Get best of the week

The childhood of computer viruses

For nearly half a century, computer viruses have been terrorizing all PC users - from office workers to officials and directors of international companies. Among viruses, there are scary ransomware as well as harmless “sheep” like USBToy, which demonstrates quotes from the Bible when Windows starts. What can we say about advertising, mining and other undesirable software that can be hooked by a cunning distributor to a useful application.

Nevertheless, even computer viruses were once very small, simple and malicious, and their creators pursued slightly different goals. In this article, we will talk about “unwanted” programs for personal computers at the end of the last century - Commodore Amiga, ZX Spectrum and Atari ST. Full-fledged viruses to name their hand does not rise: both methods of distribution were quite primitive, and they “multiplied” very inefficiently. Some of them have completely sunk into oblivion: no names, no names of developers, only memories of the “victims”. Nevertheless, we managed to get some interesting information!



, - , , — , , , . , , , , , , , .

, « IBM PC & ZX-SPECTRUM-», 1997

SCA: Commodore Amiga


As you know, most of the "folk" Amiga computers (models 500 and 500+ in particular) did not have a hard drive. The only ROM was a chip containing part of the computer’s operating system, Kickstart. It was assumed that the second “half” of AmigaOS, Workbench, will be loaded by the user from a floppy disk. And games and some of the most heavyweight software completely bypassed the launch of the operating system and loaded directly from the media. Accordingly, there was nowhere to go out after the game: to start another application, it was necessary to restart the computer with the button on the power supply and insert a new diskette. Thus, the virus could be stored either on a floppy disk or in the RAM of the computer turned on.

In November 1987, the Swiss Cracking Association team, which specialized in removing protection from licensed software, released the world's first virus for Amiga. Malicious code, originally located in the boot sector of the floppy disk, was loaded into RAM and registered its body in the boot sector of all write-protected disks that the user entered into the computer.

The virus appeared in the form of the following inscription on the screen:
Something wonderful has happened
Your AMIGA is alive !!!
and, even better ...
Some of your disks are infected by a VIRUS !!!
Another masterpiece of The Mega-Mighty SCA !!

Demonstration of the work of the virus.

In this case, the "virus text" was not displayed at every boot from the affected floppy disk, but only 1 time in 15 "warm" computer restarts. Thanks to this “incubation period”, the probability of infection of a new device has increased many times.

Despite its seeming harmlessness, the virus could cause real harm to programs whose diskettes had their own bootloaders. By copying itself to a new disk, the virus violated the boot-loader code, as a result of which the program stopped starting.

Removing the virus was quite simple: in the case of disks containing only files, it was necessary to give the “install” command, after which the boot sector was completely overwritten. To “cure” a game or program was already somewhat more difficult: it was necessary to find the exact, but “healthy” disk and copy the contents of its boot sector to the infected one.

Another fact is extremely remarkable: ASC was not just a virus, but a suicide virus: the developers “took care” of their victims and included a deactivation function in the program. To remove the virus from memory, it was necessary to hold the fire 1 button of the device connected to the first port during reboot. That is, either the "fire" on the joystick, or the left mouse button.

To combat the SCA virus, there was also a special program created by a programmer under the nickname Saturnus The Invincible. Below you can see a demonstration of its interface.



And here is a short article from the 1997 DĂ©jĂ  vu magazine. Concerned about the virus threat, the author tells readers about working with popular antivirus programs.

The most inquisitive readers can even familiarize themselves on the SCA website with the source code of the virus and some documents relating to its authors.


Video is not for the faint of heart: Master Virus Killer deals with SCA

ZX Spectrum



The comic image of the virus on the ZX Spectrum

The phrase “virus for the Spectrum” sounds quite funny. If you think about it, the way it is: who could need to write malware for this kid with 16-128 KB of RAM and an armpit tape recorder? However, the craftsmen were.
In fairness, we note: the Spectrum virus software has not received much distribution due to the peculiarities of the computer working with files and the lack of a full-fledged operating system (TR-DOS cannot be considered such).

