A Short History of Computer Viruses and Attacks

_____Web Special_____ • Cyber-Attacks by Al Qaeda Feared (The Washington Post, Jun 27, 2002) • White House Pushing Cybersecurity Insurance (TechNews.com, Jun 27, 2002) • Related Documents and Resources On The Web (TechNews.com, Jun 26, 2002) • Timeline: The U.S. Government and Cybersecurity (TechNews.com, Jun 26, 2002) • Key Players in U.S. Government's Cybersecurity Efforts (TechNews.com, Jun 26, 2002) _____Cybersecurity_____ • White House Slows Cybersecurity Planning (TechNews.com, Sep 16, 2002) • Administration Pares Cyber-Security Plan (The Washington Post, Sep 10, 2002) • Internet Security Not Pressing to All (The Washington Post, Sep 9, 2002) • More Security News E-Mail This Article Printer-Friendly Version Subscribe to print edition

Compiled by Brian Krebs
washingtonpost.com Staff Writer
Wednesday, September 18, 2002; 12:00 AM

1945: A moth is found trapped between relays in a computer operated by the U.S. Navy. From then on, problems with computers are referred to as "bugs," and the process of removing them is called "debugging."

1949: Hungarian scientist John von Neumann (1903-1957) devises the theory of self-replicating programs.

1960: AT&T introduces its Dataphone, the first commercial modem.

1963: Programmers develop the American Standard Code for Information Interchange (ASCII), a simple computer language that allows machines produced by different manufacturers to exchange data. 1969: Programmers at AT&T's Bell Laboratories develop the UNIX operating system, the first multi-tasking operating system.

1969: The Advanced Research Projects Agency launches ARPANET, an early wide area network used by government research groups and universities. The network serves as the test bed for the development of communication protocols that will lead to the creation of the Internet.

1972: Future Apple Computer co-founder Steve Wozniak builds his "blue box," a tone generator that allows him to make free long-distance phone calls. Wozniak sells the device to fellow University of California-Berkeley students, eventually spawning a generation of so-called "phone freaks," or "phreakers," some of the earliest "hackers."

1974: Telenet, a commercial version of ARPANET, debuts.

1979: Engineers at Xerox Palo Alto Research Center discover the computer "worm," a short program originally designed to scour a network for idle processors. Designed to provide more efficient use of computers, the "worm" is the ancestor of modern worms, or destructive computer viruses capable of altering or erasing data on computers and often leaving infected files irretrievably corrupted.

1983: Pursuing a doctorate in electrical engineering from the University of Southern California, student Fred Cohen coins the term "computer virus," to describe a computer program that can "affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself." Anti-virus makers later capitalize on Cohen's research on virus defense techniques.

1984: In his book, "Neuromancer," author William Gibson coins the term "cyberspace," a word he used to describe the network of computers through which characters in his futuristic novels traveled.

1986: One of the first PC viruses ever created, "The Brain" is released by programmers in Pakistan.

1988: Twenty-three-year-old programmer Robert Morris unleashes a worm that that invades ARPANET computers. The small program disables roughly 6,000 computers hooked to the network by flooding their memory banks with reproduced copies of itself. Morris confesses to creating the worm out of sheer boredom and is fined $10,000 and sentenced to three years' probation.

1991: Symantec launches its "Norton Antivirus" program.

1991: Programmer Philip Zimmerman releases "Pretty Good Privacy" (PGP), a free and powerful data-encryption tool. The U.S. government begins a three-year criminal investigation on Zimmerman, alleging he broke U.S. encryption laws after his program spread rapidly around the globe. The government later dropped the charges.

1994: Inexperienced e-mail users dutifully forward an e-mail warning people not to open any message with the phrase "Good Times" in the subject line. The missive, which warns of a virus with the power to erase a recipient's hard drive, demonstrates the self-replicating power of the e-mail virus hoax that circulates in different forms today.

1998: Intruders infiltrate and take control of more than 500 military, government and private sector computer systems. The incidents -- dubbed "Solar Sunrise" after the well-known vulnerabilities in computers run on the Sun Solaris operating system -- were thought to have originated from operatives in Iraq. Investigators later learn that two California teenagers were behind the attacks. Nevertheless, the experience gives the Defense Department its first taste of what hostile adversaries with greater skills and resources would be able to do to the nation's command and control center, particularly if used in tandem with physical attacks on key pressure points.

1999: The infamous "Melissa" virus infects thousands of computers worldwide with alarming speed, causing an estimated $80 million in damage and prompting record sales of antivirus products. The virus executes a program that sends copies of itself to the first 50 names listed in the recipient's address book. The virus also infects other Microsoft Word documents on the user's hard drive, mailing them out in the same fashion as attachments.

2000: The "I Love You" virus infects millions of computers virtually overnight, using a method similar to the Melissa virus. The virus also sends passwords and usernames stored on infected computers back to the virus' author. Authorities trace the virus to a young Filipino computer student, but the Philippine government cannot prosecute him because the country has no laws against hacking and spreading computer viruses. The incident highlights the need for more global cooperation in prosecuting computer crime, many lawmakers and experts say. This spurs the creation of the European Union's global Cybercrime Treaty.

2000: Yahoo, E-bay, Amazon, Datek and dozens of other high-profile Web sites are knocked offline for up to several hours following a series of so-called "distributed denial-of-service attacks." Investigators later discover that the DDOS attacks - in which a target system is disabled by a flood of traffic from thousands of computers simultaneously - were orchestrated when the hackers co-opted powerful computers at the University of California-Santa Barbara.

2001: The "Anna Kournikova" virus, promising digital pictures of the young tennis star, mails itself to every person listed in the victim's Microsoft Outlook address book. This relatively benign virus frightened computer security analysts, who believe it was written using a software "toolkit" that allows even the most inexperienced programmer to create their own computer virus.

2001: The Code Red and Code Red II viruses or "worms," infect tens of thousands of systems running Microsoft Windows NT and Windows 2000 server software, causing an estimated $2 billion in damages.

2001: Debuting just days after the Sept. 11 attacks, the "Nimda" virus infects hundreds of thousands of computers around the world. The virus is considered the most sophisticated to surface in the wild, employing up to five different methods of infecting systems and replicating itself. Attention given to the virus is eclipsed by coverage of the Sept. 11 attacks. The virus continues to infect computers, albeit at a much slower pace.

2001: In the wake of the Sept. 11 terrorist attacks, President Bush appoints Richard Clarke to serve as America's first cybersecurity czar.

2002: Melissa virus author David L. Smith, 33, is sentenced to 20 months in federal prison.