오픈연대기: Computer Virus

Computer Virus

1970 ~ 2007

stories 33

History of Computer Virus

by victor

Invite

2007
10.12 0 Hackers Paralyze Web Sites of Game Money Trading Firms

... The most advanced and trickiest form of a DoS attack is the Distributed Denial of Service Attack (DDoS), which occurs when hundreds of thousands of computers are manipulated by computer virus programs to attack a targeted system all at once. Meanwhile, a similar DoS attack hit The Korea Times Web site between Wednesday and Thursday. The newspaper has found that the attack ... 기사보기

+
01.17 0 Peacomm Trojan is identified

Peacomm Trojan identified as a fast spreading email spamming threat thought to have originated from Russia, it disguises itself as a news email containing a film about bogus news stories asking you to download the attachment which it claims is a film. Around June 30th it has infected 1.7 million computers.

+
01.07 0 Worm by hackers of popular website MySpace

A worm generated by hackers of the popular website MySpace was discovered by many users on the site. Some sites were unaffected while others showed display names of w0rm.EricAndrew. The hackers, Eric and Andrew changed wordings and added to others' sites.

+
0 Trojan is identified

In the context of computing and software, a Trojan horse, or simply trojan, is a piece of software which appears to perform a certain action but in fact performs another such as a computer virus. Contrary to popular belief, this action, usually encoded in a hidden payload, may or may not be actually malicious, but Trojan horses are notorious today for their use in the installation of backdoor programs. Simply put, a Trojan horse is not a computer virus. Unlike such malware, it does not propagate by self-replication but relies heavily on the exploitation of an end-user (see Social engineering). It is instead a categorical attribute which can encompass many different forms of codes. Therefore, a computer worm or virus may be a Trojan horse. The term is derived from the classical story of the Trojan Horse. In the field of computer architecture, 'Trojan Horse' can also refer to security loopholes that allow kernel code to access anything for which it is not authorized.

+
2006
01.20 0 The Nyxem worm is discovered

The Nyxem worm was discovered. It spread by mass-mailing. Its payload, which activates on the third of every month, starting on February 3, attempts to disable security-related and file sharing software, and destroy files of certain types, such as Microsoft Office files. Nyxem is a mass-mailing worm that tries to spread using remote shares. Nyxem Worm also tries to disable security-related and file sharing software as well as destroys files of certain types. When executed the worm, it copies itself to rundll16.exe, scanregw.exe, Update.exe, Winzip.exe. New Variants of Nyxem worm: W32 Nyxem.A W32 Nyxem.E W32 Nyxem.D The virus (Nyxem.E) is reported to activate on 3rd day of each month, 30 minutes after system startup.One of the ways you can tell the computer is infected: antivirus software won't run, there are Winzip.exe, Update.exe and WINZIP_TMP.EXE files in ?:WindowsSystem or ?:WindowsSystem32 folders.

+
2004
12. 0 Santy - phpBB software is launched

Santy is a computer worm created in Perl to exploit a vulnerability in phpBB software which used Google to spread across the internet. Within 24 hours of its release on 20 December 2004, a large number of websites (estimated by some at 30,000 to 40,000) were attacked by Santy. The worm caused writable files (of formats such as .php and .html) on the infected server to display the message "This site is defaced!!! This site is defaced!!! NeverEverNoSanity WebWorm generation X", where X is a number representing the generation of the worm. There have been variants of the worm, some which use alternative search engines after Google blocked queries from the Santy worm, and an anti-Santy anti-worm which attempts to patch vulnerable installations. The phpBB Group had released a patch for the vulnerability a month before the attacks, in phpBB 2.0.11.

+
2003
10.24 0 Sober worm appears

The Sober worm is first seen and maintains its presence until 2005 with many new variants.The simultaneous attack of the Blaster and Sobig worms caused a massive amount of damage.

