Timeline of computer viruses and worms
From Wikipedia, the free encyclopedia
(Redirected from Notable computer viruses and worms)
Not to be confused with List of computer worms.
- 1 1949
- 2 1970–1979
- 3 1980–1989
- 4 1990–1999
- 5 2000–2009
- 6 2010 and later
- 7 See also
- 8 References
- 9 External links
- John von Neumann's article on the "Theory of self-reproducing automata" is published. The article is based on lectures given by von Neumann at the University of Illinois about the "Theory and Organization of Complicated Automata" in 1949.
- The Creeper system, an experimental self-replicating program, is written by Bob Thomas at BBN Technologies to test John von Neumann's theory. Creeper infected DEC PDP-10 computers running the TENEX operating system. Creeper gained access via the ARPANET and copied itself to the remote system where the message, "I'm the creeper, catch me if you can!" was displayed. The Reaper program was later created to delete Creeper.
- The Rabbit (or Wabbit) virus, more a fork bomb than a virus, is written. The Rabbit virus makes multiple copies of itself on a single computer (and was named "Rabbit" for the speed at which it did so) until it clogs the system, reducing system performance, before finally reaching a threshold and crashing the computer.
- April: ANIMAL is written by John Walker for the UNIVAC 1108. ANIMAL asked a number of questions of the user in an attempt to guess the type of animal that the user was thinking of, while the related program PERVADE would create a copy of itself and ANIMAL in every directory to which the current user had access. It spread across the multi-user UNIVACs when users with overlapping permissions discovered the game, and to other computers when tapes were shared. The program was carefully written to avoid damage to existing file or directory structures, and not to copy itself if permissions did not exist or if damage could result. Its spread was therefore halted by an OS upgrade which changed the format of the file status tables that PERVADE used for safe copying. Though non-malicious, "Pervading Animal" represents the first Trojan "in the wild".
- The novel The Shockwave Rider by John Brunner is published, coining the word "worm" to describe a program that propagates itself through a computer network.
|This section does not cite any references or sources. (April 2015)|
- On Friday April 13, 1979, at Millersville University of Pennsylvania (formerly Millersville State College), two seed instructions were placed within a random user's card deck and were executed once the card deck was loaded into the UNIVAC 90/70 by the computer operator. The seed instructions pulled a principal application into the random user’s account, from another user account and then executed the principal application. The principal application hibernated until 5:55pm EST, created a simple 10-line batch file, loaded two instructions within virtual memory that were time delayed, and then terminated. The first time delayed instruction waited 1 second, deleted the principal application, then disappeared from virtual memory once it had executed. The second time delayed instruction, waited 2 seconds, executed the simple 10-line self-replicating batch file, and then disappeared from virtual memory once it had executed. The 10-line batch file then executed itself ten more times every time that it was executed. Lastly, once all of the UNIVAC 90/70's processor memory was consumed by calls to execute the batch file, the system shutdown with nothing remaining except for a simple 10-line batch file containing 10 identical lines of code, each line being a simple instruction to execute the batch file.
- No conclusive evidence resulted in the determination of a culprit. All users that accessed the system on Friday the 13th had their accounts suspended. Once the culprit identified himself he was required to pay a fine equal to the hourly rate of the computer operator who restored the operation of the computer, determined the cause of the system failure, and identified the users who had accessed the system on Friday the 13th.
- The college system sustained no permanent damage and once it was rebooted, normal operations resumed. The college did however implement a policy where by all future computer users were required to sign a statement, promising to not maliciously use the computer.
- A program called Elk Cloner, written for Apple II systems, was created by Richard Skrenta. The Apple II was seen as particularly vulnerable due to the storage of its operating system on floppy disk. Elk Cloner's design combined with public ignorance about what malware was and how to protect against it led to Elk Cloner being responsible for the first large-scale computer virus outbreak in history.
