The story of malware and the people behind it is a long and detailed one, but an important tale as well: as they say, those who do not know history are doomed to repeat it, and a better understanding of the history of viruses and malware can go a long way to helping you recognize modern threats.
So let’s peer back in time to the very first virus: all the way back to 1966.
The start of it all
Yep, 1966. The first virus was conceived in 1966 by Hungarian scientist John von Neumann when he published the "Theory of self-reproducing automata." While it wasn’t a functioning virus, naturally, in the paper he proposed that computers – an extremely new and awkward technology rapidly developed in wartime – would start to closely mirror the human nervous system as it continued to grow. As it became more complex and intricate, he argued, it would make sense for computers to be responsible for making more of themselves: to self-replicate. While he never called it a virus by name, the automatic and self-sustaining nature of these systems described by von Neumann would make them a perfect fit for the label.
The first of many: Creeper
Those ideas were finally put into practice in 1971 with the world’s first virus, the Creeper. By today’s standards it would be classified as a “worm” since it was able to spread to other computers using local connections. While it certainly had a disquieting name, the Creeper virus was, in truth, anything but. It was developed by a man named Bob Thomas, who worked at a company called BBN Technologies, as a demonstration of mobile applications – software that could automatically hop between computers on a network.
While an infected computer would display "I'M THE CREEPER : CATCH ME IF YOU CAN,” the Creeper virus didn’t actually cause any damage to the system. Instead it just scanned to see if there was another computer it could move to, and hopped over to it. Later, Thomas’s colleague Ray Tomlinson decided to give the Creeper an update, causing it to not only move automatically, but also self-replicate, leaving a copy of itself on a computer before moving onto the next one. But ol’ Ray wasn’t about to let his new creation run wild: to counteract it, he invented another virus called THE REAPER, which had the sole purpose of finding any computer infected by Creeper, and deleting the offending virus. In that respect, Ray Tomlinson is the father of both the modern virus and the first antivirus.
The first “wild child”: Elk Cloner
Of course, both Creeper and Reaper were very self-contained, sticking to the internal BBN network. The first virus found and recorded “in the wild” was called Elk Cloner, which ironically targeted Apple ll computers. Like most viruses before the prevalence of the internet, the only way to “catch” Elk Cloner was to slide in an infected floppy disk, which was usually loaded with a game. There, it would infect the main computer and any other floppy disks inserted into it, so it could spread. Worse still, when you booted up the infected game for the 50th time, then your screen would go black and you’d see this message:
Elk Cloner: The program with a personality
It will get on all your disks
It will infiltrate your chips
Yes, it's Cloner!
It will stick to you like glue
It will modify RAM too
Send in the Cloner!
Sounds pretty scary, right? Well, while it was certainly annoying, it was actually designed to be fairly harmless. It was crafted as a prank by future entrepreneur Rich Skrenta as a 15-year-old high schooler, and all you really had to do was reboot the computer to continue using it as normal. Although apparently he had a habit of doing these kinds of things, as his friends soon learned to stop trading floppy disks with him.
It was also around this time, 1983, that the term “computer virus” was coined by Fred Cohen, whose very first published academic paper was indeed called “Computer Viruses - Theory and Experiments.” In his paper, he described a computer virus as “a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself. With the infection property, a virus can spread throughout a computer system or network using the authorizations of every user using it to infect their programs. Every program that gets infected may also act as a virus and thus the infection grows.”
The first PC virus: Brain
Every virus before this point was for lesser-known operating systems, at least by today’s standards. It wasn’t until 1986 that the first real Windows PC virus was caught in the wild, and it was called “Brain.” Brain, much like the viruses that came before it, was more or less harmless, although it did slow floppy disks to a crawl and take up a good chunk of memory, as well as enable the creators to track the infected devices. While it took advantage of an exploit in the Microsoft operating system, it was never really designed to be a virus. Created by two brothers, Basit Farooq Alvi and Amjad Farooq Alvi, Brain was designed to protect their medical software from being pirated. They even had a message in the code that included their address and phone numbers so they could fix any infected machines. And yet, because the floppy it came on was so frequently stolen, they were astonished to find themselves swamped with requests to remove Brain from a lot of infected devices.
So in some ways, their plan worked a little too well.
The first to cause problems: Vienna
Viruses really started to become a problem in the late 1980s, as computers became more commonplace and people began to really experiment with the kind of shenanigans they could get into with malicious code. One of the products of this experimental age was the Vienna virus, which was a fairly harmful beast: when it infected a device, it would corrupt data and destroy files, seemingly for no reason other than to cause problems and grief for people running DOS devices.
