Virus Timeline

Virus Timeline

http://www.infoage.co.nz/virus/timeline.htm

1949
Theories for self-replicating programs are first developed.

1981
Apple Viruses 1, 2, and 3 are some of the first viruses "in the wild" or public domain. Found on the Apple II operating system, the viruses spread through Texas A&M via pirated computer games.

1983
Fred Cohen, while working on his dissertation, formally defines a computer virus as "a computer program that can affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself". The name 'virus' was thought of by Len Adleman.

1986
"Brain" & "PC-Write Trojan": The common story is that two brothers from Pakistan named Basit and Amjad analysed the boot sector of a floppy disk and developed a method of infecting it with a virus dubbed "Brain" (the origin is generally accepted but not absolute). Because it spread widely on the popular MS-DOS PC system this is typically called the first computer virus; even though it was predated by Cohen's experiments and the Apple II virus. That same year the first PC-based Trojan was released in the form of the popular shareware program PC-Write.

1987
"Stoned" is the first virus to infect the master boot record preventing it from starting up.

1988
One of the most common viruses, "Jerusalem", is unleashed. Activated every Friday the 13th, the virus affects both .EXE and .COM files and deletes any programs run on that day. An Indonesian programmer releases the first anti-virus software for the brain virus. The "Internet Worm" is released and crashed 5000 computers.

1989
IBM releases the first commercial anti-virus products. Intensive anti-virus research commences. The "Dark Avenger" virus appears.

1990
Symantec launches Norton AntiVirus, one of the first anti-virus programs developed by a large company. Bulletin Boards (BBS) become a common way for virus writers to share code.

1991
"Tequila" is the first widespread polymorphic virus found in the wild. Polymorphic viruses make detection difficult for virus scanners by changing their appearance with each new infection. Virus construction kits can be downloaded from virus bulletin boards enabling almost anyone to write a virus. 9% in early 1991 reported they had experienced a virus attack. By the end of the year that figure increased to 63%.

1992
1300 viruses are in existence, an increase of 420% from December of 1990. The Michelangelo scare predicts 5 million computers will crash on March 6. Only 5,000-10,000 actually go down.

1994
Good Times email hoax tears through the computer community. The hoax warns of a malicious virus that will erase an entire hard drive just by opening an email with the subject line "Good Times". Though disproved, the hoax resurfaces every six to twelve months. In England, the writer if the "Pathogen" virus is found by Scotland Yard and sentenced to 18 months in jail. This is the first prosecution.

1995
The "Concept" macro virus appears. Written in Microsoft's WordBasic it can run on PCs and Macs running Microsoft Word. Being so easy to write, macro viruses become extensively widespread.

1998
Currently harmless and yet to be found in the wild, StrangeBrew is the first virus to infect Java files. The virus modifies CLASS files to contain a copy of itself within the middle of the file's code and to begin execution from the virus section.

1999
The Melissa virus, W97M/Melissa, executes a macro in a document attached to an email, which forwards the document to 50 people in the user's Outlook address book. The virus also infects other Word documents and subsequently mails them out as attachments. Melissa spread faster than any other previous virus and infected hundreds of thousands of PCs.

The "Chernobyl" virus hit in April making the hard drvie inaccessible causing wide spread damage.

Tristate is the first multi-program macro virus; it infects Word, Excel, and PowerPoint files.

Bubbleboy is the first worm that would activate when a user simply opened and E-mail message in Microsoft Outlook (or previewed the message in Outlook Express). No attachment is necessary. Bubbleboy was the proof of concept; Kak spread widely using this technique.

2000
The "Love Bug", also known as the "ILoveYou" and "LoveLetter" virus, sends itself out via Outlook, much like Melissa. From the Phillipines, the virus comes as a VBS attachment and deletes files, including MP3, MP2, and JPG. It also sends usernames and passwords to the virus' author. "LoveLetter" spread over the US and Europe in 6 hours and infected 2.5 million PCs causing an estimated $8.7 billion in damage.

"W97M.Resume.A", a new variation of the "Melissa" virus, is determined to be in the wild. The "resume" virus acts much like "Melissa", using a Word macro to infect Outlook and spread itself.

The "Stages" virus, disguised as a joke email about the stages of life, spreads across the Internet. Unlike previous viruses, "Stages" is hidden in an attachment with a false ".txt" extension, making it easier to lure recipients into opening it. Until now, it has generally been safe to assume the text files are safe.

August 2000 saw the first Trojan developed for the Palm PDA. Called "Liberty" and developed by Aaron Ardiri the co-developer of the Palm Game Boy emulator Liberty, the Trojan was developed as an uninstall program and was distributed to a few people to help foil those who would steal the actual software. When it was accidentally released to the wider public Ardiri helped contain its spread.

