Timeline of computer viruses and worms

Last updated
Hex dump of the Blaster worm, showing a message left for Microsoft co-founder Bill Gates by the worm's programmer Virus Blaster.jpg
Hex dump of the Blaster worm, showing a message left for Microsoft co-founder Bill Gates by the worm's programmer

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.




















































See also

Related Research Articles

<span class="mw-page-title-main">Computer worm</span> Self-replicating malware program

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. When these new worm-invaded computers are controlled, the worm will continue to scan and infect other computers using these computers as hosts, and this behaviour will continue. Computer worms use recursive methods to copy themselves without host programs and distribute themselves based on exploiting the advantages of exponential growth, thus controlling and infecting more and more computers in a short time. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

In computing terminology, a macro virus is a virus that is written in a macro language: a programming language which is embedded inside a software application. Some applications, such as Microsoft Office, Excel, PowerPoint allow macro programs to be embedded in documents such that the macros are run automatically when the document is opened, and this provides a distinct mechanism by which malicious computer instructions can spread. This is one reason it can be dangerous to open unexpected attachments in e-mails. Many antivirus programs can detect macro viruses; however, the macro virus' behavior can still be difficult to detect.

In computing, a Trojan horse is any malware that misleads users of its true intent by disguising itself as a standard program. The term is derived from the ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy.

<span class="mw-page-title-main">Blaster (computer worm)</span> 2003 Windows computer worm

Blaster was a computer worm that spread on computers running operating systems Windows XP and Windows 2000 during August 2003.

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.

In computing, Download.ject is a malware program for Microsoft Windows servers. When installed on an insecure website running on Microsoft Internet Information Services (IIS), it appends malicious JavaScript to all pages served by the site.

Ransomware is a type of cryptovirological malware that permanently block access to the victim's personal data unless a ransom is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem, and difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware.

<span class="mw-page-title-main">WinFixer</span> Rogue security software

WinFixer was a family of scareware rogue security programs developed by Winsoftware which claimed to repair computer system problems on Microsoft Windows computers if a user purchased the full version of the software. The software was mainly installed without the user's consent. McAfee claimed that "the primary function of the free version appears to be to alarm the user into paying for registration, at least partially based on false or erroneous detections." The program prompted the user to purchase a paid copy of the program.

The Vundo Trojan is either a Trojan horse or a computer worm that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook. It also is used to deliver other malware to its host computers. Later versions include rootkits and ransomware.

Man-in-the-browser, a form of Internet threat related to man-in-the-middle (MITM), is a proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a covert fashion invisible to both the user and host web application. A MitB attack will be successful irrespective of whether security mechanisms such as SSL/PKI and/or two- or three-factor authentication solutions are in place. A MitB attack may be countered by using out-of-band transaction verification, although SMS verification can be defeated by man-in-the-mobile (MitMo) malware infection on the mobile phone. Trojans may be detected and removed by antivirus software;, but a 2011 report concluded that additional measures on top of antivirus software were needed.

<span class="mw-page-title-main">Computer virus</span> Computer program that modifies other programs to replicate itself and spread

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses.

Koobface is a network worm that attacks Microsoft Windows, Mac OS X, and Linux platforms. This worm originally targeted users of networking websites like Facebook, Skype, Yahoo Messenger, and email websites such as GMail, Yahoo Mail, and AOL Mail. It also targets other networking websites, such as MySpace, Twitter, and it can infect other devices on the same local network. Technical support scammers also fraudulently claim to their intended victims that they have a Koobface infection on their computer by using fake popups and using built-in Windows programs.

<span class="mw-page-title-main">Conficker</span> Computer worm

Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows OS software and dictionary attacks on administrator passwords to propagate while forming a botnet, and has been unusually difficult to counter because of its combined use of many advanced malware techniques. The Conficker worm infected millions of computers including government, business and home computers in over 190 countries, making it the largest known computer worm infection since the 2003 SQL Slammer worm.

