Elk Cloner

Elk Cloner
Common name	Elk Cloner
Classification	Computer virus
Type	Apple II series
Subtype	Boot sector virus
Isolation	1982
Point of isolation	Mt. Lebanon, Pennsylvania, U.S.
Point of origin	Mt. Lebanon, Pennsylvania, U.S.
Author(s)	Rich Skrenta

Last updated October 28, 2023

Elk Cloner is one of the first known microcomputer viruses that spread "in the wild", i.e., outside the computer system or laboratory in which it was written.^[1]^[2]^[3]^[4] It attached itself to the Apple II operating system and spread by floppy disk. It was written around 1982 by programmer and entrepreneur Rich Skrenta as a 15-year-old high school student, originally as a joke, and put onto a game disk.

Infection and symptoms

Elk Cloner spread by infecting the Apple DOS 3.3 operating system using a technique now known as a boot sector virus. It was attached to a game which was then set to play. The 50th time the game was started, the virus was released, but instead of playing the game, it would change to a blank screen that displayed a poem about the virus. If a computer booted from an infected floppy disk, a copy of the virus was placed in the computer's memory. When an uninfected disk was inserted into the computer, the entire DOS (including Elk Cloner) would be copied to the disk, allowing it to spread from disk to disk.^{[ citation needed ]} To prevent the DOS from being continually rewritten each time the disk was accessed, Elk Cloner also wrote a signature byte to the disk's directory, indicating that it had already been infected.

The poem that Elk Cloner would display was as follows:

ELK CLONER:    THE PROGRAM WITH A PERSONALITY   IT WILL GET ON ALL YOUR DISKS IT WILL INFILTRATE YOUR CHIPS YES IT'S CLONER!   IT WILL STICK TO YOU LIKE GLUE IT WILL MODIFY RAM TOO SEND IN THE CLONER!

Elk Cloner did not cause deliberate harm, but Apple DOS disks without a standard image had their reserved tracks overwritten.^[5]

Development

Elk Cloner was created by Skrenta as a prank in 1982. Skrenta already had a reputation for pranks among his friends because, in sharing computer games and software, he would often alter the floppy disks to shut down or display taunting on-screen messages. Due to this reputation, many of his friends simply stopped accepting floppy disks from him. Skrenta thought of methods to alter floppy disks without physically touching or harming them. During a winter break from Mt. Lebanon High School in Mt. Lebanon, Pennsylvania, Skrenta discovered how to launch the messages automatically on his Apple II computer. He developed what is now known as a boot sector virus, and began circulating it in early 1982 among high school friends and a local computer club. Twenty-five years later, in 2007, Skrenta called it "some dumb little practical joke."^[6]^[7]^[8]

Distribution

According to contemporary reports, the virus was rather contagious, successfully infecting the floppies of most people Skrenta knew, and upsetting many of them.^[9]

Part of the "success" was that people were not at all wary of the potential problem, nor were virus scanners or cleaners available. The virus could be removed using Apple's MASTER CREATE utility or other utilities to rewrite a fresh copy of DOS to the infected disk. Furthermore, once Elk Cloner was removed, the previously infected disk would not be reinfected since it already contained the Elk Cloner "signature" in its directory. It was also possible to "inoculate" uninfected disks against Elk Cloner by writing the "signature" to the disk; the virus would then think the disk was already infected and refrain from writing itself.

Related Research Articles

The Apple II series is a family of home computers, one of the first highly successful mass-produced microcomputer products, designed primarily by Steve Wozniak, manufactured by Apple Computer, and launched in 1977 with the original Apple II.

The Aster CT-80 is a 1982 personal computer developed by the small Dutch company MCP, was sold in its first incarnation as a kit for hobbyists. Later it was sold ready to use. It consisted of several Eurocard PCB's with DIN 41612 connectors, and a backplane all based on a 19-inch rack configuration. It was the first commercially available Dutch personal/home computer. The Aster computer could use the software written for the popular Tandy TRS-80 computer while fixing many of the problems of that computer, but it could also run CP/M software, with a large amount of free memory Transient Program Area, (TPA) and a full 80×25 display, and it could be used as a Videotext terminal. Although the Aster was a clone of the TRS-80 Model I it was in fact more compatible with the TRS-80 Model III and ran all the software of these systems including games. It also had a built-in speaker which was compatible with such games software.

