A History of Major Computer Viruses from the 1970s to the Present

A couple of years ago, I wrote about the history of programming. It was fascinating to see how far things have come since Charles Babbage conceived the very first analytical engine back in 1837. Now, let’s turn our attention to the Dark Side of the Force, and look at the history of computer viruses. This epic horror tale takes us back to a time when the original Charlie’s Angels went around fighting crime and John Travolta was getting down on the dance floor in Saturday Night Fever. Yes, I’m talking about the 1970s.

Before we begin: please note that this is not an exhaustive list of all viruses, because that would be l-o-n-g; especially the last couple of decades. Instead, this is a look at some of the major milestones on the virus landscape since they started becoming an issue. Ready? Here we go!

The 1970s

• 1971: The Creeper System. This was a self-replicating program that infected DEC PDP-10 computers running the TENEX operating system. This worm didn’t cause any permanent damage. Instead, it sent out a message that said: “I’m the creeper: catch me if you can.”
• 1974: Rabbit (a.k.a. Wabbit). Rabbit was one of the first cases of a virus written in VBS. In the same way bunnies multiply in real life, Rabbit copied itself over and over again on an infected system, until it slowed things down to a crawl — eventually causing it to crash.
• 1975: ANIMAL. Considered to be the first mass-spreading Trojan, ANIMAL was more mischievous than malicious. It was developed by a programmer named John Walker and designed to install a popular “guess the animal” game into any directory where it was not already present.

The 1980s

• 1982: Elk Cloner. Back in 1982, most 15-year-olds were busy skateboarding or worrying about acne. But not little Richard Skrenta. As a prank, the 15-year old high school student unleashed the first large-scale computer virus outbreak in history. The virus targeted Apple II systems and spread from one floppy drive to another.
• 1986: Brain. Back in 1986, two brothers in Pakistan named Basit Farooq Alvi and Amjad Farooq Alvi had an axe to grind with all of the folks who installed a pirated copy of software they had developed. To punish these transgressors, the Farooq Alvi brothers developed a piece of malware called Brain, which infected the boot sector of storage media that was formatted with the DOS File Allocation Table (FAT) system. Interestingly, the brothers included their contact information on the virus so that victims could get in touch and figure out how to save their computers. Nice touch, huh?
• 1988: Morris. Named after its creator Robert Morris and considered the first worm, Morris exploited vulnerabilities in Unix commands (sendmail, rsh, and finger). While Morris could have caused massive amounts of damage, it actually didn’t destroy anything. Instead, Robert Morris just wanted to find out the size and scope of the Internet.

The 1990s

• 1991: Michaelangelo. Before the 1990s, most people around the world thought Michaelangelo was either a famous Renaissance artist or a Teenage Mutant Ninja Turtle. But in 1991, a virus called Michaelangelo took over the moniker. It was configured to activate on March 6th every year, at which time it would overwrite the first 100 sectors on storage devices with zeros — effectively preventing them from booting up. Why March 6? Because it was Michaelangelo’s (the artist) birthday. While this virus only infected about 20,000 machines around the world, it created mass hysteria and people dreaded the arrival of March 6.
• 1998: CIH (a.k.a. Chernobyl and Spacefiller). Created by Taiwanese college student Chen Ing-hau, CIH infected a whopping 60 million computers around the world, resulting in (cue Dr. Evil voice) $1 billion dollars in damage. Designed to infect systems using MS-Windows 9x operating systems, CIH overwrote critical information, and in some cases destroyed the BIOS.
• 1999: Melissa. On the eve of the new millennium, instead of partying like it was 1999, many people around the world that year were freaking out about the Melissa virus which sent out passwords for erotic memberships to the first 50 people in a victim’s Outlook address book. Things got so out of hand that email servers crashed because of the traffic. Plus, can you imagine all of those awkward phone calls from grandma and grandpa?

The 2000s

• 2000: iloveyou. You may recall a purple dinosaur named Barney, who used to sing: “I love you, you love me”. Well, in 2000, lots of people weren’t getting that loving feeling thanks to a scary worm called iloveyou, which infected millions of Windows-based machines worldwide in a matter of hours. Because it was spread through a malware-laden email with the subject line “ILOVEYOU”, it is considered one of the first global viruses to use social engineering techniques.
• 2001: Nimda. Just when people thought it was safe to get back online, Nimda struck in late 2001 and infected thousands of computers worldwide thanks to a vulnerability in Windows. Nimda also targeted Internet servers and caused performance to slow down — and in some cases, grind to a screeching halt. Notably, Nimda was able to infect and spread through backdoors opened by two other viruses that also appeared in 2001: Code Red II and the Sadmind worm.
• 2003: Blaster Worm. You might think that Blaster Worm is a great title for a video game, or maybe a roller coaster. But in 2003, it referred to a worm that launched many DDoS attacks against Microsoft Servers. Its creator, 18-year-old Jeffrey Parson, was arrested and eventually sentenced to 18 months in prison.
• 2004: Netsky. Created by Sven Jaschan in June 2004, 29 variants of Netsky roamed the internet landscape and caused many DDoS Attacks. The worm spread via email and copied itself on a victim’s local hard drive, as well as on mapped network drives if available. At one time, an astonishing 25% of all viruses on the internet were Netsky variants (it must have been tough to get a good parking spot at the Netsky family reunion!). Like Jeffrey Parson, Sven Jaschan was arrested for his efforts. However, unlike Parson, Jaschan didn’t go to jail because he was under 18 at the time. Instead, he received 21 months of probation.
• 2004: MyDoom. 2004 was not a good year for DDoS attacks, and MyDoom was yet another massive threat. The worm hit thousands of computers through P2P networks and email. At the time, it was the fastest spreading email worm in history. And just when people thought MyDoom was firmly in the past, like the classic PC game Doom, MyDoom surfaced yet again in 2009 in attacks targeting South Korea and the US.
• 2004: Sasser. Remember Sven Jaschan from Netsky fame (or infamy)? Well, in 2004 he was also busy creating the Sasser worm, which unlike Netsky didn’t spread via email. Instead, it parked itself on an infected machine and started hunting for other vulnerable systems. Once found, it would contact those systems and tell them to download the virus.
• 2008: Conficker. Deriving its name from the words “configuration” and “ficker” (which is the German slang term for a curse word in English!), the Conficker worm exploited vulnerabilities in Windows and used the standard dictionary to crack administrator passwords. Conficker infected millions of computers in more than 200 countries and spared nobody: home users, corporate users, and government organizations — including the Ministry of Defense in the UK. There were several variants discovered, which were called Conficker A, B, C, D and E.