- November: The term 'virus' is coined by Frederick Cohen in describing self-replicating computer programs. In 1984 Cohen uses the phrase "computer virus" – as suggested by his teacher Leonard Adleman – to describe the operation of such programs in terms of "infection". He defines a 'virus' as "a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself." Cohen demonstrates a virus-like program on a VAX11/750 system at Lehigh University. The program could install itself in, or infect, other system objects.[not in citation given]
- A very early Trojan Horse designed for the IBM PC called ARF-ARF was downloaded from BBS sites and claimed to “Sort” the DOS Diskette Directory. This was a very desirable feature because DOS didn’t list the files in alphabetical order in 1983. Instead, the program deleted all of the files on the diskette, cleared the screen and typed ARF – ARF. ARF was a reference to the common “Abort, Retry Fail” message you would get when a PC could not boot from a diskette.[not in citation given]
- August: Ken Thompson publishes his seminal paper, Reflections on Trusting Trust, in which he describes how he modified a C compiler so that when used to compile a specific version of the Unix operating system, it inserted a backdoor into the login command, and when used to compile itself, it inserted the backdoor insertion code, even if neither the backdoor nor the backdoor insertion code were present in the source code.
- January: The Brain boot sector virus is released. Brain is considered the first IBM PC compatible virus, and the program responsible for the first IBM PC compatible virus epidemic. The virus is also known as Lahore, Pakistani, Pakistani Brain, and Pakistani flu as it was created in Lahore, Pakistan by 19 year old Pakistani programmer, Basit Farooq Alvi, and his brother, Amjad Farooq Alvi.
- December: Ralf Burger presented the Virdem model of programs at a meeting of the underground Chaos Computer Club in Germany. The Virdem model represented the first programs that could replicate themselves via addition of their code to executable DOS files in COM format.
- Appearance of the Vienna virus, which was subsequently neutralized—the first time this had happened on the IBM platform.
- Appearance of Lehigh virus (discovered at its namesake university), boot sector viruses such as Yale from USA, Stoned from New Zealand, Ping Pong from Italy, and appearance of first self-encrypting file virus, Cascade. Lehigh was stopped on campus before it spread to the wild, and has never been found elsewhere as a result. A subsequent infection of Cascade in the offices of IBM Belgium led to IBM responding with its own antivirus product development. Prior to this, antivirus solutions developed at IBM were intended for staff use only.
- October: The Jerusalem virus, part of the (at that time unknown) Suriv family, is detected in the city of Jerusalem. The virus destroys all executable files on infected machines upon every occurrence of Friday the 13th (except Friday 13 November 1987 making its first trigger date May 13, 1988). Jerusalem caused a worldwide epidemic in 1988.
- November: The SCA virus, a boot sector virus for Amigas appears, immediately creating a pandemic virus-writer storm. A short time later, SCA releases another, considerably more destructive virus, the Byte Bandit.
- December: Christmas Tree EXEC was the first widely disruptive replicating network program, which paralyzed several international computer networks in December 1987.
- March 1: The Ping-Pong virus (also called Boot, Bouncing Ball, Bouncing Dot, Italian, Italian-A or VeraCruz), an MS-DOS boot sector virus, is discovered at University of Turin in Italy.
- June: The CyberAIDS and Festering Hate Apple ProDOS viruses spreads from underground pirate BBS systems and starts infecting mainstream networks. Festering Hate was the last iteration of the CyberAIDS series extending back to 1985 and 1986. Unlike the few Apple viruses that had come before which were essentially annoying, but did no damage, the Festering Hate series of viruses was extremely destructive, spreading to all system files it could find on the host computer (hard drive, floppy, and system memory) and then destroying everything when it could no longer find any uninfected files.
- November 2: The Morris worm, created by Robert Tappan Morris, infects DEC VAX and Sun machines running BSD UNIX that are connected to the Internet, and becomes the first worm to spread extensively "in the wild", and one of the first well-known programs exploiting buffer overrun vulnerabilities.
- October: Ghostball, the first multipartite virus, is discovered by Friðrik Skúlason. It infects both executable .COM-files and boot sectors on MS-DOS systems. It captures certain information entered or saved by the user, with the corresponding threat to privacy, causes the loss of information stored on the computer, either specific files or data in general, affects the productivity of the computer, the network to which it’s connected or other remote sites, decrease the security level of the computer, but does not automatically spread itself.
