NEW YORK – What began as a ninth-grade prank, a way to trick already-suspicious friends who had fallen for his earlier practical jokes, has earned Rich Skrenta notoriety as the first person ever to let loose a personal computer virus.
Although over the next 25 years, Skrenta started the online news business Topix, helped launch a collaborative Web directory now owned by Time Warner’s Netscape and wrote countless other computer programs, he is remembered most for unleashing “Elk Cloner” on the world.
“It was some dumb little practical joke,” said Skrenta, now 40. “I guess if you had to pick between being known for this and not being known for anything, I’d rather be known for this. But it’s an odd placeholder for (all that) I’ve done.”
Elk Cloner – self-replicating like all other viruses – bears little resemblance to today’s malicious programs. Yet in retrospect, it was a harbinger of all the security headaches that would only grow as more people got computers and connected them with one another over the Internet.
At the time, Skrenta’s friends were already distrustful of him because, in swapping computer games and other software as part of piracy circles common at the time, Skrenta often altered the floppy disks he gave out to launch taunting on-screen messages. Many friends simply started refusing disks from him.
During a winter break from Mt. Lebanon Senior High School near Pittsburgh, Skrenta hacked away on his Apple II computer and figured out how to get the code to launch messages onto disks automatically.
He developed what is now known as a “boot sector” virus. When it boots, or starts up, an infected disk places a copy of the virus in the computer’s memory. Whenever someone inserts a clean disk into the machine and types the command “catalog” for a list of files, a copy gets written onto that disk as well. The newly infected disk is passed on to other people, other machines and other locations.
Skrenta started circulating the virus in early 1982 among friends at school and a local computer club. The prank, though annoying to victims, is relatively harmless compared with viruses today. Every 50th time someone booted an infected disk, a poem Skrenta wrote would appear, saying in part, “It will get on all your disks; it will infiltrate your chips.”
The first virus to hit computers running Microsoft’s operating system came in 1986, when two brothers in Pakistan wrote a boot sector program now dubbed Brain – purportedly to punish people who spread pirated software. Although the virus didn’t cause serious damage, it displayed the phone number of the brothers’ computer shop for repairs.
With the growth of the Internet came a new way to spread viruses: e-mail.
Melissa (1999), Love Bug (2000) and SoBig (2003) were among a slew of fast-moving threats that snarled millions of computers worldwide by tricking people into clicking on e-mail attachments, which launched a program that automatically sent copies of the virus to other victims.
Although some of the early viruses overwhelmed networks, later ones corrupted documents or had other destructive properties.
Compared with the early threats, “the underlying technology is very similar (but) the things viruses can do once they get hold of the computer has changed dramatically,” said Richard Ford, a computer science professor at the Florida Institute of Technology.
Later viruses spread through instant-messaging and file-sharing software, while others circulated faster than ever by exploiting flaws in Windows networking functions.
More recently, viruses have been created to steal personal data such as passwords or to create relay stations for making junk e-mail harder to trace.
Suddenly, though, viruses weren’t spreading as quickly. Virus writers now motivated by profit rather than notoriety are trying to stay low-key so their creations won’t get detected and removed, along with their mechanism for income.
Many of the recent malicious programs technically aren’t even viruses, because they don’t self-replicate, but users can easily get infected by visiting a rogue Web site that takes advantage of any number of security vulnerabilities in computer software.
Symantec formed the same year Skrenta unleashed Elk Cloner, but it dabbled in non-security software before releasing an anti-virus product for Apple’s Macintosh in 1989. Today, security-related hardware, software and services represent a $38 billion industry worldwide, a figure IDC projects will reach $67 billion in 2010.
