Examine individual changes

'{{Refimprove|date=October 2008}} {{tocright}} This is a '''[[timeline]] of noteworthy [[computer virus]]es, [[computer worm|worm]]s and [[Trojan horse (computing)|Trojan horse]]s'''. ==1970-1979== ===Early 1970s=== * The [[Creeper virus]] was an experimental self-replicating program written by [[Bob Thomas]] at [[BBN]] in 1971.<ref>{{cite web|url=http://vx.netlux.org/lib/atc01.html|title=The Evolution of Viruses and Worms|author=Thomas Chen, Jean-Marc Robert|date=2004|accessdate=2009-02-16}}</ref> Creeper infected DEC [[PDP-10]] computers running the [[TOPS-20|TENEX operating system]]. Creeper gained access via the [[ARPANET]] and copied itself to the remote system where the message, "I'm the creeper, catch me if you can!" was displayed. The ''Reaper'' program was created to delete Creeper.<ref> See [http://books.google.co.uk/books?id=BtB1aBmLuLEC&printsec=frontcover&source=gbs_summary_r&cad=0#PPA86,M1 page 86 of ''Computer Security Basics''] by Deborah Russell and G. T. Gangemi. O'Reilly, 1991. ISBN 0937175714</ref> ===1974=== * The [[Wabbit|Wabbit virus]] was not really a virus but more of a [[fork bomb]], a program that multiplies copies of itself on a single computer, named for the speed at which it clogged the system with copies of itself, reducing system performance, before reaching a threshold and crashing.{{Fact|date=February 2009}} ===1975=== * ANIMAL was a popular game written for the [[UNIVAC 1108]] which asked a number of questions to the user in an attempt to guess the type of animal that the user was thinking of. When run, the related program PERVADE would also create a copy of itself and ANIMAL in every directory to which the current user had access. It spread across the multi-user UNIVACs when users with overlapping permissions discovered the game, and to other computers when tapes were shared. The program was carefully written to avoid damage to existing file or directory structure, and to not copy itself if permissions did not exist or if damage could result. Its spread was therefore halted by an OS upgrade which changed the format of the file status tables that PERVADE used for safe copying. Though non-malicious, "Pervading Animal" represents the first [[Trojan horse (computing)|Trojan]] "in the wild".<ref name=http://www.fourmilab.ch/documents/univac/animal.html>[http://www.fourmilab.ch/documents/univac/animal.html The Animal Episode<!-- Bot generated title -->]</ref> ==1980-1989== ===1980=== * Jürgen Kraus wrote his master thesis "Selbstreproduktion bei Programmen" (self-reproduction of programs).<ref name=http://vx.netlux.org/lib/mjk00.html>http://vx.netlux.org/lib/mjk00.html</ref> ===1981=== * A program called [[Elk Cloner (computer virus)|Elk Cloner]], written for [[Apple II family|Apple II]] systems and created by [[Richard Skrenta]]. Apple II was seen as particularly vulnerable due to the storage of its operating system on [[floppy disk]]. Elk Cloner's design combined with public ignorance about what [[malware]] was and how to protect against it led to Elk Cloner being responsible for the first large-scale computer virus outbreak in history. ===1983=== * The term 'virus' is coined by [[Fred Cohen|Frederick Cohen]] in describing self-replicating computer programs. In 1984 Cohen uses the phrase "computer virus" – as suggested by his teacher [[Leonard Adleman]] – to describe the operation of such programs in terms of "infection". He defines a 'virus' as "a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself."{{Fact|date=October 2008}} * November 10, 1983, at [[Lehigh University]], Cohen demonstrates a virus-like program on a [[vax|VAX11/750]] system. The program was able to install itself to, or infect, other system objects. ===1986=== * January: The [[(c)Brain|Brain]] [[boot sector]] virus (aka [[Pakistani flu]]) is released. Brain is considered the first [[IBM PC compatible]] virus, and the program responsible for the first IBM PC compatible virus epidemic. The virus is also known as Lahore, Pakistani, Pakistani Brain, as it was created in Lahore, Pakistan by 19 year old Pakistani programmer, [[Basit Farooq Alvi]], and his brother, [[Amjad Farooq Alvi]]. * December 1986: Ralf Burger presented the Virdem model of programs at a meeting of the underground [[Chaos Computer Club]] in Germany. The Virdem model represented the first programs that could replicate themselves via addition of their code to executable DOS files in COM format. ===1987=== * Appearance of the Vienna virus, which was subsequently neutralized--the first time this had happened on the IBM platform.