1. Creeper
The first real computer virus, Creeper
was released "in lab" in 1971 by an
employee of a company working on
building ARPANET, the Internet’s
ancestor, according to Guillaume Lovet,
Senior Director, FortiGuard Labs.
The Creeper searched for a machine on
the network, shifted to it, and displayed
a message on the system “I’m the
creeper, catch me if you can!” and
started over, thereby hopping from
system to system.
2. Elk Cloner
This virus was written in 1982 "by a 15-
year old as a way to booby trap his
friends' Apple II computer systems
without physical access to them, Elk
Cloner spread via floppy disks,"
according to FortiGuard Labs's Lovet.
"Infected machines displayed a harmless
poem, dedicated to the virus' glory."
3. Morris worm
Chris Larsen, Malware Lab Architect for
Blue Coat Systems, points to the Morris
worm, created in 1988 by Cornell
University student Robert Tappan
Morris, as the first internet worm.
"It's the one that got everyone's
attention and demonstrated the
possibility of computer malware for
causing chaos," adds Kevin Haley,
Director, Symantec Security Response.
4. Michelangelo
Lovet says, the dormant Michelangelo
virus was designed to awaken in 1991 on
March 6th, the birthday of Renaissance
artist Michelangelo, and erase critical
parts of infected computers’ hard
drives.
"The promises of destruction it carried
spawned a media frenzy. In the weeks
preceding March 6th, media relayed,
and some may say amplified, experts’
predictions forecasting 5 million
computers going definitively down.
These Tut Is Provided By Cyber
Elite.Yet, on March 6th, only a few
thousand data losses were reported –
and public trust in AV companies’ ethics
was tainted for a while."
5. Melissa
The Melissa virus which was breeded via
infected Microsoft Word documents was
found in 1999. The virus mailed itself to
Outlook contacts of the contaminated
user.
The bug was created to honor Melissa, a
stripper he’d met in Florida.
"Whether he conquered her heart this
way is somewhat unlikely, but one thing
is sure: the malicious code earned him
20 months in jail and a $5,000 fine,"
says Lovet.
6. I Love You
Discovered in 2000, the "I love you" or
"Love Letter" malware was not the first
example of using social engineering to
infect computers, but it was the first
massively successful one," says Haley.
The malware was the foundation of
cyber social engineering which works
even today. The concept behind was
that everyone wants to know that
someone loves them. And it also
explained to the computer users that
they can't trust everything that they
see online or receive in their inbox.
7. Anna Kournikova virus
The Anna Kournikova virus spreaded like
wildfire which distributed emails
promising a compromising picture of the
tennis star. This proved how sex sells
social engineering.
8. Code Red
In 2001, Code Red infected Web
servers, where it automatically spread
by exploiting a vulnerability in Microsoft
IIS servers, says Lovet.
Within a week's span, around 400,000
servers were infected with their
homepagesaying 'Hacked By Chinese!'
Lovet notes that Code Red had a
distinguishing feature designed to flood
the White House Website with traffic
from the infected servers, probably
making it the first case of documented
hacktivism on a large scale.
9. SQLslammer
SQL Slammer came into existance in
2003. The worm infected about every
vulnerable system within 15 minutes.
While it caused denial of service on
some hosts it dramatically slowed down
general Internet traffic. It infected
almost 75,000 victims within ten
minutes. The basis of the worm was
demonstrated at the Black Hat
Briefings by David Litchfield.
10. Sasser
Lovet says, in 2004, Sasser malware
exploited a vulnerability in Microsoft
Windows to propagate, which made it
particularly virulent. What’s more, due
to a bug in the worm’s code, infected
systems turned off every couple of
minutes.
Around one million systems were
infected. It also interrupted AFP’s
communications satellites for hours, the
Delta Airlines were required to cancel
flights, the British coast guard did
reprinting of maps and a hospital had to
redirect its emergency room because its
radiology department was completely
paralyzed by the virus. The damage
amount was estimated to be more than
$18 billion.
A $250,000 bounty was placed by
Microsoft placed on the author’s head,
who turned out to be an 18-year old
German student.
11. Mytob
One of first pieces of malware to
combine the features of a bot and a
mass-mailer, 2005's MyTob marked the
beginning of the era of botnets and of
cybercrime, says Lovet.
With this the business model of
legitimized botnet started which
included installation of spyware,
dispersal of spam, illegal content
hosting, interception of banking
credentials, blackmail, etc.
The revenue generated from botnets
which effect around 20 million
machines estimated to be several billion
dollars per year.
12. Storm botnet
By 2007, Lovet notes cybercriminals
already had lucrative business models in
place. Before then, however, botnets
were fairly fragile: By neutralizing its
unique Control Center, a botnet could
be completely neutralized, because the
bots no longer had anyone to report to
or take commands from.
He says, by implementing a peer-to-
peer architecture, Storm became the
first botnet with decentralized
command.
Storm managed to infect around 1 and
50 million systems and accounted for 8
percent of all malware running in the
world.
13. Koobface
Koobface the anagram for Facebook
came in limelight in 2008.
"It spread by pretending to be the
infected user on social networks,
prompting friends to download an
update to their Flash player in order to
view a video. The update is a copy of
the virus," explains Lovet.
14. Zeus botnet
Chris Larsen, Malware Lab Architect for
Blue Coat Systems, points to Zeus, first
discovered in 2007, as the "king of the
botnet kits."
This malware platform was used to
create a Trojan horse that stole banking
information with man-in-the-browser
keystroke logging and form grabbing.
The malware was spread mainly via
drive-by downloads and phishing
schemes.
15. Ikee
At a time when many people hadn't even
heard of 'jailbreaking' a mobile device,
Ikee threat showed up in 2009.
Ikee affected Apple's iPhone.
Although
the threat was rather harmless in
payload, but it caught people's attention
showed the world that even mobile
devices are computers and must be
protected from cyber threats just like
any other computer and flies. It also
obtained that wherever you have a
popular operating system, malware will
follow.
16. Operation Aurora
According to researchers at Kaspersky
Lab, Operation Aurora was a cyber
attack which began in mid-2009 and
lasted through December 2009.
Aurora
gave birth to the concept of advanced
persistent threats. The attack was
publicly disclosed first by Google on
January 12, 2010 in a blog post.
Originated in China the attacks hit
more than 30 organizations in the U.S.
Advanced techniques were used stay
undetected for long surations while
stealing valuable information, including
source code and intellectual property.
17. Flashback
The Flashback Trojan was first
discovered in 2011.
It mostly affected
computers running Mac OS X and using a
security flaw in Java.
Blue Coat's Larsen notes Flashback is a
"wake-up call for Mac users; no one
should be feeling smug and safe these
days."
18. Flame malware
"According to most threat researchers
today, only governments have the
necessary resources to design and
implement a virus of such complexity,"
says Lovet of Flame and similar types of
cyberespionage attacks.
Flame largely aimed on computers in the
Middle East.
In an Analysis conducted in
2012 which included the servers used to
control the Flame malware it was found
that several other related types of
malware were existing, including some
with direct connection to Stuxnet
(worm believed to be created by the
United States and Israel to attack Iran's
nuclear facilities.)
