Elk Cloner

Elk Cloner
Elk Cloner
Type	Apple II
Subtype	Boot sector virus
Classification	Computer virus
Origin	Mt. Lebanon, Pennsylvania, U.S.
Authors	Rich Skrenta

Last updated December 16, 2024

Elk Cloner is one of the first known microcomputer viruses that spread "in the wild", i.e., outside the computer system or laboratory in which it was written.^[1]^[2]^[3]^[4] It attached itself to the Apple II operating system and spread by floppy disk. It was written around 1982 by programmer and entrepreneur Rich Skrenta as a 15-year-old high school student, originally as a joke, and put onto a game disk.

Infection and symptoms

Elk Cloner spread by infecting the Apple DOS 3.3 operating system using a technique now known as a boot sector virus. It was attached to a program being shared on a disk (usually a game). At set numbers of times the disk's program had been run (all multiples of 5), it would cause various strange behaviors of the Apple II, many requiring a reboot to correct. Most noticeably, every 50th time the program was run, instead of executing normally, it would change to a blank screen that displayed a poem about the virus. If a computer booted from an infected floppy disk, a copy of the virus was placed in the computer's memory. When an uninfected disk was inserted into the computer, a modified version of DOS including Elk Cloner would be copied to the disk, allowing it to spread from disk to disk. To prevent the DOS from being continually rewritten each time the disk was accessed, Elk Cloner also wrote a signature byte to the disk's directory, indicating that it had already been infected.^[5]

The poem that Elk Cloner would display was as follows:

ELK CLONER:    THE PROGRAM WITH A PERSONALITY   IT WILL GET ON ALL YOUR DISKS IT WILL INFILTRATE YOUR CHIPS YES IT'S CLONER!   IT WILL STICK TO YOU LIKE GLUE IT WILL MODIFY RAM TOO SEND IN THE CLONER!

Elk Cloner did not cause deliberate harm, but Apple DOS disks without a standard image had their reserved tracks overwritten.^[6]

Development

Elk Cloner was created by Skrenta as a prank in 1982. Skrenta already had a reputation for pranks among his friends. In sharing computer games and software, he would often alter the floppy disks to shut down or display taunting on-screen messages. Due to this reputation, many of his friends simply stopped accepting floppy disks from him. Skrenta thought of methods to alter floppy disks without physically touching or harming them. During a winter break from Mt. Lebanon High School in Mt. Lebanon, Pennsylvania, Skrenta discovered how to launch the messages automatically on his Apple II computer. He developed what is now known as a boot sector virus, and began circulating it in early 1982 among high school friends and a local computer club. Twenty-five years later, in 2007, Skrenta called it "some dumb little practical joke."^[7]^[8]^[9]

Distribution

According to contemporary reports, the virus was quite contagious, successfully infecting the floppies of most people Skrenta knew, and upsetting many of them. Skrenta's high school math teacher, on encountering the program on his computer, accused Skrenta of breaking into his office.^[5]^[10]

Part of the "success" was that people were not at all wary of the potential problem, nor were virus scanners or cleaners available. The virus could be removed using Apple's MASTER CREATE utility or other utilities to rewrite a fresh copy of DOS to the infected disk. Furthermore, once Elk Cloner was removed, the previously infected disk would not be reinfected since it already contained the Elk Cloner "signature" in its directory. It was also possible to "inoculate" uninfected disks against Elk Cloner by writing the "signature" to the disk; the virus would then think the disk was already infected and refrain from writing itself.

Related Research Articles

Apple II is a series of microcomputers manufactured by Apple Computer, Inc. from 1977 to 1993. The first Apple II model, that gave the series its name, was designed by Steve Wozniak, and was first sold on June 10, 1977. Its success led to it being followed by the Apple II Plus, Apple IIe, Apple IIc, and Apple IIc Plus, with the 1983 IIe being the most popular. The name is trademarked with square brackets as Apple ][, then, beginning with the IIe, as Apple //.