- Mark Washburn, working on an analysis of the Vienna and Cascade viruses with Ralf Burger, develops the first family of polymorphic viruses, the Chameleon family. Chameleon series debuted with the release of 1260.
- March: The Michelangelo virus was expected to create a digital apocalypse on March 6, with millions of computers having their information wiped, according to mass media hysteria surrounding the virus. Later assessments of the damage showed the aftermath to be minimal. John McAfee had been quoted by the media as saying that 5 million computers would be affected. He later said that, pressed by the interviewer to come up with a number, he had estimated a range from 5 thousand to 5 million, but the media naturally went with just the higher number.
- "Leandro" or "Leandro & Kelly" and "Freddy Krueger" spread quickly due to popularity of BBS and shareware distribution.
- April: OneHalf is a DOS-based polymorphic computer virus.
- The first Macro virus, called "Concept", is created. It attacked Microsoft Word documents.
- "Ply" — DOS 16-bit based complicated polymorphic virus appeared with built-in permutation engine.
- Boza, the first virus designed specifically for Windows 95 files arrives.
- Laroux, the first Excel macro virus appears.
- Staog, the first Linux virus attacks Linux machines
- June 2: The first version of the CIH virus appears. It is the first known virus able to erase flash ROM BIOS content.
- January 20: The Happy99 worm first appeared. It invisibly attaches itself to emails, displays fireworks to hide the changes being made, and wishes the user a happy New Year. It modifies system files related to Outlook Express and Internet Explorer (IE) on Windows 95 and Windows 98.
- March 26: The Melissa worm was released, targeting Microsoft Word and Outlook-based systems, and creating considerable network traffic.
- June 6: The ExploreZip worm, which destroys Microsoft Office documents, was first detected.
- May 5: The ILOVEYOU worm, also known as Love Letter, or VBS, or Love Bug worm, is a computer worm purportedly created by a Filipino computer science student. Written in VBScript, it infected millions of Windows computers worldwide within a few hours of its release. Using social engineering techniques, it is considered to be one of the most damaging worms ever.
- June 28: The Pikachu virus is believed to be the first computer virus geared at children. It contains the character "Pikachu" from the Pokémon series, and is in the form of an e-mail titled "Pikachu Pokemon" with the message: "Pikachu is your friend." The attachment to the email has "an image of a pensive Pikachu", along with a message stating, "Between millions of people around the world I found you. Don’t forget to remember this day every time MY FRIEND." Along with the image, there is a program, written in Visual Basic 6, called "
pikachupokemon.exe" that modifies the AUTOEXEC.BAT file and adds a command for removing the contents of directories C:\Windows and C:\Windows\System at computer's restart. But, a message would pop up during startup, asking the user if they would like to delete the contents. The affected operating systems are Windows 95, Windows 98 and Windows Me.
- February 11: The Anna Kournikova virus hits e-mail servers hard by sending e-mail to contacts in the Microsoft Outlook addressbook. Its creator, Dutchman Jan de Wit, was sentenced to 150 hours of community service.
- May 8: The Sadmind worm spreads by exploiting holes in both Sun Solaris and Microsoft IIS.
- July: The Sircam worm is released, spreading through Microsoft systems via e-mail and unprotected network shares.
- July 13: The Code Red worm attacking the Index Server ISAPI Extension in Microsoft Internet Information Services is released.
- August 4: A complete re-write of the Code Red worm, Code Red II begins aggressively spreading onto Microsoft systems, primarily in China.
- September 18: The Nimda worm is discovered and spreads through a variety of means including vulnerabilities in Microsoft Windows and backdoors left by Code Red II and Sadmind worm.
- October 26: The Klez worm is first identified. It exploits a vulnerability in Microsoft Internet Explorer and Microsoft Outlook and Outlook Express.
- February 11: The Simile virus is a metamorphic computer virus written in assembly.
- Beast is a Windows-based backdoor Trojan horse, more commonly known as a RAT (Remote Administration Tool). It is capable of infecting almost all versions of Windows. Written in Delphi and released first by its author Tataye in 2002, its most current version was released October 3, 2004
- March 7: Mylife is a computer worm that spread itself by sending malicious emails to all the contacts in Microsoft Outlook.
