First Computer Virus, Creeper, Was No Bug

The first virus was intentional, written in-house and deployed over a network without malicious intent.

I don't know if anyone is going celebrate this particular birthday, but in 2011, the computer virus turns 40. Although we seem to know the year, the exact date is a little hazy. I first saw a piece about the the virus's birthday on Physorg, but the details were sketchy. So I called up Chris Garcia, a curator at the Computer History Museum in Mountain View, Calif. What I discovered is no secret, but doesn't seem to get much coverage: the first virus was intentional, written in-house and deployed over a network without malicious intent.

According to Garcia, the virus, called Creeper, was written in 1971 by Cambridge, Mass.-based BBN computer programmer Robert (Bob) Thomas. BBN, which stands for Bold, Beranek and Newman (and today is now Raytheon BBN Technologies), built packet switching networks for ARPANET. If you don't already know, ARPANET was the precursor to the Internet. It was a DARPA-sponsored network launched in December, 1969, and populated by universities, government institutions and some technology companies.

Read More: 5 Big Computer Attacks

Thomas was developing a time-sharing system called TENEX, that ran on a mainframe computer manufactured by Digital Equipment Corporation called Digital PDP-10. Programmers back then were no different than programmers today in their desire to test their systems and push them to the limits. Thomas wrote Creeper to do just that. At the time, however, Creeper wasn't called a "virus," since computer viruses didn't exist. Instead, "it was a security test to see if a self-replicating program could be written," said Garcia.

A historical piece from the BBN website attests to this, saying that Creeper was an "experimental self-replicating program, not destined to damage, but to demonstrate a mobile application." But it didn't seem to actually replicate itself. Instead, the program "jumped from one system to another, attempting to remove itself from previous systems as it propagated forward, thus Creeper didn't install multiple instances of itself on several targets, actually it just moseyed around a network."

Once it moseyed into a computer, it would produce this message onscreen at the C prompt: "I'm the Creeper. Catch me if you can!" (Later, the anti-virus program, Reaper, was written to catch Creeper. It did move through the network, replicating itself. Once it found a copy of Creeper, it would log it out.)

Are Computer Viruses Illegal?: The answer is yes, but heightened legal risks aren't stopping cybercriminals from spreading malicious code.

At the end of the BBN article, Ray Tomlinson, who was a member of the team and a colleague of Bob Thomas, confirms that Creeper was not written as malicious code. He says,

"The research effort was intended to develop mechanisms for bringing applications to other machines with intention of moving the application to the most efficient computer for its task. For example, it might be preferable to move the application to the machine having the data (as opposed to bringing the data to the applications). Another use would be to bring the application to a machine that might have spare cycles because it is located in a different timezone where local users are not yet awake. The Creeper application was a demonstration of such a mobile application."

I could drink to that. Salud, Creeper.

Credit: Paul Price/Getty Images