The 2010s

• 2010: Stuxnet. Referred to as the first public cyberweapon, Stuxnet is believed (but not proven) to have been created by the U.S. and Israeli governments to attack nuclear facilities in Iran. In 2017, Kaspersky Lab reported that the Windows vulnerabilities that were relied on to spread the Stuxnet worm continued to be the most widely-exploited software bug in both 2015 and 2016, even though it had been patched years earlier.
• 2011: Gameover ZeuS (GOZ). An estimated one million Windows computers were infected by Gameover ZeuS, which was primarily used to steal banking information. Notably, the same malware in Gameover ZeuS was used in the first known ransomware attack, CryptoLocker, which hit approximately 234,000 victims worldwide, who paid an estimated $30 million in ransom between 2011 and 2013.
• 2012: Flame. When Flame was unleashed in early 2012, it was seen by some experts as the most complex malware ever created due to its ability to record network traffic, screenshots, keyboard activity, audio, and even Skype conversations. Flame spread (yes, like a flame — what else?) across local networks and through infected USB sticks. Flame was also designed with a kill command that destroyed all traces of its existence. And wouldn’t you know, just a few days ago a new version of Flame was discovered by researchers at Alphabet’s Chronicle Security. As they say, the classics never go out of style.
• 2014: Regin. The Trojan horse Regin reared its malicious head in 2014 and used fake websites to deploy malware. What made Regin particularly nasty was that it covertly downloaded extensions of itself, which fooled a lot of signature-based antivirus programs. It was created by cyber criminals believed to be based in the US and UK as a way to commit espionage and conduct mass surveillance.
• 2015: BASHLITE. Originally called Bashdoor, BASHLITE infected Linux systems around the world and launched DDoS attacks that reached an unbelievable 400 gigabytes per second. Holy speed, Batman!
• 2016: MEMZ, Locky, Tiny Banker, and Mirai. Just like there are vintage years for fine wines, 2016 was (unfortunately) a vintage year for viruses. First there was the Trojan MEMZ with its unusual payloads (like slightly moving the mouse cursor). Then there was the ransomware Locky, which was followed by the Trojan Tiny Banker (a.k.a. Timba) that targeted dozens of major banks in the US. And finally the malware Mirai targeted networked devices using Linux and turned them into bots for use in massive network attacks (resistance was futile and they were assimilated).
• 2017/2018: WannaCry, Petya, Xafecopy, and Kedi RAT. The ransomware WannaCry did indeed make millions of people around the world want to cry. It infected more than 200,000 machines in over 150 countries and racked up hundreds of millions of dollars in ransom. Petya, another encrypted ransomware, caused an estimated $10 billion in damages worldwide. The Trojan Xafecopy targeted Android users and infected an estimated 4,800 users. And then the Kedit RAT (remote access trojan) popped up, which was distributed via spear phishing campaigns and pretended to be a Citrix utility that actually transferred data using Gmail.

Learning from History

The above are just some of the MANY viruses and worms that have infected machines and stolen data over the past 50 years. The lesson to learn from this history is clear: cyber criminals today are not the same script kiddies of the past, who were intent on pulling pranks and making news. Today’s cyber criminals are focused on money, and unfortunately, some of them are are very good at their jobs.

The bottom line? All users and organizations need to make security their NUMBER ONE PRIORITY, by implementing smart technologies and providing ongoing end user training. Remember: 60% of SMBs go out of business within six months of a cyber attack.

Learn More

To learn more about protecting your organization and users, here are some helpful articles:

• Does Your Organization Have All 6 Pieces of a Comprehensive PAM Strategy?
• The Basics of Zero Trust Architecture + 8 Best Practices
• 5 Cybersecurity Quick Wins
• 5 Tips to Educate Users About Good Password Policies
• Are You Being Hacked? 10 Signs to Watch For
• Best of the Worst Password Practices
• Are Your End Users Suffering from Security Fatigue?
• Top 10 Password Policies and Best Practices for System Administrators
• Principle of Least Privilege (POLP): What, Why & Best Practices
• The Critical Importance of Privileged Identity Management (PIM)
• Why a Simple Hack Can Destroy Customer Trust
• 4 Reasons Why Giving Everyone Administrative Rights Is a Bad Idea