The History of the First Computer Virus on Windows, Mac, and Linux

A Short History of the First Computer Viruses created for Windows, Mac, and Linux operating systems.

The Idea of a Computer Virus

An idea of something is the inception of its existence. The idea of what we know today as a computer virus was first presented by John von Neumann in his research paper called Theory and Organization of Complicated Automata, which was released in 1949. In this paper, he presented the idea that the computer programs can reproduce themselves. This theory became the basis of a game called Core War, which was released in 1984.

The Birth of the Computer Virus

The birth of the term computer Virus took place in the University of California, Berkeley on November 3, 1983. Fred Cohen credited his supervisor Leonard Adleman with coining the term Virus (in context of computers) in his research paper called Experiments with Computer Viruses, which he published in 1984.

In his research paper, Cohen mentions that Adleman thought of the term Virus during a conversation with him in 1983 at the University. A seminar was conducted in the University of California, Berkeley on November 3, 1983 to demonstrate the possibility of a (computer) viral attack, and the extent to which it could cause damage to computer systems. The author of the seminar, Fred Cohen, introduced the concept of a malicious program. The computer virus was completed in 8 hours by Cohen and his team at the seminar, and was ready for demonstration on the same day. It was developed on a VAX 11/750 system running Unix. This virus was first demonstrated at a security seminar on November 10, 1983.

The First Computer Virus – The Creeper

The Creeper was an experimental Potentially Unwanted Program created by Bob Thomas in 1971 at BBN Technologies (Bolt, Beranek and Newman). Some sources claim the date of the discovery of the Creeper to be March 16, 1971. It moved across the Digital Equipment Corporation’s PDP-10 mainframe computers, which were running the TENEX operating system, and used the ARPANET network, a predecessor of the Internet. It printed the following message on all the computers that it accessed:


After the demonstration of the Creeper by Bob Thomas, Ray Tomlinson, who was a co-worker of Bob Thomas, wrote a new version of the Creeper, which replicated itself as it moved across the network instead of just moving.

After creating a new version of the Creeper, Ray Tomlinson created a program called the Reaper specifically to remove the Creeper. It moved across the ARPANET network, detected and removed the self-replicating Creeper program.

Some people claim the Ray Tomlinson’s version of The Creeper program to be the first virus because of its self-replicating nature. And, his The Reaper program is considered the first antivirus because of its function of detecting and removing the unwanted program from computers.

The First Mac/Apple Virus – Elk Cloner

In 1981, the Elk Cloner virus appeared. It was the first Virus “in the wild”. In the wild, here, means a program that infected computers outside of a laboratory, a company, or a closed facility. It infected the Apple II computers, which ran Apple DOS 3.3 OS. Richard Skrenta, as a high school student at the Mt. Lebanon School District, Pennsylvania created it. The program was created for fun, as a practical joke. It was put on a game disk. When the game was started from the disk for the 50th time, it presented a blank screen instead of the game, which displayed the following poem about the Elk Cloner program:

Elk Cloner:

The program with a personality

It will get on all your disks
It will infiltrate your chips
Yes, it's Cloner!

It will stick to you like glue
It will modify RAM too
Send in the Cloner!

Elk Cloner was self-replicating in nature. It was a boot sector virus; an infected floppy disk would store the virus into the computer memory. Whenever an infected disk was inserted into the computer, the virus copied itself to that disk.

According to some sources, the Elk Cloner virus was created on January 30, 1982.

The First Windows/PC Virus – Brain

Brain was the first virus that infected the IBM PC compatible computers. It was first detected in 1986. IBM PC were running the MS-DOS system, which means this was the first virus that infected the Microsoft developed Operating Systems. Brain was the brainchild of two brothers, Basit Farooq Alvi and Amjad Farooq Alvi from Lahore, Pakistan.

Brain was a boot sector virus, and infected the floppy disks. Brain would replace the boot sector of the floppy disk with the infected code, and mark the original boot sector as bad and move it to another sector on the disk. The disk label was changed to ©Brain.

This was the message displayed by the virus in the infected boot sector:

Welcome to the Dungeon (c) 1986 Basit & Amjads (pvt) Ltd VIRUS_SHOE RECORD V9.0 Dedicated to the dynamic memories of millions of viruses who are no longer with us today - Thanks GOODNESS!! BEWARE OF THE er..VIRUS : this program is catching program follows after these messages....$#@%$@!!

The Brain virus was made to track the medical software developed by the bothers earlier. Many pirated copies of that program were being distributed; this virus was supposed to track the pirated copies of the software, and thus stop the piracy. The virus displayed the following message, which told the users that their computer was infected, and in order to get it vaccinated they needed to contact these people. This was the message:

Welcome to the Dungeon © 1986 Basit & Amjads (pvt). BRAIN COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. Beware of this VIRUS.... Contact us for vaccination...

Brain was also the first Stealth virus, it would stay hidden in the disk, and infect all of the computers it was inserted into.

According to some sources, the Brain virus i.e., the first PC virus was created on January 19, 1986.

The First GNU/Linux Virus – Staog

In 1996, the first Linux virus called Staog was discovered. It was the first virus written for a GNU/Linux Operating System. Staog was written in the assembly language by a group known as VLAD.

Staog would reside in the memory upon its execution. Whenever a new file was executed, it would infect it. Stoag used three vulnerabilities to gain access as root.

The Staog Virus was first detected on October 20, 1996.

This was a little history of the first malware created for Windows/PC, Mac/Apple, and GNU/Linux operating systems.

Leave a comment