Brain also contained a special counter, which permitted it to infect a new diskette only after the computer operator had accessed it thirty-one times. Thereafter, it infected at every fourth use. Yet another, particularly ingenious, feature was its ability to evade detection. Normally the boot sector, where the virus hides, can be read by special programs known as disk editors. But if someone tried to read the boot sector to look for it, Brain redirected them to the place where the original boot sector had been stored, so that everything looked normal. This feature, which now takes other forms, has become known as stealth, after the Stealth bomber that was designed to evade radar detection.
It wasn't difficult to trace the writers of Brain, since they had conveniently included their names, telephone numbers, and address on their virus. The programmers were nineteen-year-old Basit Farooq Alvi and his twenty-six-year-old brother, Amjad Farooq Alvi. Together they run a computer store in Lahore, Pakistan, called Brain Computer Services. They wrote the virus in 1986, they said, "for fun," and it was in all probability the first virus ever to be disseminated internationally.
Shortly after writing Brain, Basit had given a copy of the virus to an unidentified friend, and it traveled from Pakistan to North America via an unknown route, finally reaching the University of Delaware. Like Joe Dellinger at A&M, who was surprised at how quickly his self-replicating programs had traveled, Basit and Amjad Alvi were startled that their little virus had emigrated all the way to America in less than a year.
The second documented virus attack occurred only a month later, in November 1987, on computers at Lehigh University in Bethlehem, Pennsylvania. Unlike Brain, the virus at Lehigh was deliberately damaging. It kept a count of the number of files that it infected and, when its counter reached four, it trashed the diskette by overwriting it with "garbage" collected from another part of the computer.
The university's senior computer consultant, Ken van Wyk, realized he had a problem when students began complaining that their diskettes didn't work. At first there was a trickle of bad diskettes, then a flood. Something was zeroing out the diskettes, and Van Wyk guessed that it was probably a virus.
Van Wyk worked for five days to isolate the bug and find a cure. He discovered that, unlike Brain, the Lehigh virus did not infect the boot sector; instead, it hid itself inside one of the three start-up programs that are triggered immediately after the boot had occurred. Like Brain, the virus jumped into memory whenever a computer was started from an infected diskette. Van Wyk also discovered that the antidote was extremely simple: all he needed to do was delete the infected start-up program and replace it with a clean one. The data on the trashed diskettes, however, was irrecoverable. Van Wyk notified colleagues at other colleges that the virus "is not a joke. A large percentage of our disks have been gonged by this virus in the last couple of days."
Later that year the university suffered another attack from a modified version of the same virus. This one trashed a diskette after infecting ten files, as opposed to four. The longer delay made the new version of what was by then known as the Lehigh virus much more insidious in that it infected more diskettes with versions of itself, and therefore propagated more widely, before unleashing its payload. But because the antidote was already known to Van Wyk, the cleanup operation was quick.
The writer of the Lehigh virus was never discovered, though he or she was assumed to be a student at the university. But by one of those concurrences that excite conspiracy theorists, the professor of electrical engineering and computer science at Lehigh when the viruses attacked was Fred Cohen, by then Dr. Cohen, the same student who two years earlier had written the dissertation that had first coined the term computer virus.
Early in 1988 two more viruses were discovered, both of them written for the Macintosh, a personal computer produced by Apple, which had become the successor to its historic Apple II. The first became known as MacMag or, sometimes, Peace, and contained the phrase "universal message of peace" signed by Richard Brandow, the publisher of MacMag Magazine, a Canadian publication for Macintosh users. It also included a small drawing of the world autographed by the author of the virus, Drew Davidson.