+
2002
03. 0 Win32/Simile virus appears

Win32/Simile (also known as Etap) is a metamorphic computer virus written in assembly language for Microsoft Windows. The virus was released in the most recent version in early March 2002. It was written by the virus writer Mental Driller. Some of his previous viruses, such as Win95/Drill (which used the Tuareg polymorphic engine), have proved very challenging to detect. When the virus is first executed, it checks the current date. If the host file (the file that is infected with the virus) imports the file User32.dll, then on the 17th of March, June, September, or December, a message is displayed. Depending on the version of the virus the case of each letter in the text is altered randomly. On May 14, a message saying "Free Palestine!" will be displayed if the system locale is set to Hebrew. The virus then rebuilds itself. This metamorphic process is very complex and accounts for around 90% of the virus' code. After the rebuild, the virus searches for executable files in folders on all fixed and remote drives. Files will not be infected if they are located in a subfolder more than three levels deep, or if the folder name begins with the letter W. For each file that is found, there is a 50 percent chance that it will be ignored. Files will not be infected if they begin with F, PA, SC, DR, NO, or if the letter V appears anywhere in the file name. Due to the way in which the name matching is done, file names that contain certain other characters are also not infected, although this part is not deliberate. The virus contains checks to avoid infecting "goat" or "bait" files (files that are created by anti-virus programs). The infection process uses the structure of the host, as well as random factors, to control the placement of the virus body and the decryptor.

+
2001
03.08 0 Sadmind worm is discovered

The Sadmind worm spreads by exploiting holes in both Sun Microsystems Solaris (Security Bulletin 00191) and Microsoft Internet Information Services (MS00-078).The Sadmind worm was a self-popogating piece of malware which exploited vulnerabilities in both Sun Microsystem's Solaris (Security Bulletin 00191)and Microsoft's Internet Information Services (MS00-078), for which a patch had been made avilable seven months earlier. It was discovered on May 8, 2001.

+
0 Ramen worm appears

A worm strikingly similar to the Morris worm, named the Ramen worm infected only Red Hat Linux machines running version 6.2 and 7, using three vulnerabilities in wu-ftpd, rpc-statd and lpd. The Ramen worm is a completely automated worm that attacks random systems using exploits of three known vulnerabilities: wu-ftp; LPRng; rpc.statd. The worm is distributed as an archive named ramen.tgz, which contains a mixture of executable binaries and shell scripts. The binaries perform the scanning and attacks while the scripts provide the automation. There is no built-in mechanism for stopping the attacks after they have been started. When a machine is compromised by any of these vulnerabilities, the attacking program creates the directory /usr/src/.poop. The program then uses lynx to connect back to the attacking machine via the asp port (27374) and and get a copy of ramen.tgz which it places in the /usr/src/.poop directory. The ramen.tgz file is unzipped, untared, and the script start.sh is run.

+
0 CIH virus’ comes back

The CIH virus made another comeback in 2001 when a variant of the Loveletter Worm in a VBS file containing a dropper routine for the CIH virus was circulated around the internet, disguised as a nude picture of Jennifer Lopez. A modified version of the virus called CIH.1106 was discovered in December 2002, but it is not a serious threat. CIH is considered a threat only if it infects programs used by mass-mailing computer worms, such as Klez, or if the Anjulie Worm comes into play. However, CIH only works on Windows 95, 98, and Windows Me, greatly limiting its effects.

+
2000
05. 0 VBS/Loveletter worm appears

The VBS/Loveletter ('ILOVEYOU') worm appeared. As of 2004 this is the most costly virus to business, causing upwards of 10 billion dollars in damage. The backdoor trojan to the worm, Barok, was created by Filipino programmer Onel de Guzman; it is not known who created the attack vector or who (inadvertently) unleashed it; de Guzman himself denies being behind the outbreak although he suggests he may have been duped by someone using his own Barok code as a payload.

