PC Virus Turns 25

Batblue writes "Happy anniversary Basit and Amjad! Twenty-five years ago this month (CT: Warning, intrusive interstitial ad), the Alvi brothers of Lahore, Pakistan, gave the world the Brain Virus, the first bit of malware capable of infecting a DOS-based PC. Back in those relatively innocent times, the brothers actually embedded their real names and business address in the code and later told Time magazine they had written the virus to protect their medical software from piracy. Who knows what they were really thinking, but by all accounts the Brain Virus was relatively harmless. Twenty-five years later, most malware is anything but benign and cyber criminals pull off exploits the Alvi brothers never envisioned."

get rid of adds

[santax]

http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] And you'll be fine with that link. Btw, what better way to celebrate virii than an add-infected site.

Re:

[Ferzerp]

Hypercorrections don't reflect upon your intelligence the way I suspect you think they do.

Re:

[HarrySquatter]

Btw, what better way to celebrate virii than an add-infected site.

1) The term is 'viruses' not 'virii'.
2) The word you are thinking of is 'ads'. Unless you are somehow blocking a website that is infected with "addition" which makes little to no sense.

Re:

[Anonymous Coward]

1) The term is 'viruses' not 'virii'.

You have about as much chance of getting people to stop using that as you do of getting them to stop saying 'boxen'.

A case can be made for either. Not everybody agrees with you. Get over it.

Re:

[seinman]

I haven't heard someone use the term "boxen" in years. Are there really still idiots spitting that one out?

Re:

[gstoddart]

I haven't heard someone use the term "boxen" in years. Are there really still idiots spitting that one out?

I see it at least once a week here on Slashdot.

Decide for yourself what that means. :-P

Re:

[Anonymous Coward]

Please "make a case" for virii, other than "it vaguely sounds correct to illiterate retards like myself".

Re:

[Anonymous Coward]

Please "make a case" for virii, other than "it vaguely sounds correct to illiterate retards like myself".

Cuz it's more 1337, bitches. Sux0rz got pwn3d!!

Re:get rid of adds

[JWSmythe]

My boxii take serious offense to that, you insensitive clod. :)

Re:

[simoncpu was here]

The queen is dead, you insensitive clod! :)

Re:

[Anonymous Coward]

A case can be made for either. Not everybody agrees with you. Get over it.

Are you a creationist too?

Re:

[MadKeithV]

1) The term is 'viruses' not 'virii'.

You have about as much chance of getting people to stop using that as you do of getting them to stop saying 'boxen'.

A case can be made for either. Not everybody agrees with you. Get over it.

Meh.
I could care less.

Re:

[camperdave]

1) The term is 'viruses' not 'virii'.

You have about as much chance of getting people to stop using that as you do of getting them to stop saying 'boxen'.

A case can be made for either. Not everybody agrees with you. Get over it.

Meh. I could care less.

Yes, obviously you care enough to write that you could care less. I, on the other hand could not possibly care les... Oh flapjacks!

Nevermind.

Re:

[fredc97]

Man this is going Viriial, its like viriises have taken over /.

Re:

[Anonymous Coward]

There's a difference. People who say 'boxen' (should) know that the correct word is 'boxes' and are (mostly) dabbling in old hacker humor. Whether they are beating a dead horse with their hacker humor is subjective and out of the scope of this post. To contrast, two types of people use 'virii': those who really think that it's the correct way to pluralize virus, and those who think it's another hacker humor attempt like 'boxen.' It's neither, and they need to stop doing it. Even if we were to use the "

Re:

[Iskender]

A case can be made for either. Not everybody agrees with you. Get over it.

If we define "case" as "saying things that are not true", then yes.

Defining "case" as "a lot of people say it so it's right" then it's also true.

But for anything like grammatical correctness there's no case at all - it's simply a common misunderstanding caused by people dabbling with latin without any actual knowledge of it.

For how an actual case is made, see: http://www.straightdope.com/columns/read/2139/what-is-the-plural-of-penis [straightdope.com]

Re:

[Hognoxious]

it's simply a common misunderstanding caused by people dabbling with latin without any actual knowledge of it.

Yes, they do it ad nauseum round here.

But you're post literally beg's the question as too weather you'll annoy the "languages evolve" mob by an exponential amount.

