First truly viral computer virus
The first truly viral computer viruses were spread throughfloppy disksThe earliest computer viruses were prettytame. In fact, the very earliest viruses like “Creeper” which just displayed the message “I’M A CREEPER : CATCH ME IF YOU CAN” -- were not only innocuous experiments in computing, but completely quarantined to their home networks, (Creeper was stuck on theTENEX operating system). This was in 1971, when there was no unified Internet.Nowadays we’re used to fearing millions of viruses, all the time, and we’re used tothem spreading through the Internet -- either you download and run something sketchy from a P2P network, or you clicka weird link in an email, and the next thing you know your system is completelycompromised. When everything is connected to everything, contagions can spread easily. Virus protection is big business, too -- consumers spendbillionsof dollarsa year on it.It turns out that this nightmare had a very slow start, and an earlier one than you might expect. The first viruses to spreadoutsideof private networks did so entirelyoffline, back when the Internet was still young and tiny. These first, really “viral” viruses were floppy disk based, and carried from computer to computer by human hands.How exactly did the first viruses to spread in the “wild” work? And who invented them? Well, it depends on who you ask, and whether they’re a Mac or a PC. The first Apple virus was a teenager’s prank; the first PC virus was a corporate anti-piracy measure.Elk ClonerElk Cloner: The program with a personality (not an actual screen shot)In 1981, Richard Skrenta was in 9th grade and a force to be reckoned with. He was mischievous, very, very clever, and armed with an Apple II. One of his favorite things to do with it was write code to prank his friends’ pirated computer games. Froman interview with Skrenta in 2000:"I had been playing jokes on schoolmatesby altering copies of pirated games to self-destruct after a number of plays. I'd give out a new game, they'd get hooked, but then the game would stop working with a snickering comment from me on the screen (9th grade humor at work here)."Eventually Skrenta’s friends stopped letting him touch their floppy disks -- they stopped lending him games, they stopped playing games he had pirated, etc. But Skrenta was a determined prankster, and Apple was a very different company back then, one that welcomed tinkerers of all stripes. The Apple II was much closer to a Raspberry Pi than a Macbook Pro. Skrenta pored over technology books, looking for holes in the Apple II’s system. Eventually, he worked out a way to insert code that would execute, onto games, without ever touching the disks himself:"I hit on the idea to leave a residue in the operating system of the school's Apple II.The next user who came by, if they didn'tdo a clean reboot with their own disk, could then be touched by the code I left behind.”He took two weeksto write this “residue,” in assembly language. He called the program Elk Cloner. Elk Cloner was what is known as a “boot sector” virus. This is how it spread: when an uninfected disk was inserted into an infected computer (the school computer), the computer infected the floppy disk, i.e. it made a copy of Elk Cloner in the floppy disk’s boot sector -- code that runs automatically on boot. When a student brought any infected floppy disk (and Skrenta seeded many) to another computer, and booted the computer with the infected floppy disk inside, the computer was infected with a copy of Elk Cloner.The virus caused subtle errors, until the 50th time you inserted the disk into a computer. Then, instead of your game starting, the following poem came on the screen:“Elk Cloner: The program with a personalityIt will get on all your disksIt will infiltrate your chipsYes, it's Cloner!It will stick to you like glueIt will modify RAM tooSend in the Cloner!”This timed-release was to let the programgo undetected for longer, thus give it a better chance of spreading -- by the time a user saw this message, they could havealready spread Elk Cloner to hundreds ofdisks and computers, and they would be seeing the message everywhere, for weeks and weeks. “Rather than blowing up quickly,” Skrenta said in an interview,“to the extent that it laid low it could spread beyond the first person to others as well.”Spread it did. In a scene right out of a movie, Elk Cloner ended up on Skrenta’smath teacher’s graphing software. The teacher was very upset and, suspecting Skrenta, accused him ofbreaking into hisoffice. His cousins in Baltimore caught it (Skrenta lived in