The History of Computer Viruses

On November 10, 1983, a handful of seminar attendees at Lehigh University, Pennsylvania, USA, heard for the first time the term “virus” applied to computing. The use of the word was strange. The virus that was then on everyone’s mind was the one isolated a few months earlier at the Pasteur Institute in Paris that could be the cause of a new disease called AIDS. In the digital world, talking about viruses was almost nonsense. The first PC had been launched on the market just two years earlier and only the most technologically informed were running an Apple II computer or one of its early competitors.

Los primeros virus eran demostraciones tecnológicas y la motivación de sus creadores era la investigación. Crédito: Geralt

The first viruses were technological demonstrations and the motivation of their creators was research. Credit: Geralt

However, when on that day the graduate student from the University of Southern California Fred Cohen inserted a diskette into a VAX11/750 mainframe computer, the attendees noted how code hidden in a Unix program installed itself and took control in a few minutes, replicating and spreading to other connected machines, similar to a biological virus.

Cohen tells OpenMind that it was on November 3 when a conversation with his supervisor, Leonard Adleman, led to the idea of ​​giving the name of virus to that code capable of infecting a network of connected computers. The Cohen virus was simple: “The code for reproduction was perhaps a few lines and took a few minutes to write,” says the author. “The instrumentation and controls took almost a day.”

Cohen published his creation in 1984, in an article that began: “This paper defines a major computer security problem called a virus.” But though the extensive research of Cohen and Adleman in the specialized literature would draw attention to their existence, the truth is that before that first virus defined as such appeared, there had already been earlier cases.

Interactive timeline: A malware history

[+] Full screen

Catch me if you can

In 1971, Robert Thomas, from the company BBN, created Creeper, a program that moved between computers connected to ARPANET and that displayed the message “I’m the creeper: catch me if you can.” According to David Harley, IT security consultant and researcher for the ESET company, “in the research community, we usually consider the experimental program Creeper to be the first virus and/or worm.”

Moreover, a year before Cohen’s seminar, 15-year-old Rich Skrenta developed Elk Cloner, the first computer virus—not named that yet—that spread outside a laboratory. Skrenta created it as a joke for his friends, whose Apple II computers became infected by inserting a diskette with a game that hid the virus.

So, Cohen was not really the first one. But according what computer security expert Robert Slade explains to OpenMind, the special thing in Cohen’s case was not so much his programming as his method. “He was doing the original academic research on the concept; his structure of antiviral software is still comprehensive despite all the developments since.” Cohen also introduced an informal definition of virus: “a program that can infect other programs by modifying them to include a, possibly evolved, version of itself.”

Those first viruses were technological demonstrations. The motivation of their creators was research and their codes were not malicious. Cohen points out that the objective of his program was “to measure spread time, not to attack.” In the case of Creeper, it was about designing a mobile application that could move to the machine where the data resided, instead of going the other way. As the professor of Computer Science at the University of Calgary (Canada) John Aycock points out to OpenMind, computer viruses were born as “a natural product of human curiosity.” And as such, “their invention was inevitable.”

The first malicious codes

It was also inevitable that the first malicious codes would soon emerge. In 1986, Brain appeared, a virus created by two Pakistani brothers whose purpose was to punish the users of IBM computers who installed a pirated copy of software developed by them. However, the effects of Brain were slight and the virus included the contact information of its authors so that those affected could contact them and request a cure. Spread by means of diskettes, Brain reached international diffusion, giving rise to the birth of the first antivirus companies.


 En 1986 aparecía Brain, un virus creado por dos hermanos paquistaníes para castigar a los usuarios que instalaban una copia pirateada de un software. Crédito: Christiaan Colen

In 1986, Brain appeared, a virus created by two Pakistani brothers whose purpose was to punish the users who installed a pirated copy of software. Credit: Christiaan Colen

At the end of the 1980s, codes began to proliferate that erased data or disabled systems. In 1988, the worm created by Robert Morris infected many of the computers connected to the then nascent Internet, especially in research institutions, causing a drop in email services. Its effects were more damaging than anticipated by Morris himself, who became the first person to be prosecuted in the US under the Computer Fraud and Abuse Act of 1986.

In this way, so-called malware began to diversify into different families: worms are programs that move from one computer to another without hiding in another application, while Trojans are harmful programs with an innocent appearance. In 1995, WM/Concept appeared, which infected Word documents. “It opened the door for a plague of document-borne malware that dominated the threat landscape for several years after,” says Harley. The expert lists other typologies that have emerged over time, such as bots that manipulate other people’s systems to launch spam campaigns, send malware or denial of service attacks; or ransomware, codes that hijack a system and force the payment of a ransom, such as the recent case of WannaCry, which in May 2017 infected hundreds of thousands of computers in more than 150 countries.

Los medios actuales, como las redes sociales, facilitan la expansión del malware. Crédito: Colin

The current media, such as social networks, facilitate the expansion of malware. Credit: Colin

To this threat landscape we must add the current media, such as social networks, which facilitate the expansion of malware. As explained to OpenMind by Jussi Parikka, expert in technological culture at the Winchester School of Art of the University of Southampton (United Kingdom) and author of Digital Contagions: A Media Archeology of Computer Viruses (2nd ed., Peter Lang Publishing, 2016), “the online platforms for communication and interaction are themselves part of the problem due to their various security issues.”

But despite the many headaches caused by the malware, experts point out that these developments can benefit other technologies. Cohen argues that “benevolent” viruses can, for example, be useful in maintaining and updating systems. “I think artificial life (reproducing programs) still have enormous potential, largely unrealized as of today,” he reflects. “History will tell, but I still hold hope that viral computation will be a benefit to humanity in the future.”

Javier Yanes