<ref>[http://www.viruslist.com/en/viruses/encyclopedia?chapter=153311150 Kaspersky Lab viruslist]</ref> * Appearance of Lehigh virus, boot sector viruses such as Yale from USA, [[Stoned (computer virus)|Stoned]] from New Zealand, Ping Pong from Italy, and appearance of first self-encrypting file virus, Cascade. Lehigh was stopped on campus before it spread to the wild, and has never been found elsewhere as a result. A subsequent infection of Cascade in the offices of IBM Belgium led to IBM responding with its own antivirus product development. Prior to this, antivirus solutions developed at IBM were intended for staff use only. * October: The [[Jerusalem (computer virus)|Jerusalem virus]], part of the (at that time unknown) Suriv family, is detected in the city of [[Jerusalem]]. Jerusalem destroys all executable files on infected machines upon every occurrence of Friday the 13th (except Friday 13 November 1987 making its first trigger date May 13, 1988). Jerusalem caused a worldwide epidemic in 1988. * November: The [[SCA (computer virus)|SCA virus]], a boot sector virus for [[Amiga]]s appears, immediately creating a pandemic virus-writer storm. A short time later, [[Swiss Cracking Association|SCA]] releases another, considerably more destructive virus, the [[Byte Bandit]]. * December: [[Christmas Tree EXEC]] was the first widely disruptive replicating network program, which paralysed several international computer networks in December 1987. ===1988=== * June: The [[Festering Hate]] [[Apple ProDOS]] virus spreads from underground pirate BBS systems and starts infecting mainstream networks. * November 2: The [[Morris worm]], created by [[Robert Tappan Morris]], infects [[Digital Equipment Corporation|DEC]] [[VAX]] and [[Sun Microsystems|Sun]] machines running [[BSD UNIX]] connected to the [[Internet]], and becomes the first worm to spread extensively "in the wild", and one of the first well-known programs exploiting [[buffer overrun]] vulnerabilities. ===1989=== * October 1989: [[Ghostball]], the first [[multipartite virus]], is discovered by [[Friðrik Skúlason]]. ==1990-1999== ===1990=== * Mark Washburn working on an analysis of the Vienna and Cascade viruses with Ralf Burger develops the first family of [[Polymorphic code|polymorphic]] virus: the Chameleon family. Chameleon series debuted with the release of [[1260 (computer virus)|1260]].{{Fact|date=October 2008}} ===1992=== * [[Michelangelo (virus)|Michelangelo]] was expected to create a digital apocalypse on March 6, with millions of computers having their information wiped according to mass media hysteria surrounding the virus. Later assessments of the damage showed the aftermath to be minimal.{{Fact|date=February 2009}} === 1993 === * "Leandro & Kelly" and "Freddy Krueger" spread quickly due to popularity of [[Bulletin board system|BBS]] and [[shareware]] distribution. ===1995=== * The "Concept virus", the first Macro virus, is created which attacked Microsoft Word documents.{{Fact|date=November 2008}} ===1996=== * "Ply" - DOS 16-bit based complicated polymorphic virus appeared with built-in permutation engine. ===1998=== *June 2: The first version of the [[CIH (computer virus)|CIH virus]] appears. ===1999=== * Jan 20: The [[Happy99]] worm invisibly attached itself to emails. Displayed fireworks to hide changes being made and wished you a happy new year. Modified system files related to [[Outlook Express]] and [[Internet Explorer]] on [[Windows 95]] and [[Windows 98]]. * March 26: The [[Melissa (computer worm)|Melissa worm]] is released, targeting [[Microsoft Office Word|Microsoft Word]] and [[Microsoft Office Outlook|Outlook]]-based systems, and creating considerable network traffic. * June 6: The [[ExploreZip]] worm, which destroys [[Microsoft Office]] documents, is first detected. * December 16: [[Sub7]], or SubSeven, is the name of a popular backdoor program. It is mainly used for causing mischief, such as hiding the computer cursor, changing system settings or loading up pornographic websites. However, it can also be used for more serious criminal applications, such as stealing credit card details with a keystroke logger.