HISTORY OF COMPUTER VIRUS
Traditional computer viruses were first widely seen in the
late 1980s, and they came about because of several factors. The first factor
was the spread of personal computers (PCs). Prior to the 1980s, home computers
were nearly non-existent or they were toys. Real computers were rare, and
they were locked away for use by "experts." During the 1980s, real
computers started to spread to businesses and homes because of the popularity
of the IBM PC (released in 1982) and the Apple Macintosh (released in 1984).
By the late 1980s, PCs were widespread in businesses, homes and college campuses.
The second factor was the use of computer bulletin boards. People could dial
up a bulletin board with a modem and download programs of all types. Games
were extremely popular, and so were simple word processors, spreadsheets,
etc. Bulletin boards led to the precursor of the virus known as the Trojan
horse. A Trojan horse is a program that sounds really cool when you read about
it. So you download it. When you run the program, however, it does something
uncool like erasing your disk. So you think you are getting a neat game but
it wipes out your system. Trojan horses only hit a small number of people
because they are discovered quickly. Either the bulletin board owner would
erase the file from the system or people would send out messages to warn one
another.
The third factor that led to the creation of viruses was the floppy disk.
In the 1980s, programs were small, and you could fit the operating system,
a word processor (plus several other programs) and some documents onto a floppy
disk or two. Many computers did not have hard disks, so you would turn on
your machine and it would load the operating system and everything else off
of the floppy disk.
List 1
1949 Theories for self-replicating
programs are first developed.
1981 Apple Viruses 1, 2, and 3 are some of the
first viruses "in the wild" or public domain. Found on the Apple
II operating system, the viruses spread through Texas A&M via pirated
computer games.
1983
Fred Cohen, while working on his dissertation, formally defines a computer
virus as "a computer program that can affect other computer programs
by modifying them in such a way as to include a (possibly evolved) copy of
itself". The name 'virus' was thought of by Len Adleman.
1986
"Brain" & "PC-Write Trojan": The common story is that
two brothers from Pakistan named Basit and Amjad analyzed the boot sector
of a floppy disk and developed a method of infecting it with a virus dubbed
"Brain" (the origin is generally accepted but not absolute). Because
it spread widely on the popular MS-DOS PC system this is typically called
the first computer virus; even though it was predated by Cohen's experiments
and the Apple II virus. That same year the first PC-based Trojan was released
in the form of the popular shareware program PC-Write.
1987
"Stoned" is the first virus to infect the master boot record preventing
it from starting up.
1988
One of the most common viruses, "Jerusalem", is unleashed. Activated
every Friday the 13th, the virus affects both .EXE and .COM files and deletes
any programs run on that day. An Indonesian programmer releases the first
anti-virus software for the brain virus. The "Internet Worm" is
released and crashed 5000 computers.
1989
IBM releases the first commercial anti-virus products. Intensive anti-virus
research commences. The "Dark Avenger" virus appears.
1990
Symantec launches Norton Antivirus, one of the first anti-virus programs developed
by a large company. Bulletin Boards (BBS) become a common way for virus writers
to share code.
1991
"Tequila" is the first widespread polymorphic virus found in the
wild. Polymorphic viruses make detection difficult for virus scanners by changing
their appearance with each new infection. Virus construction kits can be downloaded
from virus bulletin boards enabling almost anyone to write a virus. 9% in
early 1991 reported they had experienced a virus attack. By the end of the
year that figure increased to 63%.
1992
1300 viruses are in existence, an increase of 420% from December of 1990.
The Michelangelo scare predicts 5 million computers will crash on March 6.
Only 5,000-10,000 actually go down.
1994
Good Times email hoax tears through the computer community. The hoax warns
of a malicious virus that will erase an entire hard drive just by opening
an email with the subject line "Good Times". Though disproved, the
hoax resurfaces every six to twelve months. In England, the writer if the
"Pathogen" virus is found by Scotland Yard and sentenced to 18 months
in jail. This is the first prosecution.
1995
The "Concept" macro virus appears. Written in Microsoft's WordBasic
it can run on PCs and Macs running Microsoft Word. Being so easy to write,
macro viruses become extensively widespread.
1998
Currently harmless and yet to be found in the wild, StrangeBrew is the first
virus to infect Java files. The virus modifies CLASS files to contain a copy
of itself within the middle of the file's code and to begin execution from
the virus section.
1999
The Melissa virus, W97M/Melissa, executes a macro in a document attached to
an email, which forwards the document to 50 people in the user's Outlook address
book. The virus also infects other Word documents and subsequently mails them
out as attachments. Melissa spread faster than any other previous virus and
infected hundreds of thousands of PCs. The "Chernobyl" virus hit
in April making the hard drive inaccessible causing wide spread damage. Tristate
is the first multi-program macro virus; it infects Word, Excel, and PowerPoint
files. Bubbleboy is the first worm that would activate when a user simply
opened and E-mail message in Microsoft Outlook (or previewed the message in
Outlook Express). No attachment is necessary. Bubbleboy was the proof of concept;
Kak spread widely using this technique.
2000
The "Love Bug", also known as the "ILoveYou" and "Love
Letter" virus, sends itself out via Outlook, much like Melissa. From
the Philippines, the virus comes as a VBS attachment and deletes files, including
MP3, MP2, and JPG. It also sends usernames and passwords to the virus' author.
