3 of 10Image
2. Christmas Tree (1987)
A single design flaw can turn a harmless joke into a weapon. The Christmas Tree Exec was a script that ran under the Rexx language and did two simple things: it drew a Christmas tree, using text for graphics, and then sent a copy of itself to everyone in the target's email contacts list.
The original started on Earn, the European Academic Research Network, and spread quickly to the US equivalent, Bitnet. The infection then hopped over to IBM's internal VNET, where it took advantage of the IBM habit of having really large address books.
As the worm depended on running in an IBM mainframe environment, it didn't spread beyond those networks. It lasted six days on Bitnet and only four on VNET, where it was finally removed by shutting down the entire network.
Photo credit: Sophos
3. Morris worm (1988)
The first malware to be propagated widely via the internet, the Morris Worm or Great Worm hit around 6,000 of the 60,000 computers on the network in 1988.
Robert Morris (pictured), then a student at Cornell University, maintains that his worm wasn't malicious, but was designed to measure the size of the internet. Others took a different view, as the worm used a batch of security flaws in Unix and was launched surreptitiously.
It was certainly unwelcome, as it was far more aggressive at making copies of itself than it needed to be, often infecting machines multiple times, turning what might have been an easily contained annoyance into a powerful denial-of-service attack. Morris became the first person to be convicted under the 1986 US Computer Fraud and Abuse Act, and the incident led to the formation of the first Computer Emergency Response Team Coordination Center, CERT/CC.
Photo credit: Trevor Blackwell/Wikipedia
4. Melissa (1999)
Named after a lapdancer and released in a document posted to the alt.sex Usenet newsgroup, Melissa had a salacious start in life. Users who opened the document, eager to read the 80 passwords to porn sites promised within, found that the document immediately forwarded itself to the first 50 people in their address book. Which could take a whole lot of 'splainin.
The virus created so much email that many companies had to turn off their internet gateway to regain control of their systems. As a result, the writer — a 30-year-old man called David Smith — got a 20-month prison sentence, despite helping the FBI track down and nab other virus writers.
Photo credit: JR Whipple