Timeline of notable computer viruses and worms
Encyclopedia
This is a timeline
Timeline
A timeline is a way of displaying a list of events in chronological order, sometimes described as a project artifact . It is typically a graphic design showing a long bar labeled with dates alongside itself and events labeled on points where they would have happened.-Uses of timelines:Timelines...

 of noteworthy computer virus
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...

es, worm
Computer worm
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...

s and Trojan horse
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...

s
.

1966

  • The work of John von Neumann
    John von Neumann
    John von Neumann was a Hungarian-American mathematician and polymath who made major contributions to a vast number of fields, including set theory, functional analysis, quantum mechanics, ergodic theory, geometry, fluid dynamics, economics and game theory, computer science, numerical analysis,...

     on the "Theory of self-reproducing automata" is published. The article is based on lectures held by von Neumann at the University of Illinois about the "Theory and Organization of Complicated Automata" back in 1949.

1971

  • The Creeper virus, an experimental self-replicating program, is written by Bob Thomas at BBN Technologies
    BBN Technologies
    BBN Technologies is a high-technology company which provides research and development services. BBN is based next to Fresh Pond in Cambridge, Massachusetts, USA...

    . Creeper infected DEC PDP-10
    PDP-10
    The PDP-10 was a mainframe computer family manufactured by Digital Equipment Corporation from the late 1960s on; the name stands for "Programmed Data Processor model 10". The first model was delivered in 1966...

     computers running the TENEX operating system
    TOPS-20
    The TOPS-20 operating system by Digital Equipment Corporation was the second proprietary OS for the PDP-10 mainframe computer. TOPS-20 began in 1969 as the TENEX operating system of Bolt, Beranek and Newman...

    . Creeper gained access via the ARPANET
    ARPANET
    The Advanced Research Projects Agency Network , was the world's first operational packet switching network and the core network of a set that came to compose the global Internet...

     and copied itself to the remote system where the message, "I'm the creeper, catch me if you can!" was displayed. The Reaper program was later created to delete Creeper.

1974

  • The Wabbit virus
    Wabbit
    A wabbit is a type of self-replicating computer program. Unlike viruses, wabbits do not infect host programs or documents. Unlike worms, wabbits do not use network capabilities of computers to spread. Instead, a wabbit repeatedly replicates itself on a local computer. Wabbits can be programmed to...

    , more a fork bomb
    Fork bomb
    In computing, the fork bomb is a form of denial-of-service attack against a computer system which makes use of the fork operation whereby a running process can create another running process...

     than a virus, is written. The Wabbit virus makes multiple copies of itself on a single computer (and was named "Wabbit
    Rabbit
    Rabbits are small mammals in the family Leporidae of the order Lagomorpha, found in several parts of the world...

    " for the speed at which it did so) until it clogs the system, reducing system performance, before finally reaching a threshold and crashing the computer.

1974/1975

  • ANIMAL is written by John Walker
    John Walker (programmer)
    John Walker is a computer programmer and a co-founder of the computer-aided design software company Autodesk, and a co-author of early versions of AutoCAD, a product Autodesk originally acquired from programmer Michael Riddle...

     for the UNIVAC 1108
    UNIVAC 1100/2200 series
    The UNIVAC 1100/2200 series is a series of compatible 36-bit computer systems, beginning with the UNIVAC 1107 in 1962, initially made by Sperry Rand...

    . Animal asked a number of questions to the user in an attempt to guess the type of animal that the user was thinking of, while the related program PERVADE would create a copy of itself and ANIMAL in every directory to which the current user had access. It spread across the multi-user UNIVACs when users with overlapping permissions discovered the game, and to other computers when tapes were shared. The program was carefully written to avoid damage to existing file or directory structure, and not to copy itself if permissions did not exist or if damage could result. Its spread was therefore halted by an OS upgrade which changed the format of the file status tables that PERVADE used for safe copying. Though non-malicious, "Pervading Animal" represents the first Trojan
    Trojan horse (computing)
    A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...

     "in the wild".
  • The novel "The Shockwave Rider
    The Shockwave Rider
    The Shockwave Rider is a science fiction novel by John Brunner, originally published in 1975. It is notable for its hero's use of computer hacking skills to escape pursuit in a dystopian future, and for the coining of the word "worm" to describe a program that propagates itself through a computer...

    " by John Brunner
    John Brunner (novelist)
    John Kilian Houston Brunner was a prolific British author of science fiction novels and stories. His 1968 novel Stand on Zanzibar, about an overpopulated world, won the 1968 Hugo Award for best science fiction novel. It also won the BSFA award the same year...

     is published, that coins the use of the word "worm
    Computer worm
    A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...

    " to describe a program that propagates itself through a computer network
    Computer network
    A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....

    .

1980

  • Jürgen Kraus wrote his Diplom
    Diplom
    A Diplom is an academic degree in the German-speaking countries Germany, Austria, and Switzerland and a similarly named degree in some other European countries including Belarus, Bosnia and Herzegovina, Croatia, Estonia, Finland , Greece, Hungary, Russia, Serbia, Macedonia, Slovenia, and Ukraine...

     thesis "Selbstreproduktion bei Programmen" (self-reproduction of programs).

1981

  • A program called Elk Cloner
    Elk Cloner
    Elk Cloner is one of the first known microcomputer viruses that spread "in the wild," i.e., outside the computer system or lab in which it was written...

