The physics teaching lab had a large number of BBC Micro computers, these were the precursor to the ARM RiscOS ones made by Acorn, and physics departments loved them because (a) they were full of ports that could be attached to experiments for data-gathering, and (b) they were easy to use and had a (for the time) fairly high-res screen for displaying results.
One of those ports was the "econet" port, which linked all the computers together to a fileserver with (gasp) a hard disk on it, giving a primitive (by today's standards) networking ability.
So we were all given YR1.<letter><letter> usernames, and the letters more or less corresponded with our initials. I figured out that they'd actually just made all combinations of YR1.AA to YR1.ZZ, so I logged into a spare one for deniability using the supplied default password (it was a different age...), bought a copy of the "Advanced User Guide" and the "Econet user guide" and history was about to be made...
Myself and a couple of friends decided we'd write a networked virus - viruses weren't very common in those days, they mainly came on floppy disks for Amigas or Atari ST's and did something nasty to your computer. Networked computers were rare outside of government or big business, so the opportunity was there, and we took it :)
I probably ought to say that the virus didn't do anything destructive, it just appended "Copyright (c) The Virus, 1988" to the end of any directory listing (get a directory listing was one of the vectors).
[technical aside]
The BBC micro had two different "interrupt" type mechanisms ("events" and "interrupts"), and the OS was highly vectored (so on an interrupt or event, the 6502 would jump to the location provided by a table of 2-byte entries in RAM, with the event/interrupt being the index into that table).
Everything was vectored, "get a character", "write a byte to a device", "perform an OS call", ... And all the devices (floppy disk, network, ...) were implemented in a similar manner. It was a hackers dream of a computer, really.
[/aside]
What we also did was enable the virus from any event (key-press mainly) or interrupt (VBI, NMI,...), and the events enabled the interrupts, and the interrupts enabled the events. We also made it re-enable itself specifically when you typed "*." (which made the "get a directory listing on the current device" OS call) - this was sneaky, we thought, because if you'd somehow managed to disable the other code, you'd do a "*." to see if the virus was still there...
The virus wrote itself as !Boot in the root directory of the current media (and of course hid that entry from view, so you couldn't see it) which meant the next time you used that account, it would be activated on that machine.
Come April Fools day, we decided we were ready. We put the virus on one machine in the lab, one of the 10 machines that were in the "damn I need to get my lab-report written up" section that wasn't actually in the lab itself, but was still networked to your account.
We were sitting in the same section updating our own lab work, and heard the "WTF!" Students gathered round, the affected person logged out, went to a different machine (thinking there was a problem with the machine) and logged in there, infecting that second machine with the virus. Someone else logged into the first machine, and they were infected too... Since the !Boot file was on the account on the network server, turning the machine off/on and then logging in re-infected the machine...
It spread like wildfire.
We had built in a vulcan-death-grip-style "disable the virus" key combination, so we wouldn't be affected, and thought ourselves very clever. The idea was not to be affected, but soon after release it was necessary to ignore that because 3 accounts unaccountably (sorry!) uninfected would have stood out like a sore thumb.
A couple of days later, an all-students meeting was called. "Authority" was taking this very seriously, they shut down the network, turned off all the machines, and disinfected the network server by hand, removing the !Boot file from every account. They said something along the lines of "this was not funny, don't do it again or there'll be serious consequences". Everyone went back, and life went on.
About a week later, the virus again raced through the network, infecting every account in a matter of hours. We hadn't re-released it, and with some horror, realised what had happened - someone had done a "*." on their backup floppy disk, and then brought it back into the lab and booted from it, infecting the machine, and thereafter the network. The thing was too damn infectious for its own good.
If we thought "Authority" had no sense of humour last time, this time the meeting was very short, the message was "when we find who did this, we will expel them". Excrement and Fans were in close proximity. Hitting each other, one might say. We couldn't "own up", it was too late. We had no control over what people did with their floppy disks, and things had escalated way too far. We came up with a plan...
We wrote another virus.
Hear me out. This one was silent, had a time-to-die (when it would delete itself) of about 2 months, and (virtually) "pressed" the key combination that deleted the old virus. We purposefully infected lots of machines with the new virus, waited, and prayed.
Things worked out fine. Everyone got infected with the new virus for a while, which destroyed the old one, without being aware of that fact, "Authority" thought they'd laid down the law and been taken seriously, and we managed to not get expelled.
And breathe
I have never written anything remotely like a virus ever since.
Clikdeo•1h ago
SyntaxErrorist•1h ago