+
0 Zmist virus appears

ZMist (also known as Zombie.Mistfall) is a metamorphic computer virus created by Russian virus writer known as Z0mbie. It was the first virus to use a technique known as "code integration". In the words of Szor and Ferrie (see link below): This virus supports a unique new technique: code integration. The Mistfall engine contained in it is capable of decompiling Portable Executable files to its smallest elements, requiring 32 MB of memory. Zmist will insert itself into the code: it moves code blocks out of the way, inserts itself, regenerates code and data references, including relocation information, and rebuilds the executable.

+
1999
06.06 0 ExploreZip worm is detected

The ExploreZip worm, which destroys Microsoft Office documents, is first detected. ExploreZip, also known as I-Worm.ZippedFiles, is a destructive computer worm which attacks machines running Microsoft Windows. It was first discovered in Israel on June 6, 1999.It is distributed in the form of an e-mail message with the words: Hi! I have received your email and I shall send you a reply ASAP. Till then take a look at the attached zipped docs. Bye! The message includes an attachment with the name ZIPPED_FILES.EXE. If opened, a dialog box appears in Windows resembling the one normally appearing when opening a corrupted Zip archive, while the worm copies itself onto the machine's hard drive, while modifying the WIN.INI file (Windows 9x) or the Windows Registry (Windows NT) so that it re-executes on reboot. The worm looks for a copy of Microsoft Outlook to mail itself to all other people in the user's address book and also destroys Microsoft Office documents and C and C++ source files on the user's hard-drive by overwriting them with zero-byte files.

+
03.26 0 Melissa worm is released

The Melissa worm is released, targeting Microsoft Word and Outlook-based systems, and creating considerable network traffic. The Melissa worm, also known as "Mailissa", "Simpsons", "Kwyjibo", or "Kwejeebo", is a computer worm that also functions as a macro virus, hence making it a "multipartite virus". First found on March 26, 1999, Melissa shut down Internet mail systems that got clogged with infected e-mails propogating from the worm. Melissa was first distributed in the Usenet discussion group alt.sex. The virus was inside a file called "List.DOC," which contained passwords that allow access into 80 pornographic websites. The worm's original form was sent via e-mail to many people. Melissa was written by David L. Smith in Aberdeen Township, New Jersey, and named after a lap dancer he encountered in Florida. The creator of the virus called himself Kwyjibo, but was shown to be identical to macrovirus writers VicodinES and Alt-F11 who had several Word-files with the same characteristic Globally Unique Identifier (GUID), a serial number that was earlier generated with the network card MAC address as a component. Smith was sentenced to 20 months in a federal prison and fined $5000.

+
02. 0 Happy99 worm appears

The Happy99 worm invisibly attached itself to emails. Displayed fireworks to hide changes being made and wished you a happy new year. Modified system files related to Outlook Express and Internet Explorer on Windows 95 and Windows 98. DLL infection became increasingly successful with the appearance of the Happy99 worm (also known as W32/SKA.A, the worm's CARO name), written by Spanska in early 1999.

+
1998
06.02 0 The first version of the CIH virus appears

CIH, also known as Chernobyl or Spacefiller, is a computer virus written by Chen Ing Hau of Taiwan. It is considered to be one of the most harmful widely circulated viruses, destroying all information on users' systems and in some cases overwriting the system BIOS. In September 1998, Yamaha shipped a firmware update to their CD-R400 Drives that were infected with the virus. In October 1998, a demo version of the Activision game SiN that was propagated by users got infected due to contact with an infected file on a certain user's machine. That company's infection came from a group of Aptiva PC's shipped by IBM during March 1999 with the CIH virus pre-installed. The computers were shipped around a month before the CIH payload activated for the first time in the public eye on April 26, 1999. This was a catastrophic event, and an untold number of computers worldwide were affected with the first 1024 KB of their boot drives being over-written with zeroes and even having their BIOS damaged, preventing the computer from successfully completing the POST process. By April 26, 2000, much of the damage was happening in Asia, but the virus was not as widespread there. On March 2001, the Anjulie Worm was discovered. It drops CIH v1.2 into the system as part of its payload. Today, CIH is not as widespread as it once was due to awareness of the threat and the fact it only affects older Windows 9x operating systems.