Re:

[GrahamCox]

Not everybody agrees with you

Anyone with any actual knowledge of Greek and Latin does, however. Ignorance is not a virtue - stop defending it.

Re:

[JWSmythe]

You know, that's a terrible argument. You're saying it's wrong, but you're not giving any supporting evidence. I'm assuming that you know both Green and Latin to make such a statement. The good old "I'm smarter than you, so I'm right" doesn't cut it, especially when your audience may be as smart or smarter than you.

If virii is wrong, at least give us the translation of what virii means. In Latin, virii seems to translate to "The men of..." [google.com]. In Greek, it doesn't translate to anything.

Re:

[Hognoxious]

My car broke down last week. I had to take a tram and two bii to get to work.

Re:

[Anonymous Coward]

or Attention Deficit Dis.... oooh, look, a squirrel!

Re:

[Mister Whirly]

Or maybe it is an AIDS-infected site. Practice safe surfing!

Re:

[ThatMegathronDude]

You are both wrong. The plural would be "virii" if and only if the singular were "virius". The correct pluralization is "viri".

Re:

[g253]

True, although the actual plural is indeed viruses. See http://en.wiktionary.org/wiki/virus#Usage_notes [wiktionary.org]

Re:

[zrbyte]

In other news: Virii have just turned 25 (minutes)!

Seems we have more to worry about than just viruses.

Re:

[onkelonkel]

"get rid of adds"

Can we keep the subtracts?

Attack Toolkits

[Spad]

Really? Attack Toolkits are a new worry? I mean, I know they consulted a guy from Symantec for the article, but even so...

Attack Toolkits have been in existence for a long time, even if you only count the newer "hosted" solutions.

Re:

[sakdoctor]

Attack toolkits are about as scary as game toolkits are to EA/Ubisoft/Activision.

Re:

[fredc97]

Attack toolkits are about as old as viruses, the MtE (Mutation Engine) was released in 1991. Before that all you needed was debug, edlin and a copy of Ralph Brown's book, oh and Elk Cloner was on Apple II in 1981. Make that 30 years for other 'personal computers'.

Let me get this right.

[RyuuzakiTetsuya]

To celebrate the 25th anniversary of some of the first PC viruses, Slashdot linked to a site where you can get some of the most up to date malware, adware and other infections!?

How festive!

Re:

[mcgrew]

Happy birthday, influenza! Happy birthday, HIV! Happy birthday, Stoned! Happy birthday, Michaelangelo!

Happy birthday, sleazy advertisers and the sleazy sites they advertise on!

Re:

[chargersfan420]

Finally, a good reason not to RTFA!

Re:

[masterwit]

Okay, that was funny for once :)

mcAffee is that old?

[Anonymous Coward]

I'd always been told the first viruses appeared on campuses where Mr McAffee promptly turned up offering solutions.

Re:mcAffee is that old?

[sakdoctor]

In 1986, windows was suffering from a virus infestation, a man dressed in business/casual with glasses and a stethoscope appeared, claiming to be a virus scanner. He promised the users a solution for their problem with the malware.
The users in turn promised to pay him $29.99 a month for the removal. The man accepted, and played a musical pipe to lure the viruses onto a 5.25" floppy, where all of them quarantined.

Despite his success, the users reneged on their promise, and did a charge-back on their credit cards. The man left the town angrily, but vowed to return some time later, seeking revenge.

On talk like a pirate day, while the users were in McDonalds, he played his pipe yet again, dressed in lycra, this time attracting the data and core DLLs. One hundred and thirty files followed him out of c:/windows, where they were lured into a recycle bin and never seen again.

Re:

[Mister Whirly]

And for years we had been told the sun revolves around the earth. What exactly is your point? Or was it a friend of a friend who told you this - in that case you know it HAS to be true!

But honestly seeing computer viruses started showing up in 1986 and McAfee Associates wasn't even incorporated until 1992, I think your source may have been pulling your leg a little.

Amiga had it first.

[Maxo-Texas]

I remember my screen said,

"Something wonderful is happening"
.
.
.
"Your Amiga has come alive"

Unfortunately the DOS was flaky enough as it was. The virus unintentionally ruined disks.
No one believed me at first- the message didn't come up again for a couple more weeks so they thought i was crazy.

