These days, malware is an everyday concern, even among ordinary end users. A countless amount of money is lost every year worldwide due to malware, possibly in the hundreds of billions, but it’s difficult to accurately quantify.
The money lost has causes ranging from lost hours of office productivity, to financial malware like what hit Target, to hardware that needs to be replaced due to infected firmware. What might amaze you is that malware has existed since at least 1971, and has been theorized as early as 1949. For the record, Microsoft didn’t exist until 1975.
And it all started so innocently…
John Von Neumann was a revolutionary Hungarian-born mathematician who immigrated to the United States in 1933.
In 1948, Von Neumann started to talk about “cellular automata,” a complex mathemetical model for elementary biological functions. By 1949, those ideas evolved into his series of lectures on “self-reproducing automata,” given at the University of Illinois. Arthur W. Burks compiled those 1949 lectures into a paper that was first published in 1966. Von Neumann’s theories were astoundingly ahead of his time.
His “cellular automata” ideas applied to microbes, such as biological viruses. From there, partly based on his experience with ENIAC, he imagined “self-reproducing automata” that could be an entity of those brand new “computing machines.”
“Anybody who looks at living organisms knows perfectly well that they can produce other organisms like themselves. This is their normal function, they wouldn’t exist if they didn’t do this… The other line of argument… arises from looking at artificial automata… Appealing to the organic, living world does not help us greatly, because we do not understand well enough about how natural organisms function. We will stick to automata which we know completely because we made them… It is possible in this domain to describe automata which can reproduce themselves.”
“I’m the Creeper. Catch me if you can!”
Computers made by Digital Equipment Corporation played a crucial role in how computing evolved from the 1950s to the 1970s. MIT (the Massachusetts Institute of Technology) got their first PDP series computers in the 1950s. Timesharing programs had to be used so that MIT’s very first computer science students and professors could experiment with them. Some of the earliest breakthroughs in computer programming started there, back when it was done with punch cards.
Elsewhere in Cambridge, Massachusetts, in 1971, Bob Thomas was a computer programmer. He worked on a timesharing program called TENEX, which ran on a PDP-10. Thomas wanted to see if a self-replicating program could be written. His machine was connected to ARPAnet, the very first packet-switched network, which was the father of the Internet. His program was called Creeper.
In Thomas’ words, he was disappointed because it “didn’t install multiple instances of itself on several targets.” But Creeper spread through ARPAnet, nonetheless. Affected machines would print at the command line, “I’m the Creeper. Catch me if you can!”
So, the string displayed on ARPAnet connected computers, even if it didn’t reproduce. Many computer scientists consider Creeper to be the very first computer virus. In fact, it wasn’t long until the very first antivirus program was created, specifically to remove Creeper… It was called Reaper.
The First Worm
In 1975, science fiction writer John Brunner theorized computer worms in The Shockwave Rider. In 1978, John Shock and Jon Hepps worked at the Xerox Palo Alto Research Center. I couldn’t verify whether or not they’ve read Brunner’s novel. It’s likely that they did, though, because they wrote what many consider to be the very first computer worm.
They wrote five different versions, all designed to improve computer efficiency by exploring a network to find underused processors. But a bug in their programs caused computers to crash. Oops!
In 1986 in Pakistan, Basit Farooq Alvi and his brother Amjad Farooq Alvi were computer programmers. Some computer scientists consider their program, Brain, to be the very first computer virus, because Thomas’ Creeper didn’t self-replicate.
Brain was an innocent experiment and nothing more. It spread via 5 1/4 inch floppies only, targetting the boot sector in PC-DOS and IBM-DOS based machines. Like Shock and Hepps’ worm, the Alvi brothers wrote different versions of Brain.
Brain was relatively benign, because it basically just contained the code to self-replicate and copyrighted messages such as these:
Welcome to the Dungeon
(c) 198Welcome to the Dungeon
(c) 1986 Basit & Amjad (pvt) Ltd.
BRAIN COMPUTER SERVICES
730 NIZAB BLOCK ALLAMA IQBAL TOWN
LAHORE-PAKISTAN PHONE :430791,443248,280530.
Beware of this VIRUS….
Contact us for vaccination………… $#@%$@!!
Welcome to the Dungeon
(c) 1986 Brain & Amjads (pvt) Ltd.
VIRUS_SHOE RECORD v9.0
Dedicated to the dynamic memories
of millions of virus who are no longer with us today –
Thanks GOODNESS!! BEWARE OF THE er..VIRUS :This program is catching
program follows after these messeges….. $#@%$@!!
It seemed that the different versions of Brain really didn’t get people’s attention until 1988.
Robert Morris was a doctoral student at Cornell University. On November 2nd, 1988, his worm was released. Like in Creeper versus Brain, some computer scientists consider Morris’ program to be the first worm, instead of Shock and Hepps’, a decade prior.
But like in the other programs I’ve mentioned, the intent was experimental, not malicious. What was novel about Morris’ worm is that it did spread through the modern Internet, as it existed in the late 1980s. But like Shock and Hepps’ worm, a bug in Morris’ worm caused it to behave in a harmful way not intended by its creator.
Five days later, on November 7th, Bob Page of the University of Lowell wrote:
“Here’s the scoop on the ‘Internet Worm.’ Actually it’s not a virus – a virus is a piece of code that adds itself to other programs, including operating systems. It cannot run independently, but rather requires that its ‘host’ program be run to activate it. As such, it has a clear analog to biologic viruses — those viruses are not considered live, but they invade host cells and take them over, making them produce new viruses. A worm is a program that can run by itself and can propagate a fully working version of itself to other machines. As such, what was loosed on the Internet was clearly a worm.”
Page was likely the first computer scientist to properly describe the difference between a worm and a virus.
Within 24 hours of the Internet debut of Morris’ worm, it infected approximately 5,000 computers. The United States General Accounting Office estimated that between $100,000 and $10,000,000 worth of productivity was lost, due to computers being unable to access the Internet.
The earliest viruses and worms were simply experiments with unintended consequences. But by the 1990s, personal computing exploded. Soon, nearly all offices and a large percentage of households had PCs.
That coincided with the first true malware, programs with actual malicious intent. That was concurrent with personal computers and the Internet becoming a part of the everyday lives of ordinary people.
I’ll explore that in my next article. Stay tuned!
About the Author: Kim Crawley is currently a security author for Infosec Institute. She has worked in tech support and as an IT technician for a variety of smaller businesses. She has learned about vulnerabilities in network protocols, operating systems, applications and hardware and uses that knowledge in her everyday work in IT. Learning how malware is developed.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
- Microsoft Remote Desktop Protocol Vulnerability Analysis
- Path Tuesday Rundown for June 2014
- BSidesLV Preview: Vulnerabilities in iOS URL Schemes
- Building Up an Immunity to Crimeware
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock
Theory of Self-Replicating Automata
John Von Neumann, complied by Arthur W. Burks
University of Illinois Press
Time Magazine – John Von Neumann
Computer Viruses: From Theory to Applications
First Computer Virus, Creeper, Was No Bug
A short history of hacks, worms, and cyberterror
The Internet Worm… Don’t Get Hooked!
The history of worm like programs
The History and Evolution of Computer Viruses: 1986-1991
Going Viral: How Two Pakistani Brothers Created The First PC Virus
A Report on the Internet Worm – Bob Page