Elk Cloner: The Fifteen-Year-Old Who Invented the Computer Virus
Zusammenfassung
In 1982, Richard Skrenta, a fifteen-year-old high school student in Pittsburgh, wrote Elk Cloner — the first computer virus to spread “in the wild” (outside a laboratory). It infected Apple II computers by attaching itself to the operating system on floppy disks; every 50th time an infected disk was booted, it displayed a short poem. Skrenta’s motivation was entirely social: he wanted to prank his friends. He did not foresee that the technique he invented would become the foundation of a multi-billion-dollar criminal industry.
The Problem Skrenta Was Solving
Richard Skrenta was a student at Mount Lebanon High School in Pittsburgh who was known among his friends for his interest in computers and for his habit of modifying software as pranks. He would make copies of games for friends, secretly modified so that they would display a mocking message or cause the program to crash at a random point. Friends stopped accepting floppy disks from him.
The problem, from Skrenta’s perspective, was that people could inspect a disk before using it and detect his modifications. He wanted a prank that spread without his direct involvement — that would propagate from disk to disk automatically. This led him to think about how to make a program copy itself.
The Technical Design
The Apple II booted from floppy disk. When the computer started, it read the operating system from a specific track of the floppy (track 0, sectors 0–2). The boot sector code ran first, before any application. Skrenta realized that if he could modify the boot sector to run his own code before loading the operating system, and if his code copied itself to other floppy disks when they were inserted, he had achieved self-replicating software.
Elk Cloner’s mechanism:
- When an infected disk was booted, the virus loaded itself into memory along with the operating system.
- When a clean floppy was inserted, Elk Cloner checked whether it was already infected.
- If uninfected, Elk Cloner copied itself to the new disk’s boot sector.
- Every 50th boot from an infected disk, the virus displayed its “poem”:
Elk Cloner: The program with a personality It will get on all your disks It will infiltrate your chips Yes, it’s Cloner!
It will stick to you like glue It will modify RAM too Send in the Cloner!
The virus spread through Skrenta’s school quickly. It caused no damage beyond displaying the poem — it did not corrupt data, delete files, or modify applications. Skrenta distributed infected disks in early 1982; the virus spread to other schools and eventually to users who had no connection to Skrenta.
Why “In the Wild”
Elk Cloner is specifically described as the first virus to spread “in the wild” to distinguish it from earlier self-replicating programs that existed only in controlled environments:
- Creeper (1971): A TENEX operating system program that copied itself across the ARPANET and displayed “I’m the creeper, catch me if you can!” — a proof of concept rather than a deployed virus.
- Reaper (1972): A program written to delete Creeper — the first antivirus, fighting the first virus, both in a lab network.
- Core Wars (1984, though the game was played from around 1975): Programs that competed to survive in a shared memory space — self-replicating as game mechanics.
None of these spread to computers owned by people who had not consented to participate. Elk Cloner did. Users at Mount Lebanon High School and their contacts found their Apple II disks infected without knowing how, without knowing what the virus was, and without having any way to remove it.
The Industry It Unwittingly Founded
Skrenta’s design — a program that replicates by attaching to storage media and executing at boot time — was the template for boot sector viruses that became a major threat in the MS-DOS era of the late 1980s and early 1990s. Brain (1986, the first IBM PC virus), Stoned (1987), and Michelangelo (1991) all used variants of the boot sector technique Skrenta had invented for a prank.
The cybersecurity industry — antivirus software, intrusion detection, vulnerability research — exists partly in response to techniques that originate from this tradition. The full history of how prank software became criminal infrastructure is covered in The History of Hacking and Cybersecurity: The Invisible War.
Skrenta went on to become a software entrepreneur, co-founding the news aggregation company Topix and the search engine Blekko. He has reflected on Elk Cloner in interviews as a naive prank — something he built without understanding the implications of what he was creating.
📚 Sources
- Elk Cloner — Rich Skrenta’s 1982 boot-sector virus (Wikipedia)
- Kaspersky Lab: “The history of computer viruses” — Securelist (2008)
- Spinello, Richard A.: Cyberethics: Morality and Law in Cyberspace, 5th ed. (2014), Jones & Bartlett — Chapter on computer crime
- Ludwig, Mark A.: The Little Black Book of Computer Viruses (1991), American Eagle Publications — technical analysis of boot sector replication