Virus: How did they become all the way like they are now?

Computer Viruses, the trouble-making digital counterpart of AIDS, Influenza and other biological viruses. Everyone with a gadget should have at least one virus experiences in their life. The impact of these viruses causes a development of one part of the software industry, the Anti-Virus software. Big companies such as Kapersky and Norton gain a lot of profit from this field thanks to the development of computer viruses.

Do we ever wonder, who created the first ever computer virus? When did it first appear? Why did it even exist? I mean, why would someone wants to create a "virus" for computers?  Hopefully after reading this article, you will have an idea or two of the answers to these questions.

A virus is defined as a type of malware computer program that has the capability to replicate itself in a computer and causes change of behaviours in them. Different types of virus programs causes different effect. While some causes no harm other than mere prank messages, others can literally render an entire network 'dead'.

Before we begin, although I will be emphasizing on computer viruses in this article, I will also include its close "relatives" such as worms, Trojans and other malwares.

The Origin

In 1949, a well-known man in the history of computers name John Von Neumann's published an article called "Theory of self-reproducing automata". In this article he explained the capability of a computer program to replicate it self. The most distinct property of a virus compared to other programs are its ability to create copies of itself (replicating) independently. The self-replicating program designed by Neumann in this paper is known as the world's first computer virus. The paper also made Neumann the "Father Theoretical Father of Computer Virology"

John von Neumann, Theoretical Father of Computer Virology
Of course, Neumann's design was still at a conceptual level. He also did not call his "self-replicating programme" as "Virus". So, who coined this definition? To do so, we have to fast forward to the year 1984. During this year, an American computer scientist name Fred Cohen describe the the self-replicating computer programs as "infecting" the computers such as a "virus". From there the term "Computer Virus" was born.  Cohen is also known to be the pioneer in computer virus defence, also known today as Anti-Virus Software.
Fred Cohen coined the term "Computer VIrus" in 1984

The Viral Evolution:

1970-1979: The 'First' Virus

Neumann's conceptual design of a virus was made real in 1971 by Bob Thomas of BBN Technologies. He wrote the program of an experimental self-replicating program named the Creeper. The Creeper was designed to show the ability of a self-replicating program. It was tested in a lab by infecting a DEC PDP-10 computer that ran on TENEX Operating System. Although it did not cause any harm to the infected computer, it is accepted as the first computer virus in history. The Creeper did not last long as it was eliminated immediately by the Reaper program, designed exclusively to destroy the Creeper.
A PDP-10 mainframe by DEC. The first computer virus recorded was run on this.
Another program was written in 1974. It replicated itself in the infected computer at a quick speed until it crashed the computer, acting like a Denial of Service attack. Because of the speed it replicates itself, this program is known as as the Rabbit (Wabbit) Virus.



A Trojan are computer virus that disguises itself as a useful or desirable program by users. (The name was derived from the Greek story regarding the Trojan horse of Troy.) The first known Trojan was called ANIMAL written by John Walker for the UNIVAC 1108. ANIMAL disguises as a computer game, but users did not know that there is a hidden code in it that copies itself to other directories the computer had access to. Its main method of transmission was via tapes. Released in San Francisco, Walker discovered a week later is already had spread as far as Washington DC and the UNIVAC's development centre in Minnesota. The spread was ceased after UNIVAC 1108 upgraded its Operating System making ANIMAL incompatible. ANIMAL although infected a lot of computers, it does not cause any malicious harm.


Interesting Fact: Unlike Creeper or Rabbit, ANIMAL is the first self-replicating computer program that has concrete evidence of its existence as Walker claimed its creation and source code is available to be viewed online. Creeper and Rabbit are still considered a myth in some group of computer enthusiast.


1980-1987: The Large Outbreak


Richard Skrenta, creator of Elk Cloner, posing
with the Apple II Computer
Although there are already computer viruses written in the 70's, most of them stayed in the lab they were located in (Creeper) or spread throughout the private networks (ANIMAL). It was not until Richard Skrenta's virus programme in 1982 that computer virus spread out among public. The programme, known as Elk CLoner, is written for the Apple II system. Skrenta was at the age of 15 when he wrote the virus and just a regular high school kid who was enthusiastic about computers. 

Elk Cloner was written as a prank. During the time, games are shared between the Apple II computers via floppy disks. Before the virus was written, Skrenta would prank his friends by lending them altered floppy disks that would display taunting messages instead of running the game. After some time nobody wants to lend or receive any floppy disks from Skrenta. But that did not stop him. He took advantage of the fact that Apple II boots itself via the floppy disk. Elk Cloner was designed into a floppy disk, which if used to boot by a computer, will replicate itself into the computer thus infecting it. And if another floppy disk was inserted to the infected computer, it would replicate itself. Although causing no serious harm, an infected computer will display a poem on its screen to identify that it had been infected:

The Elk CLoner poem
Skrenta's virus spread to almost everyone he knew thanks to the lack of awareness  and protection against computer malwares at the time. It is considered as the first major computer virus outbreak in history.

Another important virus during this time period comes from all the way from Pakistan. It is most commonly known as the Brain but also has other names such as Lahore, Pakistani Flu and Pakistani Brain. Brain was created in 1986 by two brothers from Pakistan name Basit Farooq Alvi and Amjad Farooq Alvi. It was the first virus to infect IBM-PC computer. The brothers claimed to write the virus to halt pirated copying of software via floppy disks. Brain was a boot-sector virus, it replaced the boot sector code of a IBM PC floppy disks with the virus. Any disks inserted to a computer that runs an infected boot sector will catch the virus too. If a user checks the boot sector of the floppy, he would have seen the following:

The boot screen of a computer infected by Brain
Notice on the right side of the screen containing messages that indicated the brothers company and their phone numbers. Despite the exposition of the creators identity, Brain also has a stealth capability, which is a first in its time, being able to avoid detection by available debugging programs at the time. 

Brain was also relatively harmless, simply replacing the boot sector part of the disk. Unexpected by the brothers, their harmless program spread almost throughout the entire globe. even reaching Canada and the United States, literally on the other side of the world. Users who saw their messages on the boot sector began calling the brothers enraged and demanding for 'vaccination'. 

The video below show shows an interesting interview of the two brothers regarding the virus.


In 1987, a virus was detected first in Jerusalem that destroys every executable files in a computer infected by it. It does this on every occurrence of Friday the 13th. It targets the DOS program of IBM-PC computers at the time. It was ideally named Jerusalem. By 1988, Jerusalem became a worldwide computer epidemic. The virus became obsolete when computers began to use Graphic User Interface (GUI) such as Windows instead of DOS commands. 

This marks the time where virus do not just put up prank messages or change boot sectors, but also has the potential to be harmful. And this was only the beginning.

1988-1998: It's getting dangerous


Most of the viruses we heard so far seems pretty harmless. However in 1988, one of the first recorded  dangerous virus is known as Festering Hate Virus, targeting Apple OS. It infected and destroyed all files in the floppy disk, hard drives and memory instead of simply slowing computer down or displaying prank messages. 

Then emerge Ghostball in 1989 with the potential and ability to capture user's information. It is the first multi-partite virus, which is the ability to infect both files and boot  sectors of a PC rather than just one of them. Ghostball causes loss of information and also affects the network productivity and decreases its security. 

The Michaelangelo virus in 1992 was similar to the Jerusalem in a way that it executes its threat on specific date. In this case was March 6, which is the birth date of the reconnaissance era artist Michaelangelo. It erases completely the sectors on hard disk and floppy disk of infected computers.

A newspaper headline regarding the Michaelangelo virus.
1999-2004: Worms and Emails

By the 1990's, e-mail was already on the rising to become a main method of communication between company and individuals. The number e-mail servers were also increasing. Alas this also means another method of transmission for malwares.

David L. Smith during one of his court trials. 
Melissa, is a computer macro virus designed to send massive amount of emails to email server's causing it to crash. Melissa targets Microsoft Outlook servers. It was released in New Jersey in 1999 by David L. Smith. He was arrested less than a week after its outbreak was well known. Here is a link for more details to his arrest, on which he also helped FBI in catching other virus programmer at the time, such as the creator of the Anna Kournikova virus in 2001.



The Anna Kournikova virus tricks user to open an email attachment that was said to contain an attractive image of the famous tennis player of the same name. Upon clicking the attachment, it sends copies of itself to other email address in the user's Microsoft Outlook, causing similar effect like the Melissa virus. The creator was found out to be a by a Dutch name Jan de Wit, who was sentenced to 150 hours of community service.

Fun fact, the virus made an appearance in the popular American comedy TV series 'Friends' when Chandler Bing infected Ross's Geller laptop by opening an email said to contain Kournikova's picture. (In this case the virus was depicted as more harmful, erasing Ross's entire hardrive)

Anna Kournikova, a Russian professional tennis player
A scene from Friends Season 9 Episode 1
The wide use of e-mails gave birth to another new type of malware called Worm. Similar to viruses, a worm also changes the way a computer behaves. However, unlike viruses it does not require a host program or file to replicate or spread. Worms often uses computer networks to spread itself rather than the traditional floppy disks.

