boot sector of a floppy disk and developed a method of infecting it with a virus dubbed "Brain" (the origin is generally accepted but not absolute). Because it spread widely on the popular MS-DOS PC system this is typically called the first computer virus; even though it was predated by Cohen's experiments and the Apple II virus. That same year the first PC-based Trojan was released in the form of the popular shareware program PC-Write.
1987 "Stoned" is the first virus to infect the master boot record preventing it from starting up.
1988 One of the most common viruses, "Jerusalem", is unleashed. Activated every Friday the 13th, the virus affects both .EXE and .COM files and deletes any programs run on that day. An Indonesian programmer releases the first anti-virus software for the brain virus. The "Internet Worm" is released and crashed 5000 computers.
1989 IBM releases the first commercial anti-virus products. Intensive anti-virus research commences. The "Dark Avenger" virus appears.
1990 Symantec launches Norton AntiVirus, one of the first anti-virus programs developed by a large company. Bulletin Boards (BBS) become a common way for virus writers to share code.
1991 "Tequila" is the first widespread polymorphic virus found in the wild. Polymorphic viruses make detection difficult for virus scanners by changing their appearance with each new infection. Virus construction kits can be downloaded from virus bulletin boards enabling almost anyone to write a virus. 9% in early 1991 reported they had experienced a virus attack. By the end of the year that figure increased to 63%.
1992 1300 viruses are in existence, an increase of 420% from December of 1990. The Michelangelo scare predicts 5 million computers will crash on March 6. Only 5,000-10,000 actually go down.
1994 Good Times email hoax tears through the computer community. The hoax warns of a malicious virus that will erase an entire hard drive just by opening an email with the subject line "Good Times". Though disproved, the hoax resurfaces every six to twelve months. In England, the writer if the "Pathogen" virus is found by Scotland Yard and sentenced to 18 months in jail. This is the first prosecution.
1995 The "Concept" macro virus appears. Written in Microsoft's WordBasic it can run on PCs and Macs running Microsoft Word. Being so easy to write, macro viruses become extensively widespread.
1998 Currently harmless and yet to be found in the wild, StrangeBrew is the first virus to infect Java files. The virus modifies CLASS files to contain a copy of itself within the middle of the file's code and to begin execution from the virus section.
1999 The Melissa virus, W97M/Melissa, executes a macro in a document attached to an email, which forwards the document to 50 people in the user's Outlook address book. The virus also infects other Word documents and subsequently mails them out as attachments. Melissa spread faster than any other previous virus and infected hundreds of thousands of PCs. The "Chernobyl" virus hit in April making the hard drvie inaccessible causing wide spread damage. Tristate is the first multi-program macro virus; it infects Word, Excel, and PowerPoint files. Bubbleboy is the first worm that would activate when a user simply opened and E-mail message in Microsoft Outlook (or previewed the message in Outlook Express). No attachment is necessary. Bubbleboy was the proof of concept; Kak spread widely using this technique.
2000 The "Love Bug", also known as the "ILoveYou" and "LoveLetter" virus, sends itself out via Outlook, much like Melissa. From the Phillipines, the virus comes as a VBS attachment and deletes files, including MP3, MP2, and JPG. It also sends usernames and passwords to the virus' author. "LoveLetter" spread over the US and Europe in 6 hours and infected 2.5 million PCs causing an estimated $8.7 billion in damage. "W97M.Resume.A", a new variation of the "Melissa" virus, is determined to be in the wild. The "resume" virus acts much like "Melissa", using a Word macro to infect Outlook and spread itself. The "Stages" virus, disguised as a joke email about the stages of life, spreads across the Internet. Unlike previous viruses, "Stages" is hidden in an attachment with a false ".txt" extension, making it easier to lure recipients into opening it. Until now, it has generally been safe to assume the text files are safe. August 2000 saw the first Trojan developed for the Palm PDA. Called "Liberty" and developed by Aaron Ardiri the co-developer of the Palm Game Boy emulator Liberty, the Trojan was developed as an uninstall program and was distributed to a few people to help foil those who would steal the actual software. When it was accidentally released to the wider public Ardiri helped contain its spread.