Slenfbot is the classification for a family of malicious software (malware), which infects files on Microsoft Windows systems. Slenfbot was first discovered in 2007 and, since then, numerous variants have followed; each with slightly different characteristics and new additions to the worm's payload, such as the ability to provide the attacker with unauthorized access to the compromised host. Slenfbot primarily spreads by luring users to follow links to websites, which contain a malicious payload. Slenfbot propagates via instant messaging applications, removable drives and/or the local network via network shares. The code for Slenfbot appears to be closely managed, which may provide attribution to a single group and/or indicate that a large portion of the code is shared amongst multiple groups. The inclusion of other malware families and variants as well as its own continuous evolution, makes Slenfbot a highly effective downloader with a propensity to cause even more damage to compromised systems.

macOS malware includes viruses, trojan horses, worms and other types of malware that affect macOS, Apple's current operating system for Macintosh computers. macOS is said to rarely suffer malware or virus attacks, and has been considered less vulnerable than Windows. There is a frequent release of system software updates to resolve vulnerabilities. Utilities are also available to find and remove malware.

<span class="mw-page-title-main">WannaCry ransomware attack</span> 2017 worldwide ransomware cyberattack

The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. While Microsoft had released patches previously to close the exploit, much of WannaCry's spread was from organizations that had not applied these, or were using older Windows systems that were past their end-of-life. These patches were imperative to cyber security, but many organizations did not apply them, citing a need for 24/7 operation, the risk of formerly working applications breaking because of the changes, lack of personnel or time to install them, or other reasons.

EternalBlue is a computer exploit developed by the U.S. National Security Agency (NSA). It was leaked by the Shadow Brokers hacker group on April 14, 2017, one month after Microsoft released patches for the vulnerability.

DoublePulsar is a backdoor implant tool developed by the U.S. National Security Agency's (NSA) Equation Group that was leaked by The Shadow Brokers in early 2017. The tool infected more than 200,000 Microsoft Windows computers in only a few weeks, and was used alongside EternalBlue in the May 2017 WannaCry ransomware attack. A variant of DoublePulsar was first seen in the wild in March 2016, as discovered by Symantec.


