Timeline of computer viruses and worms

This timeline of computer viruses and worms shows important moments in the history of harmful computer programs. It includes events like the appearance of early computer viruses, computer worms, and Trojan horses, as well as research and discoveries about malware. These events help us understand how people have tried to protect their computers over time. Studying this timeline teaches us about the challenges in keeping our digital world safe and the steps we can take to defend against harmful programs.

1960s

1966

In 1966, a famous scientist named John von Neumann wrote an article called "Theory of self-reproducing automata." He shared ideas he had talked about years earlier at the University of Illinois on how complicated machines could copy themselves.

1970s

The 1970s was a time when ideas about computer viruses began to appear in stories and early computer programs. In 1970, a story called The Scarred Man was published, talking about a computer virus for the first time. In 1971, a program named Creeper was made to test a theory. It could copy itself and move between computers, leaving a message behind. Another program called Reaper was made to stop Creeper.

More stories and early programs followed. In 1972, a book named When HARLIE Was One used the word "virus" to describe a program that could infect a computer. In 1974, a program called Rabbit made many copies of itself until the computer could not work well anymore. In 1975, a game called ANIMAL and a program called PERVADE spread across computers, but they did not damage files. Finally, in 1977, a book called The Adolescence of P-1 described a program that could move through networks and even learn on its own.

1980s

1982

• A program called Elk Cloner, made for Apple II computers by a student named Richard Skrenta, began as a joke. It spread when people shared floppy disks, marking the first big outbreak of a computer virus.

1983

• In November, a computer scientist named Frederick B. Cohen started using the word "virus" to describe programs that could copy themselves into other programs. He showed how such a program could work on a computer at Lehigh University.

1984

• In August, a computer expert named Ken Thompson wrote about how someone could secretly change a tool used to build other programs, so that it would add hidden features even when no one asked for them.

1986

• In January, the Brain virus appeared, affecting IBM PC-compatible computers. It was made by two brothers in Lahore, Pakistan, and it spread widely.
• In December, a model called Virdem was shown at a meeting in Germany. This model could copy itself into other programs.

1987

• The Vienna virus appeared and was stopped, the first time this happened on IBM computers.
• Other viruses like Lehigh, Yale, Stoned, Ping Pong, and Cascade showed up. The Jerusalem virus was found in Jerusalem and could destroy files on certain days.
• In November, the SCA virus for Amiga computers spread quickly.
• In December, the Christmas Tree EXEC program caused problems for many networks around the world. It was written to send holiday messages but ended up disrupting systems.

1988

• In March, the Ping-Pong virus was found at a university in Italy.
• In June, harmful viruses called CyberAIDS and Festering Hate spread from underground systems to mainstream networks, causing major damage.
• On November 2, the Morris worm spread across the Internet, affecting many computers and becoming one of the first well-known programs to take advantage of security weaknesses.
• In December, the Father Christmas worm sent holiday greetings to users on certain networks but caused disruptions.

1989

• In October, Ghostball was found. It could infect both programs and parts of computers that start up.
• In December, thousands of floppy disks with a harmful program called the AIDS Trojan were sent to magazine readers and conference attendees. After a while, it would lock files and ask for money to unlock them.

1990s

In the 1990s, many important computer viruses and worms appeared. In 1990, the first family of special viruses called the Chameleon family was developed. In June of that year, the Form virus was found in Switzerland and stayed around for almost 20 years.

In 1992, there was a lot of worry about the Michelangelo virus, which was thought to destroy many computers but caused little damage in the end. That same year, a toy line called "Computer Warriors" and a board game called Omega Virus brought the idea of computer viruses into popular culture.

Other notable viruses from the 1990s include the OneHalf virus in 1994, the first Macro virus called Concept in 1995, and the CIH virus in 1998, which could erase important parts of a computer's memory. The Happy99 worm in 1999 hid its actions by showing fireworks and changed some system files. The Melissa virus in March 1999 caused a lot of network traffic, and the Kak worm later that year spread by using a mistake in Outlook Express. polymorphic viruses Form Michelangelo virus John McAfee Milton-Bradley Omega Virus BBS shareware OneHalf ReBoot Macro virus Staog Linux Esperanto CIH virus Happy99 New Year Outlook Express Internet Explorer Windows 95 Windows 98 Sub7 Melissa virus Microsoft Word ExploreZip Microsoft Office CTX Kak worm JavaScript

2000s

2000

• On May 5, the ILOVEYOU worm, also called the Love Letter or Love Bug worm, infected millions of Windows computers very quickly. It was written in VBScript and used tricks to get people to open it.
• On June 28, the Pikachu virus appeared. It was aimed at children and featured the character Pikachu from the Pokémon series. It affected Windows 95, Windows 98, and Windows ME.

The year 2000 also brought worries about the Y2K bug. Some computer programs only used two digits for the year, like "00" for 2000. People were afraid this might cause big problems, like making banks or power grids stop working. But after spending lots of money fixing computers, everything went smoothly when the year changed.