Re:Amiga had it first.

[idontgno]

"Your Amiga has come alive"
Unfortunately the DOS was flaky enough as it was. The DOS unintentionally ruined disks.

FTFY.

How many times did I read, through panic-stricken teary eyes, "Your disk structure is corrupt. Use DISKDOCTOR to fix it."?

The Amiga was my first PC love, but by God did I hate how crufty and fragile AmigaDOS was. It was like being in love with a beautiful, adoring, and creative woman with an unfortunate habit of accidentally setting fires and leaving them to burn.

Sigh. At least I was lucky enough to never have to deal with an Amiga virus.

Re:

[EvilIdler]

Amiga viruses were awesome. I learned a lot from disassembling, reassembling and improving them.

The coolest part was how easy it was to have programs survive reboot. I made some rudimentary programs which used these techniques to slip in before the harmful programs, and more professional anti-virus existed which did this too. My simple tools never had a fancy menu system, though!

At least a reboot actually stops the malware running nowadaysright? Or do the old warm reboot techniques still work on a modern PC

Re:

[F.Ultra]

You must have been using some really crappy cheap floppy disks. I almost never experienced disk errors and I distributed Fresh Fisk disks to houndreds of members who also never complained about trashed floppies.

Re:

[KingKaneOfNod]

It was like being in love with a beautiful, adoring, and creative woman with an unfortunate habit of accidentally setting fires and leaving them to burn.

How do you know my wife??

Re:Amiga had it first.

[Xian97]

Even before that the Atari ST had a floppy boot sector virus that would invert your mouse - left and right worked fine, but up and down were reversed.

I remember seeing that message on the Amiga too. I had just bought one and some of the discs a friend had loaned me had that virus on it. It wrote itself to the floppy boot sector so it couldn't be removed from many discs without making them unbootable. It only spread if you warm booted, so you could still use the floppy if you turned the power off after running one with that virus on it.

Re:

[meosborne]

This was the SCA virus.

Bad security model still unchallenged... ugh!

[ka9dgx]

The solution to this problem has been known for a very long time... it's the principle of least privilege [wikipedia.org].

We've had 25 years to wise up and stop using a "default permit" based system and still haven't done so.

Here's a summary of the situation [ranum.com], for those who want to help push things in the right direction.

Re:

[Sockatume]

FWIW the idea seems to have taken off in the mobile space, where programs are expected to go cap-in-hand to the OS and ask for permissions already, for resource management purposes. Perhaps with the influx of tablets running mobile OSes, the idea will gain more traction in the home computing space.

Re:

[AC-x]

That may be a solution in a carefully controlled corporate setting, but unless you have a complete lockdown on installing software like iOS has you will always have the risk of users overriding any security layers you put in front of them.

I forget the exact quote, but it goes something like this - You could create an operating system with no vulnerabilities of flaws whatsoever, but as long as the user wants to view dancing_puppy_avi.exe in an email they received they will happily bypass any barriers you pla

Re:

[ka9dgx]

If it's a choice of running a program, or not, security will never happen. It's the wrong choice.

If user has seen other dancing cats and never had to give permission to modify their system folder in the past... they probably will do the right thing and refuse.

You have to assume some good will and common sense on the part of users. Give them better choices and they will do a better job of choosing.

Re:

[AC-x]

If user has seen other dancing cats and never had to give permission to modify their system folder in the past... they probably will do the right thing and refuse.

It's still no guarantee tho, sure they're more likely to make the right choice but I bet there would still be loads of people who would be fooled by fake antivirus or system update popups etc.

Re:

[lennier]

It's still no guarantee tho, sure they're more likely to make the right choice but I bet there would still be loads of people who would be fooled by fake antivirus or system update popups etc.

The fake system message popups are interesting in their own right, because the average user simply has no way to determine whether a given dialog box is speaking for the application or organisation it claims to be. This seems to be a similar fundamental problem to the failure of the SMTP Sender field to be authoritative.