The Aster CT-80 is a 1982 personal computer developed by the small Dutch company MCP, was sold in its first incarnation as a kit for hobbyists. Later it was sold ready to use. It consisted of several Eurocard PCB's with DIN 41612 connectors, and a backplane all based on a 19-inch rack configuration. It was the first commercially available Dutch personal/home computer. The Aster computer could use the software written for the popular Tandy TRS-80 computer while fixing many of the problems of that computer, but it could also run CP/M software, with a large amount of free memory Transient Program Area, (TPA) and a full 80×25 display, and it could be used as a Videotext terminal. Although the Aster was a clone of the TRS-80 Model I it was in fact more compatible with the TRS-80 Model III and ran all the software of these systems including games. It also had a built-in speaker which was compatible with such games software.

In computing, BIOS is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the booting process. The firmware comes pre-installed on the computer's motherboard.

The TRS-80 Micro Computer System is a desktop microcomputer developed by American company Tandy Corporation and was sold through their Radio Shack stores. Launched in 1977, it is one of the earliest mass-produced and mass-marketed retail home computers. The name is an abbreviation of Tandy Radio Shack, Z80 [microprocessor], referring to its Zilog Z80 8-bit microprocessor.

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

<span class="mw-page-title-main">Brain (computer virus)</span> 1986 IBM PC boot sector computer virus

Brain is the industry standard name for a computer virus that was released in its first form on 19 January 1986, and is considered to be the first computer virus for the IBM Personal Computer and compatibles.

A boot sector is the sector of a persistent data storage device which contains machine code to be loaded into random-access memory (RAM) and then executed by a computer system's built-in firmware.

ProDOS is the name of two similar operating systems for the Apple II of personal computer. The original ProDOS, renamed ProDOS 8 in version 1.2, is the last official operating system usable by all 8-bit Apple II computers, and was distributed from 1983 to 1993. The other, ProDOS 16, was a stop-gap solution for the 16-bit Apple IIGS that was replaced by GS/OS within two years.

Apple DOS is the disk operating system for the Apple II computers from late 1978 through early 1983. It was superseded by ProDOS in 1983. Apple DOS has three major releases: DOS 3.1, DOS 3.2, and DOS 3.3; each one of these three releases was followed by a second, minor "bug-fix" release, but only in the case of Apple DOS 3.2 did that minor release receive its own version number, Apple DOS 3.2.1. The best-known and most-used version is Apple DOS 3.3 in the 1980 and 1983 releases. Prior to the release of Apple DOS 3.1, Apple users had to rely on audio cassette tapes for data storage and retrieval.

<span class="mw-page-title-main">Rich Skrenta</span> American computer programmer (born 1967)

Richard J. Skrenta Jr. is an American computer programmer and Silicon Valley entrepreneur who created the web search engine blekko.

A boot disk is a removable digital data storage medium from which a computer can load and run (boot) an operating system or utility program. The computer must have a built-in program which will load and execute a program from a boot disk meeting certain standards.

The Michelangelo virus is a computer virus first discovered on 3 February 1991 in Australia. The virus was designed to infect DOS systems, but did not engage the operating system or make any OS calls. Michelangelo, like all boot sector viruses, operated at the BIOS level. Each year, the virus remained dormant until March 6, the birthday of Renaissance artist Michelangelo. There is no reference to the artist in the virus, and it is doubtful that the virus's developer(s) intended a connection between the virus and the artist. The name was chosen by researchers who noticed the coincidence of the activation date. The actual significance of the date to the author is unknown. Michelangelo is a variant of the already endemic Stoned virus.

The Hare Virus was a destructive computer virus which infected DOS and Windows 95 machines in August 1996. It was also known as Hare.7610, Krsna and HD Euthanasia.

