Who created first computer virus

Who created first computer virus : History and Impact

by

Published: May 17, 2026 | Last updated: May 17, 2026 | 6 min read

TL;DR

  • The first known computer virus was Elk Cloner, created in 1983 by high school student Rich Skrenta
  • Elk Cloner spread via Apple II floppy disks and displayed a poem when activated
  • The term “computer virus” wasn’t widely used until the late 1980s, even though Elk Cloner existed years earlier
  • Early viruses were mostly pranks; they didn’t aim to destroy data or steal information
  • Modern cybersecurity exists because of lessons learned from these early attacks

What Was the First Computer Virus?

The first known computer virus was Elk Cloner, created in 1983 by Rich Skrenta, a 15-year-old high school student in Pittsburgh, Pennsylvania. Elk Cloner spread through Apple II personal computers via infected floppy disks. When activated, the virus displayed a short poem on the screen. This wasn’t malicious in the destructive sense it was a prank, but it proved that self-replicating code could spread from machine to machine without the user’s knowledge.

Most people think of viruses as destructive programs that steal data or crash computers. Elk Cloner did neither. It simply copied itself to other disks and announced its presence with text on the screen. That simplicity made it revolutionary. It showed that a program could replicate itself, something scientists had theorized about but never seen in practice.

Who Was Rich Skrenta, the Virus Creator?

Rich Skrenta was a teenager experimenting with code on his Apple II computer. He wasn’t a criminal mastermind. He was a curious programmer who wanted to see if he could make a program replicate itself a technical challenge, not a malicious goal.

Skrenta wrote Elk Cloner as a proof of concept. He inserted the code into a popular game distributed on floppy disk. When people played the game, the virus copied itself onto their disks. The next time they shared those disks with friends or colleagues, the virus spread further. This chain-reaction spread was the key innovation. No human had to manually copy the virus; the program did it automatically.

Skrenta didn’t hide what he’d done. He told people about Elk Cloner and explained how it worked. In interviews decades later, he described it as an intellectual exercise, not an attempt to cause harm. He was testing the boundaries of what code could do.

How Elk Cloner Worked and Spread

Elk Cloner exploited a gap in how Apple II computers managed floppy disk files. The virus inserted itself into the boot sector — the first part of a disk that loads when a computer starts up. Once activated, the virus copied itself to other disks used on that machine.

Here’s the step-by-step process:

  1. User inserts infected disk — A floppy disk containing Elk Cloner is placed into an Apple II drive
  2. Boot sector loads — The computer reads the disk’s boot sector to start up
  3. Virus activates — Elk Cloner runs automatically before the legitimate program
  4. Self-replication begins — The virus copies itself to any other disk the user accesses
  5. Poem displays — After 50 boot cycles, the screen shows the famous poem: “Elk Cloner: The program with a personality / It will get on all your disks / It will infiltrate your chips”

The virus didn’t destroy files or steal passwords. It simply announced itself. That announcement was both its purpose and its undoing — users immediately noticed something was wrong when the poem appeared, making it easy to identify and stop the spread.

The Context: Why Elk Cloner Happened in 1983

Personal computers were new in the early 1980s. The Apple II, released in 1977, was one of the first machines that ordinary people could buy and use at home. Security wasn’t a priority. Nobody imagined that a program could replicate itself and spread between machines.

Skrenta had access to a computer lab at his school. He understood assembly language and low-level programming. He knew how operating systems worked. Most teenagers didn’t. That combination of access, knowledge, and curiosity created the conditions for Elk Cloner.

The floppy disk distribution model made replication possible. Software in 1983 spread through physical media — people copied disks and shared them. There was no internet to prevent spread, but also no internet to accelerate it. Elk Cloner spread slowly, over weeks and months, through personal networks.

Why Wasn’t It Called a Virus at the Time?

The word “virus” didn’t exist in computing in 1983. Viruses were biological entities. Computer scientists were still inventing vocabulary for the field. Elk Cloner was described as a “self-replicating program” or a “worm” in early discussions.

The term “computer virus” gained widespread use in the late 1980s, after Fred Cohen published his theoretical work on self-replicating code in 1986. Cohen demonstrated that viruses could evolve and spread in ways that made them nearly impossible to stop — much like biological viruses. The biological analogy stuck, and the term became standard.

Skrenta’s creation predated the terminology by years. If Elk Cloner had been discovered in 1987 instead of 1983, it probably would have been called a virus immediately.

