Security News > 2022 > December > The CHRISTMA EXEC network worm – 35 years and counting!

December 2022 sees the 35th anniversary of the first major self-spreading computer virus - the infamous CHRISTMA EXEC worm that temporarily crushed the major mainframe networks of the day.

Not by any deliberately coded side-effects such as file scrambling or data deletion, but simply by leeching too much network bandwidth for its own unauthorised purpose.

The virus itself was written in IBM's powerful text-based scripting language REXX, so a non-programmer looking at the message would probably recognise it as "Program code", and therefore tend to ignore it as unimportant and irrelevant, for all that it might look interesting.

Handily, the user didn't have to be taught to leave the final -S off the word CHRISTMAS, because CMS would automatically ignore any extra characters and hunt for CHRISTMA EXEC, which was the very script program that the user had just received without expecting it or asking for it.

As stated above, the code did indeed display the Christmas Tree ASCII art - or, more precisely, EBCDIC art, given that IBM famously had its own character encoding system known as Extended Binary Coded Decimal Interchange Code.

A sea of copies of the virus would be distributed, potentially worldwide, and if any of those recipients innocently typed CHRISTMAS at the command prompt.

News URL

https://nakedsecurity.sophos.com/2022/12/01/the-christma-exec-network-worm-35-years-and-counting/