Jerusalem is a logic bomb DOS virus first detected at Hebrew University of Jerusalem, in October 1987. On infection, the Jerusalem virus becomes memory resident, and then infects every executable file run, except for COMMAND.COM. COM files grow by 1,813 bytes when infected by Jerusalem and are not re-infected. Executable files grow by 1,808 to 1,823 bytes each time they are infected, and are then re-infected each time the files are loaded until they are too large to load into memory. Some .EXE files are infected but do not grow because several overlays follow the genuine .EXE file in the same file. Sometimes .EXE files are incorrectly infected, causing the program to fail to run as soon as it is executed.

<span class="mw-page-title-main">Stoned (computer virus)</span> Computer virus

Stoned is a boot sector computer virus created in 1987. It is one of the first viruses and is thought to have been written by a student in Wellington, New Zealand. By 1989 it had spread widely in New Zealand and Australia, and variants became very common worldwide in the early 1990s.

The Ping-Pong virus is a boot sector virus discovered on March 1, 1988, at the Politecnico di Torino in Italy. It was likely the most common and best known boot sector virus until outnumbered by the Stoned virus.

Corvus Systems was a computer technology company that offered, at various points in its history, computer hardware, software, and complete PC systems.

A self-booting disk is a floppy disk for home computers or personal computers that loads—or boots—directly into a standalone application when the system is turned on, bypassing the operating system. This was common, even standard, on some computers in the late 1970s to early 1990s. Video games were the type of application most commonly distributed using this technique.

<span class="mw-page-title-main">Computer virus</span> Computer program that modifies other programs to replicate itself and spread

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses.

ANTI is a computer virus affecting Apple Macintosh computers running classic Mac OS versions up to System 6. It was the first Macintosh virus not to create additional resources within infected files; instead, it patches existing CODE resources.

References

↑ "Prank starts 25 years of computer security woes". CTV. Associated Press. Archived from the original on 2008-01-07.
↑ "Elk Cloner" . Retrieved 2010-12-10.
↑ "Top 10 Computer Viruses: No. 10 - Elk Cloner" . Retrieved 2010-12-10.
↑ "List of Computer Viruses Developed in 1980s" . Retrieved 2010-12-10.
1 2 Levy, Scott; Crandall, Jedidiah (30 July 2020). "The Program with a Personality: Analysis of Elk Cloner, the First Personal Computer Virus". arXiv: 2007.15759 [cs.CR].
↑ "First virus hatched as a practical joke". The Sydney Morning Herald. 2007-09-03.
↑ The computer virus turns 25 Salon.com Retrieved April 12, 2013.
↑ "Security: News". CNET. Archived from the original on 2012-07-15. Retrieved 2021-03-02.
↑ "Home - Broadcom Community - Discussion Forums, Technical Docs, and Expert Blogs". community.broadcom.com.
↑ "Computer Recreations:A Core War bestiary of viruses, worms and other threats to computer memories" . Retrieved 2015-03-22.

External links

Elk Cloner (circa 1982)

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Prank starts 25 years of computer security woes". CTV. Associated Press. Archived from the original on 2008-01-07.

[2] "Elk Cloner" . Retrieved 2010-12-10.

[3] "Top 10 Computer Viruses: No. 10 - Elk Cloner" . Retrieved 2010-12-10.

[4] "List of Computer Viruses Developed in 1980s" . Retrieved 2010-12-10.

[Crandall-5] 1 2 Levy, Scott; Crandall, Jedidiah (30 July 2020). "The Program with a Personality: Analysis of Elk Cloner, the First Personal Computer Virus". arXiv: 2007.15759 [cs.CR].

[sydney-6] "First virus hatched as a practical joke". The Sydney Morning Herald. 2007-09-03.

[7] The computer virus turns 25 Salon.com Retrieved April 12, 2013.

[8] "Security: News". CNET. Archived from the original on 2012-07-15. Retrieved 2021-03-02.

[9] "Home - Broadcom Community - Discussion Forums, Technical Docs, and Expert Blogs". community.broadcom.com.

[10] "Computer Recreations:A Core War bestiary of viruses, worms and other threats to computer memories" . Retrieved 2015-03-22.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]