Publications

Happy Friday 13th!

Happy Friday 13th!

Friday 13th! If you’re at all superstitious, today is bad news. But for those of us in the antivirus industry, Friday 13th is a special day.

It’s not an officially recognized holiday, and of course we’re not taking the day off: we’re here 24/7/365. But Friday 13th is when we remember when and why the antivirus industry really started…

22 years ago, in October 1987, a new file virus which infected COM and EXE files was identified in Jerusalem. Like similar, earlier programs, it was able to self-replicate, but it also had an additional, malicious payload which triggered on Friday 13th: when an attempt was made to run any program, the program file would be deleted, and DOS would say that the file couldn’t be found. This meant that any file called using the Exec function got deleted.

The virus spread widely (even though neither the Internet or email had really caught on at that stage) on disks which got passed around and BBS.
13th May 1998 was D-day: thousands of messages about the virus started pouring in from around the world, and particularly from the US, Europe, and the Middle East. Jerusalem had become one of the first MS-DOS viruses to cause a pandemic.

The virus had managed to spread unnoticed to thousands of computers: antivirus software wasn’t commonly used, and lots of people simply didn’t believe that computer viruses were real. And it was in the same year that Peter Norton, a guru of the computing world, said that computer viruses were an urban legend, comparing them to the crocodiles which supposedly live in the sewers of New York. (This bold statement didn’t deter Symantec, however, from developing its own antivirus software – Norton Anti-Virus.)

It was a watershed: new companies developing antivirus software started appearing, most of them of the “two men and a dog” variety. The antivirus programs themselves were nothing more than the simplest scanners which used contextual search to detect unique strings of virus code. “Immunizers” were popular too; these modified programs so that malware would think the programs were already infected, and not “re-infect” them.

Jerusalem’s malicious payload went beyond deleting files: dozens of other viruses appeared which also had payloads designed to trigger on Friday 13th. Not surprisingly, those in the computer world started to associate Friday 13th with viruses; some people thought it was safer not to switch a computer on when the fateful date cycled round, and some altered the date on their machines, to the 12th or the 14th. The virus writers picked up on this and started playing the same game, producing “Thursday 12th” and “Saturday 14th” viruses.

As for us – well, today we want to wish everyone in the antivirus industry a happy Friday 13th! Yes, we have our differences – in ideology, philosophy, opinion and market share. But let’s remember what we have in common, and why we’re in this game in the first place. If we can’t do that – then what are we doing here?

Happy Friday 13th!

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox