PC Virus Turns 25

Batblue writes "Happy anniversary Basit and Amjad! Twenty-five years ago this month (CT: Warning, intrusive interstitial ad), the Alvi brothers of Lahore, Pakistan, gave the world the Brain Virus, the first bit of malware capable of infecting a DOS-based PC. Back in those relatively innocent times, the brothers actually embedded their real names and business address in the code and later told Time magazine they had written the virus to protect their medical software from piracy. Who knows what they were really thinking, but by all accounts the Brain Virus was relatively harmless. Twenty-five years later, most malware is anything but benign and cyber criminals pull off exploits the Alvi brothers never envisioned."

Re:get rid of adds

[HarrySquatter]

Btw, what better way to celebrate virii than an add-infected site.

1) The term is 'viruses' not 'virii'.
2) The word you are thinking of is 'ads'. Unless you are somehow blocking a website that is infected with "addition" which makes little to no sense.

Attack Toolkits

[Spad]

Really? Attack Toolkits are a new worry? I mean, I know they consulted a guy from Symantec for the article, but even so...

Attack Toolkits have been in existence for a long time, even if you only count the newer "hosted" solutions.

Let me get this right.

[RyuuzakiTetsuya]

To celebrate the 25th anniversary of some of the first PC viruses, Slashdot linked to a site where you can get some of the most up to date malware, adware and other infections!?

How festive!

mcAffee is that old?

I'd always been told the first viruses appeared on campuses where Mr McAffee promptly turned up offering solutions.

Re:mcAffee is that old?

[sakdoctor]

In 1986, windows was suffering from a virus infestation, a man dressed in business/casual with glasses and a stethoscope appeared, claiming to be a virus scanner. He promised the users a solution for their problem with the malware.
The users in turn promised to pay him $29.99 a month for the removal. The man accepted, and played a musical pipe to lure the viruses onto a 5.25" floppy, where all of them quarantined.

Despite his success, the users reneged on their promise, and did a charge-back on their credit cards. The man left the town angrily, but vowed to return some time later, seeking revenge.

On talk like a pirate day, while the users were in McDonalds, he played his pipe yet again, dressed in lycra, this time attracting the data and core DLLs. One hundred and thirty files followed him out of c:/windows, where they were lured into a recycle bin and never seen again.

Amiga had it first.

[Maxo-Texas]

I remember my screen said,

"Something wonderful is happening"
.
.
.
"Your Amiga has come alive"

Unfortunately the DOS was flaky enough as it was. The virus unintentionally ruined disks.
No one believed me at first- the message didn't come up again for a couple more weeks so they thought i was crazy.

Re:Amiga had it first.

[idontgno]

"Your Amiga has come alive"
Unfortunately the DOS was flaky enough as it was. The DOS unintentionally ruined disks.

FTFY.

How many times did I read, through panic-stricken teary eyes, "Your disk structure is corrupt. Use DISKDOCTOR to fix it."?

The Amiga was my first PC love, but by God did I hate how crufty and fragile AmigaDOS was. It was like being in love with a beautiful, adoring, and creative woman with an unfortunate habit of accidentally setting fires and leaving them to burn.

Sigh. At least I was lucky enough to never have to deal with an Amiga virus.

Re:Amiga had it first.

[Xian97]

Even before that the Atari ST had a floppy boot sector virus that would invert your mouse - left and right worked fine, but up and down were reversed.

I remember seeing that message on the Amiga too. I had just bought one and some of the discs a friend had loaned me had that virus on it. It wrote itself to the floppy boot sector so it couldn't be removed from many discs without making them unbootable. It only spread if you warm booted, so you could still use the floppy if you turned the power off after running one with that virus on it.

Re:Amiga had it first.

[EvilIdler]

Amiga viruses were awesome. I learned a lot from disassembling, reassembling and improving them.

The coolest part was how easy it was to have programs survive reboot. I made some rudimentary programs which used these techniques to slip in before the harmful programs, and more professional anti-virus existed which did this too. My simple tools never had a fancy menu system, though!

At least a reboot actually stops the malware running nowadaysright? Or do the old warm reboot techniques still work on a modern PC? I remember QEMM used that, back when shaving a few kilobytes off your RAM usage was serious business :)

Bad security model still unchallenged... ugh!

[ka9dgx]

The solution to this problem has been known for a very long time... it's the principle of least privilege.

