Christmas Tree EXEC

Last updated
Christmas Tree EXEC
Other namesCHRISTMA EXEC, CHRISTMAS EXEC
Original author(s) Unknown Clausthal University of Technology student
Initial releaseDecember 1987
Written in REXX
Platform IBM System/370
Type Computer worm, malware, trojan horse

Christmas Tree EXEC was the first widely disruptive computer worm, which paralyzed several international computer networks in December 1987. [1] The virus ran on the IBM VM/CMS operating system.

Contents

Written by a student at the Clausthal University of Technology in the REXX scripting language, it drew a crude Christmas tree as text graphics, then sent itself to each entry in the target's email contacts file. In this way it spread onto the European Academic Research Network (EARN), BITNET, and IBM's worldwide VNET. On all of these systems it caused massive disruption.

The core mechanism of the ILOVEYOU worm of 2000 was essentially the same as Christmas Tree, although it ran on PCs rather than mainframes, was spread over a different network, and was scripted using VBScript rather than REXX.

Operation

The program displays this message, and then forwards itself to mailbox addresses contained in the user's address file. [2]

                *                 *                ***               *****              *******             *********           *************                A              *******            ***********                VERY          ***************        *******************            HAPPY            ***********          ***************            CHRISTMAS        *******************      ***********************         AND MY          ***************        *******************         BEST WISHES      ***********************    ***************************     FOR THE NEXT              ******              ******                    YEAR              ****** 

Details

The name was actually "CHRISTMA EXEC" because on IBM VM systems of the time, a file was identified by an eight character file name and an eight character file type. The customary file type for a REXX program is "EXEC" and command shells assume that file type by default. In text, the file name and file type were often written together as two words. The name of this worm is sometimes written as the more natural "CHRISTMAS EXEC" by mistake.

The worm would read the user's contact list (the CMS NAMES file), and transmit the worm to every address in it using the SENDFILE program (On these networks, one could send files per se, in addition to email; there was in fact no way to attach a file to an email). Users who received the program could see from the EXEC file type that it was an executable program, and with no history of malicious worms then existing, users would often receive the program and run it just out of curiosity. Some users would read the REXX code first and see comments at the top telling them it is a fun Christmas card for them to run. The text there went so far as to discourage the reader from trying to read the code, saying it would be more fun just to run it and see what it does.

Some versions of the worm had concealed code. The actual executable part of the worm was contained in several overly long lines (more than 80 characters) that were not visible unless the user scrolled the screen to the right. The IBM 3279 color terminal would display the Christmas tree with some blinking colored characters (asterisks) to represent tree lights.

See also

Related Research Articles

<span class="mw-page-title-main">Macro (computer science)</span> Rule for substituting a set input with a set output

In computer programming, a macro is a rule or pattern that specifies how a certain input should be mapped to a replacement output. Applying a macro to an input is known as macro expansion. The input and output may be a sequence of lexical tokens or characters, or a syntax tree. Character macros are supported in software applications to make it easy to invoke common command sequences. Token and tree macros are supported in some programming languages to enable code reuse or to extend the language, sometimes for domain-specific languages.

<span class="mw-page-title-main">Text editor</span> Computer software used to edit plain text documents

A text editor is a type of computer program that edits plain text. Such programs are sometimes known as "notepad" software. Text editors are provided with operating systems and software development packages, and can be used to change files such as configuration files, documentation files and programming language source code.

A filename extension, file name extension or file extension is a suffix to the name of a computer file. The extension indicates a characteristic of the file contents or its intended use. A filename extension is typically delimited from the rest of the filename with a full stop (period), but in some systems it is separated with spaces. Other extension formats include dashes and/or underscores on early versions of Linux and some versions of IBM AIX.

<span class="mw-page-title-main">Conversational Monitor System</span>

The Conversational Monitor System is a simple interactive single-user operating system. CMS was originally developed as part of IBM's CP/CMS operating system, which went into production use in 1967. CMS is part of IBM's VM family, which runs on IBM mainframe computers. VM was first announced in 1972, and is still in use today as z/VM.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

<span class="mw-page-title-main">MUSIC/SP</span> Defunct time-sharing system software

MUSIC/SP was developed at McGill University in the 1970s from an early IBM time-sharing system called RAX.

