⚠️ Overview

Brain is the first IBM PC–compatible computer virus, discovered in January 1986 and created by Pakistani brothers Basit and Amjad Farooq Alvi as a boot‑sector infector. It is classified as a legacy file‑system virus rather than modern categories like ransomware or RAT; its original purpose was to protect the authors’ medical software from piracy by marking infected disks as “stolen.”

🔧 Technical Capabilities

Brain spreads by writing a copy of itself to the boot sector of floppy disks, replacing the original master boot record (MBR) with its own code. Upon system boot from an infected disk, the virus loads into memory and hooks interrupt 13h (disk I/O) to intercept read/write requests, hiding the infected boot sector and displaying a copyright message containing the authors’ names, address, and phone number. It does not use command‑and‑control (C2) infrastructure, network propagation, or persistence beyond boot‑sector residency; its stealth technique relies on returning a clean copy of the original boot sector when the system attempts to read the infected area. No encryption, privilege escalation, or modern evasion mechanisms are present, as the virus predates networked environments and was limited to physical disk exchange.

📜 History & Notable Incidents

First appearing in 1986 in Lahore, Pakistan, Brain quickly spread globally via floppy disks traded by shareware users; a notable early outbreak occurred at the University of Delaware in 1987, prompting the creation of the first antivirus software (e.g., by John McAfee and Eugene Kaspersky). No CVEs are associated with Brain because it predates the CVE system, and no law‑enforcement actions were taken—the brothers continued their medical software business after the virus became known.

🔍 Detection Indicators

Infected floppy disks exhibit a volume label of ©Brain (ASCII 0x00 followed by “Brain”) and a modified boot sector containing the text “Welcome to the Dungeon” and the authors’ contact information. Uninfected systems show no registry keys, mutex names, or network IOCs; behavioral signatures include unexpected disk‑activity patterns and inability to read the first sector of a floppy disk normally.

☠️ Risk & Impact

Brain caused data loss when infected disks were used in systems without write‑protection, as the virus overwrote the original boot sector, but it did not delete files. Financial impact was minimal beyond the cost of lost productivity and the early antivirus industry it spawned; affected sectors included universities, hobbyist computer clubs, and early corporate PC users.

🛡️ Mitigation

Mitigation requires physical isolation of unknown floppy disks and the use of early antivirus scanners such as those from McAfee or Symantec; modern systems with UEFI and no floppy drives are immune. No patches exist—prevention relies on avoiding untrusted removable media and using boot‑sector scanning tools.

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the malware listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.