Yesterday we took a look at some of the most damaging high-profile computer viruses in history, and today we’ll be exploring some of the more obscure ones instead. The term “virus” wasn’t attached to malware until 1983, but viruses as we know them date back to the early 70’s.
These viruses didn’t necessarily make front page news in the same way as Sasser, MyDoom or the Storm Worm did, but many were the first of their kind. It’s also worth noting that many were non-destructive, with the real aim of creating a self-replicating program rather than causing data loss.
Creeper was written in 1971 by Bob Thomas who worked for BBN, and is widely considered to be the first example of a computer worm. The program was self-replicating in nature and non-destructive to data as its main purpose was to test the effectiveness of such code.
Creeper was technically not a virus due to its rather passive nature. The author commented in response to this article:
“…the creeper application was not exploiting a deficiency of the operating system. The research effort was intended to develop mechanisms for bringing applications to other machines with intention of moving the application to the most efficient computer for its task.”
Creeper did not take advantage of an exploit on the (pictured) DEC PDP-10 TENEX systems it came into contact with, and was eventually stopped with a program called Reaper, which was specifically designed to halt the spread.
1981: Elk Cloner
In 1981 a 15-year old called Rich Skrenta stumbled upon the world’s first boot sector virus, Elk Cloner for the Apple II. At the time the Apple II used floppy disks to boot into the OS, which made it particularly vulnerable to attacks.
If a user booted into the OS from an infected floppy, the virus would be copied to the computer’s memory. Any further floppy disks that were inserted into the computer once Elk Cloner was in the memory would also become infected. Whilst the code was not malicious, the user would see a poem on every 50th boot.
Skrenta’s virus was not only the first to specifically target the boot sector but also one of the first to spread “in the wild” – i.e. outside of the environment it was originally written.
Considered by many the first computer virus written for MS-DOS (and thus the IBM PC standard), Brain affected floppy disks, more specifically the boot sector of the DOS File Allocation Table (FAT), by moving the real boot sector elsewhere and marking it as “bad”. A copy of the virus replaced the real boot sector, but hard drives were specifically avoided.
The virus can be traced back to two brothers from Lahore, Pakistan – Basit and Amjad Iqbal who included the following message:
Welcome to the Dungeon © 1986 Basit * Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. Beware of this VIRUS…. Contact us for vaccination…
The virus was originally written as a copyright safeguard for medical software the pair were working on. They received phone calls from all over the world demanding inoculation, and still trade today as Brain NET, an Internet service provider.
Another first, SCA was the Commodore Amiga’s inaugural computer virus, written by the “Swiss Cracking Association” or “Mega-Mighty SCA”. The group mostly specialised in removing copy protection from floppies, and thus the SCA virus targetted the boot sector of write-enabled disks.
Every 15th reboot the following message was displayed, warning the user that they were infected:
Something wonderful has happened Your AMIGA is alive !!! and, even better…some of your disks are infected by a VIRUS !!! Another masterpiece of The Mega-Mighty SCA !!
The virus only affected write-enabled floppies but would ruin custom bootblocks, such as those used by games. The SCA virus led the same group to release the first ever Amiga virus scanner in order to remove the infection.
1988: Morris Worm
With its source code preserved on a dusty floppy in the Boston Museum of Science, the Morris worm is one of the most famous outbreaks in history – mostly due to a mistake by its author. The Morris worm was in fact one of the first spread via the Internet, and exploited known vulnerabilities within the UNIX operating system.
The worm was originally not written to be malicious, but instead to try and gather information about the size of the Internet according to its author, Robert Tappan Morris. What made the worm such an issue was its method of spreading, which would re-infect every 1 in 7 PCs that claimed to already be infected.
This proved to be overkill and it is thought that of the 60,000 machines connected to the Internet at the time, 10% were affected. Morris was studying at Cornell University at the time, but chose to release the worm from MIT to avoid detection. He was later the first person to be convicted under the USA’s 1986 Computer Fraud and Misuse Act.
He received three years probation, 400 hours community service and a $10,000 fine. The worm is thought to have caused somewhere between $10 million -$100 million in damage and undoubtedly changed Internet security forever.
Leap, also known as the Oompa-Loompa virus was the first to ever infect Apple’s cherished OS X operating system. Whilst it was not a full-blown outbreak, and didn’t even transfer via the Internet, Leap proved that no matter how tight security was, there were always going to be potential vulnerabilities.
The virus transferred itself via iChat’s Bonjour buddy list, but only over local area networks. In order for a machine to become infected the user had to accept the latestpics.tgz archive, open it and run the executable (claiming to be an image of Apple’s next OS) within.
The virus would infect non-system applications owned by the user, but due to a bug within the virus, any infected programs refused to run after exposure to Leap. Removal of the virus did not require a complete OS re-install, and thus Leap will always be considered a low threat virus, albeit a world-changing one.
I hope you’ve enjoyed learning about some of my “favourite” viruses, their origins and of course the knock-on effects. Whilst infections like Elk-Cloner and Creeper weren’t particularly damaging they were highly innovative and certainly provided a taste of things to come.
Do you know of any other interesting virus outbreaks? Remember that sinking feeling once your machine was infected? Have a rant below!