2001

• On February 11, the Anna Kournikova virus spread by sending emails to contacts in Microsoft Outlook address books. Its creator was ordered to do community service.
• On March 13, the Magistr worm was found. It was a complex email worm for Windows that could do different things months apart, targeting people in the law profession.
• On May 8, the Sadmind worm spread by using security holes in Sun Solaris and Microsoft IIS.
• In July, the Sircam worm appeared, spreading through Microsoft systems using email and unprotected network shares.
• On July 13, the Code Red worm attacked Microsoft Internet Information Services.
• On August 4, Code Red II started spreading even more aggressively, mainly in China.
• On September 18, the Nimda worm was discovered and spread in many ways, including using weaknesses in Microsoft Windows and backdoors left by Code Red II and the Sadmind worm.
• On October 26, the Klez worm was first seen. It used weaknesses in Microsoft Internet Explorer and Microsoft Outlook and Outlook Express.

2002

• On February 11, the Simile virus, a changing computer virus written in assembly, was found.
• Beast, a Windows-based backdoor program, was released. It could infect almost all versions of Windows.
• On March 7, the Mylife worm spread by sending harmful emails to all contacts in Microsoft Outlook.

2003

• On January 24, the SQL Slammer worm attacked weaknesses in Microsoft SQL Server and MSDE, spreading extremely fast and causing big problems on the internet.
• On April 2, the Graybird trojan was found.
• On June 13, ProRat, a Turkish-made backdoor program for Microsoft Windows, was discovered.
• On August 12, the Blaster worm spread quickly by using a weakness in Windows computers.
• On August 18, the Welchia worm was found. It tried to remove the Blaster worm and fix Windows.
• On August 19, the Sobig worm spread very fast through Microsoft systems using mail and network shares.
• On September 18, the Swen worm, written in C++, was found.
• On October 24, the Sober worm appeared on Microsoft systems and kept coming back with new versions until 2005. The Blaster and Sobig worms caused a lot of damage together.
• On November 10, the Agobot worm spread by using weaknesses in Microsoft Windows.
• On November 20, the Bolgimo worm spread by using a weakness in Microsoft Windows DCOM RPC Interface.

2004

• On January 18, the Bagle worm, affecting all versions of Microsoft Windows, was found. Two versions, Bagle.A and Bagle.B, were identified.
• On January 26, the MyDoom worm emerged and became known for spreading very fast. It also attacked a website called www.sco.com.
• On February 16, the Netsky worm was discovered. It spread through email and by copying itself to folders on computers and network drives.
• On March 19, the Witty worm spread quickly using a list of pre-selected computers.
• On May 1, the Sasser worm appeared by using a weakness in the Microsoft Windows LSASS service. It caused problems in networks and removed MyDoom and Bagle variants.
• On June 15, Caribe or Cabir, a worm designed to infect mobile phones running Symbian OS, was found. It spread through Bluetooth.
• On August 16, Nuclear RAT, a backdoor program, was found to infect Windows NT family systems like Windows 2000, Windows XP, and Windows 2003.
• On August 20, Vundo, also known as Virtumonde or Virtumondo, was found. It caused popups and ads for fake programs and could slow down computers.
• On October 12, Bifrost, a backdoor program, was found. It could infect Windows 95 through Vista.
• On October 24, potentially the first Mac OS X malware, Opener/Renepo trojan, was discovered.
• In December, Santy, the first known "webworm," was launched. It used a weakness in phpBB and Google to find new targets, infecting around 40,000 sites before being stopped.

2005

• In August 2005, Zotob, a worm that used weaknesses in Microsoft operating systems like Windows 2000, was found.
• In October 2005, a hidden program on music CDs sold by Sony BMG was exposed. This program made computers easier to infect with worms and viruses.
• In late 2005, the Zlob program was found. It looked like a video helper but could do other things instead.

2006

• On January 20, the Nyxem worm was found. It spread through email and tried to disable security programs and delete certain files on the third of every month.
• On February 14, the first self-spreading malware for Mac OS X, a low-threat worm called OSX/Leap-A or OSX/Oompa-A, was announced.
• In late March, a version of the Brontok worm was found. It spread through mass emails and came from Indonesia.
• In June, a virus called Starbucks was found that infected StarOffice and OpenOffice.
• In late September, the Stration or Warezov worm was first found.
• Development of Stuxnet was believed to have started between 2005 and 2006.

2007

• On January 17, the Storm Worm was identified. It spread quickly through emails and collected infected computers into a group called the Storm botnet. It disguised itself as a news email with a film attachment.
• In July, Zeus, a program targeting Microsoft Windows to steal banking information by recording keystrokes, was found.