2001
The Anna Kournikova virus, also known as VBS/SST, which masquerades as a picture of Tennis Star Anna Kournikova, operates in a similar manner to Melissa and The Love Bug. It spreads by sending copies of itself to the entire address book in Microsoft Outlook. It is believed that this virus was created with a so-called virus creation kit, a program which can enable even a novice programmer to create these malicious programs.

In May, the HomePage email virus hit no more than 10,000 users of Microsoft Outlook. When opened, the virus redirected users to sexually explicit Web pages. Technically known as VBSWG.X, the virus spread quickly through Asia and Europe, but was mostly prevented in the U.S. because of lessons learned in earlier time zones. The author of the virus is said to live in Argentina, and have authored the Kournikova virus earlier in the year.

The Code Red I and II worms attacked computer networks in July and August. According to Computer Economics they affected over 700,000 computers and caused upwards of 2 billion in damages. A worm spreads through external and (then) internal computer networks, as opposed to a virus which infects computers via email and certain websites. Code Red took advantage of a vulnerability in Microsoft's Windows 2000 and Windows NT server software. Microsoft developed a patch to protect networks against the worm, and admits that they too were attacked. Other major companies affected include AT&T, and the AP.

On July 25, W32/Sircam Malicious Code appears, spreading through e-mail and unprotected network shares. The code affects both the infected computer as well as all those in its e-mail address book.

The W32/Nimda worm, taking advantage of back doors left behind by the Code Red II worm, is the first to propagate itself via several methods, including e-mail, network shares and an infected Web site. The worm spreads from client to Web server by scanning for back doors.

Computer Associates International, Inc. (CA), the world's leading provider of eBusiness management solutions, released its "2001 Top 10 Virus Threats" list. The list is based on reports tracked by the company's eTrust Global Antivirus Research Centers. The list, in order of frequency, is as follows:

1. Win32.Badtrans.B, 2. Win32.Sircam.137216, 3. Win32.Magistr, 4. Win32.Badtrans.13312, 5. Win32.Magistr.B, 6. Win32.Hybris.B, 7. Win95.MTX, 8. Win32.Nimda.A, 9. VBS.VBSWG.Generic, 10. Win32.Goner.A

2002
The Klezworm infects executables by creating a hidden copy of the original host file and then overwriting the original file with itself. The hidden copy is encrypted, but contains no viral data. The name of the hidden file is the same as the original file, but with a random extension.

Nimda is a mass-mailing worm that utilizes multiple methods to spread itself. The name of the virus came from the reversed spelling of "admin". The worm sends itself out by email, searches for open network shares, attempts to copy itself to unpatched or already vulnerable Microsoft IIS web servers, and is a virus infecting both local files and files on remote network shares.

2003

After it infects a PC, the Bugbear virus searches the machine for e-mail addresses and sends a message out to each address, with a copy of itself attached. Bugbear also grabs a random address from those found in the e-mail program on the computer and uses it in the "From:" line of the messages it sends - disguising where the actual e-mails are coming from. it maskerades an someone elase known to the user of the computer causing great confusion to innocent virus free users.

The Klez.H virus randomly chooses a document from an infected computer and attaches it to the e-mails it sends out to spread itself. In addition, Klez.H spoofs the sender's address to make it look like a random person from the infected PC's address book is actually sending the email. Nasty! Extremely prolific thoughout the entire year. The Klez worm has been pushed to second place on the infamous list, causing $13.9 billion worth of damage. The Love Bug is now in the third position, accounting for $8.75 billion in damages.

Sobig is a mass-mailing worm incorporating its own SMTP engine. It arrives from the e-mail address "big@boss.com. Sobig has become the most damaging virus on record, overtaking malicious rivals Klez, Love Bug and Yaha.

In August 2003, viruses, along with overt and covert hacker attacks, caused $32.8 billion in economic damages, according to a report from mi2g, a digital risk assessment company based in London. Mi2g also notes that the Sobig virus alone accounted for $29.7 billion of economic damages worldwide.

Blaster worm - The flaw is in a component of the operating system that allows other computers to request the Windows system perform an action or service. The component, known as the remote procedure call (RPC) process, facilitates such activities such as sharing files and allowing others to use the computer's printer. During 12 hours, Symantec detected from 420 to nearly 4,000 infections per hour, with an average of about 2,500 new computer compromised hourly. Federal law enforcement got on the trail of Blaster-B's author by tracking down ownership of an Internet domain, t33kid.com, that the Blaster-B worm used to download instructions and report on infected hosts. That chase led from a San Diego wholesale ISP to a small Web hosting provider in Watauga, Texas, and, from there, to ISP Time Warner Cable, which provided Parson's father's home broadband account in Minnesota. Federal agents raided that home on Aug. 19, seizing seven computers from the house. Blaster-A first appeared on Aug. 11 and exploited a widespread vulnerability in Microsoft's Windows operating system.

Some information provided by The Learning Networ, Symantec Corp., CERT, eWEEK