The first recorded computer virus was known as ‘The Creaper’. Known to infect computers with the Tanex operating system,
this stone age virus would display,
“I’M THE CREEPER : CATCH ME IF YOU CAN.”
This first recorded computer virus originated in the 1970’s and could only infect others in that
intranet (if you could call it that). Soon after another virus known as the Elk Cloner was known to be the first computer virus known
to infect ‘outside the single computer or lab where it was created.’ This claim is false even though this virus is notable because it was created by a high school student that then added it to a game.
The game would run 49 times normally and then on the 50th it would display the following poem,
“It will get on all your disks. It will infiltrate your chips. Yes it’s Cloner! It will stick to you like glue. It will modify RAM too. Send in the Cloner!”
Then the computer would be infected.
Many computer viruses at that time were spread mainly by floppies or other removable media since networks and the internet were not popular.
Some viruses infected the programs located on the disk or they would install on the boot sector of the computer insuring that when the computer was ran the virus would run too.
More current viruses aare meant to exploit CSS vulnerabilities and are commonly seen attacking sites well known and used such as MySpace or Yahoo.
The following is a timeline of notable computer viruses. This was taken from wikipedia.org and credit goes towards those who contributed to it.
1970-1979
Early 1970s
Creeper virus was detected on ARPANET infecting the Tenex operating system. Creeper gained access independently through a modem and copied itself to the remote system where the message, ‘I’M THE CREEPER : CATCH ME IF YOU CAN.’ was displayed. The Reaper program, itself a virus, was created to delete Creeper, the creators of both programs are unknown.
1974
Rabbit virus appears infecting other machines via multiplication. Named for the speed at which it clogged the system with copies of itself, reducing system performance, before reaching a threshold and crashing.
1975
Pervading Animal, a game written for the UNIVAC 1108, appeared. It remains a matter of debate whether Pervading Animal represented the first Trojan or an innocent game with unintended bugs.
1980-1989
1980
Jürgen Kraus wrote master thesis Selbstreproduktion bei Programmen (Self-reproduction of programs) Warning: Downloads from this site may contain concept viruses.
1981
A program called Elk Cloner, written for Apple II systems and created by Richard Skrenta. Apple II was seen as particularly vulnerable due to the storage of its operating system on Floppy disk. Elk Cloner’s design combined with public ignorance about what malware was and how to protect against it led to Elk Cloner being responsible for the first large-scale computer virus outbreak in history
1983
The term ‘virus’ is coined by Frederick Cohen in describing self-replicating computer programs. In 1984 Cohen uses the phrase “computer virus” – as suggested by his teacher Leonard Adleman – to describe the operation of such programs in terms of “infection”. He defines a ‘virus’ as “a program that can ‘infect’ other programs by modifying them to include a possibly evolved copy of itself.”
November 10th, 1983, at Lehigh University, Cohen demonstrates a virus-like program on a VAX11/750 system. The program was able to install itself to, or infect, other system objects.
1986
January: The Brain boot sector virus (aka Pakistani flu) is released to the wild. Brain is considered the first IBM PC compatible virus, and the program responsible for the first IBM PC compatible virus epidemic. The virus is also known as Lahore, Pakistani, Pakistani Brain, as it was created in Lahore, Pakistan by 19 year old Pakistani programmer, Basit Farooq Alvi and his brother Amjad Farooq Alvi.
December 1986: Ralf Burger presented the Virdem model of programs at a meeting of the underground Chaos Computer Club in Germany. The Virdem model represented the first programs that could replicate themselves via addition of their code to executable DOS files in COM format.
1987
Appearance of the Vienna virus, which was subsequently neutralized- the first time this had happened on the IBM platform.[1]
Appearance of Lehigh virus, boot sector viruses such as Yale from USA, Stoned from New Zealand, Ping Pong from Italy, and appearance of first self-encrypting file virus, Cascade. Lehigh was never released to the wild however. A subsequent infection of Cascade in the offices of IBM Belgium led to IBM responding with its own antivirus product development. Prior to this, antivirus solutions developed at IBM were intended for staff use only.
October: The Jerusalem virus, part of the (at that time unknown) Suriv family, is detected in the city of Jerusalem. Jerusalem destroys all executable files on infected machines upon every occurrence of Friday the 13th (except Friday the 13th Nov 1987 making its first trigger date May 13th 1988). Jerusalem caused a worldwide epidemic in 1988.
November: The SCA virus, a boot sector virus for Amigas appears, immediately creating a pandemic virus-writer storm. A short time later, SCA releases another, considerably more destructive virus, the Byte Bandit.
1988
June: The Festering Hate, Apple, ProDOS virus spreads from underground pirate BBS systems and starts infecting mainstream networks.
November 2: The Morris worm, created by Robert Tappan Morris, infects DEC VAX and Sun machines running BSD UNIX connected to the Internet, and becomes the first worm to spread extensively “in the wild”, and one of the first well-known programs exploiting buffer overrun vulnerabilities.
1989
October 1989: Ghostball, the first multipartite virus, is discovered by Friðrik Skúlason
1990-1999
1990
Mark Washburn working on an analysis of the Vienna and Cascade viruses with Ralf Burger develops the first family of polymorphic virus: the Chameleon family. Chameleon series debuted with the release of 1260.
1992
Michelangelo was expected to create a digital apocalypse on March 6th, with millions of computers having their information wiped according to mass media hysteria surrounding the virus. Later assessments of the damage showed the aftermath to be minimal.
1995
The “Concept virus” the first Macro virus is created
1996
“Ply” - DOS 16-bit based complicated polymorphic virus appeared with built-in permutation engine.
