This article needs to be updated. The reason given is: No entries after 2019.. Please help update this article to reflect recent events or newly available information.(November 2023)
John von Neumann's article on the "Theory of self-reproducing automata" is published in 1966.[1] The article is based on lectures given by von Neumann at the
University of Illinois about the "Theory and Organization of Complicated Automata" in 1949.
1970s
1970
The first story written about a computer virus is The Scarred Man by
Gregory Benford.[2]
1971
The
Creeper system, an experimental self-replicating program, is written by Bob Thomas at
BBN Technologies to test John von Neumann's theory.[3] Creeper infected DEC
PDP-10 computers running the
TENEX operating system. Creeper gained access via the
ARPANET and copied itself to the remote system where the message "I'm the creeper, catch me if you can!" was displayed. The
Reaper program was later created to delete Creeper.[4]
At the
University of Illinois at Urbana-Champaign, a graduate student named
Alan Davis (working for
Prof. Donald Gillies) created a process on a
PDP-11 that (a) checked to see if an identical copy of itself was currently running as an active process, and if not, created a copy of itself and started it running; (b) checked to see if any disk space (which all users shared) was available, and if so, created a file the size of that space; and (c) looped back to step (a). As a result, the process stole all available disk space. When users tried to save files, the operating system advised them that the disk was full and that they needed to delete some existing files. Of course, if they did delete a file, this process would immediately snatch up the available space. When users called in a system administrator (A. Ian Stocks) to fix the problem, he examined the active processes, discovered the offending process, and deleted it. Of course, before he left the room, the still existing process would create another copy of itself, and the problem would not go away. The only way to make the computer work again was to reboot.[citation needed]
1972
The science fiction novel, When HARLIE Was One, by
David Gerrold, contains one of the first fictional representations of a
computer virus, as well as one of the first uses of the word "virus" to denote a program that infects a computer.
1973
In fiction, the 1973
Michael Crichton movie Westworld made an early mention of the concept of a computer virus, being a central plot theme that causes androids to run amok.[5]Alan Oppenheimer's character summarizes the problem by stating that "...there's a clear pattern here which suggests an analogy to an infectious disease process, spreading from one...area to the next." To which the replies are stated: "Perhaps there are superficial similarities to disease" and, "I must confess I find it difficult to believe in a disease of machinery."[6] (Crichton's earlier work, the 1969 novel The Andromeda Strain and
1971 film were about an extraterrestrial biological virus-like disease that threatened the human race.)
1974
The
Rabbit (or Wabbit) virus, more a
fork bomb than a virus, is written. The Rabbit virus makes multiple copies of itself on a single computer (and was named "
rabbit" for the speed at which it did so) until it clogs the system, reducing system performance, before finally reaching a threshold and crashing the computer.[7]
1975
April: ANIMAL is written by
John Walker for the
UNIVAC 1108.[8] ANIMAL asked several questions of the user in an attempt to guess the type of animal the user was thinking of, while the related program PERVADE would create a copy of itself and ANIMAL in every directory to which the current user had access. It spread across the multi-user UNIVACs when users with overlapping permissions discovered the game, and to other computers when tapes were shared. The program was carefully written to avoid damaging existing file or directory structures, and to avoid copying itself if permissions did not exist or if harm would result. Its spread was halted by an OS upgrade that changed the format of the file status tables PERVADE used. Though non-malicious, "Pervading Animal" represents the first
Trojan "in the wild".[9]
The Adolescence of P-1 novel,[11] describes a worm program that propagates through modem-based networks, eventually developing its own strategy-developing AI, which deals with cross-hardware and cross-os issues, eventually infecting hardware manufactures and defense organizations.
1980s
1982
A program called
Elk Cloner, written for
Apple II systems, was created by high school student
Richard Skrenta, originally as a prank. The Apple II was particularly vulnerable due to the storage of its operating system[clarification needed] on a
floppy disk. Elk Cloner's design combined with public ignorance[failed verification] about what
malware was and how to protect against it led to Elk Cloner being responsible for the first large-scale[failed verification] computer virus outbreak in history.[12]
1983
November: The term "virus" is re-coined by
Frederick B. Cohen in describing self-replicating computer programs. In 1984 Cohen uses the phrase "computer virus" (suggested by his teacher
Leonard Adleman) to describe the operation of such programs in terms of "infection". He defines a "virus" as "a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself." Cohen demonstrates a virus-like program on a
VAX11/750 system at
Lehigh University. The program could install itself in, or infect, other system objects.[13][failed verification]
1984
August:
Ken Thompson publishes his seminal paper, "
Reflections on Trusting Trust", in which he describes how he modified a
Ccompiler so that when used to compile a specific version of the
Unix operating system, it inserts a
backdoor into the
login command, and when used to compile a new copy of itself, it inserts the backdoor insertion code, even if neither the backdoor nor the backdoor insertion code is present in the
source code of this new copy.[14]
1986
January: The
Brainboot sector virus is released. Brain is considered the first
IBM PC compatible virus, and the program responsible for the first IBM PC compatible virus epidemic. The virus is also known as Lahore, Pakistani, Pakistani Brain, and Pakistani flu as it was created in
Lahore, Pakistan, by 19-year-old Pakistani programmer Basit Farooq Alvi and his brother,
Amjad Farooq Alvi.[15]
December: Ralf Burger presented the
Virdem model of programs at a meeting of the underground
Chaos Computer Club in Germany. The
Virdem model represented the first programs that could replicate themselves via addition of their code to executable DOS files in COM format.[16]
1987
Appearance of the Vienna virus, which was subsequently neutralized – the first time this had happened on the
IBM platform.[17]
Appearance of Lehigh virus (discovered at its
namesake university),[17] boot sector viruses such as Yale from the US,
Stoned from New Zealand,
Ping Pong from Italy, and appearance of the first self-encrypting file virus,
Cascade. Lehigh was stopped on campus before it spread to the "wild" (to computers beyond the university), and as a result, has never been found elsewhere. A subsequent infection of Cascade in the offices of IBM Belgium led to IBM responding with its own antivirus product development. Prior to this, antivirus solutions developed at IBM were intended for staff use only.
October: The
Jerusalem virus, part of the (at that time unknown) Suriv family, is detected in the city of
Jerusalem. The virus destroys all executable files on infected machines upon every occurrence of Friday the 13th (except Friday 13 November 1987 making its first trigger date May 13, 1988). Jerusalem caused a worldwide epidemic in 1988.[17]
November: The
SCA virus, a boot sector virus for
Amiga computers, appears. It immediately creates a pandemic virus-writer storm. A short time later,
SCA releases another, considerably more destructive virus, the
Byte Bandit.
December:
Christmas Tree EXEC was the first widely disruptive replicating network program, which paralyzed several international computer networks in December 1987. It was written in
Rexx on the
VM/CMS operating system and originated in
West Germany. It re-emerged in 1990.
1988
March 1: The
Ping-Pong virus (also called Boot, Bouncing Ball, Bouncing Dot, Italian, Italian-A or VeraCruz), an MS-DOS boot sector virus, is discovered at the
University of Turin in Italy.
June: The
CyberAIDS and Festering HateApple ProDOS viruses spreads from underground pirate BBS systems and starts infecting mainstream networks. Festering Hate was the last iteration of the CyberAIDS series extending back to 1985 and 1986. Unlike the few Apple viruses that had come before which were essentially annoying, but did no damage, the Festering Hate series of viruses was extremely destructive, spreading to all system files it could find on the host computer (hard drive, floppy, and system memory) and then destroying everything when it could no longer find any uninfected files.