<span class="mw-page-title-main">VM (operating system)</span> Family of IBM operating systems

VM is a family of IBM virtual machine operating systems used on IBM mainframes System/370, System/390, zSeries, System z and compatible systems, including the Hercules emulator for personal computers.

VNET is an international computer networking system deployed in the mid-1970s and still in current, but highly diminished use. It was developed inside IBM and provided the main email and file-transfer backbone for the company throughout the 1980s and 1990s. Through it, a number of protocols were developed to deliver email amongst time sharing computers over alternative transmission systems.

<span class="mw-page-title-main">CMS Pipelines</span>

CMS Pipelines is a feature of the VM/CMS operating system that allows the user to create and use a pipeline. The programs in a pipeline operate on a sequential stream of records. A program writes records that are read by the next program in the pipeline. Any program can be combined with any other because reading and writing is done through a device independent interface.

<span class="mw-page-title-main">XEDIT</span>

XEDIT is a visual editor for VM/CMS using block mode IBM 3270 terminals.

ILOVEYOU, sometimes referred to as Love Bug or Love Letter for you, was a computer worm that infected over ten million Windows personal computers on and after 5 May 2000. It started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.TXT.vbs." At the time, Windows computers often hid the latter file extension by default because it is an extension for a file type that Windows knows, leading unwitting users to think it was a normal text file. Opening the attachment activates the Visual Basic script. First, the worm inflicts damage on the local machine, overwriting random files, then, it copies itself to all addresses in the Windows Address Book used by Microsoft Outlook, allowing it to spread much faster than any other previous email worm.

<span class="mw-page-title-main">VPS/VM</span>

VPS/VM was an operating system that ran on IBM System/370 – IBM 3090 computers at Boston University in general use from 1977 to around 1990, and in limited use until at least 1993. During the 1980s, VPS/VM was the main operating system of Boston University and often ran up to 250 users at a time when rival VM/CMS computing systems could only run 120 or so users.

CMS EXEC, or EXEC, is an interpreted, command procedure control, computer scripting language used by the CMS EXEC Processor supplied with the IBM Virtual Machine/Conversational Monitor System (VM/CMS) operating system.

EXEC 2 is an interpreted, command procedure control, computer scripting language used by the EXEC 2 Processor originally supplied with the CMS component of the IBM Virtual Machine/System Product (VM/SP) operating system.

BITNET was a co-operative U.S. university computer network founded in 1981 by Ira Fuchs at the City University of New York (CUNY) and Greydon Freeman at Yale University. The first network link was between CUNY and Yale.

<span class="mw-page-title-main">Computer virus</span> Computer program that modifies other programs to replicate itself and spread

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses.

<span class="mw-page-title-main">Scripting language</span> Programming language for run-time events

A scripting language or script language is a programming language that is used to manipulate, customize, and automate the facilities of an existing system. Scripting languages are usually interpreted at runtime rather than compiled.

<span class="mw-page-title-main">Rexx</span> Command/scripting/programming language

Rexx is a programming language that can be interpreted or compiled. It was developed at IBM by Mike Cowlishaw. It is a structured, high-level programming language designed for ease of learning and reading. Proprietary and open source Rexx interpreters exist for a wide range of computing platforms; compilers exist for IBM mainframe computers.

TRICKLE was a file-forwarding service on the BITNET (EARN/NetNorth/GulfNet) network.

Remote Spooling Communications Subsystem or RSCS is a subsystem of IBM's VM/370 operating system which accepts files transmitted to it from local or remote system and users and transmits them to destination local or remote users and systems. RSCS also transmits commands and messages among users and systems.

References

  1. Tom Scott (2015-12-21). "A Christmas Computer Bug, and the Future of Files" (video). YouTube. Archived from the original on 2021-12-21. Retrieved 2017-11-05.
  2. "Viruses for the 'Exotic' Platforms (VX heaven)". c. 2004. Archived from the original on 2013-08-06.

Further reading