<ref name="sub7">{{cite web|url=http://vil.nai.com/VIL/content/v_10566.htm|title=BackDoor-Sub7|date=December 16, 1999|publisher=McAfee|accessdate=2009-03-01}}</ref> ==2000 and later== ===2000=== * May: The [[ILOVEYOU]] worm appears. {{As of|2004}} this was the most costly virus to businesses, causing upwards of 5.5 to 10 billion dollars in damage. The backdoor trojan to the worm, [[Barok]], was created by Filipino programmer Onel de Guzman; it is not known who created the attack vector or who (inadvertently?) unleashed it; de Guzman himself denies being behind the outbreak although he suggests he may have been duped by someone using his own [[Barok]] code as a payload. ===2001=== * May 8: The [[Sadmind worm]] spreads by exploiting holes in both [[Sun Microsystems|Sun]] [[Solaris (operating system)|Solaris]] and [[Microsoft]] [[Internet Information Services|IIS]]. * July: The [[Sircam]] worm is released, spreading through Microsoft systems via e-mail and unprotected [[network share]]s. * July 13: The [[Code Red worm]] attacking the Index Server ISAPI Extension in Microsoft [[Internet Information Services]] is released. * August 4: A complete re-write of the [[Code Red worm]], [[Code Red II]] begins aggressively spreading onto Microsoft systems, primarily in China. * September 18: The [[Nimda]] worm is discovered and spreads through a variety of means including vulnerabilities in Microsoft Windows and backdoors left by [[Code Red II]] and [[Sadmind worm]]. * October 26: The [[Klez]] worm is first identified. ===2002=== * [[Beast Trojan (trojan horse)|Beast]] is a windows based backdoor trojan horse, more commonly known in the underground cracker community as a RAT (Remote Administration Tool). It is capable of infecting almost all Windows OS i.e. 95 through XP. Written in Delphi and Released first by its author Tataye in 2002, its most current version was released October 3, 2004 * August 30: [[Optix Pro]] is a configurable remote access tool or Trojan, similar to SubSeven or BO2K.<ref name="Optix">{{cite web|url=http://securityresponse1.symantec.com/sarc/sarc.nsf/html/backdoor.optixpro.12.html/|title=Security Updates: Backdoor.OptixPro.12|last=Sevcenco|first=Serghei|date=August 30, 2002|publisher=Symantec|accessdate=2009-03-01}}</ref> ===2003=== * January 24: The [[SQL slammer worm]], aka the ''Sapphire worm'', attacks vulnerabilities in [[Microsoft SQL Server]] and [[MSDE]] and causes widespread problems on the Internet. * April 2: [[Graybird]] is a Trojan also known as Backdoor.Graybird.<ref name="symantec-graybird">{{cite web|url=http://securityresponse1.symantec.com/sarc/sarc.nsf/html/backdoor.graybird.html|title=Symantec Security Response: Backdoor.Graybird|last=Sevcenco|first=Serghei|date=February 10, 2006|publisher=Symantec|language=EN|accessdate=2009-03-01}}</ref> * June 13: [[ProRat]] is a Turkish-made Microsoft Windows based backdoor trojan horse, more commonly known as a RAT (Remote Administration Tool).<ref name="prorat">{{cite web|url=http://www.symantec.com/security_response/writeup.jsp?docid=2003-061315-4216-99|title=Backdoor.Prorat|date=February 13, 2007|publisher=Symantec|accessdate=2009-03-01}}</ref> * August 12: The [[Blaster worm]], aka the ''Lovesan'' worm, rapidly spreads by exploiting a vulnerability in system services present on Windows computers. * August 18: The [[Welchia]] (Nachi) worm is discovered. The worm tries to remove the blaster worm and patch Windows. * August 19: The [[Sobig worm]] (technically the [[Sobig.F worm]]) spreads rapidly through Microsoft systems via mail and network shares. * October 24: The [[Sober worm]] is first seen on Microsoft systems and maintains its presence until 2005 