One reason why file viruses were less common than boot sector viruses is that users didn’t often exchange programs, particularly in a business environment. They did exchange floppy disks, but typically to transfer data. That said, there were also file viruses found in the field during these early days. The most successful and fast-spreading of them were designed to go memory resident: these so-called indirect-action file viruses could monitor activity on the system and infect any file the user chose to run. By contrast, direct-action file viruses simply infected a file (or files) when the infected program was run and would then hibernate until the next time an infected file was run: such viruses were much less effective at spreading. One other factor that helped file viruses to spread was the mass distribution of infected media: on a number of occasions this happened through the distribution of infected disks on magazine covers.
The virus landscape of the 1980s
While the overall number of file viruses grew steadily from the late 1980s, the scene was dominated by a small number of very successful viruses. Jerusalem, for example, spread across many enterprises, academic institutions and government agencies and on 13 May 1988 (which became known as ‘Black Friday’) it caused the first major virus epidemic. The Vienna virus spawned numerous variants following the publication of its source code. And Cascade, notable for being the first encrypted virus, continued to be common well into the 1990s.
As time went on, some virus authors tried to get the best of both worlds by developing viruses that were combination boot sector viruses and file viruses. Tequila, Junkie and Natas were all successful examples of what became known as multipartite viruses.
At this time, it was almost completely a virus problem. There had already been some worms, most notably the Morris worm in November 1988: this successfully infected about 6,000 or so vulnerable systems (around 10% of all computers connected to the Internet in 1988). However, at this time, the Internet was used almost exclusively by government and academic institutions. The Internet worm’s time had not yet come.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.