- August 30: Optix Pro is a configurable remote access tool or trojan, similar to SubSeven or BO2K.
- January 24: The SQL Slammer worm, aka Sapphire worm, Helkern and other names, attacks vulnerabilities in Microsoft SQL Server and MSDE becomes the fastest spreading worm of all time (measured by doubling time at the peak rate of growth), crashing the Internet within 15 minutes of release.
- April 2: Graybird is a trojan horse also known as Backdoor.Graybird.
- June 13: ProRat is a Turkish-made Microsoft Windows based backdoor trojan horse, more commonly known as a RAT (Remote Administration Tool).
- August 12: The Blaster worm, aka the Lovesan worm, rapidly spreads by exploiting a vulnerability in system services present on Windows computers.
- August 18: The Welchia (Nachi) worm is discovered. The worm tries to remove the blaster worm and patch Windows.
- August 19: The Sobig worm (technically the Sobig.F worm) spreads rapidly through Microsoft systems via mail and network shares.
- September 18: Swen is a computer worm written in C++.
- October 24: The Sober worm is first seen on Microsoft systems and maintains its presence until 2005 with many new variants. The simultaneous attacks on network weakpoints by the Blaster and Sobig worms cause massive damage.
- November 10: Agobot is a computer worm that can spread itself by exploiting vulnerabilities on Microsoft Windows. Some of the vulnerabilities are MS03-026 and MS05-039.
- November 20: Bolgimo is a computer worm that spread itself by exploiting a buffer overflow vulnerability at Microsoft Windows DCOM RPC Interface.
- January 18: Bagle is a mass-mailing worm affecting all versions of Microsoft Windows. There were 2 variants of Bagle worm, Bagle.A and Bagle.B. Bagle.B was discovered on February 17, 2004.
- January 23: The L10n worm (usually pronounced "lion") was a Linux worm that spread by exploiting a buffer overflow in the BIND DNS server. It was based on an earlier worm known as the Ramen worm (commonly, albeit incorrectly referred to as the Ramen Virus) which was written to target systems running versions 6.2 and 7.0 of the Red Hat Linux distribution.
- Late January: The MyDoom worm emerges, and currently holds the record for the fastest-spreading mass mailer worm.
- February 16: The Netsky worm is discovered. The worm spreads by email and by copying itself to folders on the local hard drive as well as on mapped network drives if available. Many variants of the Netsky worm appeared.
- March 19: The Witty worm is a record-breaking worm in many regards. It exploited holes in several Internet Security Systems (ISS) products. It was the fastest disclosure to worm, it was the first internet worm to carry a destructive payload and it spread rapidly using a pre-populated list of ground-zero hosts.
- May 1: The Sasser worm emerges by exploiting a vulnerability in the Microsoft Windows LSASS service and causes problems in networks, while removing MyDoom and Bagle variants, even interrupting business.
- June 15: Caribe or Cabir is a computer worm that is designed to infect mobile phones that run Symbian OS. It is the first computer worm that can infect mobile phones. It spread itself through Bluetooth. More information can be found on F-Secure and Symantec.
- August 16: Nuclear RAT (short for Nuclear Remote Administration Tool) is a backdoor trojan that infects Windows NT family systems (Windows 2000, Windows XP, Windows 2003).
- August 20: Vundo, or the Vundo Trojan (also known as Virtumonde or Virtumondo and sometimes referred to as MS Juan) is a trojan known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehaviour including performance degradation and denial of service with some websites including Google and Facebook.
- October 12: Bifrost, also known as Bifrose, is a backdoor trojan which can infect Windows 95 through Vista. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attack.
- December: Santy, the first known "webworm" is launched. It exploited a vulnerability in phpBB and used Google in order to find new targets. It infected around 40000 sites before Google filtered the search query used by the worm, preventing it from spreading.
- August 2005: Zotob
- October 2005: The copy protection rootkit deliberately and surreptitiously included on music CDs sold by Sony BMG is exposed. The rootkit creates vulnerabilities on affected computers, making them susceptible to infection by worms and viruses.