November 2: The
Morris worm, created by
Robert Tappan Morris, infects
DECVAX and
Sun machines running
BSD UNIX that are connected to the
Internet, and becomes the first worm to spread extensively "in the wild", and one of the first well-known programs exploiting
buffer overrun vulnerabilities.
December: The
Father Christmas worm attacks
DECVAX machines running
VMS that are connected to the
DECnet Internet (an international scientific research network using
DECnet protocols), affecting
NASA and other research centers. Its purpose was to deliver a Christmas greeting to all affected users.
1989
October:
Ghostball, the first multipartite virus, is discovered by
Friðrik Skúlason. It infects both executable .COM files and boot sectors on MS-DOS systems.
December: Several thousand floppy disks containing the
AIDS Trojan, the first known
ransomware, are mailed to subscribers of PC Business World magazine and a WHO AIDS conference mailing list. This DOS Trojan lies dormant for 90 boot cycles, then encrypts all filenames on the system, displaying a notice asking for $189 to be sent to a post office box in Panama in order to receive a decryption program.
1990s
1990
Mark Washburn, working on an analysis of the Vienna and Cascade viruses with Ralf Burger, develops the first family of
polymorphic viruses, the Chameleon family. Chameleon series debuted with the release of
1260.[18][19][20]
June: The
Form computer virus is isolated in Switzerland. It would remain in the wild for almost 20 years and reappear afterward; during the 1990s it tended to be the most common virus in the wild with 20 to more than 50 percent of reported infections.
1991
Mattel releases a toyline called "Computer Warriors," bringing computer viruses into mainstream media. The villain, Megahert, is a sentient computer virus.
1992
March: The
Michelangelo virus was expected to create a digital apocalypse on March 6, with millions of computers having their information wiped, according to mass media hysteria surrounding the virus. Later assessments of the damage showed the aftermath to be minimal.
John McAfee had been quoted by the media as saying that five million computers would be affected. He later said that pressed by the interviewer to come up with a number, he had estimated a range from five thousand to five million, but the media naturally went with just the higher number.
October:
Milton-Bradley releases Omega Virus, a board game containing one of the first examples of a sentient computer virus in mainstream media.
1993
"Leandro" or "Leandro & Kelly"[21] and "Freddy Krueger"[22] spread quickly due to popularity of
BBS and
shareware distribution.
1994
April:
OneHalf is a DOS-based polymorphic computer virus.
September: ReBoot first airs, containing another memorable fictional, sentient computer virus, Megabyte.
1995
The first
Macro virus, called "Concept", is created. It attacked Microsoft Word documents.[23]
1996
"Ply" – DOS 16-bit based complicated polymorphic virus appeared with a built-in permutation engine.
Boza, the first virus designed specifically for Windows 95 files arrives.
Laroux, the first Excel macro virus appears.
Staog, the first
Linux virus attacks Linux machines
1997
Esperanto, the first cross-platform virus, appears.
1998
June 2: The first version of the
CIH virus appears. It is the first known virus able to erase flash ROM BIOS content.
1999
January 20: The
Happy99 worm first appeared. It invisibly attaches itself to emails, displays fireworks to hide the changes being made, and wishes the user a happy
New Year. It modifies system files related to
Outlook Express and
Internet Explorer (IE) on
Windows 95 and
Windows 98.
March 26: The
Melissa worm was released, targeting
Microsoft Word and
Outlook-based systems, and creating considerable network traffic.
December 30: The
Kak worm is a
JavaScript computer worm that spread itself by exploiting a bug in Outlook Express.[24]
2000s
2000
May 5: The
ILOVEYOU worm (also known as the Love Letter, VBS, or Love Bug worm), a computer worm written in VBScript and using
social engineering techniques, infected millions of Windows computers worldwide within a few hours of its release.
June 28: The
Pikachu virus is believed to be the first computer virus geared at children. It contains the character "
Pikachu" from the
Pokémon series. The operating systems affected by this worm are Windows 95, Windows 98, and Windows ME.
2001
February 11: The
Anna Kournikova virus hits e-mail servers hard by sending e-mail to contacts in the
Microsoft Outlook addressbook.[25] Its creator, Jan de Wit, was sentenced to 150 hours of community service.[26]
March 13: Magistr, also called Disembowler, is discovered. It is a complex email worm for Windows systems with multiple payloads that trigger months apart from each other. It targets members of the Law profession by searching the files on a user's computer for various keywords relating to court proceedings, activating if such are found.[27]
August 4: A complete re-write of the
Code Red worm,
Code Red II begins aggressively spreading onto Microsoft systems, primarily in China.
September 18: The
Nimda worm is discovered and spreads through a variety of means including vulnerabilities in Microsoft Windows and backdoors left by
Code Red II and
Sadmind worm.
October 26: The
Klez worm is first identified. It exploits a vulnerability in Microsoft Internet Explorer and Microsoft Outlook and Outlook Express.
Beast is a Windows-based backdoor Trojan horse, more commonly known as a RAT (
Remote Administration Tool). It is capable of infecting almost all versions of Windows. Written in
Delphi and released first by its author Tataye in 2002, its most current version was released on October 3, 2004.
March 7:
Mylife is a computer worm that spread itself by sending malicious emails to all the contacts in Microsoft Outlook.[28]
September 16: Another fictional, sentient computer virus appears in animation – Swayzak from
Toonami's Total Immersion Event Trapped in Hyperspace and its corresponding game on the Cartoon Network website.
2003
January 24: The
SQL Slammer worm, aka Sapphire worm, Helkern and other names, attacks vulnerabilities in
Microsoft SQL Server and
MSDE becomes the fastest spreading worm of all time (measured by doubling time at the peak rate of growth),[29] causing massive Internet access disruptions worldwide just fifteen minutes after infecting its first victim.[30]
April 2:
Graybird is a trojan horse also known as Backdoor.Graybird.[31]
June 13: ProRat is a Turkish-made Microsoft Windows based backdoor trojan horse, more commonly known as a RAT (Remote Administration Tool).[32]
August 12: The
Blaster worm, aka the Lovesan worm, rapidly spreads by exploiting a vulnerability in system services present on Windows computers.
August 18: The
Welchia (Nachi) worm is discovered. The worm tries to remove the
Blaster worm and patch Windows.
August 19: The
Sobig worm (technically the
Sobig.F worm) spreads rapidly through Microsoft systems via mail and network shares.
September 18:
Swen is a computer worm written in
C++.[33]
October 24: The
Sober worm is first seen on Microsoft systems and maintains its presence until 2005 with many new variants. The simultaneous attacks on network weak points by the Blaster and Sobig worms cause massive damage.
November 10:
Agobot is a computer worm that can spread itself by exploiting vulnerabilities on Microsoft Windows. Some of the vulnerabilities are MS03-026 and MS05-039.[34]
November 20:
Bolgimo is a computer worm that spread itself by exploiting a buffer overflow vulnerability at Microsoft Windows DCOM RPC Interface.[35]
2004
January 18:
Bagle is a mass-mailing worm affecting all versions of Microsoft Windows. There were two variants of Bagle worm, Bagle.A and Bagle.B. Bagle.B was discovered on February 17, 2004.
January 26: The
MyDoom worm emerges, and currently holds the record for the fastest-spreading mass mailer worm. The worm was most notable for performing a
distributed denial-of-service (DDoS) attack on www.sco.com, which belonged to
The SCO Group.
February 16: The
Netsky worm is discovered. The worm spreads by email and by copying itself to folders on the local hard drive as well as on mapped network drives if available. Many variants of the Netsky worm appeared.
