The Computer Virus Turns 25 in July

bl8n8r writes "In July of 1982, an infected Apple II propogated the first computer virus onto a 5-1/4" floppy. The virus, which did little more than annoy the user, Elk Cloner, was authored in Pittsburgh by a 15-year-old high school student, Rich Skrenta. The virus replicated by monitoring floppy disk activity and writing itself to the floppy when it was accessed. Skrenta describes the virus as "It was a practical joke combined with a hack. A wonderful hack." Remember, he was a 9th grader when he did this."

Imagine his wealth...

[dada21]

...if he had patented the virus.

Re:Imagine his wealth...

[vivaoporto]

And imagine how secure the computing world would be ... if Microsoft had a monopoly on virus creation.

Re:Imagine his wealth...

[Jansingal]

Why does this article not mention Fred Cohen, who found the first virus?

Script kiddie age?

[InvisblePinkUnicorn]

Is there any information on the average age of people who have written the major viruses of the last couple decades? Has this age gone down over time?

Re:Script kiddie age?

[fermion]

I suppose I will be pedantic about this as I don't think we should minimize the creativity. I think of script kiddies as someone who takes existing tool, say some published code and MS Visual studio, and repackages it. They, in fact, just use scripts.

What this kid did was go into the the Apple internals and figure out how to do something himself. In hindsight it was not such a great feat, but is was a feat that was at least somewhat novel.

OTOH, kids have nothing but time on their hands and if the parents and schools don't keep them busy, then they find other ways to stay busy. The more cleaver one can produce some real havoc. What impresses me is the high school kid that does something creative and interesting with his or her free time, instead of being randomly malicious. The really good ones will go out and start applying their skills to the betterment of humanity, but really any bright kid that chooses a path that is not gratuitously destructive is a win in my opinion.

Don't forget the Lehigh Virus

[R2.0]

I was at Lehigh when this was released. One of the first self propagating viruses, with a time delay to allow for greater infection, that was actually destructive. It was sort of a non-event to the users there; imagine my surprise when I looked it up years later and it figures prominently in virus history.

Re:Don't forget the Lehigh Virus

[rudegeek]

One of the first self propagating viruses

Still, sounds like something very harmless. You should see Amiga-related (not AmigaOS related as much of the population used Amiga as game console) viruses, like Saddam. I think orginal Saddam could be proud this piece of horrible software.

Then, with release of AmigaOS 2.04, we had new kind of viruses. They would spread like... er... viruses? They patched all systems calls dealing with resources loading and all your fonts, device drivers, libraries, executables was infected. I still remember Happy New Year 1996 -- it took me two days with no sleep to clean my disk. Anti-virus software that could deal with it was designed by someone who hated people. First, you passed what it should scan. Then, when process started, at every instance of virus it would start FROM THE TOP. And it would say "Oh, you have an virus. It was deleted. Continue?" You HAD to click it to start again. My Libs: directory had over 6500 shared libraries. All infected.

(Yes, I realize it was done to prevent from recursive infection. This should not be the case since all system vectors was checked all the time by the very same program.)

I think this guy was hired to do 'Allow or Cancel' component. :-)

Has this been done before?

[TheBearBear]

I take a snapshot of my sister's desktop, then open it in photoshop and clone all sorts of icon and littering it all over like a mess, then save the file and use it as a desktop background. She comes over to me screaming that her desktop is a mess and she couldn't find anything, and she can't open an icon when she clicks on it, much less highlight it! AHAHAHAHAHA!!!

Not a virus, just a prank but still :D

Re:Has this been done before?

Shouldn't it be your nap time?

Re:Has this been done before?

[Lumpy]

nope a better one is to put a photo screensaver on a It professionals machine, then have it display only 1 image a BSOD.

The guy was one of the types that always reminded you of his certifications. yet it took us telling him it was a screensaver to stop him from tearing apart his PC.

It was funnier than hell, he stopped chasing us with sharp objects about 4 days later.

Re:Has this been done before?

