|
1986
"Brain" & "PC-Write Trojan": The common
story is that two brothers from Pakistan named Basit and Amjad analysed
the boot sector of a floppy disk and developed a method of infecting
it with a virus dubbed "Brain" (the origin is generally
accepted but not absolute). Because it spread widely on the popular
MS-DOS PC system this is typically called the first computer virus;
even though it was predated by Cohen's experiments and the Apple
II virus. That same year the first PC-based Trojan was released
in the form of the popular shareware program PC-Write.
1987
"Stoned" is the first virus to infect the master boot
record preventing it from starting up.
1988
One of the most common viruses, "Jerusalem", is unleashed.
Activated every Friday the 13th, the virus affects both .EXE and
.COM files and deletes any programs run on that day. An Indonesian
programmer releases the first anti-virus software for the brain
virus. The "Internet Worm" is released and crashed 5000
computers.
1989
IBM releases the first commercial anti-virus products. Intensive
anti-virus research commences. The "Dark Avenger" virus
appears.
1990
Symantec launches Norton AntiVirus, one of the first anti-virus
programs developed by a large company. Bulletin Boards (BBS) become
a common way for virus writers to share code.
1991
"Tequila" is the first widespread polymorphic virus found
in the wild. Polymorphic viruses make detection difficult for virus
scanners by changing their appearance with each new infection. Virus
construction kits can be downloaded from virus bulletin boards enabling
almost anyone to write a virus. 9% in early 1991 reported they had
experienced a virus attack. By the end of the year that figure increased
to 63%.
1992
1300 viruses are in existence, an increase of 420% from December
of 1990. The Michelangelo scare predicts 5 million computers will
crash on March 6. Only 5,000-10,000 actually go down.
1994
Good Times email hoax tears through the computer community. The
hoax warns of a malicious virus that will erase an entire hard drive
just by opening an email with the subject line "Good Times".
Though disproved, the hoax resurfaces every six to twelve months.
In England, the writer if the "Pathogen" virus is found
by Scotland Yard and sentenced to 18 months in jail. This is the
first prosecution.
1995
The "Concept" macro virus appears. Written in Microsoft's
WordBasic it can run on PCs and Macs running Microsoft Word. Being
so easy to write, macro viruses become extensively widespread.
1998
Currently harmless and yet to be found in the wild, StrangeBrew
is the first virus to infect Java files. The virus modifies CLASS
files to contain a copy of itself within the middle of the file's
code and to begin execution from the virus section.
1999
The Melissa virus, W97M/Melissa, executes a macro in a document
attached to an email, which forwards the document to 50 people in
the user's Outlook address book. The virus also infects other Word
documents and subsequently mails them out as attachments. Melissa
spread faster than any other previous virus and infected hundreds
of thousands of PCs.
The "Chernobyl" virus hit in April making
the hard drvie inaccessible causing wide spread damage.
Tristate is the first multi-program macro virus;
it infects Word, Excel, and PowerPoint files.
Bubbleboy is the first worm that would activate
when a user simply opened and E-mail message in Microsoft Outlook
(or previewed the message in Outlook Express). No attachment is
necessary. Bubbleboy was the proof of concept; Kak spread widely
using this technique.
2000
The "Love Bug", also known as the "ILoveYou"
and "LoveLetter" virus, sends itself out via Outlook,
much like Melissa. From the Phillipines, the virus comes as a VBS
attachment and deletes files, including MP3, MP2, and JPG. It also
sends usernames and passwords to the virus' author. "LoveLetter"
spread over the US and Europe in 6 hours and infected 2.5 million
PCs causing an estimated $8.7 billion in damage.
"W97M.Resume.A", a new variation of
the "Melissa" virus, is determined to be in the wild.
The "resume" virus acts much like "Melissa",
using a Word macro to infect Outlook and spread itself.
The "Stages" virus, disguised as a joke
email about the stages of life, spreads across the Internet. Unlike
previous viruses, "Stages" is hidden in an attachment
with a false ".txt" extension, making it easier to lure
recipients into opening it. Until now, it has generally been safe
to assume the text files are safe.
August 2000 saw the first Trojan developed for
the Palm PDA. Called "Liberty" and developed by Aaron
Ardiri the co-developer of the Palm Game Boy emulator Liberty, the
Trojan was developed as an uninstall program and was distributed
to a few people to help foil those who would steal the actual software.
When it was accidentally released to the wider public Ardiri helped
contain its spread.
2001
The Anna Kournikova virus, also known as VBS/SST, which masquerades
as a picture of Tennis Star Anna Kournikova, operates in a similar
manner to Melissa and The Love Bug. It spreads by sending copies
of itself to the entire address book in Microsoft Outlook. It is
believed that this virus was created with a so-called virus creation
kit, a program which can enable even a novice programmer to create
these malicious programs.
In May, the HomePage email virus hit no more than
10,000 users of Microsoft Outlook. When opened, the virus redirected
users to sexually explicit Web pages. Technically known as VBSWG.X,
the virus spread quickly through Asia and Europe, but was mostly
prevented in the U.S. because of lessons learned in earlier time
zones. The author of the virus is said to live in Argentina, and
have authored the Kournikova virus earlier in the year.
