From Cave Paintings to the Internet A Chronological and Thematic Database on the History of Information and Media Malware Timeline

The Creeper worm,  an experimental self-replicating program written by Bob Thomas at BBN Technologies (originally Bolt, Beranek and Newman),  is generally accepted to be the first computer virus.

"Creeper infected DEC PDP-10 computers running the TENEX operating system. Creeper gained access via the ARPANET and copied itself to the remote system where the message, "I'm the creeper, catch me if you can!" was displayed. The Reaper program was created to delete Creeper" (Wikipedia article on Creeper virus, accessed 01-18-2010).

"A program called 'Elk Cloner' is credited with being the first computer virus to appear 'in the wild'—that is, outside the single computer or lab where it was created." Written by Rich Skrenta, it attached itself to the Apple DOS 3.3 operating system and spread by floppy disk.

At Lehigh University, Frederick Cohen demonstrates a virus-like program on a VAX11/750 system. The program is able to install itself to, or infect, other system objects.

In 1984 Cohen used the phrase "computer virus" – as suggested by his teacher Leonard Adleman – to describe the operation of such programs in terms of "infection". He defined a 'virus' as "a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself.”

©Brain (the industry standard name being Brain) is the first  IBM PC compatible computer virus for MS-DOS, and the program responsible for the first IBM PC compatible virus epidemic.

"It infected the boot sector of storage media formatted with the DOS File Allocation Table (FAT) file system. The virus is also known as Lahore, Pakistani, Pakistani Brain, Brain-A and UIUC. Businessweek magazine at the time called the virus the Pakistani flu" (Wikipedia article on Brain (computer virus, accessed 01-18-2010).

The first computer worm to attract wide attention, the Morris worm or Internet worm, written by Robert Tappan Morris, a graduate student at Cornell, quickly infects a great number of computers on the Internet.

"It propagated through a number of bugs in BSD Unix and its derivatives. Morris himself was convicted under the US Computer Crime and Abuse Act and received three years probation, community service and a fine in excess of $10,000."

The first recorded use of the term "phishing" (baits used to "catch financial information and passwords) occurs on the "alt.online-service. America-online" Usenet newsgroup after AOL introduces measures to prevent using fake, algorithmically generated credit card numbers to open accounts. To obtain legitimate credit card information AOL crackers resorted to phishing.

United States District Court, District of Massachusetts indicts Albert Gonzalez,  a/k/a cumbajohny, a/k/a cj, a/k/a UIN 20167996, a/k/a UIN 476747, a/ak/a soupnazi, a/k/a segvec, a/k/a klngchilli, a/k/a stanozololz, for masterminding a crime ring to use malware to steal and sell more than 170,000,000 credit card and ATM numbers from retail stores during 2005 to 2007. 

"On August 28, 2009, his [Gonzalez's] attorney filed papers with the United States District Court for the District of Massachusetts in Boston indicating that he would plead guilty to all 19 charges in the U.S. v. Albert Gonzalez, 08-CR-10223, case (the TJ Maxx case). According to reports this plea bargain would "resolve" issues with the New York case of U.S. v. Yastremskiy, 08-CR-00160 in United States District Court for the Eastern District of New York (the Dave and Busters case).

"Gonzalez could serve a term of 15 years to 25 years. He would forfeit more than $1.65 million, a condominium in Miami, a blue 2006 BMW 330i automobile, IBM and Toshiba laptop computers, a Glock 27 firearm, a Nokia cell phone, a Tiffany diamond ring and three Rolex watches. "

"His sentence would run concurrent with whatever comes out of the case in the United States District Court for the District of New Jersey (meaning that he would serve the longest of the sentences he receives)" (Wikipedia article on Albert Gonzalez, accessed 01-18-2010).

On March 26, 2010 U.S. District Court Judge Douglas P. Woodcock sentenced Gonzalez to twenty years in prison with three twenty year sentences running concurrently.

"The sentence imposed by U.S. District Court Judge Douglas P. Woodlock was for Gonzalez's role in a hacking ring that broke into computer networks of Heartland Payment Systems, which processed credit and debit card transactions for Visa and American Express, Hannaford Supermarkets and 7-Eleven. The sentence is actually 20 years and one day, owing to the need to deal with peculiarities in sentencing statutes, because Woodlock had to take into account that Gonzalez was on pretrial release for an unrelated crime when he took up with the international network of hackers responsible for the security breaches. He was at the time supposed to be serving as an informant for the U.S. Secret Service, but he double-crossed the agency, supplying a co-conspirator with information obtained as part of those investigations" (http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2010/03/26/urnidgns852573C400693880002576EF004839D0.DTL, accessed 03-27-2010).