Einstein’s equation leading towards Manhattan project. Nobel’s dynamite first saving lives of workers, then being yet another killing technique. And how about the one and only Comic Sans font? You do not use it properly people!

Nothing new under the sun. Ideas worth spreading, designed to be on the right side of the history are being purposefully misused. Especially in cyber security.

Check out a brief history of malware pioneers. All having only the best intentions. All being accidental godfathers of one of the most lucrative criminal businesses of the world.



This was the note left by the very first computer virus in history – Creeper – designed as a security test by Bob Thomas from BBN Technologies company in 1971. The objective of the software was to see whether self-replicating program was possible at all. It was.

There was no malicious intent and in the very first version Creeper deleted itself while moving to another host. The second version, enhanced by Ray Tomlison, provided actual replication method. Ladies & Gentlemen, welcome to the whole new world!


Later the same decade John Walker decided to make his life just a bit easier. Back then a text game called ‘Animal’ was very popular. Basically, the game was supposed to guess which animal you have in mind by asking several questions. John had come up with an enhanced version of the game which apparently became of high demand. In 1975 sharing files was somehow… time consuming.

The game was an immediate hit, and many other Univac users asked me to send them copies of the program. This, of course was before the days of worldwide data networks, so this involved writing magnetic tapes and mailing them to each requestor. What a drag.

John Walker – letter to Scientific American Magazine

As a result, Walker created a program called PREVADE. The very first Trojan virus in the history of computation.

When user launched the Animal game, PREVADE examined available directories and then made a copy of Animal wherever it was not already present. The game, along with its hidden Trojan software, was soon to be found on every single computer of a quite large engineering company. Pretty successful, right?


The stereotype of youngsters creating computer viruses for fun had been prevalent for a pretty long time. The story of Elk Cloner could be the origin of this stereotype. All happened in 1982 and is considered to be the very first case of computer virus released in the wild. Which basically means being out of control of a creator.

Richard Skrenta at the time was a 15-year-old who very much enjoyed computer games. Furthermore Richard was fond of making regular digital jokes to his friends. He even earned himself a reputation, which prevented most of his colleagues from accepting anything digital from Richard. In a hindsight, they were probably right.

Nevertheless, Skrenta started circulating Elk Cloner virus among his friends and local computer club in early 1982. He developed what is now known as a boot sector virus. When it boots, or starts up, an infected disk places a copy of the virus in a computer’s memory. Whenever someone inserts a clean disk into a machine and types the command ‘catalog’ for a list of files, a copy gets written onto that disk.

Witty and nifty. Still relatively harmless, though. The most severe consequence was this message, displayed every 50th time someone booted an infected floppy:


The Elk Cloner was written for the Apple II operating system. The rumor says it was seen almost a decade later during the Gulf War on one of an anonymous sailor’s machine. The program got out of a controlled environment and lived his own life. For the first time in history.


This case is probably the most famous one. Announced and praised as the very first computer virus for MS-DOS – Brain.A. Circulated by two Pakistani brothers Amjad and Basit Farooq Alvi in 1986. Both brothers claimed several times they did not mean any harm. Their intention was two folded: firstly, to protect their medical software from illegal copying, and secondly, to prove the MS-DOS platform is not safe enough. Especially comparing to – prevalent at the time – Xenix and Unix operating systems.

Brain affected the IBM PC by replacing the boot sector of a floppy disk with a copy of the virus. The virus basically slowed down the performance of the disk by making a part of memory capacity unavailable to DOS. However, it did not have any actual malicious intent. In fact, contact details of the two creators were provided within the code itself.

Welcome to the Dungeon

© 1986 Basit & Amjad (pvt) Ltd
PHONE :430791,443248,280530.
Beware of this VIRUS…
Contact us for vaccination…………  $# @%$@!!

On the 25th anniversary of the virus, Mikko Hyppönen, Chief Security Officer of F-Secure company, made a trip to Pakistan to pay brothers a visit. Check the minidocumentary out, it’s called Brain: Searching for the first PC virus in Pakistan.


What came out of hands of Robert Tappan Morris in 1988 was groundbreaking for several reasons. Primarily, because it was the very first piece of malware distributed through a network. First in history propagation through internet. Then, it was the very first internet crash widely noticed by media. Finally, Robert Morris became the very first person indicted and sentenced for an adverse activity in the virtual world. All the mess created by something later called The Morris Worm.

Robert Morris stated his intention was to ‘gauge the internet’. To check out how many machines are being interconnected. At the time there were 60 000 of them. Calculations vary indicating that between 10 to 30% were eventually infected by the Morris Worm. The idea was simple: the worm, exploiting two major flaws in TCP and SMTP connections, was moving from one host to another. However, the code itself was surprisingly buggy. The worm went from host to host and back. Infecting particular machines several times.


Internet was at the brink of a total crash. America’s leading universities and government institutions were ARPANET connected at the time. Hence directly affected. Including Pentagon machines. The estimated damages made by the worm are estimated in the range of $100 000 up to $10 000 000.

Robert Tappan Morris was sentenced to 3 years of probation, 400 hours of community service, and a fine of $10 050.


Let’s move almost 20 years forward. It’s 2005 now and we are in one of the offices of the Sony BMG. One of the world’s leading record company which works fiercely on protecting their copyrights. Who would have thought they would follow this path, right? It is an honor to have you on the list, Sony. The creator of the modern rootkit solution.

Their anti-copy-protection piece of code was present on over 22 million CDs, including albums from Ricky Martin and Kylie Minogue. When inserted to a PC, a hidden software was installed. A software which modified the operating system to interfere with CD copying. Without the knowledge of an user whatsoever.

Most people, I think, don’t even know what a rootkit is, so why should they care about it?

Thomas Hesse, President of Sony’s Global Digital Business.

Well, apparently the rootkit was quite buggy. Which means it literally opened the doors wide open for plenty of other malicious programs.

Although there were no explicitly ‘bad intentions’ here, Sony endeavor took rootkits on the whole new level. For the first time in history a rootkit was intentionally distributed through legal channels by one of the world’s biggest entertainment corporations. On purpose and deliberately. All that only to protect artists. Only the best intentions, right?


Security test.

Method of delivering a text game.

Prank joke.


Measuring the size of internet.

Protecting copyrights.

What could possibly go wrong?

Maciej Szulejewski

When creating this article, I used threat descriptions from F-Secure Threat Description, Virus Encyclopedia and Wikipedia. I also used The First Computer Virus of Bob Thomas from, The 30-year-old prank that became the first computer virus from, A Brief History of Computer Viruses & What the Future Holds and Morris Worm Turns 25 from, The Animal Episode from and Sony BMG Rootkit Scandal: 10 Years Later from