Before Melissa, the first worm was reported in mid-January of 1999. Known as Happy99, it was targeted for Windows based computer. Happy99 was recorded as the first malware to be distributed throughout emails. When a computer execute this worm, it shows a window with a fireworks animation and a "Happy New Year" greeting. Other than its ability to spreading rapidly via email, it did not have any other effects on the computer it infected. Happy99 became the template for other self-distributing worms after it such as ExploreZip.


Another worm during this time period is considered as the one of the most damaging worms in history. Named as ILOVEYOU, also known as Love Letter, it was written by a Filipino computer science student in the Philippines. 


The worm disguised as an email attachment, a file name "LOVE-LETTER-FOR-YOU.txt.vb". 


Windows by default will hide the "vb" file extension, hence making the user thinking  that it was a normal text file. In reality, it was an executable Visual Basic scripting file. Upon opening it, the worm was executed and damages the local computer by overwriting all image files before sending copies of itself via all address in the Window Address Book of Mircosoft Outlook. Reported to be released in Manila on May 5th 2000, it took the worm roughly 24-hours for it to spread to Hong Kong, Europe and the United States. Within 10 days of spreading, ILOVEYOU had infected 50 million computers (10 percent of world's computer connected to Internet) and caused approximately US$5.5 to US$8.7 of damage globally. It cost another US$15 billion to remove the worm from the system. Although the suspected creator of the virus was arrested, die to absence of laws against malware creation at the time, no conviction occurred. ILOVEYOU is still considered until today as one of the world's most dangerous computer-related disaster.

In 2003, a worm named SQL Slammer was credited as the fastest spreading worm ever exist as it crashes the whole Internet within only 15 minutes after being released. The worm abused a buffer overflow bug for SQL servers in Windows causing Denial of Service attacks on some host servers on the Internet.

There are much more worms during this era such as the Nimda in 2001, sending malicious email attachments and worms that sends out massive emails (Sasser, MyDoom, Bagle and Netsky in 2004)

2005-2008: Web Threat

World Wide Web increase in popularity by this time. People began using the web to do their work, shopping and banking. Digital transfer of money were becoming a norm. This causes the sudden emergence of Trojan malwares. 

I mentioned earlier what Trojans are: A malware that disguises itself as a legitimate file or program. During this time period, the Trojans are written not just for the sake of causing trouble, pranks, getting fame or getting attention anymore. They were written to steal information. Other than that some Trojans create "backdoor" access to your computer, allowing a remote user to access data on it.

The Zeus phishing scheme.
The most known information stealing Trojan was the Zeus.It has the capability of stealing banking information using methods such as form-grabbing and keystroke logging. The Trojan acts by stealing online log in credentials. Zeus was initially reported in July 2007, stealing information from the United States Transportation Departments. By 2009 Zeus had infected servers throughout the world such as Amazon, NASA, Bank of America and Cisco. Hackers would purchase Zeus and send it via email to their targeted victim or company. Once Zeus was successfully opened by any of the victim, it began to install itself in their computers and servers, stealing bank passwords or account numbers. Hackers then used these information to secretly wire the money from the victim's account to a 'middle man' known as Money Mules. Money Mules create bank account under false names to avoid detection. They then send the money to the hacker they work for via wired transfer or smuggling real cash into their country.

Torpig is another Trojan reported in 2008 with the ability to turn off Anti-Virus Software on WIndows computer and then scan through its system for passwords and other confidential information. By November Torpig was reported to have stolen information of half a million bank accounts, debit cards and credit cards worldwide.

A computer worm in 2008 called Conficker infects all versions of Windows operating system from 98 to Vista. It mainly affects the European countries such as the French Navy, United Kingdom Ministry of Defence, German Armed Forces and Greater Machester Police. Conficker causes buffer overflow, disables access to firewall, antiviruses and windows updates that could remove it from the system. Conficker was also updated regularly by the unknown author to protect itself by any counter measures of the authorities.

A portion of the BadBunny image caused by the worm.
Apple computers does not escape from any malware either. The Leap-A virus in 2006 was the first to attack a Mac OS Computer. It causes no real harm other than rendering infected programmes un-launchable. Its main method of transmission was via iChat Bonjour, sending copies of itself through the instant messenger contact list. In 2007 a worm known as BadBunny displays an inappropriate image of a man in a rabbit suit 'doing' a women. The Hovdy-A is a Trojan affecting Mac OS in 2008 with the function to crack open firewalls for hackers to enter and steals information.