The Elk Cloner Poem: What It Actually Said

When the virus activated after 50 boot cycles, users saw this text on their screens:

Elk Cloner: The program with a personality / It will get on all your disks / It will infiltrate your chips / Yes, it’s Cloner!

The poem was cheeky, not threatening. Skrenta was announcing his achievement. He wasn’t trying to scare people or cause panic — he was saying, “Look what I built.” The message was arrogant in the way a teenage programmer might be, but not malicious.

This is why Elk Cloner stayed in computer history. Worse viruses came later. Destructive ones. The 1986 Brain virus erased data. The 1988 Morris Worm crashed thousands of computers across the internet. But Elk Cloner is remembered as first — the proof that self-replication worked.

What Changed After Elk Cloner?

The discovery of Elk Cloner forced computer companies and security researchers to think differently about software. They realized that programs could execute automatically, without user input, and could spread across machines. This wasn’t theoretical anymore — it was real.

Three major changes followed:

1. Boot sector protection — Operating systems added checks to prevent unauthorized code from loading in the boot sector. This made the specific mechanism Elk Cloner used obsolete.

2. Antivirus software — Companies began developing software designed to detect and remove self-replicating code. Antivirus became an entire industry.

3. Security awareness — Users learned not to trust disks from unknown sources. Organizations began locking down computers and controlling what software could run.

These defensive measures evolved over decades. Modern cybersecurity — firewalls, malware detection, software signing, operating system restrictions — traces back to the lessons learned from Elk Cloner and viruses that came after.

Early Viruses That Came After Elk Cloner

Elk Cloner wasn’t the only virus of the 1980s, just the first. Others emerged as computers became more common and networks started to form.

Brain Virus (1986) — Created by Pakistani programmers Basit Farooq Alvi and Amjad Farooq Alvi, this virus infected IBM PC computers. Unlike Elk Cloner, Brain was destructive. It slowed down computers and corrupted data. It was the first virus to spread globally, carried on pirated software.

Morris Worm (1988) — Robert Morris, a Cornell University student, created a program intended to measure the size of the internet. It spread too aggressively and crashed thousands of machines. This was the first major cyberattack, causing an estimated $10-100 million in damage (CNET, 2013).

Michelangelo (1992) — This virus infected IBM computers and was set to activate on the artist’s birthday, March 6. The threat generated media panic, though the actual damage was minimal.

Each of these viruses taught the security community something new. They pushed the field forward.

The Difference Between Viruses, Worms, and Trojans

People often use “virus” as a catch-all term for malicious software. Technically, viruses, worms, and Trojans are different.

Virus — A program that attaches itself to legitimate software and replicates when that software runs. Elk Cloner attached itself to the boot sector, a form of viral infection. It needs user action (running a program or booting from an infected disk) to spread.

Worm — A program that replicates itself and spreads through networks without attaching to other software. The Morris Worm was a worm because it spread through network connections, not through file attachment.

Trojan — A program that looks legitimate but hides malicious code. A Trojan doesn’t replicate itself; it tricks users into running it. Once active, it can do whatever the attacker programmed it to do.

Elk Cloner is technically a virus — it replicated by attaching itself to the boot sector. But it’s often discussed alongside worms because the early distinctions weren’t always clear.

Why Rich Skrenta Isn’t a Villain

This is important: Rich Skrenta created Elk Cloner as a teenager exploring what code could do. He didn’t weaponize it. He didn’t sell it or try to profit from it. He told people about it openly.

Decades later, Skrenta became a legitimate technology entrepreneur and security researcher. He founded online services and contributed to computer science. He wasn’t a criminal who stumbled into tech — he was a curious programmer who found himself in computing history.

The security industry’s response to early viruses wasn’t to hunt down programmers like Skrenta. It was to build defenses. Antivirus companies hired people who understood how viruses worked. Many early security researchers were self-taught programmers who’d grown up experimenting with code, just like Skrenta.

How Modern Cybersecurity Traces Back to Elk Cloner

Every security measure in modern computing exists because of lessons learned from early viruses.

Signature-based detection — Antivirus software scans files for patterns (signatures) that match known viruses. This approach was developed after Elk Cloner and improved after every major virus outbreak.

Behavioral analysis — Modern antivirus also watches what programs do. If a program tries to modify the boot sector (like Elk Cloner did), the system flags it as suspicious. This catches new viruses that don’t match known signatures.

Sandboxing — Operating systems now isolate programs from each other and from core system files. A virus in one program can’t spread to another. This makes widespread replication — Elk Cloner’s entire strategy — almost impossible on modern systems.

