|Common name||Elk Cloner|
|Type||Apple II series|
|Subtype||Boot sector virus|
|Point of isolation||Mt. Lebanon, Pennsylvania, United States|
|Point of origin||Mt. Lebanon, Pennsylvania, United States|
Elk Cloner is one of the first known microcomputer viruses that spread "in the wild", i.e., outside the computer system or laboratory in which it was written. It attached itself to the Apple II operating system and spread by floppy disk. It was written around 1982 by programmer and entrepreneur Rich Skrenta as a 15-year-old high school student, originally as a joke, and put onto a game disk.
Infection and symptoms
Elk Cloner spread by infecting the Apple DOS 3.3 operating system using a technique now known as a boot sector virus. It was attached to a game which was then set to play. The 50th time the game was started, the virus was released, but instead of playing the game, it would change to a blank screen that displayed a poem about the virus. If a computer booted from an infected floppy disk, a copy of the virus was placed in the computer's memory. When an uninfected disk was inserted into the computer, the entire DOS (including Elk Cloner) would be copied to the disk, allowing it to spread from disk to disk. To prevent the DOS from being continually re-written each time the disk was accessed, Elk Cloner also wrote a signature byte to the disk's directory, indicating that it had already been infected.
The poem that Elk Cloner would display was as follows:
ELK CLONER: THE PROGRAM WITH A PERSONALITY IT WILL GET ON ALL YOUR DISKS IT WILL INFILTRATE YOUR CHIPS YES IT'S CLONER! IT WILL STICK TO YOU LIKE GLUE IT WILL MODIFY RAM TOO SEND IN THE CLONER!
Elk Cloner was created by Skrenta as a prank in 1982. Skrenta already had a reputation for pranks among his friends because, in sharing computer games and software, he would often alter the floppy disks to shut down or display taunting on-screen messages. Due to this reputation, many of his friends simply stopped accepting floppy disks from him. Skrenta thought of methods to alter floppy disks without physically touching or harming them. During a winter break from Mt. Lebanon High School in Mt. Lebanon, Pennsylvania, Skrenta discovered how to launch the messages automatically on his Apple II computer. He developed what is now known as a boot sector virus, and began circulating it in early 1982 among high school friends and a local computer club. Twenty-five years later, in 2007, Skrenta called it "some dumb little practical joke."
This section needs additional citations for verification. (January 2017)
According to contemporary reports, the virus was rather contagious, successfully infecting the floppies of most people Skrenta knew, and upsetting many of them.
Part of the "success" was that people were not at all wary of the potential problem, nor were virus scanners or cleaners available. The virus could be removed using Apple's MASTER CREATE utility or other utilities to re-write a fresh copy of DOS to the infected disk. Furthermore, once Elk Cloner was removed, the previously-infected disk would not be re-infected since it already contained the Elk Cloner "signature" in its directory. It was also possible to "inoculate" uninfected disks against Elk Cloner by writing the "signature" to the disk; the virus would then think the disk was already infected and refrain from writing itself.
- "Prank starts 25 years of computer security woes". CTV. Associated Press. Archived from the original on 2008-01-07.
- "Elk Cloner". Retrieved 2010-12-10.
- "Top 10 Computer Viruses: No. 10 - Elk Cloner". Retrieved 2010-12-10.
- "List of Computer Viruses Developed in 1980s". Retrieved 2010-12-10.
- "First virus hatched as a practical joke". The Sydney Morning Herald. 2007-09-03.
- The computer virus turns 25 Salon.com Retrieved April 12, 2013.
- "Security: News". CNET. Archived from the original on 2012-07-15. Retrieved 2021-03-02.
- "Home - Broadcom Community - Discussion Forums, Technical Docs, and Expert Blogs". community.broadcom.com.
- "Computer Recreations:A Core War bestiary of viruses, worms and other threats to computer memories". Retrieved 2015-03-22.