+
1995
0 The first Macro virus is created

The name Concept virus refers to two different pieces of computer malware, each of which has acted as a proof of concept for a new method of propagation. WM.Concept (1995), the first macro virus that spread through Microsoft Word. In computing terminology, a macro virus is a virus that is written in a macro language: that is to say, a language built into a software application such as a word processor. Since some applications (notably, but not exclusively, the parts of Microsoft Office) allow macro programs to be embedded in documents, so that the programs may be run automatically when the document is opened, this provides a distinct mechanism by which viruses can be spread. This is why it may be dangerous to open unexpected attachments in e-mails. Modern antivirus software detects macro viruses as well as other types

+
1991
04. 0 Michelangelo is discovered

The Michelangelo virus is a computer virus first discovered in April 1991 in New Zealand. The virus was designed to infect MS-DOS systems and remain dormant until March 6, the birthday of Renaissance artist Michaelangelo, before becoming active and wreaking havoc. Although designed to infect MS-DOS systems, the virus can easily disrupt other operating systems installed on the system since, like many viruses, the Michaelangelo infects the master boot record of a hard drive. Once a system became infected, any floppy disk inserted into the system becomes immediately infected as well. And because the virus spends most of its time dormant, activating only on March 6, it is conceivable that an infected computer could go for years without detection — as long as it wasn't booted on that date after being infected. The virus first came to widespread national attention in January 1992, when it was revealed that a few computer manufacturers had accidentally shipped computers infected with the virus. Although the infected machines numbered only in the hundreds, the resulting publicity spiraled into "expert" claims of thousands or even millions of computers infected by Michelangelo. However, on March 6, 1992, only 10,000 to 20,000 cases of data loss were reported. The news media lost interest, and the virus was fairly quickly forgotten. Despite the scenario given above, in which an infected computer could evade detection for years, by 1997 no cases were being reported in the wild

+
1990
0 1260 virus is released

Mark Washburn working on an analysis of the Vienna and Cascade viruses with Ralf Burger develops the first family of polymorphic virus: the Chameleon family. Chameleon series debuted with the release of 1260. '1260' was a computer virus written in 1990 that used a form of polymorphic encription, allowing it to periodically modify its signature in preset ways, while still keeping the same algorithim. In computer terminology, polymorphic code is code that mutates while keeping the original algorithm intact. Polymorphic code was invented in 1992 by the Bulgarian cracker Dark Avenger (a pseudonym) as a means of avoiding pattern recognition from antivirus-software. This technique is sometimes used by computer viruses, shellcodes and computer worms to hide their presence. Most anti virus-software and intrusion detection systems attempt to locate malicious code by searching through computer files and data packets sent over a computer network. If the security software finds patterns that correspond to known computer viruses or worms, it takes appropriate steps to neutralize the threat. Polymorphic algorithms make it difficult for such software to locate the offending code as it constantly mutates. Encryption is the most commonly used method of achieving polymorphism in code. However, not all of the code can be encrypted as it would be completely unusable. A small portion of it is left unencrypted and used to jumpstart the encrypted software. Anti-virus software targets this small unencrypted portion of code. Malicious programmers have sought to protect their polymorphic code from this strategy by rewriting the unencrypted decryption engine each time the virus or worm is propagated. Sophisticated pattern analysis is used by anti-virus software to find underlying patterns within the different mutations of the decryption engine in hopes of reliably detecting such malware.

+
1989
10. 0 The first multipartite virus is discovered

Ghostball was the first multipartite virus discovered. The virus was discovered in October 1989 by Fridrik Skulason. It infected both executable .COM-files and boot sectors. A computer virus that contain multiple parts. The different parts could target different parts of a system, e.g. the virus could be a combined file and boot sector virus. For a complete cleanup, all parts of the virus must be removed, otherwise the virus can re-infect a system over and over again.