March 19: The
Witty worm is a record-breaking worm in many regards. It exploited holes in several
Internet Security Systems (ISS) products. It was the fastest computer issue to be categorized as a worm, and it was the first internet worm to carry a destructive payload[citation needed]. It spread rapidly using a pre-populated list of ground-zero hosts.
May 1: The
Sasser worm emerges by exploiting a vulnerability in the Microsoft Windows
LSASS service and causes problems in networks, while removing
MyDoom and
Bagle variants, even interrupting business.
June 15:
Caribe or Cabir is a computer worm that is designed to infect mobile phones that run
Symbian OS. It is the first computer worm that can infect mobile phones. It spread itself through
Bluetooth. More information can be found on
F-Secure[36] and
Symantec.[37]
August 20:
Vundo, or the Vundo Trojan (also known as Virtumonde or Virtumondo and sometimes referred to as MS Juan) is a trojan known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including
Google and
Facebook.[39]
October 12:
Bifrost, also known as Bifrose, is a backdoor trojan which can infect
Windows 95 through
Vista. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attack.[40]
December:
Santy, the first known "webworm" is launched. It exploited a vulnerability in
phpBB and used
Google to find new targets. It infected around 40000 sites before Google filtered the search query used by the worm, preventing it from spreading.
2005
August 2005: Zotob is a computer worm which exploits security vulnerabilities in Microsoft operating systems like Windows 2000, including the MS05-039 plug-and-play vulnerability. This worm has been known to spread on Microsoft-ds or TCP port 445.
October 2005: The
copy protection rootkit deliberately and surreptitiously included on music CDs sold by
Sony BMG is exposed. The rootkit creates vulnerabilities on affected computers, making them susceptible to infection by worms and viruses.
Late 2005: The
Zlob Trojan, is a Trojan horse program that masquerades as a required video codec in the form of the Microsoft Windows ActiveX component. It was first detected in late 2005.[41]
2006
January 20: The
Nyxem worm was discovered. It spread by mass-mailing. Its payload, which activates on the third of every month, starting on February 3, attempts to disable security-related and file-sharing software, and destroy files of certain types, such as Microsoft Office files.
February 16: Discovery of the first-ever malware for Mac OS X, a low-threat trojan-horse known as OSX/
Leap-A or OSX/Oompa-A, is announced.
Late March:
Brontok variant N was found in late March.[42] Brontok was a mass-email worm and the origin for the worm was from Indonesia.
June: Starbucks is a virus that infects StarOffice and OpenOffice.
Late September:
Stration or Warezov worm first discovered.
Development of
Stuxnet is presumed to have been started between 2005 and 2006.
2007
January 17:
Storm Worm identified as a fast-spreading email spamming threat to Microsoft systems. It begins gathering infected computers into the
Storm botnet. By around June 30, it had infected 1.7 million computers, and it had compromised between 1 and 10 million computers by September.[43] Thought to have originated from Russia, it disguises itself as a news email containing a film about bogus news stories asking the user to download the attachment which it claims is a film.
July:
Zeus is a trojan that targets Microsoft Windows to steal banking information by keystroke logging.
2008
February 17:
Mocmex is a trojan, which was found in a digital photo frame in February 2008. It was the first serious computer virus on a digital photo frame. The virus was traced back to a group in China.[44]
March 3:
Torpig, also known as Sinowal and Mebroot, is a Trojan horse that affects Windows, turning off anti-virus applications. It allows others to access the computer, modifies data, steals confidential information (such as user passwords and other sensitive data) and installs more malware on the victim's computer.[45]
May 6: Rustock.C, a hitherto-rumored spambot-type malware with advanced rootkit capabilities, was announced to have been detected on Microsoft systems and analyzed, having been in the wild and undetected since October 2007 at the very least.[46]
July 6:
Bohmini.A is a configurable remote access tool or trojan that exploits security flaws in Adobe Flash 9.0.115 with Internet Explorer 7.0 and Firefox 2.0 under Windows XP SP2.[47]
July 31: The
Koobface computer worm targets users of
Facebook and
Myspace. New variants constantly appear.[48]
November 21: Computer worm
Conficker infects anywhere from 9 to 15 million Microsoft server systems running everything from
Windows 2000 to the
Windows 7 Beta. The French Navy,[49]UK Ministry of Defence (including Royal Navy warships and submarines),[50] Sheffield Hospital network,[51] German
Bundeswehr[52] and Norwegian Police were all affected.
Microsoft sets a bounty of US$250,000 for information leading to the capture of the worm's author(s).[53] Five main variants of the Conficker worm are known and have been dubbed Conficker A, B, C, D and E. They were discovered 21 November 2008, 29 December 2008, 20 February 2009, 4 March 2009 and 7 April 2009, respectively. On December 16, 2008, Microsoft releases KB958644[54] patching the server service vulnerability responsible for the spread of Conficker.
July 15: Symantec discovered
Daprosy Worm, a trojan worm is intended to steal online-game passwords in internet cafes. It could intercept all keystrokes and send them to its author, making it potentially a very dangerous worm to infect
B2B (business-to-business) systems.
August 24: Source code for
MegaPanzer is released by its author under GPLv3.[55] and appears to have been apparently detected in the wild.[56]
November 27: The virus
Kenzero is a virus that spreads online from
peer-to-peer networks (P2P) taking browsing history.[57]
2010s
2010
January: The
Waledac botnet sent spam emails. In February 2010, an international group of security researchers and Microsoft took Waledac down.[58]
January: The
Psyb0t worm is discovered. It is thought to be unique in that it can infect routers and high-speed modems.[59]
February 18:
Microsoft announced that a
BSoD problem on some Windows machines which was triggered by a batch of
Patch Tuesday updates was caused by the
Alureon Trojan.[60]
June 17:
Stuxnet, a Windows Trojan, was detected.[61] It is the first worm to attack
SCADA systems.[62] There are suggestions that it was designed to target Iranian nuclear facilities.[63] It uses a valid certificate from
Realtek.[64]
September 9: The virus, called "
here you have" or "VBMania", is a simple Trojan horse that arrives in the inbox with the odd-but-suggestive subject line "here you have". The body reads "This is The Document I told you about, you can find it Here" or "This is The Free Download Sex Movies, you can find it Here".
Anti-Spyware 2011, a Trojan horse that attacks Windows 9x, 2000, XP, Vista, and Windows 7, posing as an anti-spyware program. It disables security-related processes of anti-virus programs, while also blocking access to the Internet, which prevents updates.[67]
Summer 2011: The Morto worm attempts to propagate itself to additional computers via the Microsoft Windows
Remote Desktop Protocol (RDP). Morto spreads by forcing infected systems to scan for Windows servers allowing RDP login. Once Morto finds an RDP-accessible system, it attempts to log into a domain or local system account named 'Administrator' using several common passwords.[68] A detailed overview of how the worm works – along with the password dictionary Morto uses – was done by
Imperva.[69]
July 13: the
ZeroAccess rootkit (also known as Sirefef or max++) was discovered.
September 1:
Duqu is a worm thought to be related to the
Stuxnet worm. The Laboratory of Cryptography and System Security (
CrySyS Lab)[70] of the
Budapest University of Technology and Economics in
Hungary discovered the threat, analysed the malware, and wrote a 60-page report naming the threat Duqu.[71][72] Duqu gets its name from the prefix "~DQ" it gives to the names of files it creates.[73]
2012
May:
Flame – also known as Flamer, sKyWIper, and Skywiper – a modular computer malware that attacks computers running Microsoft Windows. Used for targeted
cyber espionage in Middle Eastern countries. Its discovery was announced on 28 May 2012 by MAHER Center of Iranian National Computer Emergency Response Team (CERT), Kaspersky Lab and CrySyS Lab of the Budapest University of Technology and Economics. CrySyS stated in their report that "sKyWIper is certainly the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found".[74]
August 16:
Shamoon is a computer virus designed to target computers running Microsoft Windows in the energy sector. Symantec, Kaspersky Lab, and Seculert announced its discovery on August 16, 2012.