I had a boss named "Dave" once. I replaced his Windows sound events with snips from 2001: a space oddessey. For instance "I'm sorry, I can't do that, Dave".

I miss that job!

Re:Has this been done before?

[RallyNick]

So how do you screencap a BSOD?

Re:Has this been done before?

[Phroggy]

So how do you screencap a BSOD? Using an emulator, such as VirtualPC.

The reason why Macs are so much more secure...

[vigmeister]

is that the viruses for it are traditionally written by 9th graders who use the B: drive...

Re:The reason why Macs are so much more secure...

[achilles777033]

I beleive Ctrl-Alt-Delete gives the best response to this. http://cad-comic.com/comics/20060513.jpg No one gives a shit.

Happy birthday!

[friedman101]

Finally, you're old enough to rent a car.

Stealing thumder from the Mac users

[My+name+is+Bucket]

Mac OS has never had a virus problem.

Maya Angelou eat your heart out!

[Pionus]

Every 50th booting you'd get this (Note "-" is represents a ). Elk Cloner: The program with a personality- It will get on all your disks - It will infiltrate your chips- Yes it's Cloner!- It will stick to you like glue- It will modify RAM too- Send in the Cloner!- Now if I had gotten that when I was a little kid on my little Apple 2, I'd cry.

Your computer is now stoned!

[CPE1704TKS]

Anyone remember that one? It was such a pain in the ass at the time, but it didn't go around and delete files, etc. And we got it from pirating program after program. Solution? Install a pirated version of the first anti-virus programs. I'm so old that I can't remember what exactly it was... It might actually have been Norton.

Not the oldest.

[ReallyEvilCanine]

I had an Atari 800 back in 1979. In 1980 I took a small piece of malware someone else wrote and turned it into a virus which would remain memory-resident and self-replicate. After formatting any diskette the victim inserted into the drive, it wrote a hidden file to infect any machine the disk was then used on. This was a payback for the people who were getting pirated software free and then turning around to sell it. I'm pretty sure I still have the source code for it somewhere.

I'm not claiming mine was the oldest because I'm sure someone did something similar on the old heavy iron even earlier than my little "payload" as we called then it.

McAfee

[JeanBaptiste]

Probably was McAfee. Which was a fantastic scanner at the time. Oh how things have changed since then. Sad to see both McAfee and Norton/Symantec turn into useless piles of garbage considering what they once were...

1988 Morris internet worm

[peter303]

That was the first virus I remember, but its just 19 years old. It paralyzed the internet when it was released. But then the Net just had a few thousand nodes, most of them in the university. The worm was supposed to count nodes by sending a copy of itself to every entry in the host table, but the author forget to account for duplicates and circularities. So it just replicated until it filled the process spaces and internet bandwidth.

Re:1988 Morris internet worm

but the author forget to account for duplicates and circularities

Actually the story is a bit more interesting than this. The author did think about this, and even programmed the worm to ask a target system whether it was already infected, and if it was then it would decline to infect it again.

The flaw came in a deliberate modification of this strategy. Following this idea completely would make the worm easy to defeat, since you could just run a program that listened for the query and answered "yes" to keep the worm away. So he modified it slightly, so that if the worm got seven yes responses in a row, it would go ahead and infect the target anyway.

Seven turned out to be too small, the worm ended up infecting machines over and over and over again, and brought its targets to a standstill.

Um no. it wasn't

[Lumpy]

1981 - Apple Viruses 1, 2, and 3 are some of the first viruses "in the wild," or in the public domain. Found on the Apple II operating system, the viruses spread through Texas A&M via pirated computer games.

Bullshit!

I had sex with a PDP-11 in 1973 and it gave me chlamydia. That predates this asshat by almost a decade. Where's my trophy?!

Re:Bullshit!

[catdevnull]

Your trophy is that warm sensation everytime you pee, amigo.

