Elvira, virus by French programmer Spanska, replicated the Star Wars opening crawl in an ode to his girlfriend. Image: danooct1
Virus.DOS.Phantom1 is menacing--but also clearly a labor of love. Image: danooct1
Virus.DOS.Walker displays a crude bit of 8-bit porno (not shown) and then has an old man stroll across your screen. Image: danooct1
Virus.DOS.Kuku infects all EXE and COM files, and, one time out of eight, displays this lovely colorful confetti on your screen. Image: danooct1
Virus.DOS.Plane unleashes a parachuter on your command line, creating infected companion files for COMs and EXEs. Image: danooct1
Virus.Boot.Pingpong
doesn't destroy anything, but it does turn your screen into a game of
ping pong (but only if you try to run files on the half hour
[seriously]). Image: danooct1
"Mars Land," another one of Spanksa's viruses, shows a lovely lava flow with a nice message: Coding a virus can be creative. Image: danooct1
Markt DOS Virus looks scary--and it is: it formats your entire C drive. Image: danooct1
Ithaqua DOS Virus is just plain nice. Every April 29 it takes over your screen to show a gentle snowfall. Image: danooct1
Virus.DOS.Billiards turns your boring text into a colorful game of pool. Nice! Image: danooct1
Virus.DOS.HHnHH, a bouncing particle ball, wouldn't make a bad screensaver. Image: danooct1
Apple DOS Trojan proves that even in the underground world of DOS viruses, fanboys were fanboys. Image: danooct1
PlayGame DOS Virus makes the unfortunate user play a game upon booting up, but only in December. Image: danooct1
Virus.DOS.Redcode plays out a little race between Big Butt Gasso and Himmler Fewster. Weird. Image: danooct1
CMOS DOS Virus
is an evil virus indeed. Along with this seizure-inducing payload (and a
shrieking beeping noise), it corrupts the CMOS memory, wiping all sorts
of settings. The most diabolical bit? If you try to press Control Alt
Delete, it reformats your whole hard drive. Image: danooct1
Back in 2004, a computer worm called Sasser swept across the web,
infecting an estimated quarter million PCs. One of them belonged to
Daniel White, then 16 years old. In the course of figuring out how to
purge the worm from his system, the teenager came across the website of
anti-virus company F-Secure, which hosted a vast field guide of malware
dating back to the 1980s, complete with explanations, technical
write-ups, and even screenshots for scores of antiquated viruses. He
found it intoxicating. “I just read all I could,” he says, “and when I’d
read all of that I found more sources to read.” He’d caught the
computer virus bug.
Nine years and a handful of data loss scares later, White has amassed
perhaps the most comprehensive archive of malware-in-action found
anywhere on the web. His YouTube channel, which he started in 2008, includes more than 450 videos,
each dedicated to documenting the effect of some old, outdated virus.
The contents span decades, stretching from the dawn of personal
computing to the heyday of Windows in the late ’90s. It’s a fascinating
cross-section of the virus world, from benign programs that trigger
goofy, harmless pop-ups to malicious, hell-raising bits of code.
Happening across one of White’s clips for a virus you’ve done battle
with back in the day can be a surprisingly nostalgic experience.
But while the recent Windows worms may be the most familiar, another
subset of White’s archive is even more interesting. The viruses he’s
collected from the MS-DOS era are malware from a simpler time–a glimpse
into a largely forgotten and surprisingly creative subculture.
“In the DOS era it was very much a hobbyist sort of thing,” White
explains. Skilled coders wanted to show off their skills. They formed
groups, and those groups pioneered different ways to infect and
proliferate. A community coalesced around bulletin boards and
newsgroups. Techniques were exchanged; rivalries bubbled up. For many
writers, though, a successful virus didn’t necessarily mean messing up
someone’s computer–or even letting users know that they’d been infected
in the first place. Quietly, virus writers amassed invisible, harmless
networks as testaments to their chops. “Not all authors were complete
dicks,” White says. “There were far more viruses that only infected
files and continued spreading than there were viruses that damaged data
or displayed ‘gotcha’ messages.”
As we see here, though, some of those “gotcha” messages–a virus’
payload, as it’s called–were spectacularly unique. Amidst the dull
monochromatic world of the command line, these viruses exploded to life.
One, created by the French virus writer Spanska, flooded an infected
machine’s display with a dramatic flow of digital lava. Another showed a
menacing skull, clearly rendered with patience and care. Others were
more playful: a billiards-themed virus turned command line text into a
colorful game of pool, with letters bouncing around the display and
knocking others along the way. Some were downright sweet. The Ithaqua
DOS virus showed a gentle, pixelated snowfall accumulating on the
infected machine’s screen–and only on one day a year.
For at least some of these mischievous coders, the virus truly did
serve as a creative medium. When asked about his view on destructive
code in a 1997 interview,
Spanska, the French lava master, replied: “I really do not like
that…There are two principal reasons why I will never put a destructive
code inside one my viruses. First, I respect other peoples’ work…The
second reason is that a destructive payload is too easy to code.
Formatting a HD? Twenty lines of assembler, coded in one minute.
Deleting a file? Five instructions. Written in one second. Easy things
are not interesting for the coder. I prefer to spend weeks to code a
beautiful VGA effect. I prefer create than destruct [sic]. It’s so
important for me that I put this phrase in my MarsLand virus: ‘Coding a
virus can be creative.’”
Of course, no matter how widely they might’ve spread in the weeks and
months following their deployment, these old viruses were inevitably
squelched. Systems were patched and upgrades rendered their exploits
obsolete. Even the F-Secure database that sparked his obsession is
largely inaccessible today, White points out, discarded in favor of a
“more ‘consumer friendly’ website.” So White resolutely keeps on
preserving the things–infecting virtual machines and filming the
results. Now a graduate student specializing in satellite imaging
systems, he still finds time to upload a new video every month or so,
often working with files that tipsters send him to fill in holes in his
collection. Thankfully for him and his hardware, the hobby isn’t quite
as risky as you might think. “For the most part, the stuff I handle
won’t do much of anything, if anything at all, on modern PCs and
operating systems,” he says. But you never know. “I live by the
philosophy ‘if you’re not willing to lose all the data on every PC on
the network, don’t start toying with malware.’”