    , written for Apple II
    Apple II series
    The Apple II series is a set of 8-bit home computers, one of the first highly successful mass-produced microcomputer products, designed primarily by Steve Wozniak, manufactured by Apple Computer and introduced in 1977 with the original Apple II...

     systems and created by Richard Skrenta
    Rich Skrenta
    Richard "Rich" Skrenta is a computer programmer and Silicon Valley entrepreneur who created the search engine blekko....

    . Apple II was seen as particularly vulnerable due to the storage of its operating system on floppy disk
    Floppy disk
    A floppy disk is a disk storage medium composed of a disk of thin and flexible magnetic storage medium, sealed in a rectangular plastic carrier lined with fabric that removes dust particles...

    . Elk Cloner's design combined with public ignorance about what malware
    Malware
    Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...

     was and how to protect against it led to Elk Cloner being responsible for the first large-scale computer virus outbreak in history.

1983

  • The term 'virus' is coined by Frederick Cohen
    Fred Cohen
    Frederick B. Cohen is an American computer scientist and best known as the inventor of computer virus defense techniques.In 1983, while a student at the University of Southern California's School of Engineering , he wrote a program for a parasitic application that seized control of computer...

     in describing self-replicating computer programs. In 1984 Cohen uses the phrase "computer virus" – as suggested by his teacher Leonard Adleman
    Leonard Adleman
    Leonard Max Adleman is an American theoretical computer scientist and professor of computer science and molecular biology at the University of Southern California. He is known for being a co-inventor of the RSA cryptosystem in 1977, and of DNA computing...

     – to describe the operation of such programs in terms of "infection". He defines a 'virus' as "a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself."
  • November 10, 1983, at Lehigh University
    Lehigh University
    Lehigh University is a private, co-educational university located in Bethlehem, Pennsylvania, in the Lehigh Valley region of the United States. It was established in 1865 by Asa Packer as a four-year technical school, but has grown to include studies in a wide variety of disciplines...

    , Cohen demonstrates a virus-like program on a VAX11/750
    VAX
    VAX was an instruction set architecture developed by Digital Equipment Corporation in the mid-1970s. A 32-bit complex instruction set computer ISA, it was designed to extend or replace DEC's various Programmed Data Processor ISAs...

     system. The program was able to install itself to, or infect, other system objects.
  • A very early Trojan Horse designed for the IBM PC called ARF-ARF was downloaded from BBS sites and claimed to “Sort” the DOS Diskette Directory. This was a very desirable feature because DOS didn’t list the files in alphabetical order in 1983. Instead, the program deleted all of the files on the diskette, cleared the screen and typed ARF – ARF. ARF was a reference to the common “Abort, Retry Fail” message you would get when a PC could not boot from a diskette.

1984

  • Ken Thompson
    Ken Thompson
    Kenneth Lane Thompson , commonly referred to as ken in hacker circles, is an American pioneer of computer science...

     publishes his seminal paper, Reflections on Trusting Trust, in which he describes how he modified a C
    C (programming language)
    C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....

     compiler
    Compiler
    A compiler is a computer program that transforms source code written in a programming language into another computer language...

     so that when used to compile a specific version of the Unix
    Unix
    Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...

     operating system, it inserted a backdoor into the login
    Login
    Login is the method whereby a user obtains access to a computer system.Login may also refer to:*Magazines:** LOGiN, published by Enterbrain** ;login:, published by USENIX* Login, Carmarthenshire, an hamlet in Carmarthenshire...

     command, and when used to compile itself, it inserted the backdoor insertion code, even if neither the backdoor nor the backdoor insertion code were present in the source code
    Source code
    In computer science, source code is text written using the format and syntax of the programming language that it is being written in. Such a language is specially designed to facilitate the work of computer programmers, who specify the actions to be performed by a computer mostly by writing source...

    .

1986

  • January: The Brain
    (c)Brain
    Brain is the industry standard name for a computer virus that was released in its first form in January 1986, and is considered to be the first computer virus for MS-DOS...

     boot sector
    Boot sector
    A boot sector or boot block is a region of a hard disk, floppy disk, optical disc, or other data storage device that contains machine code to be loaded into random-access memory by a computer system's built-in firmware...

     virus (aka Pakistani flu) is released. Brain is considered the first IBM PC compatible
    IBM PC compatible
    IBM PC compatible computers are those generally similar to the original IBM PC, XT, and AT. Such computers used to be referred to as PC clones, or IBM clones since they almost exactly duplicated all the significant features of the PC architecture, facilitated by various manufacturers' ability to...

     virus, and the program responsible for the first IBM PC compatible virus epidemic. The virus is also known as Lahore, Pakistani, Pakistani Brain, as it was created in Lahore, Pakistan by 19 year old Pakistani programmer, Basit Farooq Alvi, and his brother, Amjad Farooq Alvi.
  • December 1986: Ralf Burger presented the Virdem model of programs at a meeting of the underground Chaos Computer Club
    Chaos Computer Club
    The Chaos Computer Club is an organization of hackers. The CCC is based in Germany and other German-speaking countries.The CCC describes itself as "a galactic community of life forms, independent of age, sex, race or societal orientation, which strives across borders for freedom of...

     in Germany. The Virdem model represented the first programs that could replicate themselves via addition of their code to executable DOS files in COM format.

1987

  • Appearance of the Vienna virus, which was subsequently neutralized—the first time this had happened on the IBM platform.
  • Appearance of Lehigh virus, boot sector viruses such as Yale from USA, Stoned
    Stoned (computer virus)
    Stoned is the name of a boot sector computer virus created in 1987.Notable for being an early boot sector virus, it was thought to have been written by a university student in Wellington, New Zealand - and by 1989 it had spread widely in New Zealand and Australia...

     from New Zealand, Ping Pong from Italy, and appearance of first self-encrypting file virus, Cascade. Lehigh was stopped on campus before it spread to the wild, and has never been found elsewhere as a result. A subsequent infection of Cascade in the offices of IBM Belgium led to IBM responding with its own antivirus product development. Prior to this, antivirus solutions developed at IBM were intended for staff use only.
  • October: The Jerusalem virus
    Jerusalem (computer virus)
    Jerusalem is a DOS virus first detected in Jerusalem, Israel, in October 1987. On infection, the Jerusalem virus becomes memory resident , and then infects every executable file run, except for COMMAND.COM. .COM files grow by 1,813 bytes when infected by Jerusalem and are not re-infected. .EXE...

    , part of the (at that time unknown) Suriv family, is detected in the city of Jerusalem. Jerusalem destroys all executable files on infected machines upon every occurrence of Friday the 13th (except Friday 13 November 1987 making its first trigger date May 13, 1988). Jerusalem caused a worldwide epidemic in 1988.
  • November: The SCA virus
    SCA (computer virus)
    The SCA virus is the first computer virus created for the Commodore Amiga and one of the first to gain public notoriety. It appeared in November 1987. The SCA virus is a boot sector virus...

    , a boot sector virus for Amiga
    Amiga
    The Amiga is a family of personal computers that was sold by Commodore in the 1980s and 1990s. The first model was launched in 1985 as a high-end home computer and became popular for its graphical, audio and multi-tasking abilities...

    s appears, immediately creating a pandemic virus-writer storm. A short time later, SCA releases another, considerably more destructive virus, the Byte Bandit
    Byte Bandit
    Byte Bandit is a boot sector computer virus created for the Commodore Amiga. It first appeared in January 1988, and was created by SCA.It was one of the most feared Amiga viruses until the infamous Lamer Exterminator because not only did it spread from system to system automatically, it was also...

    .
  • December: Christmas Tree EXEC
    Christmas Tree EXEC
    Christmas Tree EXEC was the first widely disruptive computer worm, which paralyzed several international computer networks in December 1987.Written by a student at the Clausthal University of Technology in the REXX scripting language, it drew a crude Christmas tree as text graphics, then sent...

     was the first widely disruptive replicating network program, which paralysed several international computer networks in December 1987.

1988

  • March 1: Ping-Pong virus
    Ping-Pong virus
    The Ping-Pong virus is a boot sector virus discovered on March 1, 1988 at the University of Turin in Italy...

     is a boot sector virus. It was discovered at University of Turin in Italy.
  • June: The Festering Hate
    Festering Hate
    align=right| [WOP] -666- FESTERING HATE -666- [FOG] -:-:-:-W| The Good News: You now have a copy |Fo| of one of the greatest programs |rr| that has ever been created! |is| The Bad News: It's quite likely |e...

     Apple ProDOS virus spreads from underground pirate BBS systems and starts infecting mainstream networks.
  • November 2: The Morris worm, created by Robert Tappan Morris
    Robert Tappan Morris
    Robert Tappan Morris, , is an American computer scientist, best known for creating the Morris Worm in 1988, considered the first computer worm on the Internet - and subsequently becoming the first person convicted under the Computer Fraud and Abuse Act.He went on to co-found the online store...

    , infects DEC
    Digital Equipment Corporation
    Digital Equipment Corporation was a major American company in the computer industry and a leading vendor of computer systems, software and peripherals from the 1960s to the 1990s...

     VAX
    VAX
    VAX was an instruction set architecture developed by Digital Equipment Corporation in the mid-1970s. A 32-bit complex instruction set computer ISA, it was designed to extend or replace DEC's various Programmed Data Processor ISAs...

     and Sun
    Sun Microsystems
    Sun Microsystems, Inc. was a company that sold :computers, computer components, :computer software, and :information technology services. Sun was founded on February 24, 1982...

     machines running BSD UNIX connected to the Internet
    Internet
    The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...

    , and becomes the first worm to spread extensively "in the wild", and one of the first well-known programs exploiting buffer overrun vulnerabilities.

1989

  • October 1989: Ghostball, the first multipartite virus
    Multipartite virus
    A multipartite virus is a computer virus that infects and spreads in multiple ways. The term was coined to describe the first viruses that included DOS executable files and PC BIOS boot sector virus code, where both parts are viral themselves. For a complete cleanup, all parts of the virus must be...

    , is discovered by Friðrik Skúlason.

1990

  • Mark Washburn working on an analysis of the Vienna and Cascade viruses with Ralf Burger develops the first family of polymorphic
    Polymorphic code
    In computer terminology, polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact. That is, the code changes itself each time it runs, but the function of the code will not change at all...

     virus: the Chameleon family. Chameleon series debuted with the release of 1260
    1260 (computer virus)
    1260, or V2PX, was a computer virus written in 1989 by Mark Washburn that used a form of polymorphic encryption. Derived from Ralph Burger's publication of the disassembled Vienna virus source code, the 1260 altered its signature by randomizing and obfuscating its decryption algorithm in an effort...

    .

1992

  • Michelangelo was expected to create a digital apocalypse on March 6, with millions of computers having their information wiped according to mass media hysteria surrounding the virus. Later assessments of the damage showed the aftermath to be minimal.

1993

  • "Leandro & Kelly" and "Freddy Krueger" spread quickly due to popularity of BBS
    Bulletin board system
    A Bulletin Board System, or BBS, is a computer system running software that allows users to connect and log in to the system using a terminal program. Once logged in, a user can perform functions such as uploading and downloading software and data, reading news and bulletins, and exchanging...

     and shareware
    Shareware
    The term shareware is a proprietary software that is provided to users without payment on a trial basis and is often limited by any combination of functionality, availability, or convenience. Shareware is often offered as a download from an Internet website or as a compact disc included with a...

     distribution.

