Computer Virus History
Dave Carlson - January 5, 1990
Where Did Viruses Come From?
“The history of computer virus programs in a small part of the history of people’s attempts to do undesirable things with computers.”1 Many computer historians credit Frederick G. Stahl of Chesterfield, Missouri with the creation of the first computer virus in 1959.2 He was inspired by a June 1959 article in Scientific American, written by L.S. Penrose, about self-reproducing mechanisms.3 Stahl’s virus evolved in the early 1960s similar to a computer game called Core Wars. Core War participants (extremely experienced programmers) created code to take over each other’s computer memory core.
The Core War code (called Redcode assembly language), was kept secret for nearly twenty years. Ken Thompson, a software engineer who had written an early computer operating system, publicly revealed the code during a speech in 1983.4 in May 1984, Scientific American offered the code to the world. For $2.00, readers could order guidelines to set up a Core War battlefield of their own.5 This offer was repeated in 1985.6
Since its introduction to the world, Core Wars has become a popular pastime for serious computer programmers. In 1986, The Computer Museum of Boston hosted the first public Core War tournament. The tournament’s popularity sparked the formation of an International Core Wars Society.7 Core War tournaments have become an annual international event where programmers from around the world gather to play computer war games. Their attack code displays many of the tenants of war: speed, strength, surprise, etc. Legitimate players of Core Wars follow a well-defined set of rules (a sort of Geneva Convention of Core Wars). Unfortunately, there are hacker mercenaries who don’t follow the rules – they violate the Law of War and attack non-combatants.
At least one author credits Fred Cohen with creating the term virus to define malicious computer code.8 In a paper written for the 7th Department of Defense and National Bureau of Standards Computer Security Conference (September 1984), Cohen discussed the concept of computer viruses.9
No two computer experts agree on the exact number of computer viruses in the world. However, most experts name the PAKISTANI BRAIN as the first wide-spread MS-DOS computer virus.10
The PAKISTANI BRAIN was created in January 1986 by two brothers from Lahore, Pakistan. The brothers had no idea they had created such a powerful force. The intention was to create a “protection scheme” to punish anyone who illegally copied software. Their plan was to use the code to identify pirated copies of software. They never dreamed the virus would circle the globe as it did.
When they realized the virus had gotten out of control, the brothers warned as many computer users as they could about the virus. They posted messages on computer bulletin boards, issued press releases, and offered an open apology to anyone who had been inconvenienced by their experiment.
Donald Burelson was the first person in the United States to be conviced of a “computer virus” crime.11 In 1988, a Tarrant County, Texas court found Burelson guilty of planting a virus in the computer system of USDPA & IRA, a Fort Worth insurance and brokerage firm, his former employer. He was sentenced to seven years of probation.
After being fired from the firm, Burelson avenged himself by releasing a program that erased 168,000 payroll records. Actually, Burelson did not release a virus in the system. His program was more appropriately called a logic bomb, since it did not make copies of itself to spread to other computers. However, Davis McCown, the assistant district attorney who prosecuted Burleson, hoped the conviction would motivate other prosecutors to indict those who introduce destructive code of any type into someone else’s computer.12
Planting a computer virus in someone else’s computer obviously is wrong. But, the wording of national and state computer security laws is vague. Getting a conviction is still difficult. Perhaps the future will bring definitive laws that include all forms of computer assaults.
The first legitimate computer virus cure was offered by Ross M. Greenberg. His product FLU-SHOT+ has been distributed as a shareware product for several years. While it, arguably, may not be the best anti-virus product on the market, FLU-SHOT+ is effective against many computer virus problems.
“Virus creators are, in fact, criminals. Building a virus doesn’t illustrate a programmer’s ingenuity – only his or her viciousness.”13 While the concept behind how viruses work has legitimate applications, most viruses have been written by programmers who had no legitimate reason for creating the destructive code.
Perhaps the future will bring laws with teeth, along with methods to catch those who spread destructive viruses. Maybe someone will create a cure-all anti-virus product. But until then, it is up to the computer user community to spread the word about the computer virus problem. If you know someone who has a computer virus and plans to spread it to someone else’s computer, contact the authorities and let them know about the situation. Let’s all work together to eliminate computer viruses. Someday we may read about computer viruses only in the history books – not in the newspapers.
1 Philip Fites, Peter Johnston, and Martin Krants, The Computer Virus Cirsis (New York: Van Nostrand Reinhold, 1989), 17.
2 A. K. Dewdney, “A ‘Core War’ bestiary of viruses, worms, and other threats to computer memories,” Scientific American, March 1985, 14.
4 Scott W. Cullen, “The Computer Virus: Is There a Real Panacea?,” The Office, March 1989, 44.
5 A. K. Dewdney, “In the game called ‘Core War’ hostile programs engage in a battle of bits.” Scientific American, May 1984, 14.
6 NOTE: The original address was: Core War, Scientific American, 415 Madison Avenue, New York, NY 10017.
7 A. K. Dewdney, “A program called ‘MICE’ nibbles its way to victory in the first ‘Core War’ tournament,” Scientific American, January 1987, 14.
8 Fites, 5.
9 Fites, 17.
10 John D. McAfee, “Managing the Virus Threat: How MIS can protect data from the gremlins of today’s computer systems,” ComputerWorld, 13 February 1989, 93.
11 Executive Summary, “Computer Viruses,” Information Week, 26 September 1988, 10.
12 Kenan Woods, “A virus by any other name,” PC Computing, February 1989, 44.
13 Gregg Keizer, “Safe Computing – Protecting Your Computer in the Viral Age,” COMPUTE!, June 1988, 4.