"Love Letter" spread over the US and Europe in 6 hours and infected
2.5 million PCs causing an estimated $8.7 billion in damage. "W97M.Resume.A",
a new variation of the "Melissa" virus, is determined to be in the
wild. The "resume" virus acts much like "Melissa", using
a Word macro to infect Outlook and spread itself. The "Stages" virus,
disguised as a joke email about the stages of life, spreads across the Internet.
Unlike previous viruses, "Stages" is hidden in an attachment with
a false ".txt" extension, making it easier to lure recipients into
opening it. Until now, it has generally been safe to assume the text files
are safe. August 2000 saw the first Trojan developed for the Palm PDA. Called
"Liberty" and developed by Aaron Ardiri the co-developer of the
Palm Game Boy emulator Liberty, the Trojan was developed as an uninstall program
and was distributed to a few people to help foil those who would steal the
actual software. When it was accidentally released to the wider public Ardiri
helped contains its spread.
2001 The Anna Kournikova virus, also known as VBS/SST, which masquerades as a picture of Tennis Star Anna Kournikova, operates in a similar manner to Melissa and The Love Bug. It spreads by sending copies of itself to the entire address book in Microsoft Outlook. It is believed that this virus was created with a so-called virus creation kit, a program which can enable even a novice programmer to create these malicious programs. In May, the HomePage email virus hit no more than 10,000 users of Microsoft Outlook. When opened, the virus redirected users to sexually explicit Web pages. Technically known as VBSWG.X, the virus spread quickly through Asia and Europe, but was mostly prevented in the U.S. because of lessons learned in earlier time zones. The author of the virus is said to live in Argentina, and have authored the Kournikova virus earlier in the year. The Code Red I and II worms attacked computer networks in July and August. According to Computer Economics they affected over 700,000 computers and caused upwards of 2 billion in damages. A worm spreads through external and (then) internal computer networks, as opposed to a virus which infects computers via email and certain websites. Code Red took advantage of a vulnerability in Microsoft's Windows
2000
and Windows NT server software. Microsoft developed a patch to protect networks
against the worm, and admits that they too were attacked. Other major companies
affected include AT&T, and the AP.
List2
1986 Brian, the first PC virus, is created. The boot virus originates in Pakistan. First file virus, Virdem, is discovered, originating in Germany. 1987 The IBM Christmas Worm strikes, replicating at up to 500,000 times per hour on mainframes. Fastest-spreading virus seen at that time. The Lehigh virus, the first command.com infector, wipes out 500 system disks at Lehigh University. 1988 Robert Morris' Internet Worm spreads to 6,000 computers, 10 percent of all computers on the Internet. Internet traffic is crippled. CERT is formed in response. 1990 AT&T's long-distance telephone switching system crashes. Investigators suspect hackers. 1992 Michelangelo virus is set to trigger on March 6 and predicted to cause widespread damage. A few hundred systems are hit amid panic. 1994 Hackers break in to a computer at Griffith Air Force Base. They also penetrate the Korean Atomic Research Institute, NASA, the Goddard Space Center and the Jet Propulsion Laboratory. On Thanksgiving, the "Internet Liberation Front" wreaks havoc and mayhem for GE, IBM, Pipeline and others by hacking into their computer systems. 1995 First Word macro virus, Concept, infects Microsoft Word documents. Defense Department computer files come under attack 250,000 times. About 65 percent of the attempts are successful. 1998 First Microsoft Access macro viruses found. First AOL Trojans designed to steal from America Online users are unleashed by the spamming of AOL e-mail addresses with Trojans. Hackers alter the New York Times Web site in protest of the arrest and imprisonment of Kevin Mitnick. They rename the Web site HFG, or "Hacking for Girls." 1999 W97.M.Melissa spreads rapidly worldwide. The virus infects Word documents and e-mails itself to everyone in the Outlook address book. Thousands of e-mail servers are shut down. W32.Funlove.4099 is discovered. The worm utilizes a known Microsoft Outlook Express security hole so that a viral file is created on the system without having to run any attachment. Classified computer systems at Kelly Air Force Base come under attack by hackers from locations around the world. U.S. Information Agency Web site is hacked for the second time in six months. The attacker breaks through the agency's Internet security and damages the hard drive. 2000 VBS.LoveLetter is discovered and spreads to Internet chat rooms using mIRC. The worm overwrites files on local and remote drives and tries to download a password-stealing Trojan horse program from a Web site. Palm.Liberty.A, the first Trojan horse for Palm OS, is discovered. Denial-of-service attacks on eBay, eTrade, Ziff Davis, Buy.com and CNN.com shut down sites for hours. 2001 In July, one month after Microsoft announced vulnerability in Internet Information Server 4.0 and Internet Information Services 5.0, Code Red, self-propagating malicious code, is released and begins to exploit IIS-enabled systems. In early August, the Code Red II worm, exploiting the same vulnerability, appears. On July 25, W32/Sircam Malicious Code appears, spreading through e-mail and unprotected network shares. The code affects both the infected computer as well as all those in its e-mail address book. The W32/Nimda worm, taking advantage of back doors left behind by the Code Red II worm, is the first to propagate itself via several methods, including e-mail, network shares and an infected Web site. The worm spreads from client to Web server by scanning for back doors
Sources: Symantec
Corp., CERT, eWEEK reporting