1995

  • The first Macro virus, called "Concept," is created. It attacked Microsoft Word documents.

1996

  • "Ply" - DOS 16-bit based complicated polymorphic virus appeared with built-in permutation engine.

1999

  • Jan 20: The Happy99
    Happy99
    Happy99 is a computer worm for Windows. It first appeared in mid-January 1999, spreading through email and usenet. The worm installs itself and runs in the background of a victim's machine, without their knowledge...

     worm first appeared. It invisibly attaches itself to emails, displays fireworks to hide the changes being made, and wishes the user a happy New Year
    New Year
    The New Year is the day that marks the time of the beginning of a new calendar year, and is the day on which the year count of the specific calendar used is incremented. For many cultures, the event is celebrated in some manner....

    . It modifies system files related to Outlook Express
    Outlook Express
    Outlook Express is an email and news client that is included with Internet Explorer versions 4.0 through 6.0. As such, it is also bundled with several versions of Microsoft Windows, from Windows 98 to Windows Server 2003, and is available for Windows 3.x, Windows NT 3.51, Windows 95 and Mac OS 9...

     and Internet Explorer
    Internet Explorer
    Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...

     (IE) on Windows 95
    Windows 95
    Windows 95 is a consumer-oriented graphical user interface-based operating system. It was released on August 24, 1995 by Microsoft, and was a significant progression from the company's previous Windows products...

     and Windows 98
    Windows 98
    Windows 98 is a graphical operating system by Microsoft. It is the second major release in the Windows 9x line of operating systems. It was released to manufacturing on 15 May 1998 and to retail on 25 June 1998. Windows 98 is the successor to Windows 95. Like its predecessor, it is a hybrid...

    .
  • March 26: The Melissa worm
    Melissa (computer worm)
    The Melissa virus, also known as "Mailissa", "Simpsons", "Kwyjibo", or "Kwejeebo", is a mass-mailing macro virus. As it is not a standalone program, it is not a worm.-History:...

     was released, targeting Microsoft Word and Outlook-based systems, and creating considerable network traffic.
  • June 6: The ExploreZip
    ExploreZip
    ExploreZip, also known as I-Worm.ZippedFiles, is a destructive computer worm which attacks machines running Microsoft Windows. It was first discovered in Israel on June 6, 1999.Worm.ExploreZip is a worm that contains a malicious payload. The worm utilizes Microsoft Outlook, Outlook Express, or...

     worm, which destroys Microsoft Office
    Microsoft Office
    Microsoft Office is a non-free commercial office suite of inter-related desktop applications, servers and services for the Microsoft Windows and Mac OS X operating systems, introduced by Microsoft in August 1, 1989. Initially a marketing term for a bundled set of applications, the first version of...

     documents, was first detected.
  • December 30: Kak worm
    Kak worm
    KAK is 1999 a JavaScript worm that uses a bug in Outlook Express to spread itself.On the first day of every month, at 5:00 pm, the worm uses shutdown.exe to initiate a shutdown and show a popup with text "Kagou-anti-Kro$oft says not today!". A minimized window often appears on startup with the...

     is a Javascript computer worm that spread itself by exploiting a bug in Outlook Express.

2000

  • May: The ILOVEYOU
    ILOVEYOU
    ILOVEYOU, also known as Love Letter, is a computer worm that successfully attacked tens of millions of computers in 2000 when it was sent as an attachment to a user with the text "ILOVEYOU" in the subject line. The worm arrived e-mail on and after May 4, 2000 with the simple subject of "ILOVEYOU"...

     worm appears. this was the most costly virus to businesses, causing upwards of 5.5 to 10 billion dollars in damage. The backdoor trojan to the worm, Barok
    Barok
    Barok is considered as one of the most popular komiks characters in the Philippines created by Filipino cartoonist Bert Sarile and Filipino comic book script writer Polly Rallanca in 1973...

    , was created by Filipino programmer Onel de Guzman of AMA Computer University
    AMA Computer University
    AMA Computer University , formerly AMA Computer College, was the first ICT University in Asia. The University serves as the flagship brand of the AMA Education System....

    ; it is not known who created the attack vector or who unleashed it; de Guzman himself denies being behind the outbreak although he suggests he may have been duped by someone using his own Barok code as a payload.
  • August 24: Pikachu virus
    Pikachu virus
    The Pikachu virus is believed to be the first computer virus targeted towards children. It contains the character "Pikachu" from the Pokémon series, and is in the form of an e-mail titled "Pikachu " with the message: "Pikachu is your friend."...

     is the first virus that targets children. The virus is written in Visual Basic 6.
  • September: Hybris (computer worm)
    Hybris (computer worm)
    Hybris, also known as Snow White, Vecna.22528, and Full Moon, is a computer worm believed to be written by Brazilian virus writer Vecna, member of the computer virus writing group 29A. It first appeared in September 2000 and became more common in January 2001....

     was found and the worm believed to be written by a Brazilian named Vecna.

