Throwback Attack: Pakistani brothers create the Brain virus to outthink software pirates

Courtesy of Brett Sayles

The threat landscape has gotten exponentially more complex in recent years. Ransomware is on the rise, as-a-service products are making attacks easier than ever, and new malware is now cross-industry and scalable. Add to that digital transformation and more homogenous technology infrastructures, and it can be a toxic mix. But this threat-rich environment didn’t materialize out of thin air. Every worm, trojan and virus has to start somewhere. The virus widely regarded as the first, Creeper, was spawned in 1971, but the first PC, MS-DOS virus jumped its way from computer to computer – via floppy disk, no less – back in 1986. The top movie at the box office was Top Gun and Dionne Warwick was dominating the charts (both proving what’s old is new again) when the Brain virus was unleashed on the world.

What is a computer virus?

Even people who know little about cybersecurity are familiar with the term “computer virus.” The idea of a computer virus — though it was more of a thought experiment at the time — was first postulated in the late 1940s by mathematician John von Newmann. His paper, Theory of Self-Reproducing Automata, speculated that it was possible for a piece of computer code, or some other mechanical organism, to damage machines, copy itself and spread like a biological virus.

The Creeper program, created in 1971, is generally considered the first active computer virus. The program had no malicious intent and was designed to see if a self-replicating program was even possible. Creeper, written in PDP-10 assembly language was, in fact, able to reproduce itself and jump from computer to computer on the relatively new ARPANET. As each system was infected, it would display a message that read, “I’m the Creeper. Catch me if you can.”

From there, different viruses, many designed to do harm, have propagated across the internet. One of the worst, Mydoom, caused $38 billion in damage in 2004, but other viruses from ILOVEYOU to WannaCry to CryptoLocker have inflicted incalculable harm on systems across the globe. And this is just as big of a problem in the industrial space. In 2010, the Stuxnet worm targeted PLC systems in Iran’s nuclear program, proving that a cyberattack could cause significant physical harms to industrial systems.

The Brain virus hits PC platforms

While Creeper could jump from network to network, viruses didn’t become a major problem for years because most computers were unnetworked and operating in isolation. They were, in essence, air-gapped, untouchable from the outside world. Most malware in the early years had to travel via floppy disks, and that’s exactly how the Brain virus moved from network to network.

While many modern pieces of malware target Windows, or PC systems, Brain was the first to go after IBM PC platforms and the first to be able to hide its existence. The malware — though it really had no malicious intent behind it — was designed by two Pakistani brothers, Basit and Amjad Farooq Alvi, to infect the boot sector of a floppy disk. Without the internet to bolster it, the virus spread by the exchange of disks among users. The duo had a business selling medical software, but their programs were frequently being pirated by others. They decided to come up with a method of teaching these thieves a lesson.

Their goal was not to destroy computers, corrupt data or spread chaos around the globe; they were merely looking to gauge how much piracy was actually happening with their program. The payload was a message warning users that they were running stolen software, and very unlike modern malware, the virus’ code listed the brothers’ names, phone numbers and store address. It said they could help disinfect the software.

Brain — also known as the Lahore Flu, Pakistani Flu or Pakistani Brain — “infected Microsoft MS-DOS-based computers and once installed would fill up the floppy, slamming its performance or rendering it useless,” according to an article in CSO.

“Our work was not intended to harm anyone. It was a friendly virus,” read a quote from Amjad Farooq Alvi in the same article. “The sole purpose for it was to track and stop illegal copies of disk. We never intended for personal or financial gain. It was just an experimental approach, and surely of its outcome we were quite uncertain about. When the virus had widespread, people outrageously called us asking us to disinfect the virus. Our attempt to make them understand that the virus is not malicious but a friendly-one was successfully accepted and understood.”

The spread of the Brain virus

The Brain virus was not intended to circle the globe or stoke panic, but that’s exactly what it did. Within months, it had spread practically around the world, and, much to their surprise, the brothers were receiving calls from places as distant as the U.S. Why was the virus able to spread so quickly? The short answer: It was 1986. At that time, there was very little public awareness about how to protect machines against viruses; most people didn’t even know they existed.

The brothers were shocked to learn how far and how fast their virus had traveled, and were amazed to discover that people who had blatantly pirated their software were actually mad at them. As the internet became more commonplace, so did viruses, which now had an easy way to spread between computers. In recent decades, worms and viruses have taken down electrical systems, steel manufacturers, water systems and other industrial targets.

Of course, people with more nefarious purposes copied what Brain had unleashed, creating a swarm of boot sector viruses that stymied computer users for years to come. Today, boot sector viruses like Brain are few and far between. Protections such as strong passwords, antivirus software and firewalls can help protect systems and keep viruses at bay.




Keep your finger on the pulse of top industry news