  1. von Neumann, John (1966). Arthur W. Burks (ed.). Theory of self-reproducing automata (PDF). University of Illinois Press. Retrieved June 12, 2010.
  2. "The Scarred Man Returns | GREGORY BENFORD" . Retrieved 2021-09-12.
  3. Chen, Thomas; Robert, Jean-Marc (2004). "The Evolution of Viruses and Worms". Archived from the original on 2009-05-17. Retrieved 2009-02-16.
  4. Russell, Deborah; Gangemi, G T (1991). Computer Security Basics . O'Reilly. p.  86. ISBN   0-937175-71-4.
  5. "IMDB synopsis of Westworld". www.imdb.com. Retrieved November 28, 2015.
  6. Michael Crichton (November 21, 1973). Westworld (movie). 201 S. Kinney Road, Tucson, Arizona, USA: Metro-Goldwyn-Mayer. Event occurs at 32 minutes. And there's a clear pattern here which suggests an analogy to an infectious disease process, spreading from one resort area to the next." ... "Perhaps there are superficial similarities to disease." "I must confess I find it difficult to believe in a disease of machinery.{{cite AV media}}: CS1 maint: location (link)
  7. "The very first viruses: Creeper, Wabbit and Brain", Daniel Snyder, InfoCarnivore, May 30, 2010,
  8. "ANIMAL Source Code". Fourmilab.ch. 1996-08-13. Retrieved 2012-03-29.
  9. "The Animal Episode". Fourmilab.ch. Retrieved 2012-03-29.
  10. Craig E. Engler (1997). "The Shockwave Rider". Classic Sci-Fi Reviews. Archived from the original on 2008-07-03. Retrieved 2008-07-28.
  11. Ryan, Thomas J. (1977). The Adolescence of P-1 (1st ed.). New York: Macmillan. ISBN   0-02-606500-2.
  12. "First virus hatched as a practical joke". The Sydney Morning Herald (AP). 3 September 2007. Retrieved 9 September 2013.
  13. Fred Cohen (1983-11-03). "Computer Viruses – Theory and Experiments". eecs.umich.edu. Retrieved 2012-03-29.
  14. Thompson, Ken (August 1984). "Reflections on Trusting Trust". Communications of the ACM. 27 (8): 761–763. doi: 10.1145/358198.358210 . S2CID   34854438.
  15. Leyden, John (January 19, 2006). "PC virus celebrates 20th birthday". The Register . Retrieved March 21, 2011.
  16. Szor, Peter (2005). The Art of Computer Virus Research and Defense. Symantec Press / Addison-Wesley Professional. ISBN   978-0-321-30454-4.
  17. 1 2 3 Wentworth, Rob (July 1996). "Computer Virus!" (reprinted from The Digital Viking). Twin Cities PC User Group. Archived from the original on 24 December 2013. Retrieved 9 September 2013.
  18. "Virus.DOS.Chameleon.1260 – Securelist". Viruslist.com. Archived from the original on 2012-09-19. Retrieved 2010-07-10.
  19. "V2PX". Vil.nai.com. Archived from the original on 2009-07-22. Retrieved 2010-07-10.
  20. "What we detect – Securelist". Viruslist.com. Archived from the original on 2009-07-13. Retrieved 2010-07-10.
  21. "Leandro", Threat Encyclopedia, Trend Micro, 9 March 2000. Retrieved 9 September 2013.
  22. "Freddy Virus", Virus Information Summary List, December 1992. Retrieved 9 September 2013.
  23. "Glossary – Securelist". Viruslist.com. Retrieved 2010-07-10.
  24. "Wscript.KakWorm". Symantec. Retrieved 2012-03-29.
  25. "Kournikova computer virus hits hard". BBC News. February 13, 2001. Retrieved April 9, 2010.
  26. Evers, Joris (May 3, 2002). "Kournikova virus maker appeals sentence" . Retrieved 20 November 2010.
  27. "Magistr - the Virus Encyclopedia". The Virus Encyclopedia. Retrieved 21 October 2021.
  28. "MyLife Worm". Antivirus.about.com. 2002-03-07. Retrieved 2012-03-29.
  29. "The Spread of the Sapphire/Slammer Worm" . Retrieved 2012-12-14.
  30. "Slammed!". Wired. July 2003. Retrieved 2012-12-14.
  31. Sevcenco, Serghei (February 10, 2006). "Symantec Security Response: Backdoor.Graybird". Symantec. Archived from the original on December 11, 2003. Retrieved 2009-03-01.
  32. "Backdoor.Prorat". Symantec. February 13, 2007. Retrieved 2009-03-01.
  33. "Threat Description: Worm:W32/Swen". F-secure.com. Retrieved 2012-03-29.
  34. "Backdoor.Win32.Agobot.gen". Securelist. Archived from the original on 2012-03-15. Retrieved 2012-03-29.
  35. "W32.Bolgi.Worm". Symantec. Retrieved 2012-03-29.
  36. "Threat Description:Bluetooth-Worm:SymbOS/Cabir". F-secure.com. Retrieved 2012-03-29.
  37. "SymbOS.Cabir". Symantec. Retrieved 2012-03-29.
  38. "Spyware Detail Nuclear RAT 1.0b1". Computer Associates. August 16, 2004. Archived from the original on 2009-09-11. Retrieved 2009-03-01.