So, how exactly can you spoil the owner of the Spectrum or its clone? For example, you can spoil a valuable disk. Programs of the DZU class, the so-called "Disk-Locking Utilities," perfectly coped with this task. The invention of this term (and at the same time the first program of its kind), according to some sources, belongs to Stanislav Novikov.

The essence of DZU was as follows: the virus disguised itself as a demo, during which the “side” code corrupted a diskette in the drive: it erased the zero track, deleted files or physically damaged the disk and rendered it inoperable.

It is noteworthy that the negative consequences of the work of some DZUs could be "cured" by an anti-DZU program from the same author. Nevertheless, despite the toxicity of certain individuals, Spectrum programmers in the USSR and the CIS were adequate people, and “virus” software was most often created not to the detriment of users, but as an experiment or as a joke.

You can look at an example of DZU here (demo generator with a cross, cruel to disk). We recommend that you do not use real floppy disks and machines to view the demo if you still have one, but restrict yourself to emulating Unreal Speccy.

Another class of viruses, which was far more harmless, did not perform any destructive actions, but “registered” with the bootloaders on basic found on a diskette, increasing their volume. It is reliably known about two similar viruses: Red October and Berezka. In conditions of constant memory saving, even a slight increase in the volume of programs significantly annoyed spektrumistov.

In conclusion, we give a screenshot quote from the user Evgeny Muchkin from zx-pk.ru. He describes the work of another noteworthy Trojan virus on the Spectrum:



In order not to inflate the article with an excessive amount of information, we will give a couple of interesting links for the most interested:


The first viruses for Atari ST




The very first Signum worm virus, written for Atari ST in 1987, in its "best days" totaled up to 1-1.5 million infected computers. However, in 2020, neither a copy of it for live testing, nor a detailed description of the mechanism of work could be found. It is only known that, like many other viruses, it was loaded into the computer’s RAM and methodically copied to input diskettes without write protection.

Unlike Signum, his later brother, Evilnick, or just Evil, turned out to be a little more tenacious. Now it is impossible to say exactly who was its author, but all the tracks lead to the UK, where he was discovered by someone Jeremy Hughes. The virus is most prevalent in Scandinavia. A remarkable feature of the virus was its disguise method: Evil mimicked under the system disk and went unnoticed even for the popular Ultimate Virus Killer. The incubation period of Evilnick lasted long enough: the virus did not betray itself until infection of 100 diskettes.

After creating the 100th copy of itself, the “payload” included in the virus was launched, the colors on the monitor were inverted. In the text of the virus itself, one could find a message from the developer: “EVIL! “A Gift from Old Nick . ”

To summarize, I would like to note one general tendency that persisted in a fragmented community of the first virus makers. Many of them were inclined to believe that their programs were similar to living things. They are able to multiply, feed on the power of the computer, interact with the user, cheat, hide and die. Dozens of years after writing these viruses, it is difficult to judge the true motives of their creators. Someone wanted to annoy colleagues, someone - witty joke. For some, the fact of writing the virus was akin to intellectual sports.

Technologies do not stand still: protection methods are being improved, operating systems are becoming more complicated, the power of iron is increasing, and the directions of attacks are shifting. As a cloud provider, we’ll make a small remark on this subject.

As you know, about 80% of threats feel great in virtual environments, because such an environment practically does not interfere with the spread of malicious code, the appearance of virus outbreaks and any other attacks. But antivirus software grows wiser after viruses, and sometimes ahead of them by a couple of steps.

Now there are two main ways to ensure security in the cloud using specialized anti-virus software: agentless protection and protection with a light agent. Agentless protection is currently possible only on VMware solutions: two additional deployments are deployed on a physical server with a VM: SVM (dedicated security device) and NAB (network protection server). When implementing protection with a light agent, a light agent is installed on each virtual machine that monitors everything that happens inside its VM.

This naturally leads us to believe that each new virus must be smarter, trickier and more adaptive than the previous one in order to survive. So - perhaps the first authors of the viruses were not mistaken. They managed to release into the world the concept of a "living" organism capable of evolution. It is only a pity that along with the brains these “horror stories” also got their teeth. In childhood, they were so cute ...

More articles:


All Articles