with many new variants. The simultaneous attacks on network weakpoints by the Blaster and Sobig worms cause massive amounts of damage. ===2004=== * Late January: [[MyDoom]] emerges, and currently holds the record for the fastest-spreading mass mailer worm. * March 19: The [[Witty worm]] is a record-breaking worm in many regards. It exploited holes in several [[Internet Security Systems]] (ISS) products. It was the fastest disclosure to worm, it was the first internet worm to carry a destructive payload and it spread rapidly using a pre-populated list of ground-zero hosts. * May 1: The [[Sasser worm]] emerges by exploiting a vulnerability in [[Local Security Authority Subsystem Service|LSASS]] and causes problems in networks, even interrupting business in some cases. * August 16: [[Nuclear RAT]] (short for Nuclear Remote Administration Tool) is a backdoor trojan horse that infects Windows NT family systems (Windows 2000, XP, 2003).<ref name="nuclear-rat">{{cite web|url=http://www.ca.com/securityadvisor/pest/pest.aspx?id=453078396|title=Spyware Detail Nuclear RAT 1.0b1|date=August 16, 2004|publisher=Computer Associates|accessdate=2009-03-01}}</ref> * August 20: [[Vundo]], or the Vundo Trojan (also known as Virtumonde or Virtumondo and sometimes referred to as MS Juan) is a Trojan horse that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook.<ref name="vundo">{{cite web|url=http://vil.nai.com/vil/content/v_127690.htm|title=Vundo|publisher=McAfee|accessdate=2009-03-01}}</ref> * October 12, 2004: [[Bifrost (trojan horse)|Bitfrost]], also known as Bitfrose, is a backdoor trojan which can infect Windows 95 through Vista. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attack.<ref name="bitfrost">{{cite web|url=http://www.symantec.com/security_response/writeup.jsp?docid=2004-101214-5358-99|title=Backdoor.Bitfrose|date=October 12, 2004|publisher=Symantec, Inc.|language=EN|accessdate=2009-02-28}}</ref> * December: [[Santy]], the first known "webworm" is launched. It exploited a vulnerability in [[phpBB]] and used [[Google]] in order to find new targets. It infected around 40000 sites before Google filtered the search query used by the worm, preventing it from spreading. ===2005=== * August 16: The [[Zotob|Zotob worm]] and several variations of [[malware]] are discovered on Microsoft systems. The effect was overblown because several United States media outlets were infected.{{Fact|date=February 2009}} * October 13: The [[Samy (XSS)|Samy]] [[Cross-site scripting|XSS]] worm becomes the fastest spreading [[Computer virus|virus]] by some definitions {{As of|2006|lc=on}}. * October 31: [[Sony BMG]] was found to have [[2005 Sony BMG CD copy protection scandal|purposefully infected music CDs]] with a [[rootkit]] in an attempt to prevent illegal copying of music. * Late 2005: The [[Zlob trojan|Zlob Trojan]], also known as Trojan.Zlob, is a trojan horse which masquerades as a required video codec in the form of ActiveX. It was first detected in late 2005.<ref name="zlob">{{cite web|url=http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VNAME=The+ZLOB+Show%3A+Trojan+poses+as+fake+video+codec%2C+loads+more+threats|title=The ZLOB Show: Trojan Poses as Fake Video Codec, Loads More Threats |publisher=Trend Micro|language=EN|accessdate=2009-02-28}}</ref> * 2005: [[Bandook]] or Bandook Rat (Bandook Remote Administration Tool) is a backdoor trojan horse that infects the Windows family. It uses a server creator, a client and a server to take control over the remote computer. It uses process hijacking / Kernel Patching to bypass the firewall, and allow the server component to hijack processes and gain rights for accessing the Internet. ===2006=== * January 20: The [[Nyxem]] worm was discovered. It spread by mass-mailing. Its payload, which activates on the third of every month, starting on February 3, attempts to disable security-related and file sharing software, and destroy files of certain types, such as Microsoft Office files. * February 16: discovery of the first-ever malware for Mac OS X, a low-threat trojan-horse known as OSX/[[Leap virus|Leap]]-A or OSX/Oompa-A, is announced. * Late September: [[Stration]] or Warezov worm first discovered. ===2007=== * January 17: [[Storm Worm]] identified as a fast spreading email spamming threat to Microsoft systems. It begins gathering infected computers into the [[Storm botnet]]. By around June 30 it had infected 1.7 million computers, comprised between 1 and 10 million computers by September.