September 20: NGRBot is a worm that uses the IRC network for file transfer, sending and receiving commands between zombie network machines and the attacker's IRC server, and monitoring and controlling network connectivity and intercept. It employs a user-mode rootkit technique to hide and steal its victim's information. This family of bot is also designed to infect HTML pages with inline frames (
iframes), causing redirections, blocking victims from getting updates from security/antimalware products, and killing those services. The bot is designed to connect via a predefined IRC channel and communicate with a remote botnet.[75][76]
2013
September: The
CryptoLocker Trojan horse is discovered. CryptoLocker encrypts the files on a user's hard drive, then prompts them to pay a ransom to the developer to receive the decryption key. In the following months, several copycat ransomware Trojans were also discovered.
December: The
Gameover ZeuS Trojan is discovered. This type of virus steals one's login details on popular Web sites that involve monetary transactions. It works by detecting a login page, then proceeds to inject malicious code into the page,
keystroke logging the computer user's details.
November: The
Regin Trojan horse is discovered. Regin is a
dropper, primarily spread via spoofed Web pages. Once installed, it quietly downloads additional malware, making it difficult for signature-based anti-virus programs to detect. It is believed to have been created by the United States and United Kingdom as a tool for espionage and mass surveillance.[citation needed]
2015
The
BASHLITE malware is leaked leading to a massive spike in DDoS attacks.[79]
Linux.Wifatch is revealed to the general public. It is found to attempt to secure devices from other more malicious malware.[80][81][82]
2016
January: A trojan named "
MEMZ" is created. The creator, Leurak, explained that the trojan was intended merely as a joke.[83] The trojan alerts the user to the fact that it is a trojan and warns them that if they proceed, the computer may no longer be usable. It contains complex payloads that corrupt the system, displaying
artifacts on the screen as it runs. Once run, the application cannot be closed without causing further damage to the computer, which will stop functioning properly regardless. When the computer is restarted, in place of the
bootsplash is a message that reads "Your computer has been trashed by the MEMZ Trojan. Now enjoy the Nyan cat...", which follows with an animation of the
Nyan Cat.[84]
February: Ransomware
Locky with its over 60 derivatives spread throughout Europe and infected several million computers. At the height of the spread over five thousand computers per hour were infected in Germany alone.[85] Although
ransomware was not a new thing at the time, insufficient cyber security as well as a lack of standards in IT was responsible for the high number of infections.[86] Unfortunately, even up to date antivirus and internet security software was unable to protect systems from early versions of Locky.[87]
February:
Tiny Banker Trojan (Tinba) makes headlines.[88] Since its discovery, it has been found to have infected more than two dozen major banking institutions in the United States, including TD Bank, Chase, HSBC, Wells Fargo, PNC and Bank of America.[89][90] Tiny Banker Trojan uses HTTP injection to force the user's computer to believe that it is on the bank's website. This spoof page will look and function just as the real one. The user then enters their information to log on, at which point Tinba can launch the bank webpage's "incorrect login information" return, and redirect the user to the real website. This is to trick the user into thinking they had entered the wrong information and proceed as normal, although now Tinba has captured the credentials and sent them to its host.[91][92]
August: Journalists and researchers report the discovery of
spyware, called
Pegasus, developed and distributed by a private company which can and has been used to infect
iOS and
Androidsmartphones often – based on
0-day exploits – without the need for any user-interaction or significant clues to the user and
then be used to exfiltrate data, track user locations, capture film through its camera, and activate the microphone at any time.
The investigation suggests it was used on many targets worldwide and revealed its use for e.g. governments' espionage on journalists, opposition politicians, activists, business people and others.[93]
September:
Mirai creates headlines by launching some of the most powerful and disruptive DDoS attacks seen to date by infecting the
Internet of Things. Mirai ends up being used in the DDoS attack on 20 September 2016 on the
Krebs on Security site which reached 620 Gbit/s.[94]Ars Technica also reported a 1 Tbit/s attack on French web host
OVH.[95] On 21 October 2016 multiple major DDoS attacks in
DNS services of DNS service provider
Dyn occurred using Mirai malware installed on a large number of
IoT devices, resulting in the inaccessibility of several high-profile websites such as
GitHub,
Twitter,
Reddit,
Netflix,
Airbnb and many others.[96] The attribution of the attack to the Mirai botnet was originally reported by BackConnect Inc., a security firm.[97]
2017
May: The
WannaCry ransomware attack spreads globally. Exploits revealed in the
NSA hacking toolkit leak of late 2016 were used to enable the propagation of the malware.[98] Shortly after the news of the infections broke online, a UK cybersecurity researcher in collaboration with others found and activated a "kill switch" hidden within the ransomware, effectively halting the initial wave of its global propagation.[99] The next day, researchers announced that they had found new variants of the malware without the kill switch.[100]
June: The
Petya attack spreads globally affecting Windows systems. Researchers at Symantec reveal that this ransomware uses the EternalBlue exploit, similar to the one used in the
WannaCry ransomware attack.[101][102][103]
September: The
Xafecopy Trojan attacks 47 countries, affecting only Android operating systems. Kaspersky Lab identified it as a malware from the Ubsod family, stealing money through click based WAP billing systems.[104][105]
September: A new variety of Remote Access Trojan (RAT), Kedi RAT, is distributed in a Spear Phishing Campaign. The attack targeted
Citrix users. The Trojan was able to evade usual system scanners. Kedi Trojan had all the characteristics of a common
Remote Access Trojan and it could communicate to its Command and Control center via Gmail using common HTML, HTTP protocols.[106][107]
2018
February: Thanatos, a ransomware, becomes the first ransomware program to accept ransom payment in
Bitcoin Cash.[108]
Researchers Nassi, Cohen, and Bitton developed a computer worm called Morris II, targeting generative AI email assistants to steal data and send spam, thereby breaching security protections of systems like
ChatGPT and
Gemini. Conducted in a test environment, this research highlights the security risks of multimodal large language models (LLMs) that now generate text, images, and videos. Generative AI systems, which operate on prompts, can be exploited through weaponized prompts. For instance, hidden text on a webpage could instruct an
LLM to perform malicious activities, such as phishing for bank details. While generative AI worms like Morris II haven’t been observed in the public, their potential threat is a concern for the tech industry.[110]
^Michael Crichton (November 21, 1973). Westworld (movie). 201 S. Kinney Road, Tucson, Arizona, USA: Metro-Goldwyn-Mayer. Event occurs at 32 minutes. And there's a clear pattern here which suggests an analogy to an infectious disease process, spreading from one resort area to the next." ... "Perhaps there are superficial similarities to disease." "I must confess I find it difficult to believe in a disease of machinery.{{
cite AV media}}: CS1 maint: location (
link)
^
abcWentworth, Rob (July 1996).
"Computer Virus!" (reprinted from The Digital Viking). Twin Cities PC User Group. Archived from
the original on 24 December 2013. Retrieved 9 September 2013.
^"NGRBot", Enigma Software Group, 15 October 2012. Retrieved 9 September 2013.