We've had 25 years to wise up and stop using a "default permit" based system and still haven't done so.

Here's a summary of the situation, for those who want to help push things in the right direction.

Re:Bad security model still unchallenged... ugh!

[AC-x]

That may be a solution in a carefully controlled corporate setting, but unless you have a complete lockdown on installing software like iOS has you will always have the risk of users overriding any security layers you put in front of them.

I forget the exact quote, but it goes something like this - You could create an operating system with no vulnerabilities of flaws whatsoever, but as long as the user wants to view dancing_puppy_avi.exe in an email they received they will happily bypass any barriers you place in front of them. It doesn't matter how many warnings you give them, how many times you ask for an administrator password, if the user wants to see that dancing puppy they will disable every security measure they need to.

Re:get rid of adds

1) The term is 'viruses' not 'virii'.

You have about as much chance of getting people to stop using that as you do of getting them to stop saying 'boxen'.

A case can be made for either. Not everybody agrees with you. Get over it.

"PC" = "IBM PC" here...

[osu-neko]

This was certainly not the first personal computer virus, as I recall there was a virus running rampant on the Apple II computers in my high school running Apple's DOS 3.3 before this. The virus was one of the things that got them to switch everyone over to using the spiffy new ProDOS instead.

Re:get rid of adds

[seinman]

I haven't heard someone use the term "boxen" in years. Are there really still idiots spitting that one out?

Re:get rid of adds

[JWSmythe]

My boxii take serious offense to that, you insensitive clod. :)

Re:get rid of adds

[MadKeithV]

1) The term is 'viruses' not 'virii'.

You have about as much chance of getting people to stop using that as you do of getting them to stop saying 'boxen'.

A case can be made for either. Not everybody agrees with you. Get over it.

Meh.
I could care less.

listen

[Spy+Handler]

if the webpage has such an "intrusive interstitial ad" that you felt you had to protect the public with your warning, perhaps it would've been better to NOT LINK TO THE SHITTY FUCKING WEBSITE IN THE FIRST PLACE.

Oh, let's all write a virus!

[flogger]

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* (stupid slashdot filter this I hve too many capitals...Little does it know that I've uploaded a virus! HAHA..opps hahahha)

Not really a virus, or at least not effective.

[atomic-penguin]

It loosely meets the definition of a virus. It wasn't the first computer virus. It isn't very noteworthy, other than it was the first known computer virus which the author(s) took full credit, and provided their real names and accurate contact information. We have other words for this type of software now. You might even call it copy-protection, or DRM, today.

Computer viruses started off as an academic exercise. In other words, the goal was to create a self-reproducing program with survival instinct, similar to that of a real-world virus. According to Mark Ludwig's Little Black Book of Computer Viruses, the functional elements of a Computer Virus follow in the list below. I highly recommend the book, for anyone interested

1. MUST contain a search routine. Important for both self-replication, and survival. Where and how will the virus replicate?
2. MUST contain a copy routine. This is the self-replication part, and its obviously important for the survival to the virus.
3. SHOULD contain anti-detection routine(s), or somehow evade detection. Obviously important to the survival of the virus.

Number 3 is really what separates a true "virus" from programs which are mislabeled as such. If the virus displays a message "I'm in your computer eating your data, nom nom nom!", it limits its own effectiveness. The virus will get eradicated, it will not survive in the wild. Which comes back to my point about this story. While this program loosely meets the definition of a virus, it was not written to be a self-reproducing entity with simulated survival instinct. It was primarily intended to prevent unauthorized copying. Its impact was limited to floppy disks with unauthorized copies of the program it was intended to protect from copying.

Re:Not really a virus, or at least not effective.

[Mars+Saxman]

This is a somewhat different definition of "virus" than I remember from the '80s. I haven't actually encountered a virus since then, so perhaps usage has changed, but back in the day a "virus" was a self-replicating program that worked by attaching itself to or embedding itself within an existing program, while a "worm" was a stand-alone program that worked by exploiting security holes in remote computers and copying itself over independently.

Evading detection is a secondary effect of the fact that the virus works by embedding itself within an existing program; it takes advantage of some existing process to replicate itself. Of course evading detection is a good thing if you want your virus to succeed, but a self-replicating program does not fail to earn the label "virus" simply because its author took no special care to disguise it.