2001 The Anna Kournikova virus, also known as VBS/SST, which masquerades as a picture of Tennis Star Anna Kournikova, operates in a similar manner to Melissa and The Love Bug. It spreads by sending copies of itself to the entire address book in Microsoft Outlook. It is believed that this virus was created with a so-called virus creation kit, a program which can enable even a novice programmer to create these malicious programs. In May, the HomePage email virus hit no more than 10,000 users of Microsoft Outlook. When opened, the virus redirected users to sexually explicit Web pages. Technically known as VBSWG.X, the virus spread quickly through Asia and Europe, but was mostly prevented in the U.S. because of lessons learned in earlier time zones. The author of the virus is said to live in Argentina, and have authored the Kournikova virus earlier in the year. The Code Red I and II worms attacked computer networks in July and August. According to Computer Economics they affected over 700,000 computers and caused upwards of 2 billion in damages. A worm spreads through external and (then) internal computer networks, as opposed to a virus which infects computers via email and certain websites. Code Red took advantage of a vulnerability in Microsoft's Windows 2000 and Windows NT server software. Microsoft developed a patch to protect networks against the worm, and admits that they too were attacked. Other major companies affected include AT&T, and the AP.


1986 Brian, the first PC virus, is created. The boot virus originates in Pakistan. First file virus, Virdem, is discovered, originating in Germany. 1987 The IBM Christmas Worm strikes, replicating at up to 500,000 times per hour on mainframes. Fastest-spreading virus seen at that time. The Lehigh virus, the first command.com infector, wipes out 500 system disks at Lehigh University. 1988 Robert Morris' Internet Worm spreads to 6,000 computers, 10 percent of all computers on the Internet. Internet traffic is crippled. CERT is formed in response. 1990 AT&T's long-distance telephone switching system crashes. Investigators suspect hackers. 1992 Michaelangelo virus is set to trigger on March 6 and predicted to cause widespread damage. A few hundred systems are hit amid panic. 1994 Hackers break in to a computer at Griffith Air Force Base. They also penetrate the Korean Atomic Research Institute, NASA, the Goddard Space Center and the Jet Propulsion Laboratory. On Thanksgiving, the "Internet Liberation Front" wreaks havoc and mayhem for GE, IBM, Pipeline and others by hacking into their computer systems. 1995 First Word macro virus, Concept, infects Microsoft Word documents. Defense Department computer files come under attack 250,000 times. About 65 percent of the attempts are successful. 1998 First Microsoft Access macro viruses found. First AOL Trojans designed to steal from America Online users are unleashed by the spamming of AOL e-mail addresses with Trojans. Hackers alter the New York Times Web site in protest of the arrest and imprisonment of Kevin Mitnick. They rename the Web site HFG, or "Hacking for Girls." 1999 W97.M.Melissa spreads rapidly worldwide. The virus infects Word documents and e-mails itself to everyone in the Outlook address book. Thousands of e-mail servers are shut down. W32.Funlove.4099 is discovered. The worm utilizes a known Microsoft Outlook Express security hole so that a viral file is created on the system without having to run any attachment. Classified computer systems at Kelly Air Force Base come under attack by hackers from locations around the world. U.S. Information Agency Web site is hacked for the second time in six months. The attacker breaks through the agency's Internet security and damages the hard drive. 2000 VBS.LoveLetter is discovered and spreads to Internet chat rooms using mIRC. The worm overwrites files on local and remote drives and tries to download a password-stealing Trojan horse program from a Web site. Palm.Liberty.A, the first Trojan horse for Palm OS, is discovered. Denial-of-service attacks on eBay, eTrade, Ziff Davis, Buy.com and CNN.com shut down sites for hours. 2001 In July, one month after Microsoft announced a vulnerability in Internet Information Server 4.0 and Internet Information Services 5.0, Code Red, self-propagating malicious code, is released and begins to exploit IIS-enabled systems. In early August, the Code Red II worm, exploiting the same vulnerability, appears. On July 25, W32/Sircam Malicious Code appears, spreading through e-mail and unprotected network shares. The code affects both the infected computer as well as all those in its e-mail address book. The W32/Nimda worm, taking advantage of back doors left behind by the Code Red II worm, is the first to propagate itself via several methods, including e-mail, network shares and an infected Web site. The worm spreads from client to Web server by scanning for back doors

Sources: Symantec Corp., CERT, eWEEK reporting