Christmas Tree EXEC
Christmas Tree EXEC was the first widely disruptive computer worm, which paralyzed several international computer networks in December 1987.
Written by a student at the Clausthal University of Technology in the REXX scripting language, it drew a crude Christmas tree as text graphics, then sent itself to each entry in the target's email contacts file. In this way it spread onto the European Academic Research Network (EARN), the BITNET, and IBM's worldwide VNET. On all of these systems it caused massive disruption.
Its core mechanism was essentially the same as the ILOVEYOU worm of 2000 - although running on mainframes rather than PCs, spreading over a different network, and scripted using REXX rather than VBScript.
The name was actually "CHRISTMA EXEC" because the IBM VM systems originally required file names to be formatted as 8+space+8 characters. Additionally, IBM required REXX script files to have a file type of "EXEC". The name is sometimes written as "CHRISTMAS EXEC" (adding a 9th character) to make the name more readable. The user was prompted to: "...just type CHRISTMAS..." - and this in fact launched the "worm".
References
- Burger, Ralf (1988). Computer viruses - a high tech disease. Abacus/Data Becker GmbH. p. 276. ISBN 1-55755-043-3.
- Capek, P.G.; Chess, D.M.; White, S.R.; Fedeli, A. (2003). "Merry Christma: An Early Network Worm". Security & Privacy 1 (5): 26–34. doi:10.1109/MSECP.2003.1236232.
- Martin, Will (March 4, 1988). "Re: BITNET Security". Security Digest (Mailing list). Archived from the original on September 25, 2006. Retrieved October 30, 2008.
- Patterson, Ross (December 21, 1987). "Re: IBM Christmas Virus". RISKS Digest (Mailing list). Retrieved October 30, 2008.
- "Viruses for the "Exotic" Platforms". VX Heaven. Archived from the original on August 6, 2013. Retrieved October 30, 2008.