This installment in our series of articles to
mark Antimalware Day tells the stories behind two creations that are
representative of the 1980s: a virus viewed as the first-ever PC virus and a
worm that caused the greatest damage ever wrought by a piece of malware up to
that point
As promised on Friday when we introduced our series of articles marking Antimalware Day,
let’s recall the early days of malicious code, putting the spotlight on the
Brain Virus and the Morris Worm.
Brain
Discovered in 1986, Brain was the first
virus to target IBM PC platforms (and, by extension, the MS-DOS operating
system). By using techniques to hide its existence, it was also the first
stealth virus. Created by two brothers from Pakistan, Basit Farooq Alvi and
Amjad Farooq Alvi, Brain infected the boot sector of a floppy disk.
But why was it written? The Alvi
brothers were operating a computer store in the Pakistani city of Lahore when
they noticed pirated copies of a computer program they had written being
circulated by their customers. This got them thinking about how they could
teach their customers a lesson: enter Brain, also known as Pakistani Brain.
As explained in an interview with security
expert Mikko Hypponen in 2011, the virus was created solely for
addressing illegal copies of their program. In addition to a message
warning users that they were running bootleg software, the virus’s code also
included the brothers’ names, phone numbers, and their store’s address.
According to the brothers, the virus was “not made to destroy any data”.
Rather, it was intended to ensure that users whose machines had become infected
due to using pirated software could contact them for “vaccination”.
Nevertheless, they never expected that the
first phone call would come from the United States, nor that the virus would
spread to various parts of the world.
Here’s the interview in full:
<span data-mce-type="bookmark"
style="display: inline-block; width: 0px; overflow: hidden; line-height:
0;" class="mce_SELRES_start"></span>
Morris
The Morris Worm, sometimes also called the
Internet Worm, entered the history books as the first computer worm that was
distributed over the Internet and that compromised thousands of computers,
drawing massive media attention in the process. It was written and unleashed in
1988 by Robert Tappan Morris, a 23-year-old doctoral student at Cornell
University and the son of Robert Morris Sr., a famous cryptographer and
formerly the chief scientist at the NSA’s National Computer Security Center.
Back then, the Internet consisted of
approximately 60,000 machines, some 6,000 of which were infected by the worm.
After the code was released from a computer at Massachusetts Institute of
Technology (MIT) in November 1988, much of the then Internet was paralyzed.
This ultimately led to the establishment of the first Computer Emergency
Response Team (CERT).
The worm operated by exploiting
vulnerabilities in Unix’s sendmail, fingerd, and rsh/rexec, while also taking advantage of weak
passwords. It comprised 99 lines of code and, of course, had the ability to
replicate and propagate itself. It became a dangerous threat due to a flaw in
its propagation mechanism, having eventually infected thousands of computers at
universities, in government laboratories, as well as in companies.
Besides the damage that it caused, the worm
also exposed many security weaknesses, revealing the need for
reviewing password protection procedures, among other measures.
According to statements made by Robert Morris
back then, the worm was never intended to be malicious or spread so quickly. It
is not certain why exactly it was created and launched, although it is often
thought that Morris “only” sought to find out how big the Internet was. At any rate, when Morris
realized that the worm was spreading so wildly, he asked a friend to send an
email to apologize for his creation and to give instructions on how to kill it.
Given the chaos that the malware caused, however, his message went unnoticed.
The worm’s creator became the first person to
be convicted under the then recent Computer Fraud and Abuse Act. He was
sentenced to three years of probation and ordered to pay a $10,050 fine and to
perform 400 hours of community service.