- Late 2005: The Zlob Trojan, is a Trojan horse program that masquerades as a required video codec in the form of the Microsoft Windows ActiveX component. It was first detected in late 2005.
- Bandook or Bandook Rat (Bandook Remote Administration Tool) is a backdoor Trojan horse that infects the Windows family. It uses a server creator, a client and a server to take control over the remote computer. It uses process hijacking / kernel patching to bypass the firewall, and let the server component hijack processes and gain rights for accessing the Internet.
- January 20: The Nyxem worm was discovered. It spread by mass-mailing. Its payload, which activates on the third of every month, starting on February 3, attempts to disable security-related and file sharing software, and destroy files of certain types, such as Microsoft Office files.
- February 16: discovery of the first-ever malware for Mac OS X, a low-threat trojan-horse known as OSX/Leap-A or OSX/Oompa-A, is announced.
- Late March: Brontok variant N was found in late March. Brontok was a mass-email worm and the origin for the worm was from Indonesia.
- Late September: Stration or Warezov worm first discovered.
- January 17: Storm Worm identified as a fast spreading email spamming threat to Microsoft systems. It begins gathering infected computers into the Storm botnet. By around June 30 it had infected 1.7 million computers, and it had compromised between 1 and 10 million computers by September. Thought to have originated from Russia, it disguises itself as a news email containing a film about bogus news stories asking you to download the attachment which it claims is a film.
- July: Zeus is a trojan that targets Microsoft Windows to steal banking information by keystroke logging.
- February 17: Mocmex is a trojan, which was found in a digital photo frame in February 2008. It was the first serious computer virus on a digital photo frame. The virus was traced back to a group in China.
- March 3: Torpig, also known as Sinowal and Mebroot, is a Trojan horse that affects Windows, turning off anti-virus applications. It allows others to access the computer, modifies data, steals confidential information (such as user passwords and other sensitive data) and installs more malware on the victim's computer.
- May 6: Rustock.C, a hitherto-rumoured spambot-type malware with advanced rootkit capabilities, was announced to have been detected on Microsoft systems and analyzed, having been in the wild and undetected since October 2007 at the very least.
- July 6: Bohmini.A is a configurable remote access tool or trojan that exploits security flaws in Adobe Flash 9.0.115 with Internet Explorer 7.0 and Firefox 2.0 under Windows XP SP2.
- July 31: The Koobface computer worm targets users of Facebook and Myspace. New variants constantly appear.
- November 21: Computer worm Conficker infects anywhere from 9 to 15 million Microsoft server systems running everything from Windows 2000 to the Windows 7 Beta. The French Navy, UK Ministry of Defence (including Royal Navy warships and submarines), Sheffield Hospital network, German Bundeswehr and Norwegian Police were all affected. Microsoft sets a bounty of US$250,000 for information leading to the capture of the worm's author(s). Five main variants of the Conficker worm are known and have been dubbed Conficker A, B, C, D and E. They were discovered 21 November 2008, 29 December 2008, 20 February 2009, 4 March 2009 and 7 April 2009, respectively. On December 16, 2008, Microsoft releases KB958644  patching the server service vulnerability responsible for the spread of Conficker.
- July 4: The July 2009 cyber attacks occur and the emergence of the W32.Dozer attack the United States and South Korea.
- July 15: Symantec discovered Daprosy Worm. Said trojan worm is intended to steal online-game passwords in internet cafes. It could, in fact, intercept all keystrokes and send them to its author which makes it potentially a very dangerous worm to infect B2B (business-to-business) systems.
2010 and later
- January: The Waledac botnet sent spam emails. In February 2010, an international group of security researchers and Microsoft took Waledac down.
- February 18: Microsoft announced that a BSoD problem on some Windows machines which was triggered by a batch of Patch Tuesday updates was caused by the Alureon Trojan.
- June 17: Stuxnet, a Windows Trojan, was detected. It is the first worm to attack SCADA systems. There are suggestions that it was designed to target Iranian nuclear facilities. It uses a valid certificate from Realtek.
- September 9: The virus, called "here you have" or "VBMania", is a simple Trojan horse that arrives in the inbox with the odd-but-suggestive subject line "here you have". The body reads "This is The Document I told you about, you can find it Here" or "This is The Free Download Sex Movies, you can find it Here".