+
1988
11.02 0 The Morris worm is created

The Morris worm, created by Robert Tappan Morris, infects DEC VAX and Sun machines running BSD UNIX connected to the Internet, and becomes the first worm to spread extensively "in the wild", and one of the first well-known programs exploiting buffer overrun vulnerabilities. The Morris worm or Internet worm was one of the first computer worms distributed via the Internet; it is considered the first worm and was certainly the first to gain significant mainstream media attention. It was written by a student at Cornell University, Robert Tappan Morris (now an associate professor at MIT), and launched on November 2, 1988 from MIT. The Morris worm was not written to cause damage but to spread; bugs in the code, however, caused it to be more damaging -- a computer could be infected multiple times and each additional process would slow the machine down to the point it would be unusable. The Morris worm worked by exploiting known vulnerabilities in Unix sendmail, Finger, rsh/rexec and weak passwords. It could only infect DEC VAX machines running 4 BSD and Sun 3 systems.

+
01. 0 Festering Hate virus appears

The Festering Hate, Apple, ProDOS virus spreads from underground pirate BBS systems and starts infecting mainstream networks. Festering Hate and CyberAIDS are the names of the first two Apple, ProDOS viruses. Cyber AIDS appears to have been a series of viri with minor changes in the code, culminating in the final version called Festering Hate, which appeared in 1988 (The Festering Hate World Tour - Festering Hate in '88). When the virus went off the title page credited "Rancid Grapefruit" and "Cereal Killer" of the "Kool/Rad Alliance!" The phone number embedded in the detonation page was apparently the home number of John Maxfield (a.k.a., Cable Pair) a well-known FBI informant and private investigator of the era, whose speciality was computer crime and hackers. Unlike the few Apple viri that had come before, such as the Elk Cloner virus, that were essentially annoying but did no damage. The Festering Hate series of viri was extremely destructive, spreading to all system files it could find on the host computer (hard drive, floppy and system memory) and then destroying everything when it could no longer find any uninfected files.

+
1987
11. 0 SCA virus appeares

The SCA virus, a boot sector virus for Amigas appears, immediately creating a pandemic virus-writer storm. A short time later, SCA releases another, considerably more destructive virus, the Byte Bandit.The SCA virus was the first computer virus created for the Commodore Amiga. It appeared in November 1987. The SCA virus was a boot sector virus. It featured a quite famous line of text that appeared at every 15th reboot: Something wonderful has happened; Your AMIGA is alive !!! and, even better...; Some of your disks are infected by a VIRUS !!! Another masterpiece of The Mega-Mighty SCA !! "SCA" is an acronym for the Swiss Cracking Association, a group engaged in software protection removal, so the geographic origin of the virus was Switzerland. The virus was probably authored by an SCA member known as "CHRIS". SCA would not harm disks per-se, but would spread to any write-enabled floppies inserted. If they used custom bootblocks (such as games), they would be rendered unusable. SCA also checksums as an original filesystem (OFS) bootblock so would destroy newer filesystems if the user didn't know the proper use of the "install" command to remove SCA ("install df0: FFS FORCE" to recover a 'fast filesystem' floppy). The "Mega-Mighty SCA" produced the first Amiga virus checker which killed the SCA virus. This may well have been in response to estimates that approximately 40% of all Amiga users had SCA in their disk collection somewhere, due to rampant piracy. Other authors inspired by the harmless SCA virus would later produce more destructive viruses known as the Byte Bandit and the Byte Warrior.

