Skip to content

Brief History of Malware

Source

Malware is a portmanteau for malicious software. Malware is typically designed to cause damage to a computer or network.

The first concepts for malicious software originated in 1949. One of the first concepts was created by John von Neumann, who published a paper describing a self-replicating computer program. The concept was not proven until 1971.

Creeper - 1974

The Creeper Program was the first virus ever created. It was written by Bob Thomas and used ARPANET to transfer itself to other computers and erase itself afterwards. It was written in PDP-10 Assembly for the operating system TENEX. "computers fail from time to time and work is lost. So I got interested in the possibility of moving an executing program from one computer to another without interrupting the ongoing operation of the program, at least to the extent that to an external observer nothing had happened." Fortunately, John wasn't malicious - the virus simply displayed a message that said "I'm the creeper, catch me if you can!"

Reaper

Ray Tomlinson, who also recreated a version of Creeper which did not delete itself, and invented e-mail, created Reaper not long after Creeper was released. Reaper's purpose was, funnily enough, to delete Creeper if it found it on the infected machine.

Wabbit - 1974

Wabbit was written in 1974 and was one of the first examples of self-replicating malware. It was named Wabbit because it worked very quickly; so quickly, in fact, that the system would normally run out of processing power and end up crashing. It is known as the first truly malicious program and grew from concepts created by other computer scientists. It was not a worm (it did not travel over a network), it only infected the machine it was on.

Today, it would be referred to as a type of Denial of Service (DoS) attack known as a fork bomb.

It works by creating an infinite loop that creates system processes and copies of the original file. This caused an abnormally high number of CPU cycles and would clog the system, causing it to crash - this is the concept of a fork bomb.

ANIMAL - 1975

In 1975, the first Trojan virus was written, called ANIMAL, created by John Walker. It would act as a game which asked the user a number of questions in order to guess the animal they were thinking of. While the user was playing the "game", a program in the background was running. PERVADE would create a copy of itself and ANIMAL in every directory that the user had access to. The term Trojan refers to the Trojan Horse of Ancient Greece. The Greeks built a giant wooden horse and sent it as a gift to the independent city of Troy - but had hidden armed men inside it, who broke out and infiltrated the city. This is analogous to how the virus hides itself, making the user think it is an innocent program while the malicious part happens in the background. However, ANIMAL was not made with malicious intent. It was written to make sure that the directory structure was not damaged. It was eventually stopped by an OS upgrade, which changed the file status tables that PERVADE used to copy the files.

Elk Cloner - 1982

In 1982, a 15 year old high school student named Richard Skrenta created one of the first microcomputer viruses that spread outside of a controlled system (i.e. a single computer or laboratory). Elk Cloner attached itself to the Apple II operating system and spread through floppy disks. Skrenta wrote it as a prank on his friends. The technique it used is now called boot sector virus. The program was placed in a game and did nothing until the 50th time the game was opened, upon which it would change to a blank screen and display a poem about the virus. If the computer booted from an infected floppy disk, the virus was placed in the computers memory; meaning it would then spread to any disk inserted into the computer.

Cascade - 1988

Cascade was the first type of malware to use encryption - it did not directly damage user data, but simply kept the program undetected. It was meant to specifcally infect Digital Equipment computers, including code that attempted to identify if the program was running on an IBM computer, and if it was, then exit the program - however, this failed and IBM headquarters in Belgium were infected, prompting them to release a private antivirus software.

Morris Internet Worm

In 1988, Robert Tappan Morris created a worm that was supposed to point out security flaws in the academic networks it infected. It worked, but he failed to implement a measure to check if the computer it was on had already been infected, thus causing crashes on many computers through a DoS attack. Morris was the first person in the United States to be arrested under the 1986 Comptuer Fraud and Abuse Act. The worm spread by exploiting publicly known vulnerabilities in Unix Sendmail, remote shells, and weak passwords, and did lead to global awareness of the danger of having a weak password. It infected 2000 computers within 15 hours and often took more than 2 days to remove from a single computer. It reportedly infected a total of 6000 computers, around 10% of the Internet at the time.