This month marks the 20th anniversary of the first known PC virus discovered in the wild. Dubbed Brain, the virus infected the boot sector of 30Kb floppy disks, changing the disk volume label to © brain. The Brain virus also used stealth techniques to hide its presence.
Boot sector and file infecting viruses reigned for approximately seven years, until macro viruses appeared on the scene in the mid 1990s.
These early viruses spread by 'sneakernet', handed off from person to person as they unknowingly shared infected floppy disks. As such, it took a considerable amount of time for a virus to spread beyond its original location. In the case of the Brain virus, it was a full year before it appeared in the U.S, reportedly at the University of Delaware in 1987.
Other notable viruses in the first two years include:
Lehigh virus; discovered in November 1987, the Lehigh virus was the first to infect command.com (an essential system startup file and not the name of a website). The virus was so named because it was initially discovered at Lehigh University.
Jerusalem virus; discovered in December 1987, the Jerusalem was the first memory resident file infector. The Jerusalem virus was so named because it was first discovered at the University of Israel.
Stoned virus; discovered in December 1987, the Stoned virus was the first MBR infector and is thought to have orignated in New Zealand.
Morris worm; discovered in November 1988, the Morris worm is the most infamous worm of the era. The Morris worm exploited several UNIX vulnerabilities in order to spread and is estimated to have virtually crippled 10% of the Internet before it was finally stopped. The worm was named after its author, Robert Morris, a Cornell graduate student at the time.
In 1990, the industry witnessed the first combination threats that used multipartite, stealth, polymorphic, and armored techniques. Additionally, the first virus mutation engine was discovered.
In 1991, the second most infamous virus of the period appeared. The Michelangelo virus attracted huge media focus (possibly a backlash from the Morris worm). The Michelangelo virus was an MBR and boot sector infector so named because it delivered a March 6th payload (Michelangelo's birthday), overwriting cirtical drive sectors on that day. Contrary to media predictions, the number of Michelangelo victims was low as, like its predecessors, Michelangelo spread by sneakernet and thus the actual number of infected users was minimal.