The History of Computer Viruses

Welcome to the History of Computing Podcast, where we explore the history of information technology. Because by understanding the past, we’re able to be prepared for the innovations of the future! Todays episode is not about Fear, Uncertainty, and Death. Instead it’s about viruses. As with many innovations in technology, early technology had security vulnerabilities. In fact, we still have them!

Today there are a lot of types of malware. And most gets to devices over the Internet. But we had viruses long before the Internet; in fact we’ve had them about as long as we’ve had computers. The concept of the virus came from a paper published by a Hungarian Scientist in 1949 called “Theory of Self-reproducing automata.” The first virus though, didn’t come until 1971 with Creeper. It copied between DEC PDP-10s running TENEX over the ARPANET, the predecessor to the Internet. It didn’t hurt anything; it just output a simple little message to the teletype that read “I’m the creeper: catch me if you can.” The original was written by Bob Thomas but it was made self-replicating by Ray Tomlinson thus basically making him the father of the worm. He also happened to make the first email program. You know that @ symbol in an email address? He put it there. Luckily he didn’t make that self replicating as well.

The first antivirus software was written to, um, to catch Creeper. Also written by Ray Tomlinson in 1972 when his little haxie had gotten a bit out of control. This makes him the father of the worm, creator of the anti-virus industry, and the creator of phishing, I mean, um email. My kinda’ guy.

The first virus to rear its head in the wild came in 1981 when a 15 year old Mt Lebanon high school kid named Rich Skrenta wrote Elk Cloner. Rich went on to work at Sun, AOL, create Newhoo (now called the Open Directory Project) and found Blekko, which became part of IBM Watson in 2015 (probably because of the syntax used in searching and indexes). But back to 1982. Because Blade Runner, E.T., and Tron were born that year. As was Elk Cloner, which that snotty little kid Rich wrote to mess with gamers. The virus would attach itself to a game running on version 3.3 of the Apple DOS operating system (the very idea of DOS on an Apple today is kinda’ funny) and then activate on the 50th play of the game, displaying a poem about the virus on the screen. Let’s look at the Whitman-esque prose:

Elk Cloner: The program with a personality

It will get on all your disks

It will infiltrate your chips

Yes, it's Cloner!

It will stick to you like glue

It will modify RAM too

Send in the Cloner!

This wasn’t just a virus. It was a boot sector virus! I guess Apple’s MASTER CREATE would then be the first anti-virus software. Maybe Rich sent one to Kurt Angle, Orin Hatch, Daya, or Mark Cuban. All from Mt Lebanon. Early viruses were mostly targeted at games and bulletin board services. Fred Cohen coined the term Computer Virus the next year, in 1983.

The first PC virus came also to DOS, but this time to MS-DOS in 1986. Ashar, later called Brain, was the brainchild of Basit and Amjad Farooq Alvi, who supposedly were only trying to protect their own medical software from piracy. Back then people didn’t pay for a lot of the software they used. As organizations have gotten bigger and software has gotten cheaper the pirate mentality seems to have subsided a bit. For nearly a decade there was a slow roll of viruses here and there, mainly spread by being promiscuous with how floppy disks were shared. A lot of the viruses were boot sector viruses and a lot of them weren’t terribly harmful. After all, if they erased the computer they couldn’t spread very far. The virus started “Welcome to the Dungeon.” The following year, the poor Alvi brothers realized if they’d of said Welcome to the Jungle they’d be rich, but Axl Rose beat them to it. The brothers still run a company called Brain Telecommunication Limited in Pakistan. We’ll talk about zombies later. There’s an obvious connection here.

Brain was able to spread because people started sharing software over bulletin board systems. This was when trojan horses, or malware masked as a juicy piece of software, or embedded into other software started to become prolific. The Rootkits, or toolkits that an attacker could use to orchestrate various events on the targeted computer, began to get a bit more sophisticated, doing things like phoning home for further instructions. By the late 80s and early 90s, more and more valuable data was being stored on computers and so lax security created an easy way to get access to that data. Viruses started to go from just being pranks by kids to being something more.

A few people saw the writing on the wall. Bernd Fix wrote a tool to remove a virus in 1987. Andreas Luning and Kai Figge released The Ultimate Virus Killer, an Antivirus for the Atari ST. NOD antivirus was re...