A look at the history of Malware

Here is a very brief timeline of when and how crucial breakthroughs were made in the malicious world of malware. The multitude of deadly viruses, worms and Trojans we see around us today are a product of many years of research and progressive developments.


Researchers in this field develop the first theories and codes for self-replicating programs.


1981 – The first virus exposed to the wild

The first virus in the wild came into being even before the experimental work that defines viruses of today. Founded on the Apple II operating system, it was spread on Apple II floppy disks containing the operating system.

1983 – The first documented experimental virus

Fred Cohen carries out thorough research and submits a report on the possibility and implications of a computer virus. This is an excerpt from his paper.

On November 3, 1983, the first virus was conceived of as an experiment to be presented at a weekly seminar on computer security. The concept was first introduced in this seminar by the author, and the name ‘virus’ was thought of by Len Adleman. After 8 hours of expert work on a heavily loaded VAX 11/750 system running Unix, the first virus was completed and ready for demonstration. Within a week, permission was obtained to perform experiments, and 5 experiments were performed. On November 10, the virus was demonstrated to the security seminar.”

In short, the reality and potential of the computer virus became clear for the first time.

1984 – Fred Cohen’s definition of a virus

Fred Cohen defined a computer virus as “a computer program that can affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself.”

1986 – Brain & Virdem

Two Pakistanis named Basit and Amjad replaced the executable code in the boot sector of a floppy disk with their own code. They had developed a method of infecting it with a virus they dubbed “Brain”. It was intended to infect each 360kb floppy accessed on any drive and it spread so widely on the popular MS-DOS PC system that it is typically called the first computer virus. This is in spite of the fact that Cohen’s experiments and the Apple II virus came earlier. All the infected floppies had “© Brain” for a volume label. The first file virus, Virdem, was also created this year.

1987 – File infector Viruses, Lehigh, & Christmas Worm

The first file viruses started to appear around this time. These viruses are most concentrated on COM files; COMMAND.COM in particular. The Lehigh virus is often reported to be the first of these to infect COMMAND.COM. Other work was done to create the first EXE infector: Suriv-02 (Suriv is Virus backward). This virus eventually evolved into the famous Jerusalem virus. During this time, a fast-spreading (500,000 replications per hour) worm called the IBM Christmas Worm hit IBM mainframes and caused substantial damage.

1988 – Jerusalem, MacMag & Internet Worm

Jerusalem, one of the most common viruses in existence, was unleashed at this time. It is activated every Friday the 13 th and it affects both .EXE and .COM files, deleting any programs run on that day.

Generally considered the first Macintosh virus, MacMag is a Hypercard stack virus on the Macintosh.

The Internet Worm (Robert Morris’ creation) causes the first major Internet crisis and shuts down many computers.

1989 – AIDS Trojan

Created around this time, this Trojan is famous for literally holding data hostage. Sent out under the guise of an AIDS information program, the Trojan encrypts the user’s hard drive, preventing him access to it and demands payment for the decryption key or password.

The 1990s

1990 – Anti-virus and Virus Exchange BBS

Launched by Symantec, Norton AntiVirus was one of the first anti-virus programs developed by a large company.

The first virus exchange called (VX) BBS went online in Bulgaria,. Ideas and codes could now be exchanged freely as a result.

1991 – Tequila

Created in Switzerland , the Tequila was the first widespread polymorphic virus: it changed its appearance with each new infection in an attempt to avoid detection and counteraction.

1992 – Michelangelo, DAME, & Virus Creation Laboratory

There was a massive 420% increase in number of viruses in existence from 1991. A worldwide alert went out with claims that massive damage would occur throughout the world over the next few years. In reality, nothing happened. The Michelangelo scare predicted that 5 million computers would crash on March 6. Only 5,000–10,000 actually went down.

Not all was well, however. The Dark Avenger Mutation Engine (DAME) was created at this time and became the first toolkit used by virus creators to turn their creations into polymorphic viruses.

The Virus Creation Laboratory (VCL) became the first actual virus creation kit that same year. Creating viruses was no longer as difficult as it used to be as a result of this.

1994 – Good Times email

This hoax created waves throughout the computer community. It warned users not to open emails titled “Good Times” as the virus would activate upon opening and erase an entire hard drive.

1995 – The year of the Hacker & the first macro Virus

This was without a doubt the year of the hacker. At roughly the same time, the Griffith Air Force Base, NASA, Goddard Space Flight Center, the Korean Atomic Research Institute, and the Jet Propulsion Laboratory were all hit by hackers. On Thanksgiving, GE, IBM, Pipeline and other companies were all hit by the “Internet Liberation Front”.

Concept, the first macro virus to attack Microsoft Word, is also developed.

1996 – Boza, Laroux, & Staog

Boza was the first virus ever to be designed to specifically to corrupt Windows 95 files.

Written at this time, Staog was the first virus to attack Linux files and it was written by the same group that wrote Boza.

1998 – Back Orifice

Back Orifice is the first Trojan designed to enable the sender to get full control over the computer hit by it via the Internet.

1999 – Melissa & Bubbleboy

A very well-known virus, Melissa is the first combination of Microsoft Word macro virus and worm to use both the Outlook and Outlook Express address book to send itself to others via email. It is capable of forwarding itself to any 50 people listed in the victim’s Outlook address book. The virus also infects other Word documents and subsequently mails them out as attachments.

Bubbleboy was the first worm that would activate immediately after a user simply opened an email message in Microsoft Outlook or merely previewed the message in Outlook Express. There was no need to attach a file.