1998
June 2: The first version of the CIH virus appears.
1999
March 26: The Melissa worm is released, targeting Microsoft Word and Outlook-based systems, and creating considerable network traffic.
June 6: The ExploreZip worm, which destroys Microsoft Office documents, is first detected.
The Happy99 worm invisibly attached itself to emails. Dislplayed fireworks to hide changes being made and wished you a happy new year. Modified system files related to Outlook Express and Internet Explorer on Windows 95 and Windows 98.
2000 and later
2000
May: The VBS/Loveletter (’ILOVEYOU’) worm appeared. As of 2004 this is the most costly virus to business, causing upwards of 10 billion dollars in damage. The backdoor trojan to the worm, Barok, was created by Filipino programmer Onel de Guzman; it is not known who created the attack vector or who (inadvertently) unleashed it; de Guzman himself denies being behind the outbreak although he suggests he may have been duped by someone using his own Barok code as a payload.
Zmist - Z0mbie’s fully metamorphic, code integrating virus.
2001
January: A worm strikingly similar to the Morris worm, named the Ramen worm infected only Red Hat Linux machines running version 6.2 and 7, using three vulnerabilities in wu-ftpd, rpc-statd and lpd.
March: Simile - published in nr 6 29A e-zine, written by The Mental Driller in assembly language multi-OS, metamorphic virus.
May 8: The Sadmind worm spreads by exploiting holes in both Sun Microsystems Solaris (Security Bulletin 00191) and Microsoft Internet Information Services (MS00-078).
July: The Sircam worm is released, spreading through e-mails and unprotected network shares.
July 13: The Code Red worm attacking the Index Server ISAPI Extension in Microsoft Internet Information Services with a vulnerability described in MS01-033, is released.
August 4: A complete re-write of the Code Red worm, Code Red II begins aggressively spreading, primarily in China.
September 18: The Nimda worm is discovered and spreads through a variety of means including vulnerabilities described in MS01-044 and backdoors left by Code Red II and Sadmind worm.
October 26: The Klez worm is first identified.
2003
January 24: The SQL slammer worm also known as the Sapphire worm, attacked vulnerabilities in Microsoft SQL Server and MSDE described in MS02-039 and MS02-061, causes widespread problems on the Internet.
August 12: The Blaster worm, also known as the Lovesan worm, spread rapidly by exploiting Microsoft Windows computers vulnerable to exploits first described in MS03-026 and later in MS03-039.
August 18: The Welchia (Nachi) worm is discovered. The worm tries to remove the blaster worm and patch Windows.
August 19: The Sobig worm (technically the Sobig.F worm) spread rapidly via mail and network shares.
October 24: The Sober worm is first seen and maintains its presence until 2005 with many new variants.
The simultaneous attack on network weakpoints by the Blaster and Sobig worms caused a massive amount of damage.
2004
Late January: MyDoom emerges, and currently holds the record for the fastest-spreading mass mailer worm.
March 19: The Witty worm is a record-breaking worm in many regards. It exploited holes in several Internet Security Systems (ISS) products. It was the fastest disclosure to worm, it was the first internet worm to carry a destructive payload and it spread rapidly using a pre-populated list of ground-zero hosts.
May 1: The Sasser worm emerges by exploiting a vulnerability in LSASS described in MS04-011 and causes problems in networks, even interrupting business in some cases.
December: Santy, the first known “webworm” is launched. It exploited a vulnerability in phpBB described in BID10701 and used Google in order to find new targets. It infected around 40000 sites before Google filtered the search query used by the worm, preventing it from spreading.
2005
August 16: The Zotob worm and several variations of malware exploiting the vulnerability described in MS05-039 are discovered. The effect was overblown because several United States media outlets were infected.
October 13: The Samy virus became the fastest spreading virus as of 2006.
2006
January 20: The Nyxem worm was discovered. It spread by mass-mailing. Its payload, which activates on the third of every month, starting on February 3, attempts to disable security-related and file sharing software, and destroy files of certain types, such as Microsoft Office files.
February 16: discovery of the first-ever virus for Mac OS X, a low-threat worm known as OSX/Leap-A or OSX/Oompa-A, is announced.[1]
Mid-June: Precursor to the “w0rm.EricAndrew” worm is released on the popular website MySpace. The worm is spread through visiting profiles and copying itself through a Quicktime security hole into the “Music” section on the victims profile. The worm, known as the “lOrdOfthenOOse” worm, changed display names to “lOrdOfthenOOse”, and not allowing the name to be changed. The worm was defeated 2 ways. The primary way was through removing the code from the profile. The way it was eradicated, however, was through the removal of the link by the webmaster of the website the virus was uploaded to. Eradicated 4 days after release. No damage was caused, but it was estimated that 70% of all MySpace, or over 70 million profiles, were infected with the worm [citation needed]. A patch was released from Quicktime specifically for Myspace users to prevent a worm being spread in this manner again.
June 28: Investigators stated that Essebar may have authored more than 20 other viruses including the Mydoom variant, Mydoom-BG, and the Zotob-related Mytob worm.[2]
2007
January 7: A worm generated by hackers of the popular website MySpace was discovered by many users on the site. Some sites were unaffected while others showed display names of w0rm.EricAndrew. The hackers, Eric and Andrew changed wordings and added to others’ sites.
January 17 : Peacomm Trojan identified as a fast spreading email spamming threat thought to have originated from Russia, it disguises itself as a news email containing a film about bogus news stories asking you to download the attachment which it claims is a film.
