Christmas Tree EXEC

Christmas Tree EXEC was the first widely disruptive computer worm, which paralyzed several international computer networks in December 1987.

Written by a student at the Clausthal University of Technology in the REXX scripting language, it drew a crude Christmas tree as text graphics, then sent itself to each entry in the target's email contacts file. In this way it spread onto the European Academic Research Network (EARN), the BITNET, and IBM's worldwide VNET. On all of these systems it caused massive disruption.

Its core mechanism was essentially the same as the ILOVEYOU worm of 2000 - although running on mainframes rather than PCs, spreading over a different network, and scripted using REXX rather than VBScript.

The name was actually "CHRISTMA EXEC" because the IBM VM systems originally required file names to be formatted as 8+space+8 characters. Additionally, IBM required REXX script files to have a file type of "EXEC". The name is sometimes written as "CHRISTMAS EXEC" (adding a 9th character) to make the name more readable. The user was prompted to: "...just type CHRISTMAS..." - and this in fact launched the "worm".

References