Cohen inserted his proof-of-concept code into a Unix command, and within five minutes of launching it onto a mainframe computer, had gained control of the system. In four other demonstrations, the code managed to seize control within half an hour on average, bypassing all of the security mechanisms current at the time. It was Cohen’s academic adviser, Len Adleman (the A in RSA Security), who likened the self-replicating program to a virus, thus coining the term.
But Cohen’s malware wasn’t the first of its kind.
Others had theorized about self-replicating programs that could spread from computer to computer, and a couple of tinkerers had already successfully launched their own digital infections prior to Cohen’s presentation. But his proof-of-concept program put computer scientists on notice about the potential scourge of an intentionally malicious attack.
A 15-year-old kid from Pennsylvania was one programmer who beat Cohen to the draw. Rich Skrenta had a penchant for playing jokes on friends by spiking Apple II gaming programs with trick code that would shut down their computers or do other annoying things.
In 1982 he wrote the Elk Cloner program — a self-replicating boot-sector virus that infected Apple II computers through a floppy disk. Every 50th time the infected computer re-booted, a little ditty popped up:
It will get on all your disks
It will infiltrate your chips
Yes, it’s Cloner!
It will stick to you like glue
It will modify RAM too
Send in the Cloner!
Skrenta’s program wasn’t called a virus, since that moniker came later, nor did it spread widely outside his circle of friends.
That was left for the first virus spotted “in the wild” a couple of years later.
The “Brain” was written in 1986 by two Pakistani brothers who claimed they only intended to infect IBM PCs running bootleg copies of a heart-monitoring program they created. The virus included a copyright notice with the brothers’ names and phone numbers so that people whose computers were infected could contact the brothers to obtain a “vaccination.” Numerous variations of Brain followed.
Then in 1988, Robert Tappan Morris Jr., a Cornell University graduate student and son of a National Security Agency chief scientist, unleashed the first widely propagating worm.
Unlike viruses, which are embedded in programs and copy themselves from system to system to unleash a payload, a worm can travel on its own without a carrier program, slithering through networks, searching for any connected system to infect with clones of itself, clogging the network as it spreads.
It’s been estimated that between 5 and 10 percent of all machines connected to the internet at that time — most of them at universities or other research facilities — were hit by the worm.
Morris was the first person to be tried and convicted under the Computer Fraud and Abuse Act of 1986. He was given three years probation and is now a professor at MIT.
The growth of viruses and worms was fairly slow after this until the mid-1990s, when the proliferation of desktop PCs and e-mail usage opened the way for large-scale infections. Viruses that previously relied on floppy disks and the “sneakernet” to spread, could now infect millions of machines with a little clever social engineering designed to trick users into opening infected attachments.
The Melissa virus set the tone for fast-moving viruses in 1999, reaching about 250,000 computers. Its payload was mostly innocuous, however. Whenever the time of day matched the date — say, 5:20 on May 20 — a quote from The Simpsons popped up on the screen.
The Love Bug struck a year later, leaving Melissa in the dust. Also known as LoveLetter, it was crafted by a student in the Philippines, and arrived at inboxes with the subject line, “I Love You.”
When a user clicked on an e-mail attachment named LOVE-LETTER-FOR-YOU.TXT.vbs, the virus used Microsoft Outlook to send itself to everyone in the user’s address book. It then contacted one of four web pages to download a Trojan horse designed to collect user names and passwords stored on the computer and send them to an e-mail address in the Philippines.
The virus spread more widely than any malware before it, hitting 55 million computers and infecting 2.5 to 3 million. It was estimated to have caused $10 billion in damage, but the student who unleashed it escaped prosecution because the Philippines had no computer-crime law at the time.
Viruses have proliferated rapidly since then, and malware has become more sophisticated and more vicious. The motives of malware writers have changed as well — instead of doing annoying tricks to your computer to get attention, the majority of programs sit stealthily on your computer to steal data, siphon money from online bank accounts or turn your system into a zombie for spam-spewing botnets.
Photo: Fred Cohen