  39. "Vundo". McAfee. Archived from the original on 2009-02-17. Retrieved 2009-03-01.
  40. "Backdoor.Bifrose". Symantec, Inc. October 12, 2004. Retrieved 2009-02-28.
  41. "The ZLOB Show: Trojan Poses as Fake Video Codec, Loads More Threats". Trend Micro. Retrieved 2009-02-28.
  42. "Threat Description: Email-Worm:W32/Brontok.N". F-secure.com. Retrieved 2012-03-29.
  43. Peter Gutmann (31 August 2007). "World's most powerful supercomputer goes online". Full Disclosure . Retrieved 2007-11-04.
  44. Gage, Deborah (February 17, 2005). "Chinese PC virus may have hidden agenda". Seattle PI. Retrieved 2009-03-01.
  45. Kimmo (March 3, 2008). "MBR Rootkit, A New Breed of". F-Secure. Retrieved 2009-03-01.
  46. "Win32.Ntldrbot (aka Rustock)". Dr. Web Ltd. Retrieved 2009-03-01.
  47. "Virus Total". virustotal.com. July 8, 2008. Archived from the original on 2009-04-01. Retrieved 2009-03-01.
  48. "Koobface malware makes a comeback". cnet.com. April 9, 2010. Retrieved 2009-04-13.
  49. Willsher, Kim (2009-02-07). "French fighter planes grounded by computer virus". The Daily Telegraph. London. Retrieved 2009-04-01.
  50. Williams, Chris (2009-01-20). "MoD networks still malware-plagued after two weeks". The Register. Retrieved 2009-01-20.
  51. Williams, Chris (2009-01-20). "Conficker seizes city's hospital network". The Register. Retrieved 2009-01-20.
  52. "Conficker-Wurm infiziert hunderte Bundeswehr-Rechner" (in German). PC Professionell. 2009-02-16. Archived from the original on 2009-03-21. Retrieved 2009-04-01.
  53. Neild, Barry (2009-02-13). "$250K Microsoft bounty to catch worm creator". CNN. Retrieved 2009-03-29.
  54. "MS08-067: Vulnerability in Server service could allow remote code execution". Microsoft Corporation.
  55. Dancho Danchev. "Source code for Skype eavesdropping trojan in the wild". ZDNet.
  56. "Code for Skype Spyware Released to Thwart Surveillance". WIRED. 31 August 2009.
  57. Harvison, Josh (September 27, 2010). "Blackmail virus infects computers, holds information ransom". kait8.com. Archived from the original on 2016-06-11. Retrieved 20 November 2010.
  58. "Waledac Takedown Successful". honeyblog.org. February 25, 2010. Retrieved 16 November 2012.
  59. Paul, Ian (25 March 2009). "Nasty New Worm Targets Home Routers, Cable Modems". PC World. Retrieved 2009-03-26.
  60. "Alureon trojan caused Windows 7 BSoD". microsoft.com. February 18, 2010. Retrieved 2010-02-18.
  61. "VirusBlokAda News". Anti-virus.by. Retrieved 2012-03-29.
  62. Gregg Keizer (16 September 2010). "Is Stuxnet the 'best' malware ever?". InfoWorld . Archived from the original on 5 December 2012. Retrieved 16 September 2010.
  63. Stuxnet virus: worm 'could be aimed at high-profile Iranian targets’, Telegraph, 23 Sep 2010
  64. "Possible New Rootkit Has Drivers Signed by Realtek". Kaspersky Labs. 15 July 2010.
  65. "Bastard child of SpyEye/ZeuS merger appears online". The Register. 2011. Retrieved April 11, 2011. Bastard child of SpyEye/ZeuS merger appears online
  66. "SpyEye mobile banking Trojan uses same tactics as ZeuS". The Register. 2011. Retrieved April 11, 2011. SpyEye mobile banking Trojan uses same tactics as ZeuS
  67. "XP AntiSpyware 2011 – Virus Solution and Removal". Precisesecurity.com. Retrieved 2012-03-29.
  68. "Morto Worm Spreads to Weak Systems". blogs.appriver.com. 2011. Archived from the original on 2011-10-14. Retrieved 2011-08-31.
  69. "Morto Post Mortem: Dissecting a Worm". blog.imperva.com. 2011.
  70. "Laboratory of Cryptography and System Security (CrySyS)" . Retrieved 4 November 2011.
  71. "Duqu: A Stuxnet-like malware found in the wild, technical report" (PDF). Laboratory of Cryptography of Systems Security (CrySyS). 14 October 2011.
  72. "Statement on Duqu's initial analysis". Laboratory of Cryptography of Systems Security (CrySyS). 21 October 2011. Archived from the original on 2 October 2012. Retrieved 25 October 2011.
  73. "W32.Duqu – The precursor to the next Stuxnet (Version 1.4)" (PDF). Symantec. 23 November 2011. Retrieved 30 December 2011.
  74. "sKyWIper: A Complex Malware for Targeted Attacks" (PDF). Budapest University of Technology and Economics. 28 May 2012. Archived from the original (PDF) on 28 May 2012. Retrieved 29 May 2012.
  75. "NGRBot", Enigma Software Group, 15 October 2012. Retrieved 9 September 2013.
