Viruses of the 80s
As we discussed in a recent blog post, Creeper is known as the first computer virus. However, the first malicious virus was actually created by a 15-year-old high school student named Rich Skrenta. He wrote what is now known as the Elk Cloner virus, a self-spreading personal computer virus that infected Apple II computers in 1982. This virus, unlike the Creeper, did not originate in a controlled environment. It spread via floppy disks by inserting itself into the computer’s memory once the computer was booted with the disk. Every 5th boot provided the user with a different annoyance for example, on the 15th boot the program modified the video mode causing an inverted screen text. The Elk Cloner is best known for the outcome of every 50th boot when the virus would display the message “ELK CLONER: THE PROGRAM WITH A PERSONALITY” along with a poem.
The virus spread by copying itself onto uninfected disks and during a time when disks were often shared, this meant it spread fast. Originally the virus was only meant for Skrenta’s friends who would receive an infected disk being told it contained a game. The virus didn’t have any destructive properties, Skrenta only distributed it to his friends at first. But the Elk Cloner became so significant because it proved how fast a virus could spread via disk.
The Elk Cloner, as we know it now, is a virus, but in 1982 the term had yet to be coined. Its definition came a year later in 1983, from a man named Frederick Cohen. During a security seminar at the University of Southern California, he presented a parasitic application that gained control of a computer’s operating system in minutes. He presented it as a computer virus and was the first person to showcase what had been theorized for years. The ability to do this in a controlled environment among other computer scientists demonstrated the potential of viruses. Cohen would later be known as not only the inventor of the computer virus, but a renowned computer scientist whose work consisted of computer virus defense techniques.
Four years after the Elk Cloner in 1986, another virus, called the Brain, began infecting floppy disks. It was the first PC computer virus, but it spread the same way as the Elk Cloner, via an infected disk and then copying itself to clean disks. The Brain was created by two brothers, Amjad Farooq Alvi and Basit Farooq Alvi with the intention of protecting their software from being illegally copied. When the virus booted, it displayed the phrase “Welcome to the Dungeon” and then gave information about its creators and how to contact them. After about a year of this virus spreading, the brother started to amass calls from the United Kingdom and the United States from people demanding that they help clean the virus from their computer. The surge had grown past the limit that the brothers could clean by themselves meaning many of the people affected lost significant amounts of data. Being one of the first widespread viruses, the Brain highlighted the need for security measures and antivirus software. The brothers that created the Brain actually went on to become antivirus software developers themselves.
In 1987 another virus emerged by the name Vienna. Originating in Vienna, Austria this virus spread by way of Microsoft Word documents via floppy disks. It is considered one of the first macro viruses because of its association with document files. The virus worked to destroy the files it infected and would leave behind the message “I’M THE VIENNA VIRUS” before destroying the files and restarting the computer. Unfortunately, the code was published which led to a slew of variants, all of which were destructive. The creator was never able to be identified, but the virus ended up being used as a template for many others. For example, the Ghostball virus which was notoriously hard to remove from systems.
The same year another virus was detected at Hebrew University of Jerusalem. Although largely obsolete now, at the time the Jerusalem virus was pretty destructive. It would infect a computer in various ways, via CD-ROM, floppy disks, or email attachments. The virus was made to infect both .COM and .EXE files causing the computer to slow because of the increased memory usage. The Jerusalem virus also ended up being published causing multiple variants. However, the first version was particularly destructive because of a bug in the virus that made it infect .EXE files continuously, eventually making them too big for the computer. The unique thing about this virus was that it activated every Friday the 13th and deleted all the programs that ran that day before infecting all the files it could. This makes it a great example of a logic bomb which is a program designed to cause damage only during a set time or circumstance.
The AIDS Trojan is the first instance of a ransomware virus ever documented. It was released in 1989 by Dr. Joseph Popp, who distributed it to around 20,000 attendees of the World Health Organization’s AIDS conference. The ransomware was spread via floppy disks that were labeled “AIDS Information-Introductory Diskettes” but when inserted, a vile message was revealed. This virus is considered ransomware because once the computer was booted up 90 times it infected the C drive and began encrypting all the files’ names. Then it would request that a fee of $189 be paid to a PO box located in Panama. The ransomware wasn’t very profitable as it was easy to decrypt the files and disinfect the weak virus from the computer. However, it still caused damage and demonstrated the concept of ransomware to the world.
A notable mention when talking about the history of viruses is the ANIMAL program from 1975. It caused no damage at all, but it was still a nuisance. Released by John Walker in 1975, the program was a self-replicating game structured program. The intent was for the user to think of an animal while the computer tried to guess what the user was thinking of. But while the program ran, a related program, PERVADE, would copy itself and ANIMAL into every directory on the computer. This program spread across America for about a year until an update for the Exec 8 operating system came out and the program became null and void. ANIMAL is often referred to as the first Trojan because the PERVADE program was hiding inside ANIMAL.