2 of 10Image
2. Christmas Tree (1987)
A single design flaw can turn a harmless joke into a weapon. The Christmas Tree Exec was a script that ran under the Rexx language and did two simple things: it drew a Christmas tree, using text for graphics, and then sent a copy of itself to everyone in the target's email contacts list.
The original started on Earn, the European Academic Research Network, and spread quickly to the US equivalent, Bitnet. The infection then hopped over to IBM's internal VNET, where it took advantage of the IBM habit of having really large address books.
As the worm depended on running in an IBM mainframe environment, it didn't spread beyond those networks. It lasted six days on Bitnet and only four on VNET, where it was finally removed by shutting down the entire network.
Photo credit: Sophos