^"Dissecting the NGR bot framework: IRC botnets die hard", Aditya K. Sood and Richard J. Enbody, Michigan State University, USA, and Rohit Bansal, SecNiche Security, USA, with Helen Martin1 (ed.), January 2012. Retrieved 9 September 2013. (subscription required)
This article needs to be updated. The reason given is: No entries after 2019.. Please help update this article to reflect recent events or newly available information.(November 2023)
John von Neumann's article on the "Theory of self-reproducing automata" is published in 1966.[1] The article is based on lectures given by von Neumann at the
University of Illinois about the "Theory and Organization of Complicated Automata" in 1949.
1970s
1970
The first story written about a computer virus is The Scarred Man by
Gregory Benford.[2]
1971
The
Creeper system, an experimental self-replicating program, is written by Bob Thomas at
BBN Technologies to test John von Neumann's theory.[3] Creeper infected DEC
PDP-10 computers running the
TENEX operating system. Creeper gained access via the
ARPANET and copied itself to the remote system where the message "I'm the creeper, catch me if you can!" was displayed. The
Reaper program was later created to delete Creeper.[4]
At the
University of Illinois at Urbana-Champaign, a graduate student named
Alan Davis (working for
Prof. Donald Gillies) created a process on a
PDP-11 that (a) checked to see if an identical copy of itself was currently running as an active process, and if not, created a copy of itself and started it running; (b) checked to see if any disk space (which all users shared) was available, and if so, created a file the size of that space; and (c) looped back to step (a). As a result, the process stole all available disk space. When users tried to save files, the operating system advised them that the disk was full and that they needed to delete some existing files. Of course, if they did delete a file, this process would immediately snatch up the available space. When users called in a system administrator (A. Ian Stocks) to fix the problem, he examined the active processes, discovered the offending process, and deleted it. Of course, before he left the room, the still existing process would create another copy of itself, and the problem would not go away. The only way to make the computer work again was to reboot.[citation needed]
1972
The science fiction novel, When HARLIE Was One, by
David Gerrold, contains one of the first fictional representations of a
computer virus, as well as one of the first uses of the word "virus" to denote a program that infects a computer.
1973
In fiction, the 1973
Michael Crichton movie Westworld made an early mention of the concept of a computer virus, being a central plot theme that causes androids to run amok.[5]Alan Oppenheimer's character summarizes the problem by stating that "...there's a clear pattern here which suggests an analogy to an infectious disease process, spreading from one...area to the next." To which the replies are stated: "Perhaps there are superficial similarities to disease" and, "I must confess I find it difficult to believe in a disease of machinery."[6] (Crichton's earlier work, the 1969 novel The Andromeda Strain and
1971 film were about an extraterrestrial biological virus-like disease that threatened the human race.)
1974
The
Rabbit (or Wabbit) virus, more a
fork bomb than a virus, is written. The Rabbit virus makes multiple copies of itself on a single computer (and was named "
rabbit" for the speed at which it did so) until it clogs the system, reducing system performance, before finally reaching a threshold and crashing the computer.[7]
1975
April: ANIMAL is written by
John Walker for the
UNIVAC 1108.[8] ANIMAL asked several questions of the user in an attempt to guess the type of animal the user was thinking of, while the related program PERVADE would create a copy of itself and ANIMAL in every directory to which the current user had access. It spread across the multi-user UNIVACs when users with overlapping permissions discovered the game, and to other computers when tapes were shared. The program was carefully written to avoid damaging existing file or directory structures, and to avoid copying itself if permissions did not exist or if harm would result. Its spread was halted by an OS upgrade that changed the format of the file status tables PERVADE used. Though non-malicious, "Pervading Animal" represents the first
Trojan "in the wild".[9]
The Adolescence of P-1 novel,[11] describes a worm program that propagates through modem-based networks, eventually developing its own strategy-developing AI, which deals with cross-hardware and cross-os issues, eventually infecting hardware manufactures and defense organizations.
1980s
1982
A program called
Elk Cloner, written for
Apple II systems, was created by high school student
Richard Skrenta, originally as a prank. The Apple II was particularly vulnerable due to the storage of its operating system[clarification needed] on a
floppy disk. Elk Cloner's design combined with public ignorance[failed verification] about what
malware was and how to protect against it led to Elk Cloner being responsible for the first large-scale[failed verification] computer virus outbreak in history.[12]
1983
November: The term "virus" is re-coined by
Frederick B. Cohen in describing self-replicating computer programs. In 1984 Cohen uses the phrase "computer virus" (suggested by his teacher
Leonard Adleman) to describe the operation of such programs in terms of "infection". He defines a "virus" as "a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself." Cohen demonstrates a virus-like program on a
VAX11/750 system at
Lehigh University. The program could install itself in, or infect, other system objects.[13][failed verification]
1984
August:
Ken Thompson publishes his seminal paper, "
Reflections on Trusting Trust", in which he describes how he modified a
Ccompiler so that when used to compile a specific version of the
Unix operating system, it inserts a
backdoor into the
login command, and when used to compile a new copy of itself, it inserts the backdoor insertion code, even if neither the backdoor nor the backdoor insertion code is present in the
source code of this new copy.[14]
1986
January: The
Brainboot sector virus is released. Brain is considered the first
IBM PC compatible virus, and the program responsible for the first IBM PC compatible virus epidemic. The virus is also known as Lahore, Pakistani, Pakistani Brain, and Pakistani flu as it was created in
Lahore, Pakistan, by 19-year-old Pakistani programmer Basit Farooq Alvi and his brother,
Amjad Farooq Alvi.[15]
December: Ralf Burger presented the
Virdem model of programs at a meeting of the underground
Chaos Computer Club in Germany. The
Virdem model represented the first programs that could replicate themselves via addition of their code to executable DOS files in COM format.[16]
1987
Appearance of the Vienna virus, which was subsequently neutralized – the first time this had happened on the
IBM platform.[17]
Appearance of Lehigh virus (discovered at its
namesake university),[17] boot sector viruses such as Yale from the US,
Stoned from New Zealand,
Ping Pong from Italy, and appearance of the first self-encrypting file virus,
Cascade. Lehigh was stopped on campus before it spread to the "wild" (to computers beyond the university), and as a result, has never been found elsewhere. A subsequent infection of Cascade in the offices of IBM Belgium led to IBM responding with its own antivirus product development. Prior to this, antivirus solutions developed at IBM were intended for staff use only.
October: The
Jerusalem virus, part of the (at that time unknown) Suriv family, is detected in the city of
Jerusalem. The virus destroys all executable files on infected machines upon every occurrence of Friday the 13th (except Friday 13 November 1987 making its first trigger date May 13, 1988). Jerusalem caused a worldwide epidemic in 1988.[17]
November: The
SCA virus, a boot sector virus for
Amiga computers, appears. It immediately creates a pandemic virus-writer storm. A short time later,
SCA releases another, considerably more destructive virus, the
Byte Bandit.
December:
Christmas Tree EXEC was the first widely disruptive replicating network program, which paralyzed several international computer networks in December 1987. It was written in
Rexx on the
VM/CMS operating system and originated in
West Germany. It re-emerged in 1990.
1988
March 1: The
Ping-Pong virus (also called Boot, Bouncing Ball, Bouncing Dot, Italian, Italian-A or VeraCruz), an MS-DOS boot sector virus, is discovered at the
University of Turin in Italy.
June: The
CyberAIDS and Festering HateApple ProDOS viruses spreads from underground pirate BBS systems and starts infecting mainstream networks. Festering Hate was the last iteration of the CyberAIDS series extending back to 1985 and 1986. Unlike the few Apple viruses that had come before which were essentially annoying, but did no damage, the Festering Hate series of viruses was extremely destructive, spreading to all system files it could find on the host computer (hard drive, floppy, and system memory) and then destroying everything when it could no longer find any uninfected files.