2001

  • February 11: The Anna Kournikova virus
    Anna Kournikova (computer virus)
    The Anna Kournikova computer virus was a computer virus authored by Dutch programmer Jan de Wit on February 11, 2001. It was designed to trick email users into opening a mail message purportedly containing a picture of tennis player Anna Kournikova, while actually hiding a malicious program...

     hits e-mail servers hard by sending e-mail to contacts in the Microsoft Outlook
    Microsoft Outlook
    Microsoft Outlook is a personal information manager from Microsoft, available both as a separate application as well as a part of the Microsoft Office suite...

     addressbook. Its creator, Dutchman Jan de Wit, was sentenced to 150 hours of community service.
  • May 8: The Sadmind worm spreads by exploiting holes in both Sun
    Sun Microsystems
    Sun Microsystems, Inc. was a company that sold :computers, computer components, :computer software, and :information technology services. Sun was founded on February 24, 1982...

     Solaris and Microsoft
    Microsoft
    Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...

     IIS
    Internet Information Services
    Internet Information Services – formerly called Internet Information Server – is a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows. It is the most used web server after Apache HTTP Server. IIS 7.5 supports HTTP, HTTPS,...

    .
  • July: The Sircam worm is released, spreading through Microsoft systems via e-mail and unprotected network shares.
  • July 13: The Code Red worm attacking the Index Server ISAPI Extension in Microsoft Internet Information Services
    Internet Information Services
    Internet Information Services – formerly called Internet Information Server – is a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows. It is the most used web server after Apache HTTP Server. IIS 7.5 supports HTTP, HTTPS,...

     is released.
  • August 4: A complete re-write of the Code Red worm, Code Red II begins aggressively spreading onto Microsoft systems, primarily in China.
  • September 18: The Nimda worm is discovered and spreads through a variety of means including vulnerabilities in Microsoft Windows and backdoors left by Code Red II and Sadmind worm.
  • October 26: The Klez
    KLEZ
    KIXV is a radio station broadcasting a country music format. Licensed to Malvern, Arkansas, USA, it serves the Hot Springs, Arkansas and Hot Springs Village, Arkansas, area. The station is currently owned by Noalmark Broadcasting Corporation....

     worm is first identified. It exploits a vulnerability in Microsoft Internet Explorer and Microsoft Outlook and Outlook Express.

2002

  • February 11: Simile (computer virus)
    Simile (computer virus)
    Win32/Simile is a metamorphic computer virus written in assembly language for Microsoft Windows. The virus was released in the most recent version in early March 2002. It was written by the virus writer Mental Driller...

     is a metamorphic computer virus written in assembly.
  • Beast
    Beast Trojan (trojan horse)
    Beast is a Windows-based backdoor trojan horse, more commonly known in the underground "script-kiddie" community as a Remote Administration Tool. It is capable of infecting version of Windows from 95 to XP. Written in Delphi and released first by its author Tataye in 2002, it became quite popular...

     is a Windows based backdoor trojan horse, more commonly known as a RAT (Remote Administration Tool). It is capable of infecting almost all Windows OS i.e. 95 through XP. Written in Delphi and released first by its author Tataye in 2002, its most current version was released October 3, 2004
  • March 7: Mylife (computer worm)
    Mylife (computer worm)
    MyLife, discovered by MessageLabs in 2002, is a computer worm that spreads itself by sending email to the addresses found in Microsoft Outlook's contacts list. Written in Visual Basic, it displays an image of a girl holding a flower while it attempts to delete files with certain filename...

     is a computer worm that spread itself by sending malicious emails to all the contacts in Microsoft Outlook.
  • August 30: Optix Pro
    Optix Pro
    Optix Pro is a configurable remote access tool or Trojan, similar to SubSeven or BO2KOptix Pro is far more sophisticated and lethal than its predecessors. It has the ability to kill most of the firewall and anti-virus products which exist today....

     is a configurable remote access tool or Trojan, similar to SubSeven or BO2K.

2003

  • January 24: The SQL slammer worm, aka Sapphire worm, Helkern and other names, attacks vulnerabilities in Microsoft SQL Server
    Microsoft SQL Server
    Microsoft SQL Server is a relational database server, developed by Microsoft: It is a software product whose primary function is to store and retrieve data as requested by other software applications, be it those on the same computer or those running on another computer across a network...

     and MSDE
    MSDE
    Microsoft SQL Server Data Engine is a relational database management system developed by Microsoft. It is a scaled-down version of Microsoft SQL Server 7.0 or 2000 which is free for non-commercial use as well as certain limited commercial use...

     and causes widespread problems on the Internet.
  • April 2: Graybird
    Graybird
    Graybird is a Trojan horse that hides its presence on the compromised computer and downloads files from remote Web sites. There are many variations of this virus such as Backdoor.Graybird.P .-References:...

     is a Trojan also known as Backdoor.Graybird.
  • June 13: ProRat is a Turkish-made Microsoft Windows based backdoor trojan horse, more commonly known as a RAT (Remote Administration Tool).
  • August 12: The Blaster worm, aka the Lovesan worm, rapidly spreads by exploiting a vulnerability in system services present on Windows computers.
  • August 18: The Welchia (Nachi) worm is discovered. The worm tries to remove the blaster worm and patch Windows.
  • August 19: The Sobig worm (technically the Sobig.F worm) spreads rapidly through Microsoft systems via mail and network shares.
  • September 18: Swen
    Swen
    Swen is a mass mailing computer worm written in C++. It sends an email which contains the installer for the virus, disguised as a Microsoft Windows update, although it also works on P2P filesharing networks, IRC and newsgroups' websites. It was first analyzed on September 18, 2003, however, it...

     is a computer worm written in C++.
  • October 24: The Sober worm is first seen on Microsoft systems and maintains its presence until 2005 with many new variants. The simultaneous attacks on network weakpoints by the Blaster and Sobig worms cause massive damage.
  • November 10: Agobot is a computer worm that can spread itself by exploiting vulnerabilities on Microsoft Windows. Some of the vulnerabilities are MS03-026 and MS05-039.
  • November 20: Bolgimo is a computer worm that spread itself by exploiting a buffer overflow vulnerability at Microsoft Windows DCOM RPC Interface.

