1996

1996 started off with two interesting viruses. Boza, the first virus for Windows 95 virus, Boza, and an epidemic caused by Zhengxi; a polymorphic virus written by Denis Petrovym, a Russian programmer from Saint Petersburg.

In March of 1996, the first virus epidemic for Windows 3.x occurred, caused by Win.Tentacle. This virus infected a hospital computer network and several other organizations in France. This virus was distinguished by being the first Windows virus detected in the wild. Until then, all Windows viruses had been kept in collections, or as part of the electronic journals of virus-writers. Prior to Win.Tentacle, only boot sector, DOS, and macro viruses had previously existed in the wild.

In June of 1996, the OS2.AEP virus appeared; this was the first virus which infected OS/2 EXE files. Prior to this, viruses hadwritten themselves to the file location, destroyed the file, or employed the companion virus technique.

In July 1996, Laroux; the first Microsoft Excel virus, was detected in the wild, in two oil drilling companies in Alaska and South Africa respectively, The virus was detected in the two locations almost simultaneously, As with MS Word viruses, Laroux’s payload was based on macros, mini-programs written in the Visual Basic programming language. These programs could be infilrtrated into Excel tables just as they could be into MS Word. As it turned out, Excel’s built-in Visual Basic also allowed for the creation of viruses. It was this virus which cause an epidemic in many companies in Moscow in April 1997.

At the end of the summer, two virus writers called Nightmare Joker and Wild Worker released, almost simultaneously, two constructors for macro viruses:Word Macro Virus Construction Kit and Macro Virus Development Kit.could be used for both the English and German versions of MS Word.

In the middle of October, Microsoft was hit by another security incident provoked by a virus. The Wazzu virus was discovered in one of the site’s Word documents detailing technical support for Microsoft products in Switzerland. Later this same virus was found on a compact disc distributed by the company during the Orbit computer technology exhibition in Bazel, Switzerland. Even here, Microsoft’s problems with the Wazzu virus didn’t end. In September, the virus made its way onto Microsoft Solution Provider compact discs. In December 1996, the first memory resident Windows 95 virus appeared It loaded into the system like a VxD driver, intercepted file calls, and infected them.

1996 as a whole could also be considered to be the beginning of a widespread attack by the computer underground against the Windows 95 and Windows NT operating systems as well as against other applications like Microsoft Office. Throughout 1996 and 1997 dozens of viruses for Windows 95/NT and several hundred macro viruses.appeared. Many of these viruses used completely new techniques and innovative methods such as stealth capability and polymorphism. Consequently, computer viruses reached a new evolutionary level, now aimed at 32 bit operating systems.However, they followed the same evolutionary development as DOS viruses had done ten years ago.The antivirus landscape also changed significantly. Towards the end of the year, Cheyenne Software, developers of the antivirus program InocuLAN, was bought out by Computer Associates.