1986:
這一年第一個計算機病毒面世,它感染引導區,由名叫Basit和Amjad兩個人編寫。
他們給這個程序命名“病毒”是因爲它可以感染別的計算機和磁盤!這個病毒並沒有名字,它也不傳染,且只能感染360KB的軟盤!
同時一個叫Ralf Burger的程序員製作了第一個文件感染病毒,他把他這個程序命名爲VIRDEM!這個病毒可以感染當前目錄下所有的COM文件。Burger寫了一本關於計算機病毒的書,因爲這很多人開始編寫像VIRDEM的病毒。
1987:
在1987年著名的引導區病毒”Brain”產生了,如果從一個感染的磁盤啓動,你就會看到“(c)Brain”這個標記!Brain感染所有的磁盤,不僅僅是360KB的磁盤,因此Brain可以在全世界很多的情況下被發現。
同時在這一年另外一個病毒被寫了出來,”Lehign”病毒。它是一個非常不成功的病毒,因爲它只可以感染COMMAND.COM
Vienna病毒在澳大利亞傳播,它是一個普通的.COM感染病毒。
在以色列,另外一個程序員開始寫病毒,它最先命名Shriv-01.它是一個常駐內存的病毒,並且可以感染所有的.COM文件。這是一個更好的策略跟那些像Vienna非常駐的病毒比起來,他的第二個病毒叫着Suriv-02.這個第一個感染.EXE文件的病毒。Suriv-03是他的第三個病毒,它是一個常駐的可以感染.EXE和.COM的病毒,這個病毒又被反病毒程序叫着”JERUSALEM”。
在惠靈頓大學一個學生製作了 Stoned病毒,它可以感染引導區和硬盤。
1988:
在那一年,很多程序員開始去寫病毒。
最著名的病毒是”VIRUS-B”. 它感染當前目錄下的所有的.COM文件。
1989:
Datacrime病毒被寫出來,他是一個像Burger病毒一樣被重寫的程序,但是他可以摧毀感染計算機上的所有的文件。
IBM製作了第一個反病毒程序。
1990:
在保加利亞第一個Virus Groub被發現,它被命名爲BBS。
這個病毒變得很複雜,因此AV(反病毒)必須做很多的工作去分析和理解這些程序。
在1990年末一些AVs發現EICARGroup,因爲他們知道,他們必須聯合起來。
1991:
在這一年的開始只有將近250只能怪病毒,但是到了12月的時候AVs找到1100種左右病毒。
Tequila是第一個完全多行的病毒,它是在瑞士被寫出來並且得到了廣泛的傳播,這個病毒也使用了完全隱身技術。到這一年末,出現了很多多行的病毒,那就意味着反病毒研究者需要做更多的工作,因爲他們需要更深入的分析。
一個叫Dark Avenger的病毒編寫者編寫了一個多行的病毒,這個病毒有將近4000000000種不同的形式
1992:
1992年一月來自DarkAvenger的SelfMutating Engine(MtE,自動變異引擎)出現了,如果那個程序被包含在一個正常的病毒源代碼裏面,這個病毒就變成了完全多形的。
另外一個受歡迎的病毒是STARSHIP,他是一個多形的病毒,它使用了一些反調試的棋牌哦!它僅感染複製進軟盤的文件,因反病毒程序的校驗和。
1992年最大的事是Michaelangelo,它在3月6號向5000-10000臺電腦攤牌(showdown)。
在8月第一個病毒生成器被開發出來,開始是VCL(VirusCreation Laboratory),然後是DarkAngel的Phalcom/SkismMass-Produced Code Generator. 將近30種的這種病毒開始傳播。
1993:
一個新的VX團隊被發現在荷蘭:Trident。這個團隊開發了另外一個多形的引擎叫做GIRAFE。這讓分析和偵測這病毒和去避免誤報變得更加困難。
同樣NED團隊開發了一個叫Itshard的多形的引擎,它比MtE更加有欺騙性。
Dark Angel寫了他的多形引擎DAME(DarkAngel’s Muliple Encrytor).它並沒有像MtE一樣成功,因爲它在每個DAME病毒裏面都寫在同一行。
1986:
The firstcomputervirus was written. It was a bootsector-Infector and wereprogramed by two men named Basit and Amjad.