The Code Red I and II worms attacked computer
networks in July and August. According to Computer Economics they
affected over 700,000 computers and caused upwards of 2 billion
in damages. A worm spreads through external and (then) internal
computer networks, as opposed to a virus which infects computers
via email and certain websites. Code Red took advantage of a vulnerability
in Microsoft's Windows 2000 and Windows NT server software. Microsoft
developed a patch to protect networks against the worm, and admits
that they too were attacked. Other major companies affected include
AT&T, and the AP.
On July 25, W32/Sircam Malicious Code appears,
spreading through e-mail and unprotected network shares. The code
affects both the infected computer as well as all those in its e-mail
address book.
The W32/Nimda worm, taking advantage of back doors
left behind by the Code Red II worm, is the first to propagate itself
via several methods, including e-mail, network shares and an infected
Web site. The worm spreads from client to Web server by scanning
for back doors.
Computer Associates International, Inc. (CA),
the world's leading provider of eBusiness management solutions,
released its "2001 Top 10 Virus Threats" list. The list
is based on reports tracked by the company's eTrust Global Antivirus
Research Centers. The list, in order of frequency, is as follows:
1. Win32.Badtrans.B, 2. Win32.Sircam.137216, 3.
Win32.Magistr, 4. Win32.Badtrans.13312, 5. Win32.Magistr.B, 6. Win32.Hybris.B,
7. Win95.MTX, 8. Win32.Nimda.A, 9. VBS.VBSWG.Generic, 10. Win32.Goner.A
2002
The Klezworm infects executables by creating a hidden copy of the
original host file and then overwriting the original file with itself.
The hidden copy is encrypted, but contains no viral data. The name
of the hidden file is the same as the original file, but with a
random extension.
Nimda is a mass-mailing worm that utilizes multiple
methods to spread itself. The name of the virus came from the reversed
spelling of "admin". The worm sends itself out by email,
searches for open network shares, attempts to copy itself to unpatched
or already vulnerable Microsoft IIS web servers, and is a virus
infecting both local files and files on remote network shares.
2003
After it infects a PC, the Bugbear virus searches
the machine for e-mail addresses and sends a message out to each
address, with a copy of itself attached. Bugbear also grabs a random
address from those found in the e-mail program on the computer
and uses it in the "From:" line of the messages it sends
- disguising where the actual e-mails are coming from. it maskerades
an someone elase known to the user of the computer causing great
confusion to innocent virus free users.
The Klez.H virus randomly
chooses a document from an infected computer and attaches it to
the e-mails it sends out to spread itself. In addition, Klez.H
spoofs
the sender's address to make it look like a random person from
the infected PC's address book is actually sending the email. Nasty!
Extremely prolific thoughout the entire year. The Klez worm has
been pushed to second place on the infamous list, causing $13.9
billion worth of damage. The Love Bug is now in the third position,
accounting for $8.75 billion in damages.
Sobig is a mass-mailing worm incorporating its
own SMTP engine. It arrives from
the e-mail address "big@boss.com. Sobig has become the most
damaging virus on record, overtaking malicious rivals Klez, Love
Bug and Yaha.
In August 2003, viruses, along with
overt and covert hacker attacks, caused $32.8 billion in economic
damages, according to a report from mi2g, a digital risk assessment
company based in London. Mi2g also notes that the Sobig virus alone
accounted for $29.7 billion of economic damages worldwide.
Blaster worm - The flaw
is in a component of the operating system that allows other computers
to request the Windows system perform an action or service. The
component, known as the remote procedure call (RPC) process,
facilitates such activities such as sharing files and allowing
others to use the computer's printer. During
12 hours, Symantec detected from 420 to nearly 4,000
infections per hour, with an average of about 2,500 new computer
compromised hourly. Federal
law enforcement got on the trail of Blaster-B's author
by tracking down ownership
of an Internet domain, t33kid.com, that the Blaster-B worm used
to download instructions and report on infected hosts. That
chase led from a San Diego wholesale ISP to a small Web hosting
provider in Watauga, Texas, and, from there, to ISP Time Warner Cable,
which
provided
Parson's father's home broadband account in Minnesota. Federal agents
raided that home on Aug. 19, seizing
seven computers from the house. Blaster-A first appeared on Aug.
11 and exploited a widespread vulnerability in Microsoft's Windows
operating system.
2004
MyDoom:
The speed with which MyDoom spread across the world was what made it so destructive.
In a matter of a few hours, the MyDoom worm spread so rapidly that
antivirus companies rated it as a 'high' outbreak risk. It was
rated as the first serious outbreak of 2004, and within a few days
had surpassed the damage caused by Sobig.F and Welchia. MyDoom.A
accounted for approximately 30 percent of all e-mail traffic globally
and generated in excess of 100 million infected
e-mails in its first 36 hours, blocking networks and overloading
servers. Only two days after MyDoom was released, a second version
of the virus, MyDoom.B, was spreading across the world. MyDoom.B
released
distributed denial of service (DDoS) attacks on the SCO and Microsoft
Web sites, and also prevented machines infected with MyDoom.A from
accessing antivirus sites.
Some information provided
by The Learning Networ, Symantec Corp., CERT, eWEEK
|