+
10. 0 The Jerusalem virus is detected

The Jerusalem virus, part of the (at that time unknown) Suriv family, is detected in the city of Jerusalem. Jerusalem destroys all executable files on infected machines upon every occurrence of Friday the 13th (except Friday the 13th Nov 1987 making its first trigger date May 13th 1988). Jerusalem caused a worldwide epidemic in 1988. Jerusalem is a DOS file virus first detected in Jerusalem, Israel, in October 1987. Upon infection, the Jerusalem virus became memory resident, and would then infect every executable file run. The program contained one destructive payload that was set to go off on Friday the 13th, all other years than 1987. On that date, the virus would delete every program file that was executed. Jerusalem is also known as BlackBox because of a black box it displays during the payload sequence. Jerusalem was initially very common (for a virus of that time of the day) and spawned a large number of variants. However, since the advent of Windows, Jerusalem and its variants have become obsolete.

+
0 Lehigh virus appeares

Appearance of Lehigh virus, boot sector viruses such as Yale from USA, Stoned from New Appearance of Lehigh virus, boot sector viruses such as Yale from USA, Stoned from New Zealand, Ping Pong from Italy, and appearance of first self-encrypting file virus, Cascade. Lehigh was never released to the wild however. A subsequent infection of Cascade in the offices of IBM Belgium led to IBM responding with its own antivirus product development. Prior to this, antivirus solutions developed at IBM were intended for staff use only.

+
1986
12. 0 Ralf Burger presents Virdem model

Ralf Burger presented the Virdem model of programs at a meeting of the underground Chaos Computer Club in Germany. The Virdem model represented the first programs that could replicate themselves via addition of their code to executable DOS files in COM format. The Chaos Computer Club (CCC) is one of the biggest and most influential hacker organisations. The CCC is based in Germany and other German-speaking countries and currently has about 1,500 members. The CCC describes itself as "a galactic community of life's beings, independent of age, sex, race or societal orientation, which strives across borders for freedom of information…." In general, the CCC struggles for more transparency in governments, freedom of information and a human right to communication. Supporting the principles of the hacker ethic, the club also fights for free access to computers and technological infrastructure for everybody.

+
01. 0 The Brain boot sector virus is released

The Brain boot sector virus (aka Pakistani flu) is released to the wild. Brain is considered the first IBM PC compatible virus, and the program responsible for the first IBM PC compatible virus epidemic. The virus is also known as Lahore, Pakistani, Pakistani Brain, as it was created in Lahore, Pakistan by 19 year old Pakistani programmer, Basit Farooq Alvi and his brother Amjad Farooq Alvi. Brain (the industry standard name being Brain) is a 1987 computer virus that infects DOS FAT file systems. The virus is also known as Lahore, Pakistani, Pakistani Brain, and UIUC. Brain is a boot sector infector that moves the boot sector and replaces it with a copy of the virus. The real boot sector is moved to another sector and marked as bad. The Disk label is also changed to (c)Brain. Infected disks have 3kb of bad sectors. The following text can be seen in infected boot sectors: "Welcome to the Dungeon (c) 1986 Brain & Amjads (pvt) Ltd VIRUS_SHOE RECORD V9.0 Dedicated to the dynamic memories of millions of viruses who are no longer with us today - Thanks GOODNESS!! BEWARE OF THE er..VIRUS : this program is catching program follows after these messages....$#@%$@!!" There are many minor and major variations to that version of the text. The virus slows down the floppy disk drive and makes 7KB of memory unavailable to DOS. This virus was written by two brothers who lived in Chahmiran, Lahore, Pakistan. The brothers told TIME magazine they had written it to protect their medical software from software pirates. The virus, supposedly, was going to target copyright infringers only. The virus came complete with the brothers' real address and three phone numbers, and a message that said the user's machine had been infected and for inoculation the user should call them. The following message was: "Welcome to the Dungeon (c) 1986 Basit * Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. Beware of this VIRUS.... Contact us for vaccination..." When they started getting a ton of phone calls from people in USA, Britain, and elsewhere, demanding them to disinfect their machines, the brothers were stunned and tried to explain to the outraged callers that their motivation had not been malicious. They ended up having to get their phone lines cut off and regretted that they had revealed their contact info in the first place. The brothers are still in business in Pakistan as ISPs in their company called Brain Limited.

