- Theories for self-replicating programs are first
- Apple Viruses 1, 2, and 3 are some of the first viruses
“in the wild,” or in the public domain. Found on the Apple
II operating system, the viruses spread through Texas A&M
via pirated computer games.
- Fred Cohen, while working on his dissertation, formally
defines a computer virus as “a computer program that can
affect other computer programs by modifying them in such a
way as to include a (possibly evolved) copy of itself.”
- Two programmers named Basit and Amjad replace the
executable code in the boot sector of a floppy disk with
their own code designed to infect each 360kb floppy accessed
on any drive. Infected floppies had “© Brain” for a volume
- The Lehigh virus, one of the first file viruses, infects
- One of the most common viruses, Jerusalem, is unleashed.
Activated every Friday the 13th, the virus affects both .exe
and .com files and deletes any programs run on that day.
- MacMag and the Scores virus cause the first major
- Symantec launches Norton AntiVirus, one of the first
antivirus programs developed by a large company.
- Tequila is the first widespread polymorphic virus found
in the wild. Polymorphic viruses make detection difficult
for virus scanners by changing their appearance with each
- 1300 viruses are in existence, an increase of 420% from
December of 1990.
- The Dark Avenger Mutation Engine (DAME) is created. It
is a toolkit that turns ordinary viruses into polymorphic
viruses. The Virus Creation Laboratory (VCL) is also made
available. It is the first actual virus creation kit.
- Good Times email hoax tears through the computer
community. The hoax warns of a malicious virus that will
erase an entire hard drive just by opening an email with the
subject line “Good Times.” Though disproved, the hoax
resurfaces every six to twelve months.
- Word Concept becomes one of the most prevalent viruses
in the mid-1990s. It is spread through Microsoft Word
- Baza, Laroux (a macro virus), and Staog viruses are the
first to infect Windows95 files, Excel, and Linux
- Currently harmless and yet to be found in the wild,
StrangeBrew is the first virus to infect Java files. The
virus modifies CLASS files to contain a copy of itself
within the middle of the file's code and to begin execution
from the virus section.
- The Chernobyl virus spreads quickly via .exe files. As
the notoriety attached to its name would suggest, the virus
is quite destructive, attacking not only files but also a
certain chip within infected computers.
- Two California teenagers infiltrate and take control of
more than 500 military, government, and private sector
- The Melissa virus, W97M/Melissa, executes a macro in a
document attached to an email, which forwards the document
to 50 people in the user's Outlook address book. The virus
also infects other Word documents and subsequently mails
them out as attachments. Melissa spread faster than any
previous virus, infecting an estimated 1 million PCs.
- Bubble Boy is the first worm that does not depend on the
recipient opening an attachment in order for infection to
occur. As soon as the user opens the email, Bubble Boy sets
- Tristate is the first multi-program macro virus; it
infects Word, Excel, and PowerPoint files.
- The Love Bug, also known as the
ILOVEYOU virus, sends itself out via Outlook, much
like Melissa. The virus comes as a VBS attachment and
deletes files, including MP3, MP2, and .JPG. It also sends
usernames and passwords to the virus's author.
- W97M.Resume.A, a new variation of the Melissa virus, is
determined to be in the wild. The “resume” virus acts much
like Melissa, using a Word macro to infect Outlook and
- The “Stages” virus, disguised as a joke email about the
stages of life, spreads across the Internet. Unlike most
previous viruses, Stages is hidden in an attachment with a
false “.txt” extension, making it easier to lure recipients
into opening it. Until now, it has generally been safe to
assume that text files are safe.
- “Distributed denial-of-service” attacks by hackers knock
Yahoo, eBay, Amazon, and other high profile web sites
offline for several hours.
- Shortly after the September 11th attacks, the Nimda
virus infects hundreds of thousands of computers in the
world. The virus is one of the most sophisticated to date
with as many as five different methods of replicating and
infecting systems. The “Anna Kournikova” virus, which mails
itself to persons listed in the victim's Microsoft Outlook
address book, worries analysts who believe the relatively
harmless virus was written with a “tool kit” that would
allow even the most inexperienced programmers to create
viruses. Worms increase in prevalence with Sircam, CodeRed,
and BadTrans creating the most problems. Sircam spreads
personal documents over the Internet through email. CodeRed
attacks vulnerable webpages, and was expected to eventually
reroute its attack to the White House homepage. It infected
approximately 359,000 hosts in the first twelve hours.
BadTrans is designed to capture passwords and credit card
- Author of the Melissa virus, David L. Smith, is
sentenced to 20 months in federal prison. The LFM-926 virus
appears in early January, displaying the message
“Loading.Flash.Movie” as it infects Shockwave Flash (.swf)
files. Celebrity named viruses continue with the “Shakira,”
“Britney Spears,” and “Jennifer Lopez” viruses emerging. The
Klez worm, an example of the increasing trend of worms that
spread through email, overwrites files (its payload fills
files with zeroes), creates hidden copies of the originals,
and attempts to disable common anti-virus products. The
Bugbear worm also makes it first appearance in September. It
is a complex worm with many methods of infecting systems.
- In January the relatively benign “Slammer” (Sapphire)
worm becomes the fastest spreading worm to date, infecting
75,000 computers in approximately ten minutes, doubling its
numbers every 8.5 seconds in its first minute of infection.
The Sobig worm becomes the one of the first to join the spam
community. Infected computer systems have the potential to
become spam relay points and spamming techniques are used to
mass-mail copies of the worm to potential victims.
- In January a computer worm, called MyDoom or Novarg,
spreads through emails and file-sharing software faster than
any previous virus or worm. MyDoom entices email recipients
to open an attachment that allows hackers to access the hard
drive of the infected computer. The intended goal is a
“denial of service attack” on the SCO Group, a company that
is suing various groups for using an open-source version of
its Unix programming language. SCO offers a $250,000 reward
to anyone giving information that leads to the arrest and
conviction of the people who wrote the worm.
- An estimated one million computers running Windows are
affected by the fast-spreading Sasser computer worm in May.
Victims include businesses, such as British Airways, banks,
and government offices, including Britain's Coast Guard. The
worm does not cause irreparable harm to computers or data,
but it does slow computers and cause some to quit or reboot
without explanation. The Sasser worm is different than other
viruses in that users do not have to open a file attachment
to be affected by it. Instead, the worm seeks out computers
with a security flaw and then sabotages them. An 18-year-old
German high school student confessed to creating the worm.
He's suspected of releasing another version of the virus.