November 2: The
Morris worm, created by
Robert Tappan Morris, infects
DECVAX and
Sun machines running
BSD UNIX that are connected to the
Internet, and becomes the first worm to spread extensively "in the wild", and one of the first well-known programs exploiting
buffer overrun vulnerabilities.
December: The
Father Christmas worm attacks
DECVAX machines running
VMS that are connected to the
DECnet Internet (an international scientific research network using
DECnet protocols), affecting
NASA and other research centers. Its purpose was to deliver a Christmas greeting to all affected users.
1989
October:
Ghostball, the first multipartite virus, is discovered by
Friðrik Skúlason. It infects both executable .COM files and boot sectors on MS-DOS systems.
December: Several thousand floppy disks containing the
AIDS Trojan, the first known
ransomware, are mailed to subscribers of PC Business World magazine and a WHO AIDS conference mailing list. This DOS Trojan lies dormant for 90 boot cycles, then encrypts all filenames on the system, displaying a notice asking for $189 to be sent to a post office box in Panama in order to receive a decryption program.
1990s
1990
Mark Washburn, working on an analysis of the Vienna and Cascade viruses with Ralf Burger, develops the first family of
polymorphic viruses, the Chameleon family. Chameleon series debuted with the release of
1260.[18][19][20]
June: The
Form computer virus is isolated in Switzerland. It would remain in the wild for almost 20 years and reappear afterward; during the 1990s it tended to be the most common virus in the wild with 20 to more than 50 percent of reported infections.
1991
Mattel releases a toyline called "Computer Warriors," bringing computer viruses into mainstream media. The villain, Megahert, is a sentient computer virus.
1992
March: The
Michelangelo virus was expected to create a digital apocalypse on March 6, with millions of computers having their information wiped, according to mass media hysteria surrounding the virus. Later assessments of the damage showed the aftermath to be minimal.
John McAfee had been quoted by the media as saying that five million computers would be affected. He later said that pressed by the interviewer to come up with a number, he had estimated a range from five thousand to five million, but the media naturally went with just the higher number.
October:
Milton-Bradley releases Omega Virus, a board game containing one of the first examples of a sentient computer virus in mainstream media.
1993
"Leandro" or "Leandro & Kelly"[21] and "Freddy Krueger"[22] spread quickly due to popularity of
BBS and
shareware distribution.
1994
April:
OneHalf is a DOS-based polymorphic computer virus.
September: ReBoot first airs, containing another memorable fictional, sentient computer virus, Megabyte.
1995
The first
Macro virus, called "Concept", is created. It attacked Microsoft Word documents.[23]
1996
"Ply" – DOS 16-bit based complicated polymorphic virus appeared with a built-in permutation engine.
Boza, the first virus designed specifically for Windows 95 files arrives.
Laroux, the first Excel macro virus appears.
Staog, the first
Linux virus attacks Linux machines
1997
Esperanto, the first cross-platform virus, appears.
1998
June 2: The first version of the
CIH virus appears. It is the first known virus able to erase flash ROM BIOS content.
1999
January 20: The
Happy99 worm first appeared. It invisibly attaches itself to emails, displays fireworks to hide the changes being made, and wishes the user a happy
New Year. It modifies system files related to
Outlook Express and
Internet Explorer (IE) on
Windows 95 and
Windows 98.
March 26: The
Melissa worm was released, targeting
Microsoft Word and
Outlook-based systems, and creating considerable network traffic.
December 30: The
Kak worm is a
JavaScript computer worm that spread itself by exploiting a bug in Outlook Express.[24]
2000s
2000
May 5: The
ILOVEYOU worm (also known as the Love Letter, VBS, or Love Bug worm), a computer worm written in VBScript and using
social engineering techniques, infected millions of Windows computers worldwide within a few hours of its release.
June 28: The
Pikachu virus is believed to be the first computer virus geared at children. It contains the character "
Pikachu" from the
Pokémon series. The operating systems affected by this worm are Windows 95, Windows 98, and Windows ME.
2001
February 11: The
Anna Kournikova virus hits e-mail servers hard by sending e-mail to contacts in the
Microsoft Outlook addressbook.[25] Its creator, Jan de Wit, was sentenced to 150 hours of community service.[26]
March 13: Magistr, also called Disembowler, is discovered. It is a complex email worm for Windows systems with multiple payloads that trigger months apart from each other. It targets members of the Law profession by searching the files on a user's computer for various keywords relating to court proceedings, activating if such are found.[27]
August 4: A complete re-write of the
Code Red worm,
Code Red II begins aggressively spreading onto Microsoft systems, primarily in China.
September 18: The
Nimda worm is discovered and spreads through a variety of means including vulnerabilities in Microsoft Windows and backdoors left by
Code Red II and
Sadmind worm.
October 26: The
Klez worm is first identified. It exploits a vulnerability in Microsoft Internet Explorer and Microsoft Outlook and Outlook Express.
Beast is a Windows-based backdoor Trojan horse, more commonly known as a RAT (
Remote Administration Tool). It is capable of infecting almost all versions of Windows. Written in
Delphi and released first by its author Tataye in 2002, its most current version was released on October 3, 2004.
March 7:
Mylife is a computer worm that spread itself by sending malicious emails to all the contacts in Microsoft Outlook.[28]
September 16: Another fictional, sentient computer virus appears in animation – Swayzak from
Toonami's Total Immersion Event Trapped in Hyperspace and its corresponding game on the Cartoon Network website.
2003
January 24: The
SQL Slammer worm, aka Sapphire worm, Helkern and other names, attacks vulnerabilities in
Microsoft SQL Server and
MSDE becomes the fastest spreading worm of all time (measured by doubling time at the peak rate of growth),[29] causing massive Internet access disruptions worldwide just fifteen minutes after infecting its first victim.[30]
April 2:
Graybird is a trojan horse also known as Backdoor.Graybird.[31]
June 13: ProRat is a Turkish-made Microsoft Windows based backdoor trojan horse, more commonly known as a RAT (Remote Administration Tool).[32]
August 12: The
Blaster worm, aka the Lovesan worm, rapidly spreads by exploiting a vulnerability in system services present on Windows computers.
August 18: The
Welchia (Nachi) worm is discovered. The worm tries to remove the
Blaster worm and patch Windows.
August 19: The
Sobig worm (technically the
Sobig.F worm) spreads rapidly through Microsoft systems via mail and network shares.
September 18:
Swen is a computer worm written in
C++.[33]
October 24: The
Sober worm is first seen on Microsoft systems and maintains its presence until 2005 with many new variants. The simultaneous attacks on network weak points by the Blaster and Sobig worms cause massive damage.
November 10:
Agobot is a computer worm that can spread itself by exploiting vulnerabilities on Microsoft Windows. Some of the vulnerabilities are MS03-026 and MS05-039.[34]
November 20:
Bolgimo is a computer worm that spread itself by exploiting a buffer overflow vulnerability at Microsoft Windows DCOM RPC Interface.[35]
2004
January 18:
Bagle is a mass-mailing worm affecting all versions of Microsoft Windows. There were two variants of Bagle worm, Bagle.A and Bagle.B. Bagle.B was discovered on February 17, 2004.
January 26: The
MyDoom worm emerges, and currently holds the record for the fastest-spreading mass mailer worm. The worm was most notable for performing a
distributed denial-of-service (DDoS) attack on www.sco.com, which belonged to
The SCO Group.
February 16: The
Netsky worm is discovered. The worm spreads by email and by copying itself to folders on the local hard drive as well as on mapped network drives if available. Many variants of the Netsky worm appeared.