- September 15: The virus called Kenzero is a virus that spreads online from Peer to peer (P2P) sites taking browsing history.
- SpyEye and Zeus merged code is seen. New variants attack mobile phone banking information.
- Anti-Spyware 2011, a Trojan horse that attacks Windows 9x, 2000, XP, Vista, and Windows 7, posing as an anti-spyware program. It actually disables security-related process of anti-virus programs, while also blocking access to the Internet, which prevents updates.
- Summer 2011: The Morto worm attempts to propagate itself to additional computers via the Microsoft Windows Remote Desktop Protocol (RDP). Morto spreads by forcing infected systems to scan for Windows servers allowing RDP login. Once Morto finds an RDP-accessible system, it attempts to log into a domain or local system account named 'Administrator' using a number of common passwords. A detailed overview of how the worm works—along with the password dictionary Morto uses—was done by Imperva.
- July 13: the ZeroAccess rootkit (also known as Sirefef or max++) was discovered.
- September 1: Duqu is a worm thought to be related to the Stuxnet worm. The Laboratory of Cryptography and System Security (CrySyS Lab) of the Budapest University of Technology and Economics in Hungary discovered the threat, analysed the malware, and wrote a 60-page report naming the threat Duqu. Duqu gets its name from the prefix "~DQ" it gives to the names of files it creates.
- May: Flame - also known as Flamer, sKyWIper, and Skywiper - a modular computer malware that attacks computers running Microsoft Windows. Used for targeted cyber espionage in Middle Eastern countries. Its discovery was announced on 28 May 2012 by MAHER Center of Iranian National Computer Emergency Response Team (CERT), Kaspersky Lab and CrySyS Lab of the Budapest University of Technology and Economics. CrySyS stated in their report that "sKyWIper is certainly the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found".
- August 16: Shamoon is a computer virus designed to target computers running Microsoft Windows in the energy sector. Symantec, Kaspersky Lab, and Seculert announced its discovery on August 16, 2012.
- September 20: NGRBot is a worm that uses the IRC network for file transfer, sending and receiving commands between zombie network machines and the attacker’s IRC server, and monitoring and controlling network connectivity and intercept. It employs a user-mode rootkit technique to hide and steal its victim’s information. This family of bot is also designed to infect HTML pages with inline frames ([HTML element#Frames|[iframes]]), causing redirections, blocking victims from getting updates from security/antimalware products, and killing those services. The bot is designed to connect via a predefined IRC channel and communicate with a remote botnet.
- September: The CryptoLocker Trojan horse is discovered. Cryptolocker encrypts the files on a user's hard drive, then prompts them to pay a ransom to the developer in order to receive the decryption key, making it the first true ransomware.
- December: Gameover ZeuS Trojan is discovered, this type of virus steals one's login details on popular Web sites that involve monetary transactions. It works by detecting a login page, then proceeds to inject a malicious code into the page, keystroke logging the computer user's details.
- November: The Regin Trojan horse is discovered. Regin is a dropper that is primarily spread via spoofed Web pages. Once downloaded, Regin quietly downloads extensions of itself, making it difficult to be detected via anti-virus signatures. It is suspected to have been created by the United States and United Kingdom over a period of months or years, as a tool for espionage and mass surveillance.
- Heartbleed, a security bug in the OpenSSL cryptography library.
- Helpful worm
- Multipartite virus
- Timeline of computer security hacker history
- von Neumann, John (1966). Arthur W. Burks, ed. Theory of self-reproducing automata (PDF). University of Illinois Press. Retrieved June 12, 2010.
- Chen, Thomas; Robert, Jean-Marc (2004). "The Evolution of Viruses and Worms". Retrieved 2009-02-16.
- Russell, Deborah; Gangemi, G T (1991). Computer Security Basics. O'Reilly. p. 86. ISBN 0-937175-71-4.
- "The very first viruses: Creeper, Wabbit and Brain", Daniel Snyder, InfoCarnivore, May 30, 2010
- "ANIMAL Source Code". Fourmilab.ch. 1996-08-13. Retrieved 2012-03-29.