It was just one of many such viruses in this time, but it was problematic enough that in 1987, a man named Brend Fix was tasked by Rolf Burger, a fellow computer scientist and author, to find a way to neutralize it. Thankfully, through some hard work, Brent Fix was able to live up to his last name and fix the issue, creating the very first dedicated antivirus software, which was able to detect and destroy the Vienna virus before it could cause any damage. Hooray!
Unfortunately, the first dedicated antivirus software didn’t really cause a splash. After all, at this time, viruses spread slowly and on a small scale, so widespread sharing of an antivirus wasn’t really worth the effort. Still, soon afterwards, others would be inspired and start designing their own programs to stop viruses, starting a game of cat and mouse between rival groups of hackers that has continued to this very day.
The first ransomware: AIDS Trojan
Up until this point, viruses only really existed for the entertainment of those who made them. They were purely a hobby, and the idea of actually making money off malicious software was hypothetical at best. But one man, Joseph Popp, would change that in 1989 with the release of the very first “ransomware”: the AIDS Trojan.
Once installed, the AIDS Trojan would start counting all the times you booted up your computer. Once you’d restarted 90 times, it would hide all of your files, rendering them inaccessible, and demand you send a letter to a specified address with 189 USD in it to “renew your license.” Joseph Popp was eventually caught and charged with 11 counts of blackmail, but was let off the hook after being declared mentally unfit and agreeing to donate the profits of his ransomware scheme to AIDS research.
If only all ransomware stories had such nice endings.
The first public panic: Michelangelo
Up until now, all the viruses you’ve read about were largely the domain of rich, educated men. Computers were luxury items, and they were usually only found in universities, businesses, and the homes of hobbyists and the elite. Plus, since computers were more-or-less self-contained, there was no easy way for them to spread, outside infecting other floppy disks and hoping they’d be inserted into different computers.
That all changed in 1992 when the Michelangelo virus was unleashed onto the world.
The Michelangelo virus was a destructive worm that would spread onto any floppy disk inserted into the computer, while remaining dormant and undetectable. But then on the titular painter's birthday, March 6th, it would activate and absolutely ruin any computer infected with it. While there was nothing especially unique about the Michelangelo virus, it was soon discovered that a few computer and software manufacturers accidentally shipped products with Michelangelo pre-installed onto them.
The actual number of infected computers was never more than 20,000. But John McAfee, founder of McAfee antivirus and… interesting fellow, made the expert claim that hundreds of thousands, if not millions of machines were infected. While we can’t say for sure what caused him to make those claims, the results speak for themselves: there was suddenly a lot more interest in antivirus technology. Which may have been a motivating factor in him riling up the public.
Who can say?
The first social engineering attack: Melissa
Melissa, released in 1999, was one of the first email-based viruses, and the first to ever use social engineering — that is to say, a mixture of deception and lies to bypass a computer’s defenses — to get the job done. It would spread itself by sending emails to email contacts with the following headline: "Important Message From <email address of the account from which the virus was sent>" The body text, meanwhile, read: "Here is that document you asked for ... don't show anyone else ;-)". The document, which was a DOC file, included a list of 80 pornographic websites as well as usernames and passwords to access each one (which must have been confusing to get from Grandpa).
More troubling, it would then send more infected documents to people on the target’s contact list, typically sending the porn list but also sending other DOC files found on the computer, which would have also been infected. This meant that oftentimes classified or private files would be shared with friends, family, or work associates.
Melissa would be contained fairly quickly, and its creator arrested, but perhaps its most important legacy is how it directly inspired one of the biggest malware attacks even to this day, ILOVEYOU, or the Love Letter worm. Sent through an email disguised as a love letter, ILOVEYOU's attack would begin upon the opening of the attached text file, unleashing a worm that would cause far more damage than your typical worm — even compared to the malware of today.
ILOVEYOU would download a Trojan as soon as it was activated, which would then overwrite files, steal user data such as usernames, passwords, IP addresses, and more, then send itself to everyone on your email contact list. Then, it would effectively lock you out of your own email address. By the time it was done, ILOVEYOU had compromised an estimated 45 million computers around the world (about 10% of all connected computers) and caused over 8 billion dollars in damages.
If Melissa was a wake-up call, ILOVEYOU was a warning shot. Not only to the impact malware could have on the unprotected, uninformed masses, but also all the things malware was capable of doing given enough free reign. Companies who had long since viewed security as a secondary concern started shifting priorities, and antivirus products, once seen as a nice luxury, became absolutely essential.
As it remains to this day.
History in the making
There have been a lot of other “firsts” in the world of cybersecurity, and we’re sure that as hackers continue to innovate, we’ll be seeing a lot more “firsts” in the future, too. But just as there are brilliant hackers who are trying to steal from you, there are just as many brilliant cybersecurity researchers who are working to keep you safe with products like AVG. So as long as you pay attention, keep your antivirus updated, and continue to learn more about cybersecurity, you can feel secure every time you log on.