  76. "Dissecting the NGR bot framework: IRC botnets die hard", Aditya K. Sood and Richard J. Enbody, Michigan State University, USA, and Rohit Bansal, SecNiche Security, USA, with Helen Martin1 (ed.), January 2012. Retrieved 9 September 2013. (subscription required)
  77. Goodin, Dan (2013-11-27). "New Linux worm targets routers, cameras, "Internet of things" devices". Ars Technica . Retrieved October 24, 2016.
  78. Sterling, Bruce (2014-01-29). "Linux.Darlloz, the Internet-of-Things worm". Wired . Retrieved 24 October 2016.
  79. "Attack of Things!". Level 3 Threat Research Labs. 25 August 2016. Retrieved 6 November 2016.
  80. Ballano, Mario (1 Oct 2015). "Is there an Internet-of-Things vigilante out there?". Symantec . Retrieved 14 November 2016.
  81. "linux.wifatch". The White Team. October 5, 2015. Retrieved 15 November 2016.
  82. Cimpanu, Catalin (Oct 7, 2015). "Creators of the Benevolent Linux.Wifatch Malware Reveal Themselves". Softpedia . Retrieved 14 November 2016.
  83. Oberhaus, Daniel (July 9, 2016). "Watch This Malware Turn a Computer into a Digital Hellscape". Motherboard . Retrieved July 4, 2018.
  84. Dean, Madeleine (August 26, 2016). "MEMZ virus: what is it and how it affects Windows PC?". Windows Report. Retrieved July 4, 2018.
  85. "Ransomware: Erpresserische Schadprogramme" Archived 2016-02-21 at the Wayback Machine , bsi-fuer-buerger.de, 9 February 2016. Retrieved 10 March 2016.
  86. "Locky ransomware on aggressive hunt for victims", Symantec.com, 18 February 2016. Retrieved 10 March 2016.
  87. "Antivirus scan for (Locky)", virustotal.com, 16 February 2016. Retrieved 10 March 2016.
  88. danielevir (19 September 2014). "'Tiny Banker' Malware Attempted At Customers Of US Banks". Massive Alliance. Retrieved 10 September 2017.
  89. "Modified Tiny Banker Trojan Found Targeting Major U.S. Banks". Entrust, Inc.
  90. Jeremy Kirk (15 September 2014). "'Tiny banker' malware targets US financial institutions". PCWorld.
  91. "'Tiny Banker' Malware Targets Dozens of Major US Financial Institutions". The State of Security. 2014-09-16.
  92. "Tiny 'Tinba' Banking Trojan Is Big Trouble". msnbc.com. 2012-05-31.
  93. "What is Pegasus spyware and how does it hack phones?". The Guardian. 18 July 2021. Retrieved 13 August 2021.
  94. The Economist , 8 October 2016, The internet of stings
  95. Bonderud, Douglas (October 4, 2016). "Leaked Mirai Malware Boosts IoT Insecurity Threat Level". securityintelligence.com. Retrieved 20 October 2016.
  96. "Today the web was broken by countless hacked devices". theregister.co.uk. 21 October 2016. Retrieved 24 October 2016.
  97. "Blame the Internet of Things for Destroying the Internet Today". Motherboard. VICE. 2016-10-21. Retrieved 27 October 2016.
  98. Wong, Julia Carrie; Solon, Olivia (2017-05-12). "Massive ransomware cyber-attack hits 74 countries around the world". The Guardian. ISSN   0261-3077 . Retrieved 2017-05-12.
  99. Solon, Olivia (2017-05-13). "'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack". The Guardian. ISSN   0261-3077 . Retrieved 2017-05-13.
  100. Khandelwal, Swati. "It's Not Over, WannaCry 2.0 Ransomware Just Arrived With No 'Kill-Switch'". The Hacker News. Retrieved 2017-05-14.
  101. "Petya ransomware outbreak: Here's what you need to know" . Retrieved 10 September 2017.
  102. "Ransom.Petya - Symantec". www.symantec.com. Retrieved 10 September 2017.
  103. "'Petya' Ransomware Outbreak Goes Global — Krebs on Security". krebsonsecurity.com. 28 June 2017. Retrieved 10 September 2017.
  104. "New malware steals users' money through mobile phones: Report". The Economic Times. 10 September 2017. Retrieved 10 September 2017.
  105. "Xafecopy Trojan, a new malware detected in India; it disguises itself as an app to steals money via mobile phones". Tech2. 2017-09-10. Retrieved 10 September 2017.
  106. "Kedi RAT can steal your information and send it through gmail".
  107. "Beware the Kedi RAT pretending to be a Citrix file that Gmails home". 2017-09-12.
  108. Abrams, Lawrence (February 26, 2018). "Thanatos Ransomware Is First to Use Bitcoin Cash. Messes Up Encryption". Bleeping Computer . Retrieved June 25, 2019.
  109. AMR, GReAT (8 November 2019). "Titanium: the Platinum group strikes again". Kaspersky Lab . Retrieved 9 November 2019.