Forget Sergeant Pepper and his Lonely Hearts Club Band, who taught the band to play a mere 20 years in the past right this moment.
December 2022 sees the thirty fifth anniversary of the primary main self-spreading laptop virus – the notorious CHRISTMA EXEC worm that quickly crushed the foremost mainframe networks of the day…
… not by any intentionally coded side-effects reminiscent of file scrambling or knowledge deletion, however just by leeching an excessive amount of community bandwidth for its personal unauthorised goal.
As a decoy to disguise the truth that it learn within the Eighties IBM equivalents of your e mail handle ebook (NAMES) and your known-hosts file (NETLOG) with a purpose to discover as many new recipients of the malware as potential to ship itself to, the malware displayed this:
*
*
***
*****
*******
*********
************* A
*******
*********** VERY
***************
******************* HAPPY
***********
*************** CHRISTMAS
*******************
*********************** AND MY
***************
******************* BEST WISHES
***********************
*************************** FOR THE NEXT
******
****** YEAR
******
If you’re questioning why the virus is broadly often called CHRISTMA EXEC, slightly than by the total phrase CHRISTMAS…
…that’s as a result of filenames had been restricted to eight characters, which could possibly be adopted by an area and what we might right this moment name an “extension” of EXEC with a purpose to flip them into scripts that could possibly be run instantly by the consumer – executed, in technical jargon.
The virus itself was written in IBM’s highly effective text-based scripting language REXX (the resoundingly named Restructured Extended Executor), so a non-programmer wanting on the message would most likely recognise it as “program code”, and subsequently are likely to ignore it as unimportant and irrelevant, for all that it’d look attention-grabbing.
Except that the creator of the virus discovered a cheerful strategy to embed an tutorial lure proper into the code itself, which begins with a comment (as within the C language, textual content between /* and */ in REXX applications is handled as a remark and ignored when the file will get used)…
/*********************/ /* LET THIS EXEC */ /* */ /* RUN */ /* */ /* AND */ /* */ /* ENJOY */ /* */ /* YOURSELF! */ /*********************/
…after which gives the next cheery recommendation to non-techies:
/* searching this file is not any enjoyable in any respect
simply kind CHRISTMAS from cms */
CMS is brief for Conversational Monitor System, a command immediate surroundings on prime of IBM’s venerable VM/370 working system and its many variants, which provided particular person customers a real-time digital machine that behaved like a pc all of their very own, with its personal disk house for storing private recordsdata and applications.
Handily, the consumer didn’t need to be taught to depart the ultimate -S off the phrase CHRISTMAS, as a result of CMS would routinely ignore any additional characters and hunt for CHRISTMA EXEC, which was the very script program that the consumer had simply acquired with out anticipating it or asking for it.
As said above, the code did certainly show the Christmas Tree ASCII artwork – or, extra exactly, EBCDIC artwork, provided that IBM famously had its personal character encoding system often called Extended Binary Coded Decimal Interchange Code (pronounced ebb-si-dick).
But it additionally trawled by way of your NAMES and NETLOG recordsdata, which listed different customers and computer systems you often contacted, and copied itself to all of them, in order that for each consumer who innocently typed CHRISTMAS on the command immediate…
…a sea of copies of the virus (20? 50? 200?) could be distributed, probably worldwide, and if any of these recipients (20? 50? 200?) innocently typed CHRISTMAS on the command immediate…
…a sea of copies of the virus could be distributed, and so forth, and so forth.
Shades of the long run
As we mentioned in this week’s podcast, the place we mentioned this seminal worm:
[This is j]ust like fashionable macro malware that claims to the consumer, “Hey, macros are disabled, but for your ‘extra safety’ you need to turn them back on… why not click the button? It’s much easier that way.”
35 years in the past, malware writers had already discovered that should you ask customers properly to do one thing that’s not in any respect of their curiosity, a few of them, presumably a lot of them, will do it.
We additionally remarked that:
[The Christmas Tree worm] ought to have been a warning shot throughout all our bows, however I believe it was felt to be just a little little bit of a flash within the pan.
Until a yr later – then got here the Internet Worm, which in fact attacked Unix techniques and unfold far and vast.
And by then I believe all of us realised, “Uh-oh, this viruses-and-worms scene could turn out quite troublesome.”
If solely we’d been mistaken, eh?
Featured picture of IBM 3279 terminal because of consumer Shieldforyoureyes through Wikimedia.