In computing, BIOS is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the booting process. The BIOS firmware comes pre-installed on an IBM PC or IBM PC compatible's system board and exists in some UEFI-based systems to maintain compatibility with operating systems that do not support UEFI native operation. The name originates from the Basic Input/Output System used in the CP/M operating system in 1975. The BIOS originally proprietary to the IBM PC has been reverse engineered by some companies looking to create compatible systems. The interface of that original system serves as a de facto standard.

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

<span class="mw-page-title-main">Brain (computer virus)</span> 1986 IBM PC boot sector computer virus

Brain is the industry standard name for a computer virus that was released in its first form on 19 January 1986, and is considered to be the first computer virus for the IBM Personal Computer and compatibles.

A boot sector is the sector of a persistent data storage device which contains machine code to be loaded into random-access memory (RAM) and then executed by a computer system's built-in firmware.

ProDOS is the name of two similar operating systems for the Apple II series of personal computers. The original ProDOS, renamed ProDOS 8 in version 1.2, is the last official operating system usable by all 8-bit Apple II series computers, and was distributed from 1983 to 1993. The other, ProDOS 16, was a stop-gap solution for the 16-bit Apple IIGS that was replaced by GS/OS within two years.

Apple DOS is the family of disk operating systems for the Apple II series of microcomputers from late 1978 through early 1983. It was superseded by ProDOS in 1983. Apple DOS has three major releases: DOS 3.1, DOS 3.2, and DOS 3.3; each one of these three releases was followed by a second, minor "bug-fix" release, but only in the case of Apple DOS 3.2 did that minor release receive its own version number, Apple DOS 3.2.1. The best-known and most-used version is Apple DOS 3.3 in the 1980 and 1983 releases. Prior to the release of Apple DOS 3.1, Apple users had to rely on audio cassette tapes for data storage and retrieval.

<span class="mw-page-title-main">Rich Skrenta</span> American computer programmer (born 1967)

Richard J. Skrenta Jr. is an American computer programmer and Silicon Valley entrepreneur who created the web search engine blekko.

A boot disk is a removable digital data storage medium from which a computer can load and run (boot) an operating system or utility program. The computer must have a built-in program which will load and execute a program from a boot disk meeting certain standards.

The SCA virus is the first computer virus created for the Amiga and one of the first to gain public notoriety. It appeared in November 1987. The SCA virus is a boot sector virus. It features a line of text that appears at every 15th copy after a warm reboot:

Something wonderful has happened Your AMIGA is alive !!! and, even better...
Some of your disks are infected by a VIRUS !!! Another masterpiece of The Mega-Mighty SCA !!

The Michelangelo virus is a computer virus first discovered on 4 February 1991 in Australia. The virus was designed to infect DOS systems, but did not engage the operating system or make any OS calls. Michelangelo, like all boot sector viruses, operated at the BIOS level. Each year, the virus remained dormant until March 6, the birthday of Renaissance artist Michelangelo. There is no reference to the artist in the virus, and it is doubtful that the virus's developer(s) intended a connection between the virus and the artist. The name was chosen by researchers who noticed the coincidence of the activation date. The actual significance of the date to the author is unknown. Michelangelo is a variant of the already endemic Stoned virus.

The Hare Virus was a destructive computer virus which infected DOS and Windows 95 machines in August 1996. It was also known as Hare.7610, Krsna and HD Euthanasia.

Jerusalem is a logic bomb DOS virus first detected at Hebrew University of Jerusalem, in October 1987. On infection, the Jerusalem virus becomes memory resident, and then infects every executable file run, except for COMMAND.COM. COM files grow by 1,813 bytes when infected by Jerusalem and are not re-infected. Executable files grow by 1,808 to 1,823 bytes each time they are infected, and are then re-infected each time the files are loaded until they are too large to load into memory. Some .EXE files are infected but do not grow because several overlays follow the genuine .EXE file in the same file. Sometimes .EXE files are incorrectly infected, causing the program to fail to run as soon as it is executed.