- "The Animal Episode". Fourmilab.ch. Retrieved 2012-03-29.
- Craig E. Engler (1997). "The Shockwave Rider". Classic Sci-Fi Reviews. Archived from the original on 2008-07-03. Retrieved 2008-07-28.
- "First virus hatched as a practical joke", Sydney Morning Herald (AP), 3 September 2007. Retrieved 9 September 2013.
- "Fred Cohen 1984 "Computer Viruses – Theory and Experiments"". Eecs.umich.edu. 1983-11-03. Retrieved 2012-03-29.
- "The Arf-Arf Virus", Eric Peters, Eric's blog, 5 May 2013. Retrieved 9 September 2013.
- Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763.
- Leyden, John (January 19, 2006). "PC virus celebrates 20th birthday". The Register. Retrieved March 21, 2011.
- The Art of Computer Virus Research and Defense, Peter Szor, Symantec Press / Addison-Wesley Professional, 2005, ISBN 978-0-321-30454-4
- "Computer Virus!", Rob Wentworth, Reprinted from The Digital Viking, Twin Cities PC User Group, July 1996. Retrieved 9 September 2013.
- "Virus.DOS.Chameleon.1260 - Securelist". Viruslist.com. Retrieved 2010-07-10.
- "V2PX". Vil.nai.com. Retrieved 2010-07-10.
- "What we detect - Securelist". Viruslist.com. Retrieved 2010-07-10.
- "Leandro", Threat Encyclopedia, Trend Micro, 9 March 2000. Retrieved 9 September 2013.
- "Freddy Virus", Virus Information Summary List, December 1992. Retrieved 9 September 2013.
- "Glossary - Securelist". Viruslist.com. Retrieved 2010-07-10.
- "Wscript.KakWorm". Symantec. Retrieved 2012-03-29.
- "Kournikova computer virus hits hard". BBC News. February 13, 2001. Retrieved April 9, 2010.
- Evers, Joris (May 3, 2002). "Kournikova virus maker appeals sentence". Retrieved 20 November 2010.
- "MyLife Worm". Antivirus.about.com. 2002-03-07. Retrieved 2012-03-29.
- Sevcenco, Serghei (August 30, 2002). "Security Updates: Backdoor.OptixPro.12". Symantec. Retrieved 2009-03-01.
- "The Spread of the Sapphire/Slammer Worm". Retrieved 2012-12-14.
- "Slammed!". July 2003. Retrieved 2012-12-14.
- Sevcenco, Serghei (February 10, 2006). "Symantec Security Response: Backdoor.Graybird". Symantec. Retrieved 2009-03-01.
- "Backdoor.Prorat". Symantec. February 13, 2007. Retrieved 2009-03-01.
- "Threat Description: Worm:W32/Swen". F-secure.com. Retrieved 2012-03-29.
- "Backdoor.Win32.Agobot.gen". Securelist. Retrieved 2012-03-29.
- "W32.Bolgi.Worm". Symantec. Retrieved 2012-03-29.
- "Threat Description:Bluetooth-Worm:SymbOS/Cabir". F-secure.com. Retrieved 2012-03-29.
- "SymbOS.Cabir". Symantec. Retrieved 2012-03-29.
- "Spyware Detail Nuclear RAT 1.0b1". Computer Associates. August 16, 2004. Retrieved 2009-03-01.[dead link]
- "Vundo". McAfee. Retrieved 2009-03-01.
- "Backdoor.Bifrose". Symantec, Inc. October 12, 2004. Retrieved 2009-02-28.
- "The ZLOB Show: Trojan Poses as Fake Video Codec, Loads More Threats". Trend Micro. Retrieved 2009-02-28.
- "Threat Description: Email-Worm:W32/Brontok.N". F-secure.com. Retrieved 2012-03-29.
- Peter Gutmann (31 August 2007). "World's most powerful supercomputer goes online". Full Disclosure. Retrieved 2007-11-04.
- Gage, Deborah (February 17, 2005). "Chinese PC virus may have hidden agenda". SeatlePI. Retrieved 2009-03-01.