March 19: The
Witty worm is a record-breaking worm in many regards. It exploited holes in several
Internet Security Systems (ISS) products. It was the fastest computer issue to be categorized as a worm, and it was the first internet worm to carry a destructive payload[citation needed]. It spread rapidly using a pre-populated list of ground-zero hosts.
May 1: The
Sasser worm emerges by exploiting a vulnerability in the Microsoft Windows
LSASS service and causes problems in networks, while removing
MyDoom and
Bagle variants, even interrupting business.
June 15:
Caribe or Cabir is a computer worm that is designed to infect mobile phones that run
Symbian OS. It is the first computer worm that can infect mobile phones. It spread itself through
Bluetooth. More information can be found on
F-Secure[36] and
Symantec.[37]
August 20:
Vundo, or the Vundo Trojan (also known as Virtumonde or Virtumondo and sometimes referred to as MS Juan) is a trojan known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including
Google and
Facebook.[39]
October 12:
Bifrost, also known as Bifrose, is a backdoor trojan which can infect
Windows 95 through
Vista. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attack.[40]
December:
Santy, the first known "webworm" is launched. It exploited a vulnerability in
phpBB and used
Google to find new targets. It infected around 40000 sites before Google filtered the search query used by the worm, preventing it from spreading.
2005
August 2005: Zotob is a computer worm which exploits security vulnerabilities in Microsoft operating systems like Windows 2000, including the MS05-039 plug-and-play vulnerability. This worm has been known to spread on Microsoft-ds or TCP port 445.
October 2005: The
copy protection rootkit deliberately and surreptitiously included on music CDs sold by
Sony BMG is exposed. The rootkit creates vulnerabilities on affected computers, making them susceptible to infection by worms and viruses.
Late 2005: The
Zlob Trojan, is a Trojan horse program that masquerades as a required video codec in the form of the Microsoft Windows ActiveX component. It was first detected in late 2005.[41]
2006
January 20: The
Nyxem worm was discovered. It spread by mass-mailing. Its payload, which activates on the third of every month, starting on February 3, attempts to disable security-related and file-sharing software, and destroy files of certain types, such as Microsoft Office files.
February 16: Discovery of the first-ever malware for Mac OS X, a low-threat trojan-horse known as OSX/
Leap-A or OSX/Oompa-A, is announced.
Late March:
Brontok variant N was found in late March.[42] Brontok was a mass-email worm and the origin for the worm was from Indonesia.
June: Starbucks is a virus that infects StarOffice and OpenOffice.
Late September:
Stration or Warezov worm first discovered.
Development of
Stuxnet is presumed to have been started between 2005 and 2006.
2007
January 17:
Storm Worm identified as a fast-spreading email spamming threat to Microsoft systems. It begins gathering infected computers into the
Storm botnet. By around June 30, it had infected 1.7 million computers, and it had compromised between 1 and 10 million computers by September.[43] Thought to have originated from Russia, it disguises itself as a news email containing a film about bogus news stories asking the user to download the attachment which it claims is a film.
July:
Zeus is a trojan that targets Microsoft Windows to steal banking information by keystroke logging.
2008
February 17:
Mocmex is a trojan, which was found in a digital photo frame in February 2008. It was the first serious computer virus on a digital photo frame. The virus was traced back to a group in China.[44]
March 3:
Torpig, also known as Sinowal and Mebroot, is a Trojan horse that affects Windows, turning off anti-virus applications. It allows others to access the computer, modifies data, steals confidential information (such as user passwords and other sensitive data) and installs more malware on the victim's computer.[45]
May 6: Rustock.C, a hitherto-rumored spambot-type malware with advanced rootkit capabilities, was announced to have been detected on Microsoft systems and analyzed, having been in the wild and undetected since October 2007 at the very least.[46]
July 6:
Bohmini.A is a configurable remote access tool or trojan that exploits security flaws in Adobe Flash 9.0.115 with Internet Explorer 7.0 and Firefox 2.0 under Windows XP SP2.[47]
July 31: The
Koobface computer worm targets users of
Facebook and
Myspace. New variants constantly appear.[48]
November 21: Computer worm
Conficker infects anywhere from 9 to 15 million Microsoft server systems running everything from
Windows 2000 to the
Windows 7 Beta. The French Navy,[49]UK Ministry of Defence (including Royal Navy warships and submarines),[50] Sheffield Hospital network,[51] German
Bundeswehr[52] and Norwegian Police were all affected.
Microsoft sets a bounty of US$250,000 for information leading to the capture of the worm's author(s).[53] Five main variants of the Conficker worm are known and have been dubbed Conficker A, B, C, D and E. They were discovered 21 November 2008, 29 December 2008, 20 February 2009, 4 March 2009 and 7 April 2009, respectively. On December 16, 2008, Microsoft releases KB958644[54] patching the server service vulnerability responsible for the spread of Conficker.
July 15: Symantec discovered
Daprosy Worm, a trojan worm is intended to steal online-game passwords in internet cafes. It could intercept all keystrokes and send them to its author, making it potentially a very dangerous worm to infect
B2B (business-to-business) systems.
August 24: Source code for
MegaPanzer is released by its author under GPLv3.[55] and appears to have been apparently detected in the wild.[56]
November 27: The virus
Kenzero is a virus that spreads online from
peer-to-peer networks (P2P) taking browsing history.[57]
2010s
2010
January: The
Waledac botnet sent spam emails. In February 2010, an international group of security researchers and Microsoft took Waledac down.[58]
January: The
Psyb0t worm is discovered. It is thought to be unique in that it can infect routers and high-speed modems.[59]
February 18:
Microsoft announced that a
BSoD problem on some Windows machines which was triggered by a batch of
Patch Tuesday updates was caused by the
Alureon Trojan.[60]
June 17:
Stuxnet, a Windows Trojan, was detected.[61] It is the first worm to attack
SCADA systems.[62] There are suggestions that it was designed to target Iranian nuclear facilities.[63] It uses a valid certificate from
Realtek.[64]
September 9: The virus, called "
here you have" or "VBMania", is a simple Trojan horse that arrives in the inbox with the odd-but-suggestive subject line "here you have". The body reads "This is The Document I told you about, you can find it Here" or "This is The Free Download Sex Movies, you can find it Here".
Anti-Spyware 2011, a Trojan horse that attacks Windows 9x, 2000, XP, Vista, and Windows 7, posing as an anti-spyware program. It disables security-related processes of anti-virus programs, while also blocking access to the Internet, which prevents updates.[67]
Summer 2011: The Morto worm attempts to propagate itself to additional computers via the Microsoft Windows
Remote Desktop Protocol (RDP). Morto spreads by forcing infected systems to scan for Windows servers allowing RDP login. Once Morto finds an RDP-accessible system, it attempts to log into a domain or local system account named 'Administrator' using several common passwords.[68] A detailed overview of how the worm works – along with the password dictionary Morto uses – was done by
Imperva.[69]
July 13: the
ZeroAccess rootkit (also known as Sirefef or max++) was discovered.
September 1:
Duqu is a worm thought to be related to the
Stuxnet worm. The Laboratory of Cryptography and System Security (
CrySyS Lab)[70] of the
Budapest University of Technology and Economics in
Hungary discovered the threat, analysed the malware, and wrote a 60-page report naming the threat Duqu.[71][72] Duqu gets its name from the prefix "~DQ" it gives to the names of files it creates.[73]
2012
May:
Flame – also known as Flamer, sKyWIper, and Skywiper – a modular computer malware that attacks computers running Microsoft Windows. Used for targeted
cyber espionage in Middle Eastern countries. Its discovery was announced on 28 May 2012 by MAHER Center of Iranian National Computer Emergency Response Team (CERT), Kaspersky Lab and CrySyS Lab of the Budapest University of Technology and Economics. CrySyS stated in their report that "sKyWIper is certainly the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found".[74]
August 16:
Shamoon is a computer virus designed to target computers running Microsoft Windows in the energy sector. Symantec, Kaspersky Lab, and Seculert announced its discovery on August 16, 2012.