I think this exposes a deep problem in GUI design which has not really been addressed since the dawn of the field: we have created a set of graphic 'design languages' which are not, in fact,

Re:

[JonySuede]

I forget the exact quote, but it goes something like this

it was a dancing bunny and I think it was mentioned first at http://blogs.msdn.com/b/larryosterman/archive/2005/07/12/438284.aspx [msdn.com]

Re:

[lennier]

You could create an operating system with no vulnerabilities of flaws whatsoever, but as long as the user wants to view dancing_puppy_avi.exe in an email they received they will happily bypass any barriers you place in front of them.

There's a big false assumption in that cute insult to users' intelligence: that any executable file can and should be able to do anything on the user's system, and that there is always and forever no way for user to verify what capabilities an executable is requesting or to reliably sandbox anything from semi-trusted sources.

But surely we don't have to solve the Halting Problem in order to be able to restrict applications from doing evil things to the root of C: Heck, Flash is nothing but a literal dancing

Re:

[AC-x]

But surely we don't have to solve the Halting Problem in order to be able to restrict applications from doing evil things to the root of C:

This is the dilemma, as I mentioned you could have a complete lockdown on installing software like iOS has where only software from an approved channel can be installed, which might be fine for most people but you're giving up all your freedom for security.

As soon as you make it possible to install an unapproved / unsigned system utility, driver or patch on a computer it becomes possible to socially engineer a user to install malware.

Re:

[orange47]

yeah, right. you stick to whitelisting and use only licensed software approved by Microsoft..

solution to malware problem

[doperative]

"Twenty-five years later, most malware is anything but benign and cyber criminals pull off exploits the Alvi brothers never envisioned."

Run your OS from a read-only device, implement strict separation between code and data. Never download-and-run code from arbitrary sites over the Internet ..

Die Hard 2

[tacktick]

Remember that?
Seems like a millennium now.

I sat and and disinfected stacks of floppies.. one by one.
Back then Antivirus was new and Mcafee was the top dog.

What the heck happened to Mcafee? Ugh.
I convinced the management of my organization to dump Mcafee and switch to VIPRE enterprise. 600+ computers
Mcafee did jack squat when real malware came through. Conficker did a thorough pounding of our network while Maccoffee rolled over and played dead.

"PC" = "IBM PC" here...

[osu-neko]

This was certainly not the first personal computer virus, as I recall there was a virus running rampant on the Apple II computers in my high school running Apple's DOS 3.3 before this. The virus was one of the things that got them to switch everyone over to using the spiffy new ProDOS instead.

Re:

[Anonymous Coward]

Was that "Fred"? My brother and I wrote that one back in 1981. Self-perpetuating, infected any new disk you put in, and was generally obnoxious.

We wrote it to annoy the crap out of a "Computer Programming" teacher who always swiped the student's disks if they left them in the Apple computers in the school computer lab. So we left an infected one in the drive.

A week later, half the kids in school had it on their disks. Brought most of the programming classes to a standstill for several weeks.

1988 Mac Viruses

[catchblue22]

The first time I remember seeing anti-virus software was on a 1988 Mac Plus (system 6). The software was called "Vaccine"...I remember the icon of it loading at boot up time looked like an hypodermic needle. Of course that was before Apple adopted BSD as the basis for OS X. Security has improved significantly since then.

listen

[Spy Handler]

if the webpage has such an "intrusive interstitial ad" that you felt you had to protect the public with your warning, perhaps it would've been better to NOT LINK TO THE SHITTY FUCKING WEBSITE IN THE FIRST PLACE.

Also: news for nerds?

[sean.peters]

Was there any reason at all to even write this article (except to get people to watch the intrusive ad, I mean)? The whole thing consisted of name-checking the Brain virus and then pointing out that malware tookits exist. This is news? No background on Brain, no evolution of malware, no information on how Brain (or any later piece of malware) works, just "malware toolkits! Be very afraid!".

The whole article was completely devoid of anything but the shallowest once-over of the malware toolkit scene. Sometime

Re:

[Rick17JJ]

What advertisement? I did not see any advertisement when I went to their website. What was I supposed to see?

I use both the "Ad-Block and "No Script" extensions under Firefox. I also use the MVPS ad blocking hosts file. Perhaps, that is why I did not see the intrusive ad. I use Linux as the operating system for my computer, by the way.