2004

  • January 18: Bagle (computer worm)
    Bagle (computer worm)
    Bagle is a mass-mailing computer worm affecting all versions of Microsoft Windows. The first strain, Bagle.A, did not propagate widely. A second variant, Bagle.B, is considerably more virulent....

     is a mass-mailing worm affecting all versions of Microsoft Windows. There were 2 variants of Bagle worm, they were Bagle.A and Bagle.B. Bagle.B was discovered on February 17, 2004.
  • Late January: MyDoom emerges, and currently holds the record for the fastest-spreading mass mailer worm.
  • February 16: The Netsky
    Netsky (computer worm)
    Netsky is a prolific family of computer worms. The first variant appeared on Monday, February 16, 2004. The "B" variant was the first family member to find its way into mass distribution. It appeared on Wednesday, February 18, 2004...

     worm is discovered. The worm spreads by email and by copying itself to folders on the local hard drive as well as on mapped network drives if available. Many variants of the Netsky worm appeared.
  • March 19: The Witty worm is a record-breaking worm in many regards. It exploited holes in several Internet Security Systems
    Internet Security Systems
    IBM Internet Security Systems is a security software provider which was founded in 1994 as Internet Security Systems, and is often known simply as ISS or ISSX...

     (ISS) products. It was the fastest disclosure to worm, it was the first internet worm to carry a destructive payload and it spread rapidly using a pre-populated list of ground-zero hosts.
  • May 1: The Sasser worm emerges by exploiting a vulnerability in LSASS
    Local Security Authority Subsystem Service
    Local Security Authority Subsystem Service , is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens...

     and causes problems in networks, while removing MyDoom and Bagle
    Bagle (computer worm)
    Bagle is a mass-mailing computer worm affecting all versions of Microsoft Windows. The first strain, Bagle.A, did not propagate widely. A second variant, Bagle.B, is considerably more virulent....

     variants, even interrupting business.
  • June 15: Caribe
    Caribe (computer worm)
    Cabir is the name of a computer worm developed in 2004 that is designed to infect mobile phones running Symbian OS. It is believed to be the first computer worm that can infect mobile phones...

     or Cabir is a computer worm that is designed to infect mobile phones that run Symbian OS. It is the first computer worm that can infect mobile phones. It spread itself through Bluetooth. More information can be found on and
  • August 16: Nuclear RAT
    Nuclear RAT
    Nuclear RAT is a backdoor trojan horse that infects Windows NT family systems . It uses a server creator, a client and a server to take control over a remote computer...

     (short for Nuclear Remote Administration Tool) is a backdoor Trojan Horse
    Trojan horse (computing)
    A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...

     that infects Windows NT
    Windows NT
    Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...

     family systems (Windows 2000
    Windows 2000
    Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...

    , Windows XP
    Windows XP
    Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...

    , Windows 2003).
  • August 20: Vundo, or the Vundo Trojan (also known as Virtumonde or Virtumondo and sometimes referred to as MS Juan) is a Trojan Horse that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google
    Google
    Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...

     and Facebook
    Facebook
    Facebook is a social networking service and website launched in February 2004, operated and privately owned by Facebook, Inc. , Facebook has more than 800 million active users. Users must register before using the site, after which they may create a personal profile, add other users as...

    .
  • October 12, 2004: Bifrost, also known as Bifrose, is a backdoor trojan which can infect Windows 95
    Windows 95
    Windows 95 is a consumer-oriented graphical user interface-based operating system. It was released on August 24, 1995 by Microsoft, and was a significant progression from the company's previous Windows products...

     through Vista
    Windows Vista
    Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...

    . Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attack.
  • December: Santy
    Santy
    Santy is a computer worm created in Perl to exploit a vulnerability in phpBB software which used Google to spread across the internet.Within 24 hours of its release by X_Spec on 20 December 2004, a large number of websites were attacked by Santy. The worm holds a record of spreading worldwide...

    , the first known "webworm" is launched. It exploited a vulnerability in phpBB
    PhpBB
    phpBB is a popular Internet forum package written in the PHP scripting language. The name "phpBB" is an abbreviation of PHP Bulletin Board...

     and used Google
    Google
    Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...

     in order to find new targets. It infected around 40000 sites before Google filtered the search query used by the worm, preventing it from spreading.

2005

  • August 16: Zotob (computer worm)
    Zotob (computer worm)
    "The Zotob worm and several variations of it, known as Rbot.cbq, SDBot.bzh and Zotob.d, infected computers at companies such as ABC, CNN, The Associated Press, The New York Times, and Caterpillar Inc." — Business Week, August 16, 2005....

     is a worm that spread itself by exploiting Microsoft Windows Plug and Play Buffer Overflow (MS05-039).
  • October 13: The Samy
    Samy (XSS)
    Samy was an XSS worm developed to propagate across the MySpace social-networking site. At the time of release, it gained significant media attention....

     XSS
    Cross-site scripting
    Cross-site scripting is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same...

     worm becomes the fastest spreading virus
    Computer virus
    A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...

     by some definitions .
  • Late 2005: The Zlob Trojan
    Zlob trojan
    The Zlob Trojan, identified by some antiviruses as Trojan.Zlob, is a trojan horse which masquerades as a needed video codec in the form of ActiveX...