They namedthere program "virus" because it was able to infect other computersand disks! This virus hadn't a name and it
didn't becomespread. The virus only infected 360 kb flobby disks!
Meanwhile aprogrammer named Ralf Burger made the first file infection virus.He named his "program" VIRDEM!
This virus wasable to infect all COM files in the current dir. Burger wrote abook about computer viruses, because of this
many peopleprogramed viruses like the first "burger"-virus!
1987:
In 1987 thefamouse bootsector virus "Brain" became programed! If start from ainfected disk, you will see the label "(c) Brain"!
Brain infectedall disk, not only 360kb disks, so brain could be found in the mostcases in the world.
In that year aother virus was written, the "Lehigh"-virus. It was a veryunsuccessfully virus, because it infected only theCOMMAND.COM.
The Viennavirus spreded in Austria. It was a normal .COM infectionvirus.
In Israel,another programmer begun to write virus. His first named Suriv-01.It was a memory resident virus and was able to infect all .COMfiles.
It was a muchbetter strategy than than a non-resident virus likevienna.
His secondvirus named Suriv-02. This was the first .EXE infectionvirus.
Suriv-03 washis third virus. It was a resident .EXE and .COM infector. Thisvirus is named "JERUSALEM" from AV programs.
In theUniversity of Wellington a student made the "Stoned"-virus! Itinfected the bootsector of disks and hard disks!
1988:
In that year,many programmer begun to write viruses.
The mostfamouse virus was the "VIRUS-B". It infected every .COM file in thecurrent dir!
1989:
"Datacrime"-virus was written. It was a overwritingfile-virus like the "burger"-viruses. but it destroyed the wholefiles on the infect computer.
IBM made thefirst Anti Virus program.
1990:
In Bulgarianthe first Virus Groub was found and it named BBS.
The virusesbecame very complex, so the AVs had much work to analyz andunderstand these programs!
In the end of1990 the some AVs found the EICAR group, because they know, theyhad to organize!
1991:
In thebeginnig of that year there were about 250 viruses, but by December1991 the AVs were counting about 1100 viruses.
"Tequila" wasthe first full polymorph virus. It was written is Swizerland and itwas very widespreaded! This virus also used full stealthtechnique.
By the end ofthat year there were a few dozen of polymoprph viruses, that meantmuch work for the Anti Virus Researcher, because they need a deeperanalyz.
A Virusprogrammer named Dark Avenger coded a polymorph virus, which hadabout 4.000.000.000 different form.
1992:
January 1992saw the Self Mutating Engine (MtE) from Dark Avenger. If thatprogram was included into a normal Virus Sourec Code, the virusbecame totally polymorph.
An otherpopulary virus at that time was "STARSHIP". It was a polymorphvirus, which used some anti-debugging tricks! Starship infectedonly files, which was copied to a floppy disk, because of theChecksumming from AV-programs.
The greatestevent in 1992 was "Michelangelo". It showdown about 5.000-10.000computers on March the 6th.
In August thefirst serious virus generator was developed. First the VCL (VirusCreation Laboratory), than Dark ANgel's Phalcom/Skism Mass-ProducedCode Generator. Nearly 30 of this viruses becomespreaded.
1993:
A new VX-groubwas founded in Holland: Trident. This group developed an otherpolymorph Engine named GIRAFE. It was much harderto analyz and to detect that viruses and to avoid fals alarmingon.
Also the NEDgroup developed a Polymorph Engine named "Itshard". It was moretricky than the MtE.
Dark Angelcoded his polymorph Engline DAME (Dark ANgel's Muliple Encrytor).It was not as successful as MtE, because it wrote the same line inevery DAME-virus.
I hope you hadfun by reading this...
greets,
SeCoNd PaRt ToHeLl
www.spth.de.vu