- Kimmo (March 3, 2008). "MBR Rootkit, A New Breed of". F-Secure. Retrieved 2009-03-01.
- "Win32.Ntldrbot (aka Rustock)". Dr. Web Ltd. Retrieved 2009-03-01.
- "Virus Total". virustotal.com. July 8, 2008. Retrieved 2009-03-01.[dead link]
- "Koobface malware makes a comeback". cnet.com. April 9, 2010. Retrieved 2009-04-13.
- Willsher, Kim (2009-02-07). "French fighter planes grounded by computer virus". London: The Daily Telegraph. Retrieved 2009-04-01.
- Williams, Chris (2009-01-20). "MoD networks still malware-plagued after two weeks". The Register. Retrieved 2009-01-20.
- Williams, Chris (2009-01-20). "Conficker seizes city's hospital network". The Register. Retrieved 2009-01-20.
- "Conficker-Wurm infiziert hunderte Bundeswehr-Rechner" (in German). PC Professionell. 2009-02-16. Retrieved 2009-04-01.[dead link]
- Neild, Barry (2009-02-13). "$250K Microsoft bounty to catch worm creator". CNN. Retrieved 2009-03-29.
- "MS08-067: Vulnerability in Server service could allow remote code execution". Microsoft Corporation.
- "Waledac Takedown Successful". honeyblog.org. February 25, 2010. Retrieved 16 November 2012.
- "Alureon trojan caused Windows 7 BSoD". microsoft.com. February 18, 2010. Retrieved 2010-02-18.
- "VirusBlokAda News". Anti-virus.by. Retrieved 2012-03-29.
- Gregg Keizer (16 September 2010). "Is Stuxnet the 'best' malware ever?". InfoWorld. Retrieved 16 September 2010.
- Stuxnet virus: worm 'could be aimed at high-profile Iranian targets’, Telegraph, 23 Sep 2010
- "Possible New Rootkit Has Drivers Signed by Realtek". Kaspersky Labs. 15 July 2010.
- Harvison, Josh (September 27, 2010). "Blackmail virus infects computers, holds information ransom". kait8.com. Retrieved 20 November 2010.
- "Bastard child of SpyEye/ZeuS merger appears online". The Register. 2011. Retrieved April 11, 2011.
Bastard child of SpyEye/ZeuS merger appears online
- "SpyEye mobile banking Trojan uses same tactics as ZeuS". The Register. 2011. Retrieved April 11, 2011.
SpyEye mobile banking Trojan uses same tactics as ZeuS
- "XP AntiSpyware 2011 - Virus Solution and Removal". Precisesecurity.com. Retrieved 2012-03-29.
- "Morto Worm Spreads to Weak Systems". blogs.appriver.com. 2011.
- "Morto Post Mortem: Dissecting a Worm". blog.imperva.com. 2011.
- "Laboratory of Cryptography and System Security (CrySyS)". Retrieved 4 November 2011.
- "Duqu: A Stuxnet-like malware found in the wild, technical report" (PDF). Laboratory of Cryptography of Systems Security (CrySyS). 14 October 2011.
- "Statement on Duqu's initial analysis". Laboratory of Cryptography of Systems Security (CrySyS). 21 October 2011. Retrieved 25 October 2011.
- "W32.Duqu – The precursor to the next Stuxnet (Version 1.4)" (PDF). Symantec. 23 November 2011. Retrieved 30 December 2011.
- "sKyWIper: A Complex Malware for Targeted Attacks" (PDF). Budapest University of Technology and Economics. 28 May 2012. Archived from the original on 30 May 2012. Retrieved 29 May 2012.
- "NGRBot", Enigma Software Group, 15 October 2012. Retrieved 9 September 2013.
- "Dissecting the NGR bot framework: IRC botnets die hard", Aditya K. Sood and Richard J. Enbody, Michigan State University, USA, and Rohit Bansal, SecNiche Security, USA, with Helen Martin1 (ed.), January 2012. Retrieved 9 September 2013. (subscription required)
- Snopes — Compilation of viruses, worms, and Trojan horses at snopes.com.
- A short history of hacks, worms and cyberterror by Mari Keefe, Computerworld, April 2009