As for the article itself, I was interested in the part where they said that users of Macs or computers running Linux are at risk as well. Are they talking about actual viruse

Re:

[atomic-penguin]

As for the article itself, I was interested in the part where they said that users of Macs or computers running Linux are at risk as well. Are they talking about actual viruses for Linux and Macs, or some other type of malware? The last time I had checked a few years ago, everything I read said that there have not yet been any Linux viruses actually circulating in the wild.

The article linked was on CIO.com, its intended audience are IT executives who have a better grasp on managing geeks rather than understanding technology itself. Absolutely nothing wrong with executive types. However, before taking any technical advice from such a site, just know that such trade news sites exist to help sell expensive solutions like Enterprisey multi-platform anti-virus software to executive IT types.

It is certainly not the first, or only, cio.com article I have read, from which I draw th

Re:

[jdc18]

that is what you get for RTFA

25? more 30

[Anonymous Coward]

Boot Sector viruses go back a lot further then 25 years. Anyone remember SCORES? I have a old Bernoulli drive at home formated in HFS that contains examples of some 20 Classic Mac OS 6.07 viruses. Before that there were a very few active mainframe based virus programs. We ran into one in the late 70s on a still functional IBM OS/360. This one was cute rather then harmful. It spelled out "HI" in the binary display lights on the front faceplate of the mainframe. As I recall Managment was none to happy,

Faking the "Your PC is now stoned" virus with DOS

[Anonymous Coward]

I will always have fond memories of screwing with our computer class teacher with fake "Your PC is now Stoned!" viruses using DOS autoexec.bat files.. Those were the days :]

Oh, let's all write a virus!

[flogger]

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* (stupid slashdot filter this I hve too many capitals...Little does it know that I've uploaded a virus! HAHA..opps hahahha)

Not really a virus, or at least not effective.

[atomic-penguin]

It loosely meets the definition of a virus. It wasn't the first computer virus. It isn't very noteworthy, other than it was the first known computer virus which the author(s) [textfiles.com] took full credit, and provided their real names and accurate contact information. We have other words for this type of software now. You might even call it copy-protection, or DRM, today.

Computer viruses started off as an academic exercise. In other words, the goal was to create a self-reproducing program with survival instinct, similar to that of a real-world virus. According to Mark Ludwig's Little Black Book of Computer Viruses [vxheavens.com], the functional elements of a Computer Virus follow in the list below. I highly recommend the book, for anyone interested

1. MUST contain a search routine. Important for both self-replication, and survival. Where and how will the virus replicate?
2. MUST contain a copy routine. This is the self-replication part, and its obviously important for the survival to the virus.
3. SHOULD contain anti-detection routine(s), or somehow evade detection. Obviously important to the survival of the virus.

Number 3 is really what separates a true "virus" from programs which are mislabeled as such. If the virus displays a message "I'm in your computer eating your data, nom nom nom!", it limits its own effectiveness. The virus will get eradicated, it will not survive in the wild. Which comes back to my point about this story. While this program loosely meets the definition of a virus, it was not written to be a self-reproducing entity with simulated survival instinct. It was primarily intended to prevent unauthorized copying. Its impact was limited to floppy disks with unauthorized copies of the program it was intended to protect from copying.

Re:

[GameboyRMH]

That was my first thought, that this may also be the first DRM software. I searched the thread for DRM and found your post right at the bottom.

Too bad they didn't know to call it DRM at the time and create a huge scare, maybe people would be more averse to DRM today.

Re:

[Mars Saxman]

This is a somewhat different definition of "virus" than I remember from the '80s. I haven't actually encountered a virus since then, so perhaps usage has changed, but back in the day a "virus" was a self-replicating program that worked by attaching itself to or embedding itself within an existing program, while a "worm" was a stand-alone program that worked by exploiting security holes in remote computers and copying itself over independently.

Evading detection is a secondary effect of the fact that the viru

Re:

[atomic-penguin]

Which is why I attempted to emphasize "should" meet the requirement of evasion to be an effective virus. The first two items (searching, copying) are critical points in the definition of the term virus. It doesn't have to be a large and sophisticated search function, to effectively replicate however. You're spot on as far as I can tell in your definition of a worm. Once a virus cross the threshold of a network, its defined as a worm, with basically the same function as a virus.

The point I was trying to