Operating system security — Modern Windows, macOS, and Linux all implement user permissions and require administrator approval to modify system-level files. Elk Cloner worked because it had unrestricted access to the boot sector. Modern systems don’t allow that.

Software signing and verification — Programs are now digitally signed by their creators. The operating system verifies the signature before running the software. Elk Cloner was unsigned code running in a world where that concept didn’t exist.

These defenses didn’t appear overnight. They evolved from the 1980s through the 2000s as viruses became more sophisticated and security researchers understood the threat better.

Common Mistakes People Make About Elk Cloner

Mistake 1: Thinking Elk Cloner destroyed computers. It didn’t. It copied itself and displayed a poem. No data was lost. This was a proof of concept, not a destructive attack. Modern viruses are far more dangerous.

Mistake 2: Believing Rich Skrenta was arrested or prosecuted. He wasn’t. He disclosed what he’d done and explained how it worked. The security community learned from it rather than punishing him.

Mistake 3: Confusing Elk Cloner with later viruses like Brain or Morris Worm. They’re different programs with different creators, different mechanics, and different impacts. Elk Cloner happened first, but it wasn’t the most destructive.

Mistake 4: Thinking computer viruses only mattered in the 1980s. The 1980s viruses taught lessons that shaped every defense today. Malware is more sophisticated now, but the underlying challenge — stopping self-replicating or malicious code — is the same problem Elk Cloner revealed.

Frequently Asked Questions

Who created the first computer virus?

Rich Skrenta, a 15-year-old high school student in Pittsburgh, Pennsylvania, created Elk Cloner in 1983. It was the first known self-replicating computer program.

What year was the first computer virus created?

Elk Cloner was created in 1983, but it wasn’t widely known until years later. The term “computer virus” wasn’t in common use until the late 1980s, even though Elk Cloner already existed.

How did Elk Cloner spread?

Elk Cloner spread through Apple II floppy disks. When an infected disk was used, the virus copied itself to other disks accessed on that machine. The virus activated after 50 boot cycles and displayed a poem on the screen.

Was the first computer virus harmful?

Elk Cloner was not harmful in the destructive sense. It didn’t delete files or steal data. It simply replicated itself and displayed a poem. Later viruses, like Brain (1986) and Morris Worm (1988), were far more damaging.

What did Elk Cloner do when it activated?

When activated after 50 boot cycles, Elk Cloner displayed a short poem on the screen: “Elk Cloner: The program with a personality / It will get on all your disks / It will infiltrate your chips / Yes, it’s Cloner!”

Why is Elk Cloner important to cybersecurity?

Elk Cloner proved that self-replicating code was possible. It forced computer companies and security researchers to develop defenses against malware. Every modern security measure — antivirus, sandboxing, software signing, permission systems — traces back to lessons learned from early viruses like Elk Cloner.

How did people discover Elk Cloner?

Skrenta told people about the virus and explained how it worked. He didn’t hide it. Users also noticed when the poem appeared on their screens after 50 boot cycles, making it easy to identify that something unusual was happening.

What happened to Rich Skrenta after Elk Cloner?

Skrenta went on to become a legitimate technology entrepreneur and security researcher. He never faced prosecution. The security industry learned from his creation and built defenses against it.

Are computer viruses still a problem today?

Yes, but they’re different now. Modern malware is more sophisticated and often aims to steal data or money rather than announce itself. Modern operating systems have better defenses than the Apple II had in 1983, so widespread replication (Elk Cloner’s strategy) is far harder.

What’s the difference between a virus, worm, and Trojan?

A virus attaches itself to legitimate software and replicates when that software runs. A worm spreads through networks without attaching to other software. A Trojan hides malicious code inside a program that looks legitimate. Elk Cloner was technically a virus because it attached to the boot sector.

Key Takeaways

  • Elk Cloner (1983) was the first known computer virus, created by teenager Rich Skrenta
  • It spread through Apple II floppy disks and displayed a poem when activated
  • The virus was a proof of concept, not a destructive attack
  • Modern cybersecurity defenses exist because of lessons learned from early viruses
  • The term “computer virus” became standard in the late 1980s, years after Elk Cloner was created
  • Skrenta’s creation forced the industry to develop antivirus software, boot sector protection, and operating system security measures
  • Today’s malware is more sophisticated, but the core challenge is the same: stopping self-replicating or malicious code

Leave a Comment