Answering my own question, sort of

[InvisblePinkUnicorn]

Of the "ten most destructive PC viruses of all time":

CIH, by Chen Ing Hau, who "attended a university" at the time of release ~1998.
Melissa virus, by David L. Smith, age 31 in 1999
ILOVEYOU, by university student for thesis, 2000
Code Red, author unknown?
SQL Slammer, 2003, by a 21-22 year old
Blaster, 2003, variant by an 18 year old
Sobig, possibly by 30 year old Ruslan Ibragimov?
Bagle, author unknown?
MyDoom, unknown
Sasser, by 17 year old

Not much to go on.

Re:Answering my own question, sort of

[macdaddy357]

You forgot Monkeypoo!

VIRUS WARNING:

Attention: Computer Labs Inc., makers of Virucide antivirus software have identified a highly dangerous new Trojan worm, MONKEYPOO. It will usually appear in an e-mail with the subject, "Congratulations.You have won!" it will then prompt you to click a link to collect your cash prize. It can also freely spread across networks.

Monkeypoo will read your address book, and mail a copy of itself to every address it finds, and it will look like you sent it. It will then invoke the secret self-destruct command held over from the original IBM PC's 8086 command set. This short line of code will cause the processor, ram, hard drive and any floppy drives to spin out of control and overheat until key components melt together, and will most likely cause a fire.

James Winklee, a former IBM programmer had this to say. "We developed the self-destruct code so government agencies such as the FBI and CIA could quickly and completely destroy compromised computer systems before an enemy could get their hands on classified information. When we saw how violently a PC executing the command burst into flames, we decided not to publish its existence. It has been kept a secret successfully until now. If you get infected with the Monkeypoo Trojan worm, you may notice your computer going completely haywire. Physically unplug it from power as fast as you can, and send it in for repair. Only a professional can remove this one."

While Computer Labs Inc and other antivirus software makers are working on a solution, they haven't got one a home user could successfully run yet. "This is the worst kind of malicious code I have ever seen." said Marcus Polan of Computer labs Inc. Use extreme caution.

It is important that as many computer users as possible receive this warning, so send it out to as many people as you can. The entire Internet and every PC connected to it is at risk.

Re:Answering my own question, sort of

[uncoveror]

Are there viruses named after the other three Ninja Turtles?

Really Not the oldest.

[Cassini2]

My understanding was that the first computer viruses were penned at Bell Labs in a series of experiments called the "Core Wars". The goal was to eliminate as many enemy tasks as possible while keeping your tasks running. Byte has an article on the subject in the 1980's. Of course, at the time, disk media were in limited supply. This made spreading away from the test mainframe next to impossible.

Wikipedia link: http://en.wikipedia.org/wiki/Core_War

Really Really Not the oldest.

[Rob+T+Firefly]

A couple thousand years ago, I deliberately infected a wooden abacus with termites, and put it in the mud hut with all the other abaci.

Maybe not a virus....

[Ollabelle]

but I remember a very old Scientific American article (60's maybe?) about program wars in which two programs would simultaneously reside in memory and each would seek out the other to destroy it, usually by inflicting a fatal erasure of a vital part from the memory stack. The article described the programs' different strategies of seek-and-destroy while simultaneously moving itself around to avoid destruction. Pretty primitive, but great fun.

Re:Pretty sad!

[Retric]

As a CS degree holder who started programming at age 8 I see where you are coming from. But, I think you're missing out on many high quality programmers who started in other areas. Personally I find the most useful questions to separate talented from the useless are:

"What are your thoughts on the mythical man month?"

  and

"Outside of work and school what are some interesting projects you have worked on?"

I know a lot great programmers without formal education, but I also know several excellent people who discovered programming in collage and actually know what they are doing.

The first virus? I do not think so.

[Asmodai]

Sorry, but Creeper beat that Apple II virus by about 10 years.

http://www.viruslist.com/en/viruses/encyclopedia?c hapter=153310937

Furthermore http://www.viruslist.com/en/viruses/encyclopedia?c hapter=153310910 states that such ideas and programs already started in the 40s and 50s.

Re:Pretty sad!

