Back in the days a lot of thought and ingenuity was put into making these viruses. For instance, the Friday 13th [1][2][3] virus:
* was only 419 bytes long
* infected both .COM and .EXE, increasing the size of the former by only 1813 bytes
* on infection, became memory resident (using only 2kb of memory)
* hooked itself into interrupt processing and other low level DOS services to, for instance, suppress the printing of console messages in failure cases (like trying to to infect a file on a read-only floppy disk)
* activated itself every friday 13th and deleted programs used that day
It still managed to spread itself worldwide (mostly via floppy disk sharing as the world wide web didn't exist yet) and went mainstream enough for the broadcast news to advise people not to turn on their computers on that date or to push the date one day ahead.
All that in 419 bytes, about a third of the size of this post.
Hello Luso Brailian: I'm a senior writer with Wired (www.wired.com). Am putting together a small story on this. Would love to chat, if you have a second: cade_metz@wired.com
> I'm a senior writer with Wired (www.wired.com). Am putting together a small story on this. Would love to chat
You must not have a full grasp of how HN operates.
If all it takes to get into a Wired article is to regurgitate information already plentifully available online, I'm pretty worried about Wired's future.
While the comment was substantive and linked to sources, this is normal for HN and nothing special.
How about you contact the guy who posted the article? He's the CRO from F-Secure, one of the research companies that was linked to as a source.
I really hope Wired doesn't start using random comments as "experts" in articles.
I have a printout of the disassembly of that virus (in wide format fanfold) from around then. When I come across it I'll donate it to the Hellenic IT Museum...
As the initial source of infection in a certain geographical area maybe but as far as I remember most viruses (specially boot sector ones) spread through floppy disk sharing, first from people to people inside companies, from company computer to personal computer at home, from friend to friend personal computer and then from personal computer to company computer.
Much like the spread of HIV back in the late 80's and early 90's most people didn't really understand how exactly computers programs worked and didn't follow IT guidelines on how to avoid getting infected. The number of infections was naturally limited by the small number of people at risk: computer users.
But as the availability of computers and the number of useful applications increased so did the volume of infections being spread through the same bad habits: floppy sharing without protection, and by that I mean the read only lock.
And, instead of the ideal (but very hard) way to eradicate the problem (informatic prophylaxis and education for users) the industry "solved" the problem by creating the antivirus and accepting an occasional infection as something unavoidable.
Then the World Wide Web exploded, creating a frictionless media for the spread of these infections and here we are.
I wrote an AV Scanner (for the lulz) in the early 1990's and ended working at Symantec for my sins. Some of the programs were seriously well coded with self-hamming code, polymorphism, multi-partite capabilities, etc. Some of my favourites were the 'Eddie' series - written by a Bulgarian guy with a liking for Iron Maiden. :)
I remember this ezine 40Hex used to have virus assembly in it, which to my 12 year old self was pretty much the coolest thing I could imagine, until I compiled and accidentally ran it and destroyed my parents Windows 98 installation.
The good old days... when viruses merely displayed a funny message or erased your hard disk, but didn't turn your computer into part of a botnet controlled by organized crime.
There was an insidious period when viruses would attempt to flash the bios with garbage, rendering the computer useless. I heard that some crafty individuals would recover by purchasing a motherboard of the same model, swapping the bios chip to boot up, hot swapping the old chip back and then reflashing the old chip with a good bios. After that, you could also reinstall the new bios chip in the motherboard and return it, slightly used.
I'll take a botnet computer over a bricked one any day.
If anyone feels like researching this, don't look at the BadBios conspiracy, that's an internet meme.
Instead look at things like Intel's trusted computing. Igor Skochinsky (of fame from Hexrays / IDA, and moderator on /r/reverseengineering) has an excellent powerpoint highlighting some research on their Management Engine, which is probably in your computer right now.
Or weren't written by a government as part of a multi-million-dollar malware R&D program that reduces to practice way-out-there speculations about what malicious software could theoretically do.
I remember back in the 90s, demonstration of the viruses (with all animations, music, etc.) was one of the coolest features of popular Polish antivirus mks_vir.
Mks_vir, especially its DOS incarnations from its heyday back when it was developed by Marek Sell himself, definitely deserves much more international publicity than it got.
I remember actually getting infected with one of these when I was a teenager. From what I recall, it was mostly harmless.
Me and some friends pooled together and bought a couple of CD-ROM's full of warez from some guy we found online and one of the games or applications was infected. Looking back, I'm actually pretty more all of them weren't infected!
Imagine being a virus writer crafting a virus so complicated that it would only work in a future not written different kind of OS or virtual machine, and work in differing operating systems, and identify and poke for weaknesses by itself.
Perhaps it would just be a Science Fiction plot device!
Well, something more nefarious is already possible with a bit of money. Someone could hide a few armed drones set to wake up 100 years from now, setted up to shoot everyone they find. The perfect crime in the sense that police can't capture him if he is already dead.
Luckily this seems not easy. Mechanical parts do not like being unmaintained for decades, while being stored in a damp/sandy/cold/hot environment. Batteries, solar cells and other means of stored energy are not to fond of that either.
A virus on the other hand that inserts itself for example into source code could very well live a long time.
What a great compilation! I would love to know what harmful effects they had though. It is quite a difference if the virus is erasing your HDD while it is slowly printing the nice message or not...
I'll have to look to see if there are any familiar boot sector viruses - the kind that propagated via floppies. Those made the rounds at work.
I enjoyed disassembling them and seeing how they work. It was an education that kids miss out on today.
Come to think of it, back when I was teaching a Perl class one of my first assignments was to create a "virus" that found Perl scripts and copied itself into them. Good times.
If you're interested in this stuff, there#s also an awesome archive at VX Heaven [1], which not only includes malware sources but also a lot of documentation, simulators etc.
Someone really should build this. I'd pay handsomely for an easy to setup linux version that i could just boot on a beefy machine and keep running as an installation like that.
Most antivirus/security firms have a similar kind of network where they analyze samples. It's detached from the internet to avoid spreading the infections, but they usually have mechanisms to emulate being online, etc.
This XKCD is a likening of the very established notion of a honeynet with an acquarium. If you want to set one up there are good open source tools available, but you will want to be quite careful to comprehend what you are doing. See https://en.wikipedia.org/wiki/Honeypot_%28computing%29
It kind of depends on the systems (you can run a number of 640K DOS boxes in a simulator though :-) and virii of this period tended to make the boxes break so it wasn't really something that a flock would keep going.
* was only 419 bytes long
* infected both .COM and .EXE, increasing the size of the former by only 1813 bytes
* on infection, became memory resident (using only 2kb of memory)
* hooked itself into interrupt processing and other low level DOS services to, for instance, suppress the printing of console messages in failure cases (like trying to to infect a file on a read-only floppy disk)
* activated itself every friday 13th and deleted programs used that day
It still managed to spread itself worldwide (mostly via floppy disk sharing as the world wide web didn't exist yet) and went mainstream enough for the broadcast news to advise people not to turn on their computers on that date or to push the date one day ahead.
All that in 419 bytes, about a third of the size of this post.
[1] https://en.wikipedia.org/wiki/Jerusalem_%28computer_virus%29
[2] https://www.f-secure.com/v-descs/jerusale.shtml
[3] http://www.pandasecurity.com/mediacenter/malware/famous-viru...