Trail of Destruction: The History of the Virus

March 22, 2002

1986

Brian, the first PC virus, is created. The boot virus originates in Pakistan.
First file virus, Virdem, is discovered, originating in Germany.

1987

The IBM Christmas Worm strikes, replicating at up to 500,000 times per hour on mainframes. Fastest-spreading virus seen at that time.
The Lehigh virus, the first command.com infector, wipes out 500 system disks at Lehigh University.

1988

Robert Morris Internet Worm spreads to 6,000 computers, 10 percent of all computers on the Internet. Internet traffic is crippled. CERT is formed in response.

1990

AT&Ts long-distance telephone switching system crashes. Investigators suspect hackers.

1992

Michaelangelo virus is set to trigger on March 6 and predicted to cause widespread damage. A few hundred systems are hit amid panic.

1994

Hackers break in to a computer at Griffith Air Force Base. They also penetrate the Korean Atomic Research Institute, NASA, the Goddard Space Center and the Jet Propulsion Laboratory.
On Thanksgiving, the “Internet Liberation Front” wreaks havoc and mayhem for GE, IBM, Pipeline and others by hacking into their computer systems.

1995

First Word macro virus, Concept, infects Microsoft Word documents.
Defense Department computer files come under attack 250,000 times. About 65 percent of the attempts are successful.

1998

First Microsoft Access macro viruses found.
First AOL Trojans designed to steal from America Online users are unleashed by the spamming of AOL e-mail addresses with Trojans.
Hackers alter the New York Times Web site in protest of the arrest and imprisonment of Kevin Mitnick. They rename the Web site HFG, or “Hacking for Girls.”

1999

W97.M.Melissa spreads rapidly worldwide. The virus infects Word documents and e-mails itself to everyone in the Outlook address book. Thousands of e-mail servers are shut down.
W32.Funlove.4099 is discovered. The worm utilizes a known Microsoft Outlook Express security hole so that a viral file is created on the system without having to run any attachment.
Classified computer systems at Kelly Air Force Base come under attack by hackers from locations around the world.
U.S. Information Agency Web site is hacked for the second time in six months. The attacker breaks through the agencys Internet security and damages the hard drive.

2000

VBS.LoveLetter is discovered and spreads to Internet chat rooms using mIRC. The worm overwrites files on local and remote drives and tries to download a password-stealing Trojan horse program from a Web site.
Palm.Liberty.A, the first Trojan horse for Palm OS, is discovered.
Denial-of-service attacks on eBay, eTrade, Ziff Davis, Buy.com and CNN.com shut down sites for hours.

2001

In July, one month after Microsoft announced a vulnerability in Internet Information Server 4.0 and Internet Information Services 5.0, Code Red, self-propagating malicious code, is released and begins to exploit IIS-enabled systems. In early August, the Code Red II worm, exploiting the same vulnerability, appears.
On July 25, W32/Sircam Malicious Code appears, spreading through e-mail and unprotected network shares. The code affects both the infected computer as well as all those in its e-mail address book.
The W32/Nimda worm, taking advantage of back doors left behind by the Code Red II worm, is the first to propagate itself via several methods, including e-mail, network shares and an infected Web site. The worm spreads from client to Web server by scanning for back doors.

Sources: Symantec Corp., CERT, eWEEK reporting

Also in this Special Report