[Hal_Porter]

My first questions in an interview to hire someone is, "Are you a programmer?" The second question is,"Did you goto school for this?" If they answer "yes" then they don't get the job.

CS Graduates don't goto school. They instantiate a CSStudent (using a StudentFactory class). CSStudent implemnents a functor Notify callback as part of the abstract Student interface. Using the Observer pattern, they call the Attach method of the ConcreteSchool class which implements the School Interface. Then the ConcreteSchool class calls Notify and passes a Notification object containing a ConcreteClass object which the Student stores in a Dictionary class, Knowledge. In the examination Use Case, the Notify is called with a ExamNotification object containing a List of ExamQuestion objects. CSStudent intantiates an Iterator which iterates though the list and uses the Dictionary object's Lookup method to answer each question, calling before calling ExamNotification's Answer method.

After reception of a Graduation, ExamFailure or DrugsBust notification, the CSStudent destructor is called. This in turn calls the Knowledge destructor and the Knowledge Dictionary is deleted.

still infecting...in emulators

[joshuac]

Not enough time right now to go into depth, but I sorting through a collection of 5.25" Apple images, I saw this message popup on one of the emulators "bootup". Had no idea what it was and didn't bother looking too far in depth into it. This was back in 2006, when I was organizing my collection of stuff I had written as a kid, random public domain disks I had copies, of, random things I had made copies of as a kid from my gradeschool computer lab, etc...in the process, plenty of "catalog" commands ran (this is how it spreads, he has the 6502 source http://www.skrenta.com/cloner/clone-src.txt on his website and a few more items about it there), plenty of disks "swapped" out of virtual floppy drives, so I'm sure the infection is well spread.

Maybe I'll keep it around as a living pet in my emulator :)

This Was Not the First Virus

[Evil+W1zard]

According to other reporting this is not actually the first virus. The first virus really should be the Creeper virus that infected DARPANET systems back in the early 70's. According to Viruslist, the virus was written for the Tenex operating system and was capable of independently gaining access through a modem and copying itself to a remote system. Once infected, the system would display the following message: "I'M THE CREEPER: CATCH ME IF YOU CAN."

The Reaper was written to replicate and find Creeper and delete it. Then came Rabbit in 1974 which caused systems to crash because it screwed system performance due to replicating so fast (wonder why it was called Rabbit.....)

Re:Pretty sad!

[PCM2]

The "Mythical Man Month" is a project management concept.

Yes, but it's a concept from a book that was written specifically about software development projects.

What's more, even a "code jockey" is going to be expected to give reasonable estimates of how much time it will take his team to complete a particular task. That's kind of what the MMM is all about.

So, thanks for playing, but if you can't be bothered to read one of the oldest and most respected books about your chosen career then I think it's fair for the recruiter to note that, at the very least, you don't read much.

Re:There's an actual BSOD screensaver - By Microso

[Poromenos1]

Don't even mention that thing. I thought it would be cool, downloaded and ran it a few times but the fucking thing always bluescreened when I activated it.

It took me a few reboots to think "wait a minute, the BSOD screensaver BSODs? Goddamnit"...

Re:I was writing viruses in 1976

[Evilest+Doer]

That's right, 1976. My friends and I used to attack each other over a HP timeshare system, infecting each other with keystroke recorders, DOS attacks against specific terminals, buffer overflow exploits that could be used to steal passwords, and programs that consumed all of another users storage space by creating hundreds of 1 byte files.

We never got caught for any of it, until one of our group found a way to change the addresses in the jump vector table for the kernel and hosed the mainframe for over a week. Even then, they did not know what he had done, they just wanted to know how he got the admin's password.

Good Lord! Did you even realize that there was a sexual revolution going on then?

Happy Birthday to Computer Viruses!

[Evil+Cretin]

Happy birthday to you,
Happy birthday to you,
Happy birthday to viruses,
Hap...

Fatal Error: HappyBirthday.exe has been corrupted. Please contact your system administrator.
[OK]