<span class="mw-page-title-main">Stoned (computer virus)</span> Computer virus

Stoned is a boot sector computer virus created in 1987. It is one of the first viruses and is thought to have been written by a student in Wellington, New Zealand. By 1989 it had spread widely in New Zealand and Australia, and variants became very common worldwide in the early 1990s.

<span class="mw-page-title-main">Ping-Pong virus</span> Boot sector computer virus

The Ping-Pong virus is a boot sector virus discovered on March 1, 1988, at the Politecnico di Torino in Italy. It was likely the most common and best known boot sector virus until outnumbered by the Stoned virus.

Corvus Systems was a computer technology company that offered, at various points in its history, computer hardware, software, and complete PC systems.

<span class="mw-page-title-main">Computer virus</span> Computer program that modifies other programs to replicate itself and spread

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses.

The IBM Personal Computer Basic, commonly shortened to IBM BASIC, is a programming language first released by IBM with the IBM Personal Computer, Model 5150 in 1981. IBM released four different versions of the Microsoft BASIC interpreter, licensed from Microsoft for the PC and PCjr. They are known as Cassette BASIC, Disk BASIC, Advanced BASIC (BASICA), and Cartridge BASIC. Versions of Disk BASIC and Advanced BASIC were included with IBM PC DOS up to PC DOS 4. In addition to the features of an ANSI standard BASIC, the IBM versions offered support for the graphics and sound hardware of the IBM PC line. Source code could be typed in with a full-screen editor, and very limited facilities were provided for rudimentary program debugging. IBM also released a version of the Microsoft BASIC compiler for the PC, concurrently with the release of PC DOS 1.10 in 1982.

ANTI is a computer virus affecting Apple Macintosh computers running classic Mac OS versions up to System 6. It was the first Macintosh virus not to create additional resources within infected files; instead, it patches existing CODE resources.

References

↑ "Prank starts 25 years of computer security woes". CTV. Associated Press. Archived from the original on 2008-01-07.
↑ "Elk Cloner" . Retrieved 2010-12-10.
↑ "Top 10 Computer Viruses: No. 10 - Elk Cloner" . Retrieved 2010-12-10.
↑ "List of Computer Viruses Developed in 1980s" . Retrieved 2010-12-10.
↑ "First virus hatched as a practical joke". The Sydney Morning Herald. 2007-09-03.
↑ The computer virus turns 25 Salon.com Retrieved April 12, 2013.
↑ "Security: News". CNET. Archived from the original on 2012-07-15. Retrieved 2021-03-02.
↑ "Home - Broadcom Community - Discussion Forums, Technical Docs, and Expert Blogs". community.broadcom.com.
↑ "Computer Recreations:A Core War bestiary of viruses, worms and other threats to computer memories" . Retrieved 2015-03-22.

External links

Elk Cloner (circa 1982)

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Prank starts 25 years of computer security woes". CTV. Associated Press. Archived from the original on 2008-01-07.

[2] "Elk Cloner" . Retrieved 2010-12-10.

[3] "Top 10 Computer Viruses: No. 10 - Elk Cloner" . Retrieved 2010-12-10.

[4] "List of Computer Viruses Developed in 1980s" . Retrieved 2010-12-10.

[sydney-5] "First virus hatched as a practical joke". The Sydney Morning Herald. 2007-09-03.

[6] The computer virus turns 25 Salon.com Retrieved April 12, 2013.

[7] "Security: News". CNET. Archived from the original on 2012-07-15. Retrieved 2021-03-02.

[8] "Home - Broadcom Community - Discussion Forums, Technical Docs, and Expert Blogs". community.broadcom.com.

[9] "Computer Recreations:A Core War bestiary of viruses, worms and other threats to computer memories" . Retrieved 2015-03-22.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]