Computer Viruses — Nearly Fifty Years of Firsts

[Today’s random Sourcerer profile: https://sourcerer.io/totalverb]

With his 1949 design for a self-reproducing computer program, John Von Neumann is considered to be the father of computer virology, although it would take a few more decades for such programs to be accorded the name viruses. Since then, the world has been buffeted by successive waves of ever more sophisticated virus, ranging from the quixotic and playful to the downright evil. This article explores a small selection of the landmark virus firsts in their journey from historic academic oddity to today’s ever-present threat.

Creeper

Unless you were fortunate enough to have a DEC PDP-10 running the TENEX operating system operating in your basement, you would have completely missed the arrival of the virus most commonly credited as being the very first. In 1971 Bob Thomas at BBN created Creeper to showcase the concept of a mobile application — that is, an application that could move from machine to machine via the ARPANET, an early predecessor of today’s Internet. Creeper, named for a character in the old Scooby Doo cartoons and written in PDP-10 assembler, was fairly benign, if a little annoying — it interfered with a system’s installed printers and displayed the message “I’m the creeper: catch me if you can”. History has recognized Creeper as the first computer virus — and indeed, some experts also describe it as the first computer worm — but at the time, the concept of a computer virus had yet to emerge.

Brain

If you’re lucky enough to be too young to have been there, it might come as a surprise for you to learn that until the mid-1980s, the early years of the computing industry were a wild west of incompatible standards, machines and architectures. Ironically, this chaos made it very difficult to write a virus that could spread sufficiently to reach an epidemiological tipping point. All this was to change as soon as IBM PC compatible machines gained a strong numerical advantage, clearing the way for the Brain boot sector virus in 1986.

Brain is considered the first PC virus and was responsible for the first PC virus epidemic. Written by two brothers from Lahore in Pakistan — Amjat Farooq Alvi and Basit Farooq Alvi — it affected boot sectors, spread widely across the world and marked the beginning of the modern virus era in computing. The authors deny — and continue to deny — any malicious intent, claiming that they only targeted people who had themselves infringed the brothers’ own copyright on their proprietary medical software.

Brain relocated the boot sector and marked it as bad, replacing the original boot sector with its own code. It propagated itself when a new floppy disk was inserted into an infected machine and displayed a message that even contained the authors’ contact details:

Welcome to the Dungeon © 1986 Basit & Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAB BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE:430791,443248,280530. Beware of this VIRUS…. Contact us for vaccination…………!!

The brothers are still in business today, and their company Brain Telecommunication Limited has become one of the largest ISPs in Pakistan at the same address.

ILOVEYOU

The ILOVEYOU virus — or more correctly, the ILOVEYOU worm — was the source of a devastating epidemic in 2000. Within ten days, over fifty million infections had occurred, with estimates of its financial damage eventually reaching $10B. 10% of the world’s Internet-connected computers were at one time believed to have been infected.

Written by two Filipino programmers — Reonel Ramones and Onel de Guzman — ILOVEYOU also became to be known as the Love Bug or the Love Letter virus. It was the first mainstream virus to exploit social engineering to deliver its payload — a fatal cocktail of scripts dressed up in an email attachment that just begged to be opened with its ILOVEYOU title.

The affected email attachment was actually a .vbs file that exploited a Windows quirk — if an email attachment name contained two period characters, its display in Outlook was terminated just before the second. This led to a file called something like ILOVEYOU.txt.vbs being displayed as ILOVEYOU.txt — a lot more innocent looking. The virus messed with the Windows registry causing it to be executed at boot time, and played havoc with a PC’s filesystem. Totally nasty.

Nowadays, however lonely you were you’d be a little suspicious, but first time out, this virus had an amazing ability to replicate itself, and was perhaps buoyed up by people’s natural reluctance to admit how their machines had become infected in the first place.

The two authors were arrested but eventually let go and never charged, as no laws of the time had been broken.

Stuxnet

Discovered by Kaspersky Lab in 2010, Stuxnet is a contender for being the world’s first nation-state cyberweapon, and truly marks the beginning of the adult phase of viruses and malware.

In contrast to the broad and catholic tastes of most viruses, Stuxnet was specifically engineered to target the narrow niche of programmable logic controllers, specifically those used to control the machinery — such as centrifuges — being used by Iran to separate weapons-grade nuclear material. It went on to cause substantial damage to Iran’s nuclear program.

Stuxnet is still shrouded in mystery, although several groups have tried to reverse-engineer it. It’s likely that different parts of it were written in different languages like C/C++ and even assembler. When deployed, it probably injected Siemens PCS7 code into the centrifuges’ motor controllers.

Although no nation state has openly admitted to creating Stuxnet, which some believe to have been in development as early as 2005, Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction was interviewed by PBS in 2011 said “we’re glad they [the Iranians] are having trouble with their centrifuge machine and that we — the US and its allies — are doing everything we can to make sure that we complicate matters for them”.

Much of the smart money believes Stuxnet to be the result of a US/Israeli collaboration.

The Future

Over nearly fifty years, we’ve seen the creators of viruses morph from fumbling part-timers to zealous professionals employed by governments. Viruses themselves have changed from quirky amusements to automated agents that could feasibly harm you or your family — in May 2017, in another infamous attack, the so-called WannaCry ransomware may have affected blood-storage refrigerators and theatre equipment belonging to the UK’s NHS. Viruses have clearly reached the stage where they are universally harmful, and this article has only glanced at a handful from over 8000 viruses reportedly discovered in the same timeframe.

Some of the most sophisticated viruses today are known as polymorphic viruses — they are designed to avoid detection and replicate into slightly modified versions of themselves, making these new generations even harder to identify. And all this without the assistance of AI — so the thought of real AI actually getting involved on the wrong side has the potential to increase the level of tension by several more notches. But two can play at that game — in 2017 Microsoft revealed that it was turning to AI to create the next generation of antivirus software. And so the cycle continues.

If you had some grudging respect for the deviousness employed to make Stuxnet, what about the researchers from the University of Washington who encoded malware into strands of DNA. When those strands were sequenced the malware activated and compromised the machine performing the analysis.

We had better watch out — computers are shaping up to be at the center of operations in all of our homes, presenting a widening attack surface as we become even more dependent on our machines. We can do little but continue to observe (and pay for) this ultimately futile arms race between the security firms and the black hats.

The more things change, the more they stay the same.


Follow me and other software engineers on Sourcerer Blog