2008-NOW: They're going social

Just like us, viruses did not fall behind in keeping updated with current social networks such as Facebook or Twitter. Social networks provides a much more effective mode of transmission for viruses, worms and Trojans as many more people uses it.

In 2008, the Koobface worm that spreads itself mainly through Facebook and Skype via the instant messaging feature. An infected computer will send messages to the user's Facebook or Skype friends prompting them to download from a link to an update of Adobe Flash Player or video plugins. Upon clicking, Koobface infects the computer. Its main function is to steal login information of social networking websites.



An example of a post created by a Koobface virus.

Malicious links begins to appear in not only Facebook but other social platforms such as Twiiter. Spam posts luring users to click on 'interesting' links that once clicked, will download a malware or brings you to a website attempting to trick you download one. Common tricks are download a software to watch a video, sharing the link to access the link (helps in spreading) and requesting permission to access your Facebook and Twitter account before allowing you to access the link. 

Virus infections also begin to seem more organised and controlled, targeting specific victims or achieving certain goals. The July 2009 cyber attack was one prominent example. These were a series of organised cyber attacks against the important government, finance and media websites targeting the United States and South Korea. The attack came in 3 waves, the first to be reported on July 4th, second on July 7th and third on July 9th. One suspected virus responsible for these attacks was the W32.Dozer, designed to cause distributed Denial of Service attacks to affected websites causing them to crash. The culprit was never found although speculations were made that believe the attack to originate from North Korea or United Kingdom.

How a menu will look like after being infected
by the Skull virus in a Symbian Phone.
Computers are not the only victims to viruses. With the advancement of mobile phones technology, hackers and virus writers ceases this opportunity to create malicious programmes for the everyday mobile phones. Before the development of smartphones with Android or iOS operating system, virus already exist in phones running under Symbian. Notable ones are Cabir (2004) which causes prank messages to appear on screen. It's method of transmission is via Bluetooth technology. Skull which replaces icons into images of human skull rendering all application unusable. Skull also causes mass texting of malicious links to all contact numbers in the phone, causing high expenses.


To get a more full picture of the timeline of virus evolution, you can read it in this Wikipedia link below. It also contains other viruses not mentioned in this article:






 The Causes
Biological viruses occur naturally, but computer viruses does not. Why are all these virus created? Why do they exist? What are the motivation factors behind their creation? 



It was during the 1980's that we began to see the outspread of viruses to a more large scale. This was because before that it was usually contained to specific labs or networks. These computers were accessed only by authorised experts. By the 1980's personal computers became more available to public in businesses and homes thanks to the IBM PC and the Apple Macintosh. This causes the rise in interest and number of computer enthusiast among the general population. The public began to have access to see how a computer operating system works, finding ways to exploit its weakness. Computer programmers were not only limited to graduated experts, but to almost anyone with a keen sense of learning and curiosity. And this curiosity led to the creation of viruses to test how it could affect a computer, in addition the enjoyment in causing trouble to others.



Another factor to why virus exists today was the availability of transmission medium. Firstly, at one point of time the computer bulletin board, or BBS became popular. People uses BBS to download all sorts of softwares via modem and dialled up telephone line. Trojan horses were common as users give links to fake softwares as pranks. Secondly, emergence of floppy disks also contribute to early widespread of viruses among the people.

Today, we can see at least five reason's why a virus is created. Any virus would fall to at least one of these categories.

Cripple a network or computer.Some viruses were used to crash the network causing loss of communications using massive emails or denial of service attacks. Some even created to crash a victim's computer rendering it unusable at all.


Take control of a computer.Some virus installs a back door for hackers to control it from a remote location. Hackers who has remote access can commit crime using the victim's computer.




Money. Viruses were also used to generate money either directly or indirectly. Some disguises as a anti virus software that requires you to purchase its full version to "remove virus". Some viruses demands a certain ransom be paid to an anonymous account for it to stop infecting a computer.






Steal information. Hackers uses this virus to get passwords, online information, log in credentials, online bank account numbers and more.





Just because. Some viruses were created just because it can be. To prove a point that a system is not foolproof. To show how easily exploitable some systems are. To show that one can create a malware. To cause pranks for entertainment purposes or revenge. These types of viruses are generally harmless other than displaying messages.





The Conclusion


We can see how virus will be more advance as technology gets better and better. To be able to remove viruses permanently from the world seems highly impossible. The best we can do is protect ourselves with whatever way we can. Protect our computers. Our phones. Our networks. There are many reliable anti virus programs available out there. It is always best to prevent then to cure. Let me end the article with this cool infographic I found online regarding the history of viruses.


















Read Users' Comments (0)