The first widely known examples of Internet worms date to 1987 and 1988, when Cornell University student Robert Morris let a worm loose on the Internet, nearly crashing the national network. Not long after, an executable virus (or worm, there's always controversy about what an attack should be called) called ChristmaExec was let loose on the IBM e-mail network. In both instances, federal investigators in the US got involved and virus writers became leery of running afoul of the Feds, said Nachenberg.
But in 1995, macro commands were introduced into Microsoft applications. This completely changed the way anti-virus companies had to think, said Roger Thompson, technical director of malicious code research at ICSA in Vancouver.
"Until then, the old chestnut was that people didn't need to look at data files," Thompson said. "All of a sudden, there were data files with executable code imbedded in them, which could carry a virus."
That probably explains why the Concept macro virus, released in 1995, was at one point the most common computer virus in the world.
Anti-virus software had to be completely rewritten because, in most cases, it did not have macro scanning capabilities. Virus writers had a new start -- a new launch mechanism in macro commands and a great way to spread their malicious commands across the growing Internet.