+
1983
11.10 0 Cohen demonstrates a virus-like program

At Lehigh University, Cohen demonstrates a virus-like program on a VAX11/750 system. The program was able to install itself to, or infect, other system objects. VAX is a 32-bit computing architecture that supports an orthogonal instruction set (machine language) and virtual addressing (i.e. demand paged virtual memory). It was developed in the mid-1970s by Digital Equipment Corporation (DEC). DEC was later purchased by Compaq, which in turn was purchased by Hewlett-Packard. The VAX has been perceived as the quintessential CISC processing architecture, with its very large number of addressing modes and machine instructions, including instructions for such complex operations as queue insertion/deletion and polynomial evaluation.

+
0 The term 'virus' is coined by Frederick Cohen

The term 'virus' is coined by Frederick Cohen in describing self-replicating computer programs. In 1984 Cohen uses the phrase "computer virus" – as suggested by his teacher Leonard Adleman – to describe the operation of such programs in terms of "infection". He defines a 'virus' as "a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself."

+
1982
0 Elk Cloner is created for Apple II systems

A program called Elk Cloner, written for Apple II systems and created by Richard Skrenta. Apple II was seen as particularly vulnerable due to the storage of its operating system on Floppy disk. Elk Cloner's design combined with public ignorance about what malware was and how to protect against it led to Elk Cloner being responsible for the first large-scale computer virus outbreak in history. Elk Cloner is the first known computer virus that has spread "in the wild", i.e., outside the computer system or lab it was written in. It was written around 1982 by a 15-year-old high school student named Rich Skrenta for Apple II systems. Elk Cloner spread by infecting the Apple II's operating system, stored on floppy disks. When the computer was booted from an infected floppy, a copy of the virus would automatically start.

The virus would not normally alter the working of the computer, except from monitoring disk access. When an uninfected floppy was accessed, the virus would copy itself to the disk, thus infecting it, too, slowly spreading from floppy to floppy. Like many of the early viruses, Elk Cloner did not cause any deliberate harm, although it could harm disks not containing the standard DOS image - it overwrote its reserved tracks regardless of the contents. Like many of the early viruses, however, it did cause annoyance: on every 50th booting the virus would display a short "poem", as follows: Elk Cloner: The program with a personality It will get on all your disks It will infiltrate your chips Yes it's Cloner! It will stick to you like glue Annoyance in fact was the reason of the virus. Its 15-year-old author previously had the habit of giving out pirated computer games to his friends, but games modified such that they would stop working after a given number of games. This scheme guaranteed a high level of annoyance: by the time those friends grew to like the programs the programs would stop working, usually with some "humorous" message (at least as judged by their author). After a while those friends learned never to allow Skrenta near their disks. Then came Cloner, which could annoy friends without Skrenta physically gaining access to their disks. According to contemporary reports, the virus was rather contagious, successfully infecting the floppies of most people Skrenta knew (including his math teacher), upsetting many of them (including said math teacher). Part of the "success", of course, was that people were not at all wary of the potential problem (virus infection could have been avoided by not inserting floppies into computers without hard-booting them before), nor were virus scanners or cleaners available. The virus could still be removed, but it required an elaborate manual effort.

+
1975
0 Pervading Animal appears

Pervading Animal, a game written for the UNIVAC 1108, appeared. It remains a matter of debate whether Pervading Animal represented the first Trojan or an innocent game with unintended bugs.The UNIVAC 1108 was the second member of Sperry Rand's UNIVAC 1100 series of computers, introduced in 1964. Integrated circuits replaced the thin film memory that the UNIVAC 1107 used for register storage. Smaller and faster cores were used for main memory.

+
1970
0 Creeper virus is detected

Creeper virus was detected on ARPANET infecting the Tenex operating system. Creeper gained access independently through a modem and copied itself to the remote system where the message, 'I'M THE CREEPER : CATCH ME IF YOU CAN.' was displayed. The Reaper program, itself a virus, was created to delete Creeper, the creators of both programs are unknown.