The Eighties: Experimenting with Malice

Kraus’ work described the construction of such phenomena, and is the first paper to document how different types of programs can borrow features form the biological world in order to survive, spread and infect other entities. However, his paper had been never presented, and any reference to it got buried in the archives of the Dortmund University.  

Worms Start Biting from the Apple

In early 1981, Apple II systems started gaining ground in both home and academia environments. Their popularity and relative affordability triggered the first large-scale virus outbreak in the industry. Although only a small fraction of the worldwide computers were connected to the Internet, viruses would spread by infecting the floppy disks hosting the operating system. Rich Skrenta's  Elk Cloner was the first Apple II virus to spread using infected floppy drives.

Skrenta was a junior high school student when he wrote the virus. “I coded up Elk Cloner and gave it a good start in life by infecting everyone's disks I could get my hands on," he allegedly said later.

Each time a computer boots from the infected media, an instance of the virus is automatically executed. The virus would carefully monitor for access to an uninfected floppy drive – each tine a new disk was inserted, it would copy its code on the new medium. Since floppy disks were the only way users could pass information along, the virus slowly spread across thousands machines.

Elk Cloner used to infect the boot sector for Apple II computers, and the outbreak rapidly escalated, mostly because computer users were unaware of such security threats and there were no antivirus programs available. Its payload would often rotate images or blink textual jokes, such as the Elk Cloner Poem :

The virus triggered its payload from 50 to 50 boot operations. 

ELK CLONER:
THE PROGRAM WITH A PERSONALITY
IT WILL GET ON ALL YOUR DISKS
IT WILL INFILTRATE YOUR CHIPS
YES, IT'S CLONER
IT WILL STICK TO YOU LIKE GLUE
IT WILL MODIFY RAM, TOO
SEND IN THE CLONER!

The Elk Cloner was only the starting point for a series of new viruses targeted at Apple II systems. Joe Dellinger, a student at Texas A&M University also wrote three self-reproducing programs for Apple II disks, called Virus 1, Virus 2 and Virus 3.

Another viral experiment was initiated by Jon Hepps and John Shock of Xerox PARC. The goal of this new research project was to create worms for divided computer programs. However, a procedural flaw in handling the viruses lead to uncontrolled self-replication, and, in order to avoid an outbreak, the project is terminated.

In 1983, Professor Len Adleman and his computer science student, Frederick Cohen, use for the first time the term “virus” to represent self-replicating pieces of software running in the Apple II environment. Later that year, Adleman  demonstrated a piece of software running on a  VAX11/750 system, that was able to infect other programs running on the same machine by modifying their object code and “instructing” them to install subsequent copies of itself.

Len Eidelmen is considered to be the pioneer of modern computer virology.

Fred Cohen’s first fully-functional virus was also presented in 1983. It was programmed under the Unix operating system, and affects the VD command. Each time an infected process is triggered; it inherits its system privileges, and then transfers them to each available user.

Another Trojan horse affecting Apple II systems shows up in 1985. Called the EGABTR, the new piece of malware claimed it is a graphics utility aimed at boosting the poor video performance available at that time. However, once the “utility” was launched, files stored on the hard disk were completely wiped out , while a message displayed on the computer’s screen read: “Arf, arf, Gotcha!”. Right after the incident, the "Apples" magazine tried to raise users’ awareness towards malware by publishing a source code virus for Apple II.

Instead of recursively deleting the files, the concealed Trojan deleted the file allocation tables on the hard drive

Malware has no geographical limits, and in 1986 two Pakistani computer-shop owners came up with a new virus affecting IBM PC microcomputers. Basit Farooq Alvi and Amjad Farooq Alvi wrote a harmless program that would display their names and addresses in order to gain customers’ loyalty .  However, the final result was the Brain virus, the first MS-DOS threat that infected thousands of computers worldwide.

Other sources claim that the two brothers wrote the virus as they got tired of people making illegal copies of the programs sold in the computer store.

The Brain virus was relatively harmless , as it only changed disk name to '© Brain'. However, it is extremely important in terms of malware evolution as it marks the first reference to a “stealth virus”.  Each time the user attempted to read the infected sector, the virus would only display uninfected data.

Later reports alleged that the virus managed to invade ARPANET (a division of the US Department of Defense) computers and disabled 6000 computers in 1988.

Later in 1986, German programmer Ralf Burger unveils the Virden virus during an underground computer forum, called the Chaos Computer Club conference. The virus was located itself in the disk's boot sector and is spread by means of boot sector exchange. The new virus only infected COM files, but did not contain a truly malicious payload.