The Story Of The World’s First Free-Range Computer Virus

How two Pakistani brothers and one piece of runaway code created the anti-virus industry.

F-Secure's Mikko Hypponen holding a Brain-infected disk

Via: youtube.com

It was early 1987, and security expert Roger Thompson had just seen his first computer virus, in a programming class at a technical college in Brisbane, Australia. "Back in those days, there really weren't any programs you could use to look for these things," recalls Thompson, who now works for anti-virus company AVG. "Somebody just handed me a disk." On the boot sector of the disk, there was a program called Brain.

"I took a look at the computer to see where it had written itself, and it wasn't anywhere on the hard drive. I thought, 'Oh, it's not a virus at all.' So I just moved on and put another disk in. Suddenly the virus was on the second disk. It was seeding every floppy I put in."

Prank programs had been around as long as there were computers to run them on, but truly self-replicating code hadn't been seen outside of university computer labs. The code was hovering in working memory, copying itself onto the boot sector of every disk that entered the machine. The program was non-destructive, but virulent — and because those 5 1/4-inch disks were the only way to move data onto or off of a computer, Brain was able to span half the globe by the time it arrived in Brisbane.

Once Thompson isolated the code, he found an even bigger surprise. The creators' names were written into every copy: Basit & Amjad Alvi of Brain Computer Services, Lahore, Pakistan.

Quetta, where the Brain virus was first installed.

By the end of the year, Brain had spread through America and most of Europe, hopping from disk to disk, computer to computer. To leap across the ocean — to reach Roger Thompson in Brisbane, say — someone had to take an infected floppy onto a plane or ship. This was before the web: It was a lot harder to cross the ocean. And as the virus spread, so did the rumors: Was this some kind of revenge against software pirates? Were the brothers trying to kick off an IT security firm?

The truth is less dramatic. As Amjad describes it to BuzzFeed, he and his brother were just playing around with assembly language: "At the time, there were not multi-tasking OSs or multi-tasking programs, so we found some interesting code that stayed resident in the background of the memory." It was a powerful trick. "For more than a year, we were experimenting, just learning things. It was not planned that we were going to make a virus."

Patient zero was a hospital in the provincial capital of Quetta, 600 miles west of Lahore. In the fall of 1986, the Alvi brothers visited the hospital to install some software they'd developed. On the way, Amjad realized one of his disks was infected with the self-replicating program they'd been experimenting with. He decided to leave it there. "If someone wanted to steal my program, I figured I would know that program was stolen from that specific, isolated medical computer," he says. Having left it on a business computer in rural Pakistan, there was no reason to think the program would spread.

It took two years for Amjad to get his first call. Thanks to the time difference, it came in the middle of the night, from a student reporter at Miami University. She had found his number on a floppy disk.


View Entire List ›

Uncategorized

BuzzFeed - Latest