<ref>{{cite web |title=World's most powerful supercomputer goes online |url=http://seclists.org/fulldisclosure/2007/Aug/0520.html |date=31 August 2007 |accessdate=2007-11-04 |publisher=[[Full Disclosure]] |author=Peter Gutmann }}</ref> Thought to have originated from Russia, it disguises itself as a news email containing a film about bogus news stories asking you to download the attachment which it claims is a film. ===2008=== * January 17: [[MacSweeper]] is the first known rogue software for Mac OS X. * February 17: [[Mocmex]] is a trojan, which was found in a digital photo frame in February 2008. It was the first serious computer virus on a digital photo frame. The virus was traced back to a group in China.<ref name="mocmex">{{cite web|url=http://seattlepi.nwsource.com/business/351670_picframevirus18.html|title=Chinese PC virus may have hidden agenda|last=Gage|first=Deborah|date=February 17, 2005|publisher=SeatlePI|accessdate=2009-03-01}}</ref> * March 3: [[Torpig]], also known as Sinowal and Mebroot, is a Trojan horse which affects Windows, turning off anti-virus applications. It allows others to access the computer, modifies data, steals confidential information (such as user passwords and other sensitive data) and installs more malware on the victim's computer.<ref name="torpig">{{cite web|url=http://www.f-secure.com/weblog/archives/00001393.html|title=MBR Rootkit, A New Breed of|last=Kimmo|date=March 3, 2008|publisher=F-Secure|language=EN|accessdate=2009-03-01}}</ref> * May 6: [[Rustock.C]], a hitherto-rumoured spambot-type malware with advanced rootkit capabilities, was announced to have been detected on Microsoft systems and analyzed, having been in the wild and undetected since October 2007 at the very least.<ref name="prcom">{{cite web|url=http://www.pr.com/press-release/84130|title=Win32.Ntldrbot (aka Rustock)|publisher=Dr. Web Ltd.|language=EN|accessdate=2009-03-01}}</ref> * July 6: [[Bohmini.A]] is a configurable remote access tool or trojan that exploits security flaws in Adobe Flash 9.0.115 with Internet Explorer 7.0 and Firefox 2.0 under Windows XP SP2.<ref name="virustotal-bohmini">{{cite web|url=http://www.virustotal.com/analisis/a5d8b3ba9226285dd14619fd8faf12a7|title=Viurs Total|date=July 8, 2008|publisher=virustotal.com|language=EN|accessdate=2009-03-01}}</ref> * July 31: [[Koobface]] is a computer worm that targets the users of the social networking websites Facebook and Myspace. ===2009=== * January: Computer worm [[Conficker]] infects anywhere from 9 to 15 million Microsoft server systems running everything from Windows 2000 to the Windows 7 Beta and Windows Server 2000 & Windows Server 2008. French air force, Royal Navy warships and submarines, Sheffield Hospital network, UK Ministry of Defence, German [[Bundeswehr]] and Norwegian Police were all affected. [[Microsoft]] has allocated $250,000 to identify its creator. The worm was set to activate on April 1st, 2009, to look for updates whose objectives are currently unknown<ref>http://www.h-online.com/security/Conficker-worm-reloads-maybe--/news/112961</ref> but failed to activate according to BBC News. <ref name=http://news.bbc.co.uk/1/hi/technology/7976099.stm> [http://news.bbc.co.uk/1/hi/technology/7976099.stm Worm attack chaos fails to strike - BBC News - 1 April 2009]</ref> CNN, however, reported that the virus had been successfully activated. ==References== {{Reflist}} ==External links== * [http://www.snopes.com/computer/virus/ Snopes] &mdash; Compilation of viruses, worms, and trojan horses. [[Category:Computer lists]] [[Category:Malware]] [[Category:Security exploits]] [[Category:Trojan horses]] [[it:Elenco dei trojan]] [[ms:Garis masa virus komputer dan cecacing yang terkenal]] [[ru:Хронология компьютерных вирусов и червей]] [[zh:知名病毒及蠕蟲的歷史年表]]'