Year 1975: The First Trojan Horse- ‘ANIMAL’

Introduction

In the intricate tapestry of cybersecurity, certain historical occurrences serve as pivotal milestones, shaping the trajectory of the field. The emergence of ANIMAL in 1975 is one such defining moment, marking the unwitting genesis of trojan horses in the digital world. In this blog, we embark on a journey to unravel the intricate layers of ANIMAL’s legacy, tracing its origins, exploring its propagation dynamics, and delving into the profound implications it holds for contemporary cybersecurity practices.

Origin of the First Trojan Horse

The mid-1970s witnessed the infancy of computer systems, laying the groundwork for the evolution of cybersecurity. During this period, a popular trend emerged known as “Animal Programs” – interactive games consisting of 20 questions aimed at guessing the animal occupying the user’s thoughts. John Walker contributed to this trend by introducing ANIMAL, initially conceived as a 20-question guessing game. In the spirit of camaraderie, Walker extended the reach of his creation by sharing the game with friends, a process that involved creating and transmitting magnetic tapes. However, as demand for his creation surged, Walker’s development of the PERVADE subroutine in 1975 unintentionally turned ANIMAL into a Trojan horse.

ANIMAL, at its core, was a harmless game, designed to engage users in a playful exercise of guessing animals. Yet, it was the subtle integration of PERVADE that endowed this harmless program with unintended trojan-like characteristics. As users engaged with ANIMAL, PERVADE worked silently in the background, autonomously copying the game into directories accessible to users—a propagation method that mirrored the essence of the ancient Trojan Horse.

Working of ANIMAL & PREVADE

In the words of John Walker, “This program did not in any way violate or subvert the security of the system, nor did it take advantage of any bug or design flaw in the operating system. It spread into successively more protected directories in what today is called a “classic Trojan Horse attack”. In 1975, when I thought of it, I just called it “a neat idea”.

To make ANIMAL more widely available, Walker created a helper program called PERVADE. This PERVADE could be used by any program and, when run, it made sure that all accessible directories had an updated copy of the program without overwriting unrelated user programs. As users ran programs with PERVADE, it spread to their directories and continued until a privileged user ran it, copying it to the system library. This process, known as a “classic Trojan Horse attack,” didn’t compromise system security or exploit any flaws. It simply spread through directories.

Since users exchanged tapes regularly, copies of the program made their way to other installations and UNIVAC sites, establishing itself on other systems. This not only distributed ANIMAL but also made PERVADE thrive, as the interaction with ANIMAL provided the right conditions for PERVADE to work without users knowing.

More on the topic: https://www.fourmilab.ch/documents/univac/animal.html

Legacy of ANIMAL

ANIMAL, in its unwitting propagation, became a trailblazer, laying the foundation for the concept of trojan horses in the world of cybersecurity. It introduced a paradigm where seemingly innocuous programs could harbor concealed actions, marking the inception of a cybersecurity challenge that persists to this day.

Unlike contemporary trojans, ANIMAL did not possess the ability to self-replicate. Users, driven by curiosity and a willingness to engage with innovative programs, willingly downloaded and executed ANIMAL. This stands in stark contrast to the deceptive tactics employed by modern trojans, which often leverage social engineering to infiltrate systems, exploiting human trust and vulnerabilities.

Since the emergence of ANIMAL, the landscape of malware has undergone significant evolution, with trojans emerging as prominent actors in cyberattacks, data breaches, and the proliferation of malicious software. ANIMAL, though non-malicious in nature, holds historical significance as an early example of malware, showcasing trojan-like behavior through its covert propagation method.

While ANIMAL itself did not harbor malicious intent, its approach served as a blueprint for the development of more advanced and potentially harmful trojans in subsequent years. The inadvertent propagation of ANIMAL underscored the importance of vigilance, user education, and the adoption of robust security practices in mitigating the risks posed by trojans and various forms of malware.

As we reflect on the legacy of ANIMAL, it serves as a cautionary tale and a historical reference point for the cybersecurity community. The lessons learned from ANIMAL’s early foray into trojan-like behavior remain pertinent in today’s dynamic and ever-evolving threat landscape, emphasizing the continuous need for proactive security measures and user awareness to counter the evolving tactics of malicious actors.