Pittsburgh), and, years later, he discovered that a sailor in the US Navy had, too.Scientific Americanmentioned it, a few years later, when the relatively benign Elk Cloner had been replaced by a host of much more malignant viruses.BrainScreencap of BrainThe first widespread virus for an IBM PC operating systemwas called Brain. Like Elk Cloner, it was also a boot sector virus, although its creators had little in common with Skrenta. Pakistani brothersBasit and Amjad Farooq Alvi say they had’t heard of him or Elk Cloner when they wrote Brain in 1986. Basit was 17 and Amjad was 24 at the time.The founders of Brain Computer Services, the Alvi brothers say they developed the Brain virus to punish and track piracy of their medical software for the IBM PC. If the disk the program was on was bootlegged, the boot sector was replaced with an infected boot sector, squatting on precious kilobytes of memory, slowing down the disk and sometimes preventing the user from saving. Like Elk Cloner, it was mostly a harmless annoyance, and it didn’t destroy any data. But the infected boot sector also included an ominous message:“Welcome to the Dungeon (c) 1986 Basit& Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAB BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE:430791,443248,280530. Beware of this VIRUS.... Contact us for vaccination............ $#@%$@!!”The contact information in the message was real. The idea was to track replicateddisks. Whenever the brothers received a call, visit, or letter from someone, spooked by the warning, seeking “vaccination,” they’d be able to identify and locate another pirated instance of their software. “By putting [that] code in,” Amjad said in aninterview with F-Secure in 2012, “we [could] see and watch whether it [would] spread all over the world or remain within a certain group of people.” The virus alsokept countof how many times the disk had been replicated.What they discovered was piracy was widespread, and bootlegged versions of their software were travelling far. Very far. “The first call we received was from Miami USA,” Amjad said. “[The caller] was having trouble with the floppy and she discovered [an] extra piece of code inside.”The Alvis’ F-Secure interview, in 2011It was the first call of many, and many from the United States. One problem was that it seemed that Brain was transmissible to different floppy disks -- much like Elk Cloner even ones that weren’t direct copies of their medical software.The University of Delaware experienced a kind of Brain epidemic in 1986, and then it began popping up in a million other places. Though there was never any legal action, there was a lot of media coverage. The Brain and its creators were even written-up inTime Magazinein 1988.“A rogue computer program introduced into personal computers atThe Providence Journal-Bulletinearlier this month destroyed one reporter's files and spread to floppy disks throughout the newspaper's computer system,” theNew York Timesreported. “Computer specialists believe this is the first time an American newspaper's computer system has become contaminated with such a rogue program, known as a computer ‘virus.’”The Alvis ended up having to change theirphone numbers, and removed their contact information entirely from later instances of the virus. They say theystopped selling contaminated software in 1987. Their company grew into a telecommunications company, and is now the largest Internet service provider in Pakistan. It’s still located at the same address in Lahore.And Now, ChaosSkrenta on TechCrunchin 2012As forSkrenta, who invented Elk Cloner, he worked in Internet security for a while through the 1990s. Now he’s the CEO of a search company,Blekko, which raised$60.2 million.Though floppy disks aren’t really in the picture anymore, boot sector viruses still exist. When they are transmitted it’s usually off of a USB. But people are using hardware to transfer their files less and less, and experts say the boot sector virus’ days mayfinally be coming to an end.Which, of course, doesn’t mean the war is over. It’s bigger than ever, it’s just mostly online. “The anti-virus industry makes me sad,” Skrenta toldThe Register. “We should build systems to be more resistant to computer viruses rather than have a multi-million dollar industry to do clean up.”Neither he nor the Alvis feel a sense of guilt for having caused the first few sparks of the hellish inferno that is today’s viral landscape. “The only consolation is that the genie would have gotten out anyway,”he wrote on his blog. “But it's fun to be the first to let it out.
Comments
Post a Comment