September 20: NGRBot is a worm that uses the IRC network for file transfer, sending and receiving commands between zombie network machines and the attacker's IRC server, and monitoring and controlling network connectivity and intercept. It employs a user-mode rootkit technique to hide and steal its victim's information. This family of bot is also designed to infect HTML pages with inline frames (
iframes), causing redirections, blocking victims from getting updates from security/antimalware products, and killing those services. The bot is designed to connect via a predefined IRC channel and communicate with a remote botnet.[75][76]
2013
September: The
CryptoLocker Trojan horse is discovered. CryptoLocker encrypts the files on a user's hard drive, then prompts them to pay a ransom to the developer to receive the decryption key. In the following months, several copycat ransomware Trojans were also discovered.
December: The
Gameover ZeuS Trojan is discovered. This type of virus steals one's login details on popular Web sites that involve monetary transactions. It works by detecting a login page, then proceeds to inject malicious code into the page,
keystroke logging the computer user's details.
November: The
Regin Trojan horse is discovered. Regin is a
dropper, primarily spread via spoofed Web pages. Once installed, it quietly downloads additional malware, making it difficult for signature-based anti-virus programs to detect. It is believed to have been created by the United States and United Kingdom as a tool for espionage and mass surveillance.[citation needed]
2015
The
BASHLITE malware is leaked leading to a massive spike in DDoS attacks.[79]
Linux.Wifatch is revealed to the general public. It is found to attempt to secure devices from other more malicious malware.[80][81][82]
2016
January: A trojan named "
MEMZ" is created. The creator, Leurak, explained that the trojan was intended merely as a joke.[83] The trojan alerts the user to the fact that it is a trojan and warns them that if they proceed, the computer may no longer be usable. It contains complex payloads that corrupt the system, displaying
artifacts on the screen as it runs. Once run, the application cannot be closed without causing further damage to the computer, which will stop functioning properly regardless. When the computer is restarted, in place of the
bootsplash is a message that reads "Your computer has been trashed by the MEMZ Trojan. Now enjoy the Nyan cat...", which follows with an animation of the
Nyan Cat.[84]
February: Ransomware
Locky with its over 60 derivatives spread throughout Europe and infected several million computers. At the height of the spread over five thousand computers per hour were infected in Germany alone.[85] Although
ransomware was not a new thing at the time, insufficient cyber security as well as a lack of standards in IT was responsible for the high number of infections.[86] Unfortunately, even up to date antivirus and internet security software was unable to protect systems from early versions of Locky.[87]
February:
Tiny Banker Trojan (Tinba) makes headlines.[88] Since its discovery, it has been found to have infected more than two dozen major banking institutions in the United States, including TD Bank, Chase, HSBC, Wells Fargo, PNC and Bank of America.[89][90] Tiny Banker Trojan uses HTTP injection to force the user's computer to believe that it is on the bank's website. This spoof page will look and function just as the real one. The user then enters their information to log on, at which point Tinba can launch the bank webpage's "incorrect login information" return, and redirect the user to the real website. This is to trick the user into thinking they had entered the wrong information and proceed as normal, although now Tinba has captured the credentials and sent them to its host.[91][92]
August: Journalists and researchers report the discovery of
spyware, called
Pegasus, developed and distributed by a private company which can and has been used to infect
iOS and
Androidsmartphones often – based on
0-day exploits – without the need for any user-interaction or significant clues to the user and
then be used to exfiltrate data, track user locations, capture film through its camera, and activate the microphone at any time.
The investigation suggests it was used on many targets worldwide and revealed its use for e.g. governments' espionage on journalists, opposition politicians, activists, business people and others.[93]
September:
Mirai creates headlines by launching some of the most powerful and disruptive DDoS attacks seen to date by infecting the
Internet of Things. Mirai ends up being used in the DDoS attack on 20 September 2016 on the
Krebs on Security site which reached 620 Gbit/s.[94]Ars Technica also reported a 1 Tbit/s attack on French web host
OVH.[95] On 21 October 2016 multiple major DDoS attacks in
DNS services of DNS service provider
Dyn occurred using Mirai malware installed on a large number of
IoT devices, resulting in the inaccessibility of several high-profile websites such as
GitHub,
Twitter,
Reddit,
Netflix,
Airbnb and many others.[96] The attribution of the attack to the Mirai botnet was originally reported by BackConnect Inc., a security firm.[97]
2017
May: The
WannaCry ransomware attack spreads globally. Exploits revealed in the
NSA hacking toolkit leak of late 2016 were used to enable the propagation of the malware.[98] Shortly after the news of the infections broke online, a UK cybersecurity researcher in collaboration with others found and activated a "kill switch" hidden within the ransomware, effectively halting the initial wave of its global propagation.[99] The next day, researchers announced that they had found new variants of the malware without the kill switch.[100]
June: The
Petya attack spreads globally affecting Windows systems. Researchers at Symantec reveal that this ransomware uses the EternalBlue exploit, similar to the one used in the
WannaCry ransomware attack.[101][102][103]
September: The
Xafecopy Trojan attacks 47 countries, affecting only Android operating systems. Kaspersky Lab identified it as a malware from the Ubsod family, stealing money through click based WAP billing systems.[104][105]
September: A new variety of Remote Access Trojan (RAT), Kedi RAT, is distributed in a Spear Phishing Campaign. The attack targeted
Citrix users. The Trojan was able to evade usual system scanners. Kedi Trojan had all the characteristics of a common
Remote Access Trojan and it could communicate to its Command and Control center via Gmail using common HTML, HTTP protocols.[106][107]
2018
February: Thanatos, a ransomware, becomes the first ransomware program to accept ransom payment in
Bitcoin Cash.[108]
Researchers Nassi, Cohen, and Bitton developed a computer worm called Morris II, targeting generative AI email assistants to steal data and send spam, thereby breaching security protections of systems like
ChatGPT and
Gemini. Conducted in a test environment, this research highlights the security risks of multimodal large language models (LLMs) that now generate text, images, and videos. Generative AI systems, which operate on prompts, can be exploited through weaponized prompts. For instance, hidden text on a webpage could instruct an
LLM to perform malicious activities, such as phishing for bank details. While generative AI worms like Morris II haven’t been observed in the public, their potential threat is a concern for the tech industry.[110]
^Michael Crichton (November 21, 1973). Westworld (movie). 201 S. Kinney Road, Tucson, Arizona, USA: Metro-Goldwyn-Mayer. Event occurs at 32 minutes. And there's a clear pattern here which suggests an analogy to an infectious disease process, spreading from one resort area to the next." ... "Perhaps there are superficial similarities to disease." "I must confess I find it difficult to believe in a disease of machinery.{{
cite AV media}}: CS1 maint: location (
link)
^
abcWentworth, Rob (July 1996).
"Computer Virus!" (reprinted from The Digital Viking). Twin Cities PC User Group. Archived from
the original on 24 December 2013. Retrieved 9 September 2013.
^"NGRBot", Enigma Software Group, 15 October 2012. Retrieved 9 September 2013.
^"Dissecting the NGR bot framework: IRC botnets die hard", Aditya K. Sood and Richard J. Enbody, Michigan State University, USA, and Rohit Bansal, SecNiche Security, USA, with Helen Martin1 (ed.), January 2012. Retrieved 9 September 2013. (subscription required)