2008

• On February 17, Mocmex, a program found in a digital photo frame, was the first serious computer virus on such a device. It came from a group in China.
• On March 3, Torpig, also known as Sinowal and Mebroot, was found. It turned off anti-virus programs, allowed others to access the computer, changed data, stole sensitive information, and added more malware.
• On May 6, Rustock.C, a hidden program with strong abilities to stay hidden, was found on Microsoft systems.
• On July 6, Bohmini.A, a configurable remote access tool or program, was found. It used weaknesses in Adobe Flash 9.0.115 with Internet Explorer 7.0 and Firefox 2.0 under Windows XP SP2.
• On July 31, the Koobface computer worm targeted users of Facebook and Myspace. New versions kept appearing.
• On November 21, the Conficker computer worm infected up to 15 million Microsoft server systems, including those in the French Navy, UK Ministry of Defence, Sheffield Hospital network, German Bundeswehr, and Norwegian Police. Microsoft offered a reward for information about the worm's creators. Five main versions of the worm were known, each adding new ways to protect itself.

2009

• On July 4, cyber attacks occurred in the United States and South Korea, and the W32.Dozer attack emerged.
• On July 15, Symantec found the Daprosy Worm, a program meant to steal online game passwords in internet cafes by recording all keystrokes.
• On August 24, the source code for MegaPanzer was released by its author and was found in the wild.
• On November 27, the Kenzero virus spread online from peer-to-peer networks, taking browsing history.

2010s

2010

• January: The Waledac botnet sent unwanted emails. In February 2010, security experts and Microsoft stopped Waledac.
• January: The Psyb0t worm was found. It could infect routers and fast modems.
• February 18: Microsoft said a problem with some Windows computers caused by updates was due to the Alureon Trojan.
• June 17: Stuxnet, a Windows Trojan, was found. It was the first worm to attack special computer systems and may have targeted nuclear facilities.
• September 9: A virus called "here you have" or "VBMania" arrived in emails with strange subject lines.

2011

• SpyEye and Zeus combined their code. New versions tried to steal information from mobile banking.
• Anti-Spyware 2011, a Trojan, acted like a security program but blocked real security tools and internet access.
• Summer 2011: The Morto worm tried to spread through Windows computers using a special connection method. It tried to log in using common passwords.
• July 13: The ZeroAccess rootkit (also called Sirefef or max++) was found.
• September 1: Duqu was a worm related to Stuxnet. It was discovered in Hungary and named after a special file prefix it used.

2012

• May: Flame was a complex computer threat affecting Windows computers. It was used for secret information gathering in Middle Eastern countries.
• August 16: Shamoon was a virus targeting Windows computers in the energy industry.
• September 20: NGRBot was a worm using special networks to send and receive commands and monitor connections. It could hide on computers and change web pages.

2013

• September: The CryptoLocker Trojan was found. It locked files on computers and asked for payment to unlock them.
• December: The Gameover ZeuS Trojan was found. It stole login details from websites involving money by recording keystrokes.
• December: Linux.Darlloz targeted internet-connected devices and infected routers, security cameras, and set-top boxes.

2014

• November: The Regin Trojan was found. It hiddenly downloaded more threats and was hard to detect.

2015

• The BASHLITE malware appeared, causing many attacks that disrupted internet services.
• Linux.Wifatch was found trying to protect devices from other harmful software.

2016

• January: A trick called "MEMZ" was made as a joke. It showed messages and caused problems on computers.
• February: Ransomware Locky spread fast in Europe, infecting many computers. Even good security tools had trouble stopping it at first.
• February: Tiny Banker Trojan affected many big banks in the United States. It tricked users into giving away their login details.
• August: Reports found software called Pegasus that could control smartphones without the user knowing, stealing information and tracking locations.
• September: Mirai made big attacks on internet services by using many connected devices. It caused problems for popular websites like GitHub, Twitter, Reddit, and Netflix.

2017

• May: The WannaCry ransomware attack spread worldwide. It used secrets from a government leak to spread.
• June: The Petya attack spread worldwide on Windows computers. It used similar secrets as the WannaCry ransomware attack.
• September: The Xafecopy Trojan targeted Android phones in 47 countries, stealing money through special billing systems.
• September: A new type of trick called Kedi RAT was sent in messages to Citrix users. It could hide from normal checks and talk to controllers using common web protocols.

2018

• February: Thanatos, a type of ransomware, became the first to accept payments in Bitcoin Cash.

2019

• November: Titanium was an advanced hidden malware developed by a group called PLATINUM.

2020s

2024

In March, researchers created a special computer program called Morris II to test how safe popular AI tools like ChatGPT and Gemini are. They found that these tools could be tricked into sharing secret information or sending unwanted messages. This shows that keeping these AI systems safe is very important.

Later in March, a hidden problem called the XZ Utils backdoor was found. In April, another issue named the Linux WALLSCAPE Bug was discovered. Then in June, a harmful program called Brain Cipher attacked data centers in Indonesia.