A short history of Christmas malware

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Since the very earliest days of computer viruses, malware authors have been inspired by the Christmas holidays when developing attacks.

Here’s a quick, and probably incomplete, history of some of the Christmas-related malware that we have seen over the years.

Christmas 1987
“Christmas Tree” (also known as “CHRISTMA EXEC”), which spread in December 1987, was an early example of an email-aware worm.

Using the subject line

“Let this exec run and enjoy yourself!”

the worm would display EBCDIC character art of a Christmas tree and forward itself via email to other users if activated.

The worm was blamed on a German student, who claimed he just wanted to send greetings to his friends.

In 1990, the Christmas Tree worm resurfaced, forcing IBM to shut down its 350,000 network of terminals.

Christmas 1999
The WM97/Melissa-AG…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.