The first documented computer virus attack was recorded on October 22,1987, at the University of Delaware, in Newark, Delaware. According to a spokesperson for the Academic Computer Center at the university, the virus infected "several hundred disks, rendering 1 percent of them unusable, and destroying at least one student's thesis." Later a news report appeared in The New York Times that claimed, "Buried within the code of the virus . . . was an apparent ransom demand. Computer users were asked to send $2,000 to an address in Pakistan to obtain an immunity program." But that wasn't quite true. Researchers using specialized software were later able to call up the actual operating program of the virus onto a computer screen. Within the mass of instructions that controlled the bug, they found the following message:
WELCOME TO THE DUNGEON (C) 1986 BASIT & AMJAD (PVT) LTD.
BRAIN COMPUTER SERVICES 730 NIZAB BLOCK ALLAMA IQBAL TOWN LAHORE--PAKISTAN PHONE: 430791, 443248, 280530.
BEWARE OF THIS VIRUS . . .
CONTACT US FOR VACCINATION . . .
There was no ransom demand.
Computer researchers now know the virus as Brain, though at the time it didn't have a name, and it was later discovered to have been programmed only to infect the first sector on a diskette. Diskettes are divided into sectors invisible to the naked eye, each holding 512 bytes (or characters) of information, equivalent to about half a page of typewritten material. The first sector on a diskette is known as the boot sector, and its function is something like that of the starter motor on a car: it kicks the machine into operation (hence the expression "booting up," or starting up, a computer). When a computer is switched on, the machine bursts into life and carries out some simple self-diagnostic tests. If no fault is found, the machine checks to see if there is a diskette in the disk drive. The disk drive, acting like a record player with the diskette as its record, begins to rotate if a diskette is in place, and the boot sector of the diskette directs the computer to the three actual start-up programs that make the computer operational.
The Brain virus was designed to hide in the boot sector waiting for the computer to start up from the diskette so that it can load itself into the computer's memory, as if it were a legitimate startup program. But at around 2,750 bytes long, it is much too big to fit entirely within the boot sector, and instead does two things: it places its first 512 bytes in the boot sector and then stores the rest of its code, together with the original boot-sector data, in six other sectors on the diskette. When the computer starts up, the head of the virus jumps into memory, then calls up its tail and the original boot sector.
Brain is one of the most innocent viruses imaginable, though that wasn't known at the time. The University of Delaware spent a full week and considerable manpower cleaning out its computer system and destroying infected diskettes, only to find that the virus's payload is simply the tagging of infected diskettes with the label "Brain." A label is the name a user can give to a diskette, and is of no real importance. Most users don't even bother to label their diskettes, and if a virus suddenly names it for them, thev are unlikely to notice or care.
However, like all viruses, Brain can cause unintended damage. If a diskette is almost full, it is possible for some sectors to be identally overwritten while the virus is attaching its tail, thereby wiping out all the data contained there. Also, copying can render the virus unstable, and could unintentionally overwrite systems areas (the sectors on diskettes that enable their use by Computers), thus rendering them useless.
Paramount to the viability of a computer virus is an effective infection strategy. Brain was viable because it didn't do anything deliberately dangerous or even very obvious, so it wasn't likely to get noticed. Therefore, when it climbed into the computer memory, it could stay there until the computer was switched off targeting any other diskettes that were introduced into the com- puler during that session.