    , also known as Trojan.Zlob, is a trojan horse which masquerades as a required video codec in the form of ActiveX. It was first detected in late 2005.
  • 2005: Bandook
    Bandook
    Bandook Rat is a backdoor trojan horse that infects Windows NT family systems . It uses a server creator, a client and a server to take control over the remote computer...

     or Bandook Rat (Bandook Remote Administration Tool) is a backdoor trojan horse that infects the Windows family. It uses a server creator, a client and a server to take control over the remote computer. It uses process hijacking / Kernel Patching to bypass the firewall, and allow the server component to hijack processes and gain rights for accessing the Internet.

2006

  • January 20: The Nyxem worm was discovered. It spread by mass-mailing. Its payload, which activates on the third of every month, starting on February 3, attempts to disable security-related and file sharing software, and destroy files of certain types, such as Microsoft Office files.
  • February 16: discovery of the first-ever malware for Mac OS X, a low-threat trojan-horse known as OSX/Leap
    Leap virus
    The Leap or Oompa-Loompa computer virus is an application-infecting, LAN-spreading worm for Mac OS X discovered in February 2006.Leap cannot spread over the Internet, and can only spread over a local area network reachable using the Bonjour protocol...

    -A or OSX/Oompa-A, is announced.
  • Late March: Brontok variant N was found in late March. Brontok was a mass-email worm and the origin for the worm was from Indonesia.
  • Late September: Stration
    Stration
    Stration from the computer virus, can be described as something that starts small and grows pretty fast. It comes from a family of computer worms that can affect computers running Microsoft Windows, disabling security features and propagating itself to other computers via e-mail attachments...

     or Warezov worm first discovered.

2007

  • January 17: Storm Worm
    Storm Worm
    The Storm Worm is a backdoor Trojan horse that affects computers using Microsoft operating systems, discovered on January 17, 2007...

     identified as a fast spreading email spamming threat to Microsoft systems. It begins gathering infected computers into the Storm botnet
    Storm botnet
    The Storm botnet or Storm worm botnet is a remotely controlled network of "zombie" computers that have been linked by the Storm Worm, a Trojan horse spread through e-mail spam...

    . By around June 30 it had infected 1.7 million computers, and it had compromised between 1 and 10 million computers by September. Thought to have originated from Russia, it disguises itself as a news email containing a film about bogus news stories asking you to download the attachment which it claims is a film.

  • July: Zeus
    Zeus (trojan horse)
    Zeus is a Trojan horse that steals banking information by keystroke logging and Form Grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became...

     is a Trojan horse that steals banking information by keystroke logging.

2008

  • February 17: Mocmex
    Mocmex
    Mocmex is a trojan, which was found in a digital photo frame in February 2008. It was the first serious computer virus on a digital photo frame. The virus was traced back to a group in China.- Overview :...

     is a trojan, which was found in a digital photo frame in February 2008. It was the first serious computer virus on a digital photo frame. The virus was traced back to a group in China.
  • March 3: Torpig
    Torpig
    Torpig, also known as Sinowal or Anserin , is a type of botnet spread by a variety of trojan horses which can affect computers that use Microsoft Windows...

    , also known as Sinowal and Mebroot, is a Trojan horse that affects Windows, turning off anti-virus applications. It allows others to access the computer, modifies data, steals confidential information (such as user passwords and other sensitive data) and installs more malware on the victim's computer.
  • May 6: Rustock.C, a hitherto-rumoured spambot-type malware with advanced rootkit capabilities, was announced to have been detected on Microsoft systems and analyzed, having been in the wild and undetected since October 2007 at the very least.
  • July 6: Bohmini.A
    Bohmini.A
    Bohmini.A is a configurable remote access tool or Trojan.Bohmini.A exploits security flaws in Adobe Flash 9.0.115 with Internet Explorer 7.0 and Firefox 2.0 under Windows XP SP2...

     is a configurable remote access tool or trojan that exploits security flaws in Adobe Flash 9.0.115 with Internet Explorer 7.0 and Firefox 2.0 under Windows XP SP2.
  • July 31: The Koobface
    Koobface
    Koobface is a computer worm that targets users of the social networking websites Facebook , MySpace, hi5, Bebo, Friendster and Twitter. Koobface is designed to infect Microsoft Windows and Mac OS X, but also works on Linux...

     computer worm targets users of Facebook
    Facebook
    Facebook is a social networking service and website launched in February 2004, operated and privately owned by Facebook, Inc. , Facebook has more than 800 million active users. Users must register before using the site, after which they may create a personal profile, add other users as...

     and MySpace
    MySpace
    Myspace is a social networking service owned by Specific Media LLC and pop star Justin Timberlake. Myspace launched in August 2003 and is headquartered in Beverly Hills, California. In August 2011, Myspace had 33.1 million unique U.S. visitors....

    . New variants constantly appear.
  • November 21: Computer worm Conficker
    Conficker
    Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008...

     infects anywhere from 9 to 15 million Microsoft server systems running everything from Windows 2000
    Windows 2000
    Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...

     to the Windows 7 Beta. The French Navy, UK Ministry of Defence (including Royal Navy warships and submarines), Sheffield Hospital network, German Bundeswehr
    Bundeswehr
    The Bundeswehr consists of the unified armed forces of Germany and their civil administration and procurement authorities...

     and Norwegian Police were all affected. Microsoft
    Microsoft
    Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...

     sets a bounty of $250,000 USD for information leading to the capture of the worm's author(s). Five main variants of the Conficker worm are known and have been dubbed Conficker A, B, C, D and E. They were discovered 21 November 2008, 29 December 2008, 20 February 2009, 4 March 2009 and 7 April 2009, respectively. On December 16, 2008, Microsoft releases KB958644 patching the server service vulnerability responsible for the spread of Conficker.

