Going viral

X-ray: We find out where internet viruses came from, how they work, and where they're going.

Remember those LAN nights we'd have as kids? There was always one guy who'd bring some horrible box onto the network infested with all the horrors of the Internet. Everyone would play C & C Generals for 3 hours, pizza would come, and then shortly after, everyone would be up for a reinstall because the systems were all so riddled with blaster.exe and other wonderful DCOM exploit misfortunes of the script-kiddie era. Good times.

We have a ticket this month into the nasty world of virus creation, infectious exploits and generally, malicious code. Nothing could be finer.

Where did we go wrong?
You have to wonder how we got into this situation. The Internet is a hostile place these days. It seems to imitate life in many respects. Bullying, terrorism, cults, and profound stupidity abound, but these somehow manage to coexist with culture, creativity, intelligence and a sense of global community.

The first known case of this intelligence unfortunately combined with the wonder of online communications came from the very organisation that created the Internet, namely, ARPANET in 1971. On one faithful day in August (the exact date of release is debated), the 'Creeper' virus was released to ARPANET, designed to infect and target DEC PDP-10 systems running TENEX OS. Creeper was interesting because it didn't actually do any harm, as a bit of mobile code that simply popped around the network printing "I am the Creeper, catch me if you can!" - which at the time was not even considered a virus. This was simply a demonstration of mobile code for the academic community to pontificate upon.

The concept of self-replicating code existed before any modern computers. It was an idea dreamt up in 1949 by the mathematician John von Neumann. These 'self replicating automata', as Neumann called them, would be the precursor to something (even if only in the theoretical form) that wouldn't rear its head until the 1980's.

First wave: Early viruses and the concept of worms
In 1983, a graduate student of USC named Fred Cohen wrote and demonstrated the first virus in Microsoft's DOS. Known as Brain, it was an attempt to obscure and cloak the presence of bad code by simulating all of the DOS system calls that normally alerted the system to problematic or potentially unstable runtime. It made a powerful proof, showing that all is not as it seems on an infected host. Activity displayed on a screen might be fabricated or falsified, and not match the reality of what a host is actually doing. This was the first time the concept of mistrust in computing was observed.

In 1987 the 'CHRISTMA EXEC' virus was, according to all reasonable sources and research, the first virus spread via email. Email then was a very primitive concept, and in this instance caused a large IBM mainframe-centric infection. This virus was also the first instance of a social-engineering mechanism, as the user was tricked into running an executable file with the lure of having a pretty Christmas tree graphic drawn on screen. Once the graphic was rendered, it then sent itself to all other recipients in the users address book. Thus, the email chain virus was born.

The now immortalised 'Morris worm' attacked 6000 systems in 8 hours in 1988. Comically, this was at the time around 11% of the entire Internet. The motivation behind the construction of this virus is rumoured to merely explore the depth of the Internet at the time, but its effects were clear enough. It was not designed with the intention of malicious destruction. Embarrassingly, its destructive nature in shutting down systems was due to programming mistakes and poor code. This was an example of the first virus to use a buffer overflow attack through a trivial vulnerability found in the UNIX 'Finger' binary. It went a small step further in 1989 with the unfortunately named WANK virus (Worms Against Nuclear Killers), which learnt well from the Morris virus and used a combination of buffer overflow exploits and email propagation mechanisms.