Trail of Destruction: The History of the Virus

  • Brian, the first PC virus, is created. The boot virus originates in Pakistan.
  • First file virus, Virdem, is discovered, originating in Germany.


  • The IBM Christmas Worm strikes, replicating at up to 500,000 times per hour on mainframes. Fastest-spreading virus seen at that time.
  • The Lehigh virus, the first infector, wipes out 500 system disks at Lehigh University.


  • Robert Morris Internet Worm spreads to 6,000 computers, 10 percent of all computers on the Internet. Internet traffic is crippled. CERT is formed in response.


  • AT&Ts long-distance telephone switching system crashes. Investigators suspect hackers.


  • Michaelangelo virus is set to trigger on March 6 and predicted to cause widespread damage. A few hundred systems are hit amid panic.


  • Hackers break in to a computer at Griffith Air Force Base. They also penetrate the Korean Atomic Research Institute, NASA, the Goddard Space Center and the Jet Propulsion Laboratory.
  • On Thanksgiving, the "Internet Liberation Front" wreaks havoc and mayhem for GE, IBM, Pipeline and others by hacking into their computer systems.


  • First Word macro virus, Concept, infects Microsoft Word documents.
  • Defense Department computer files come under attack 250,000 times. About 65 percent of the attempts are successful.


  • First Microsoft Access macro viruses found.
  • First AOL Trojans designed to steal from America Online users are unleashed by the spamming of AOL e-mail addresses with Trojans.
  • Hackers alter the New York Times Web site in protest of the arrest and imprisonment of Kevin Mitnick. They rename the Web site HFG, or "Hacking for Girls."


  • W97.M.Melissa spreads rapidly worldwide. The virus infects Word documents and e-mails itself to everyone in the Outlook address book. Thousands of e-mail servers are shut down.
  • W32.Funlove.4099 is discovered. The worm utilizes a known Microsoft Outlook Express security hole so that a viral file is created on the system without having to run any attachment.
  • Classified computer systems at Kelly Air Force Base come under attack by hackers from locations around the world.
  • U.S. Information Agency Web site is hacked for the second time in six months. The attacker breaks through the agencys Internet security and damages the hard drive.


  • VBS.LoveLetter is discovered and spreads to Internet chat rooms using mIRC. The worm overwrites files on local and remote drives and tries to download a password-stealing Trojan horse program from a Web site.
  • Palm.Liberty.A, the first Trojan horse for Palm OS, is discovered.
  • Denial-of-service attacks on eBay, eTrade, Ziff Davis, and shut down sites for hours.


  • In July, one month after Microsoft announced a vulnerability in Internet Information Server 4.0 and Internet Information Services 5.0, Code Red, self-propagating malicious code, is released and begins to exploit IIS-enabled systems. In early August, the Code Red II worm, exploiting the same vulnerability, appears.
  • On July 25, W32/Sircam Malicious Code appears, spreading through e-mail and unprotected network shares. The code affects both the infected computer as well as all those in its e-mail address book.
  • The W32/Nimda worm, taking advantage of back doors left behind by the Code Red II worm, is the first to propagate itself via several methods, including e-mail, network shares and an infected Web site. The worm spreads from client to Web server by scanning for back doors.

Sources: Symantec Corp., CERT, eWEEK reporting

Also in this Special Report

  • Ignorance: The Hackers Best Friend
  • Security Roundtable
  • Here Be Dragons: Web Services Risks
  • Threats to Come
  • Community Builds Security: Labs Answers Your Security Questions
  • WLAN Hardening Checklist
  • Application Hardening Checklist
  • Operating System Hardening Tips