2009

  • July 4: The July 2009 cyber attacks
    July 2009 cyber attacks
    The July 2009 cyber attacks were a series of coordinated cyber attacks against major government, news media, and financial websites in South Korea and the United States...

     occur and the emergence of the W32.Dozor attack the United States
    United States
    The United States of America is a federal constitutional republic comprising fifty states and a federal district...

     and South Korea
    South Korea
    The Republic of Korea , , is a sovereign state in East Asia, located on the southern portion of the Korean Peninsula. It is neighbored by the People's Republic of China to the west, Japan to the east, North Korea to the north, and the East China Sea and Republic of China to the south...

    .
  • July 15: Symantec discovered Daprosy Worm
    Daprosy Worm
    Daprosy worm is a malicious computer program that spreads via local area network connections, spammed e-mails and USB mass storage devices. Infection comes from a single read1st.exe file where several dozen clones are created at once bearing the names of compromised folders...

    . Said trojan worm is intended to steal online-game passwords in internet cafes. It could, in fact, intercept all keystrokes and send them to its author which makes it particularly a very dangerous worm to infect B2B
    Business-to-business
    Business-to-business describes commerce transactions between businesses, such as between a manufacturer and a wholesaler, or between a wholesaler and a retailer...

     (business-to-business) systems.

2010

  • February 18: Microsoft
    Microsoft
    Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...

     announced that a BSoD
    Blue Screen of Death
    To forse a BSOD Open regedit.exe,Then search: HKLM\SYSTEM\CurrentControlSet\services\i8042prt\ParametersThen make a new DWORD called "CrashOnCtrlScroll" And set the value to 1....

     problem on some Windows machines which was triggered by a batch of Patch Tuesday
    Patch Tuesday
    Patch Tuesday is usually the second Tuesday of each month, on which Microsoft releases security patches.Starting with Windows 98, Microsoft included a "Windows Update" system that would check for patches to Windows and its components, which Microsoft would release intermittently...

     updates was caused by the Alureon
    Alureon
    Alureon is a trojan and bootkit which is designed, amongst other things, to steal data by intercepting a system's network traffic and searching it for usernames, passwords and credit card data....

     trojan.

  • June 17: Stuxnet
    Stuxnet
    Stuxnet is a computer worm discovered in June 2010. It initially spreads via Microsoft Windows, and targets Siemens industrial software and equipment...

    , a Windows trojan, was detected. It is the first worm to attack SCADA
    SCADA
    SCADA generally refers to industrial control systems : computer systems that monitor and control industrial, infrastructure, or facility-based processes, as described below:...

     systems. There are suggestions that it was designed to target Iranian nuclear facilities. It uses a valid certificate from Realtek
    Realtek
    Realtek Semiconductor Corp. , a fabless IC design house situated in the Hsinchu Science Park, Hsinchu, Taiwan, was founded in October 1987, and subsequently approved as a listed company on the Taiwan Stock Exchange in 1998...

    .

  • September 9: The virus, called "here you have
    Here you have
    Here you have, is a computer worm that successfully attacked many Windows computers in 2010 when it was sent as a link inside an email message with the text "Here you have" in the subject line. The worm arrived in email inboxes on and after September 9, 2010 with the simple subject of "Here you have"...

    " or "VBMania", is a simple Trojan Horse that arrives in the inbox with the odd-but-suggestive subject line "here you have". The body reads "This is The Document I told you about, you can find it Here" or "This is The Free Download Sex Movies, you can find it Here".

  • September 15: The Virus called Kenzero
    Kenzero
    Kenzero is a virus that is spread across Peer to Peer networks and is programmed to monitor the browsing history of victims. -History:The Kenzero virus was first discovered on the 15th of September 2010, but researchers think it went undetected for a few months prior to the initial...

     is a virus that spreads online from Peer to peer (P2P) sites taking browsing history.

2011

  • SpyEye and Zeus
    Zeus (trojan horse)
    Zeus is a Trojan horse that steals banking information by keystroke logging and Form Grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became...

     merged code is seen. New variants attack mobile phone banking
    Mobile Banking
    Mobile banking is a term used for performing balance checks, account transactions, payments, credit applications and other banking transactions through a mobile device such as a mobile phone or Personal Digital Assistant . The earliest mobile banking services were offered over SMS...

     information.

  • Anti-Spyware 2011, a trojan which attacks Windows 9x, 2000, XP, Vista, and Windows 7, posing as an anti-spyware program. It actually disables security-related process of anti-virus programs, while also blocking access to the Internet which prevents updates.

  • The Morto worm emerged in the summer of 2011. It attempts to propagate itself to additional computers via the Remote Desktop Protocol
    Remote Desktop Protocol
    Remote Desktop Protocol is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to another computer. The protocol is an extension of the ITU-T T.128 application sharing protocol. Clients exist for most versions of Microsoft Windows , Linux, Unix, Mac OS...

     (RDP). Morto spreads by forcing infected systems to scan for servers allowing RDP login. Once Morto finds an RDP-accessible system, it attempts to log in to a domain or local system account named 'Administrator' using a number of common passwords. A detailed overview of how the worm works—along with the password dictionary Morto uses—was done by Imperva
    Imperva
    Imperva , is a data security company headquartered in the United States, which provides solutions for high-value business data protection and prevents sensitive data theft from hackers and malicious insiders by securing data across three main areas: databases, file systems, and web...

    .

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK