Slashdot Mirror

← Back to Stories (view on slashdot.org)

Online Museum Displays Decades of Malware (thestack.com)

Posted by yaelk on from the looking-for-malware dept.

An anonymous reader writes: archive.org has launched a Museum of Malware, which devotes itself to a historical look at DOS-based viruses of the 1980s and 1990s, and gives viewers the opportunity to run the viruses in a DOS game emulator, and to download 'neutered' versions of the code. With an estimated 50,000 DOS-based viruses in existence by the year 2000, the Malware Museum's 65 examples should be seen as representative of an annoying, but more innocent era of digital vandalism.

39 comments

  1. Sounds like my computer by Anonymous Coward · · Score: 0

    I watch a lot of porn.

  2. Stoopid by Anonymous Coward · · Score: 0

    Like a kiddie porn exhibit.

  3. Obilgatory XKCD by jfdavis668 · · Score: 5, Funny

    http://xkcd.com/350/

    1. Re:Obilgatory XKCD by Psicopatico · · Score: 4, Insightful

      Just ask, it's already done.
      Check http://www.viruszoo.com/
      (And don't forget to check the FAQ, which clearly references xkcd.)

      To be honest, TFA references a MS-DOS era scenario, which is a little different.

      --
      Mastering the English language is fucking easy: all you have to do is to put an f* word in every fucking sentence.
    2. Re:Obilgatory XKCD by Anonymous Coward · · Score: 0

      Yes, because your insightful contributions certainly make this a better place. Asshole.

    3. Re:Obilgatory XKCD by Anonymous Coward · · Score: 0

      Thanks! :^)

    4. Re:Obilgatory XKCD by Cthulhu's+Physicist · · Score: 1

      http://xkcd.com/301/

  4. Attack the webserver! by dohzer · · Score: 1

    That website is just begging for someone to upload a virus to its server.

  5. Decades of makware by rossdee · · Score: 1

    Do they have the disk-validator vorus?
    That gets my vote for the cleverest virus of the early days
    just pop it in your drive and you were infected
    of course kickstart 2.0 made it obsolete
    I wonder if John Veldthuis is still around

    1. Re:Decades of makware by Anonymous Coward · · Score: 0

      Sorry, they're DOS based (as in MSDOS based).

    2. Re:Decades of makware by Blaskowicz · · Score: 1

      a PC isn't able to know if a floppy was inserted into a drive, hell it can't even know if the floppy drive is connected or not hahaha.

    3. Re:Decades of makware by Osgeld · · Score: 1

      well eventually it will when you try to access it, then it will forget once you clear the bitch message

    4. Re:Decades of makware by Anonymous Coward · · Score: 0

      Some could. Amigas (and Macs too I believe?) would automatically pop up an icon for floppies when they were inserted, without needing to do anything else. There was an insertion and removal event sent from the drive to the operating system. It would read the disk label and icon upon insertion, display them, then spin back down again until you did something.

      One problem was that some systems would detect the insertion or removal of media by stepping the head between two tracks, which made a constant clicking noise. But it was not strictly necessary, and there were "noclick" programs you could get which would stop that behavior while still providing the necessary insert/removal events to the OS.

    5. Re: Decades of makware by hackwrench · · Score: 1

      https://blogs.msdn.microsoft.c... has the details as to why it was partially the drive's fault. They could have asked the user to verify which type of drive they had at the beginning, but it's a bit like the current NumLock situation today.

    6. Re: Decades of makware by Anonymous Coward · · Score: 0

      No need for that; they could have simply polled the drive on boot. But nobody thought of that.

    7. Re:Decades of makware by drinkypoo · · Score: 1

      Some could. Amigas (and Macs too I believe?) would automatically pop up an icon for floppies when they were inserted, without needing to do anything else.

      While those absolutely are technically "personal computers", everyone understands "PC" to mean "IBM PC or compatible". And yes, both Amigas and Macs had floppy detect. Actually, it was technically possible to do it on the PC as well, and ISTR some programs actually doing it. The solution to the training problem is pathetically obvious (as evinced by the fact that I figured it out while reading TFA which I just google'd) which is to train the system the first time the user successfully reads a floppy disk, and thus you know that there's a disk in the drive. But... Microsoft

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    8. Re:Decades of makware by Trax3001BBS · · Score: 1

      Do they have the disk-validator vorus?
      That gets my vote for the cleverest virus of the early days
      just pop it in your drive and you were infected
      of course kickstart 2.0 made it obsolete
      I wonder if John Veldthuis is still around

      Amiga? Remember the bootsector checker made for the best of reasons that became malware in it's own right, it tried to protected floppies by jumping to a floppy that didn't have the program installed so it could be scanned, where it remained.

    9. Re:Decades of makware by Trax3001BBS · · Score: 1

      Some could. Amigas (and Macs too I believe?) would automatically pop up an icon for floppies when they were inserted, without needing to do anything else. There was an insertion and removal event sent from the drive to the operating system. It would read the disk label and icon upon insertion, display them, then spin back down again until you did something.

      The Amiga impressed all with that ability, it would start a playing a demo, or music the moment the floppy was inserted.

  6. The Simpsons have already done it by ThePTPguy · · Score: 2

    Nice trip down the memory lane. MkS_Vir, developed by the late Marek Sell, used to be the de facto standard antivirus software used in Poland for many years in the DOS days. I'm not sure if it's been ever exported anywhere outside Poland. So MkS_Vir contained a collection of amusing neutered virus demos the user could play from the UI. I recall many of the ones on display in the Malware Museum. MkS_Vir has had this built-in collection since at least 1993 and it kept growing. It also contained technical descriptions of some of the clever viruses' method of operation... and even a "catalog" of viruses found in Poland. You used to get monthly updates sent to you on floppies to your mailbox (the metal thing with a flap). Nobody used the term "malware" back then, and these viruses were written by well-versed Assembly programmers, mostly for fun, unlike today when it's mostly for profit, political or monetary.

    1. Re:The Simpsons have already done it by Anonymous Coward · · Score: 0

      LOL. That non-sense had to come from a twiter user.

    2. Re:The Simpsons have already done it by cfalcon · · Score: 1

      Malware wasn't a term yet because it wasn't needed.

      Your three basic types of infection are virus, worm, and trojan horse. Viruses make copies of themselves, and in an era where it was EXTREMELY common to move binaries around from one machine to another, this was a very effective manner of transmission. You didn't need an existing vulnerability for a virus to work, because you were tricked into executing the code. Everyone will ALWAYS be one social engineering attack away from a computer virus. A worm also replicates itself, requires some kind of exploit or issue, and also requires network connectivity. You are very likely safe from worms almost all the time, because you run very few things like a server- and the few that you do run are not ubiquitous, nor as generally vulnerable. A trojan horse is much more targeted, because it doesn't replicate itself.

      So these three things are still good terms for malicious software, but then other things started happening. You might be fooled into installing a piece of software that does bad stuff, but it was mentioned in the EULA. It's not a trojan horse, because you said you were ok with it. It's not a virus, because it doesn't replicate itself and because you said you were ok with it. It's not a worm in any event. Possibly, you browsed to a site with a 0 day exploit in your javascript, and then got infected that way. Is that a trojan horse? Not really, because you didn't choose to run it. It isn't replicating, so it's not a virus or a worm. What is it?

      Now we have the general term malware, and we have the old subsets underneath it, as well as new ones. We didn't need to call it "malware" back then, because we had so few infection vectors compared to today, that malware simply couldn't do what it could now- the newer types of malware simply couldn't exist back then, without javascript and flash and internet explorer and always-on IP networks to help them out.

  7. "Annoying"? by __roo · · Score: 1

    Annoying? Only like someone who never had a boot sector virus wipe out half their files because it detected it was the 26th of the month would dismiss DOS viruses as "anoying". Or, worse, someone who never had to work on a support desk when that happened.

    Or someone who's only lived in a time when all computers are networked, so backing up a hard drive doesn't involve swapping 3.5" (or 5.25"!!) floppies in and out of your machine for half an hour, or waiting two hours for your tape backup to finish.

    Annoying? Ha.

    --
    Building Better Software
    1. Re:"Annoying"? by cfalcon · · Score: 1

      Not all viruses deleted data, is the point. MANY viruses were not able to generate personal gain in any way, and didn't destroy all your files.

      There was one that replaced all the "Microsoft" on your hard drive with "Machosoft". Just a global search and replace in every text file and binary. Machosoft DOS prompts and everything.

    2. Re:"Annoying"? by Trax3001BBS · · Score: 1

      Not all viruses deleted data, is the point. MANY viruses were not able to generate personal gain in any way, and didn't destroy all your files.

      There was one that replaced all the "Microsoft" on your hard drive with "Machosoft". Just a global search and replace in every text file and binary. Machosoft DOS prompts and everything.

      My Fav Apple "attack" (as in concept) was when the Energizer bunny would roll across the screen pounding it's drums while the hard drive was being formatted.

  8. Got a perfectly harmless Windows virus by Blaskowicz · · Score: 0

    As far as I know it did nothing, but there was a cool message left by the author in C:\WINDOWS\SYSTEM or C:\WINDOWS\SYSTEM32.

    Well it was "cool", and it was warm too. Thanks, buddy! I wish you could reply in my /usr/bin now.

  9. Not stoned? by Anonymous Coward · · Score: 0

    Hmph. They don't list the Stoned virus. Right around 1990 I had heard of viruses but doubted they existed--I had never seen one. It was then I was around a computer lab with a bunch of IBM-PC's (yes the original ones without hard drives!) that had this thing that would pop up every once in a few boots saying "Your PC is now Stoned!". So I got one of those shared disks, looked at the first few sectors on the disk and found that message. I saw strange code and started disassembling it. Soon I was looking at the source code of a virus. Well, damn, I said, they do exist!

    Of course, I noted a flaw in the virus. While it would install itself to the hard disk if the machine was booted from an infected floppy and from then infect more floppies, the virus was not able to make the jump from 5.25" disks to 3.5" floppies. I didn't fix the virus though. What I did do was make a little tool to distrubute around the lab to disinfect disks. The lab had both English-only and Spanish-only users, so I make that disinfection program bilingual.

    So I had to go digging around for saved files from old machines and found the source of my repair tool. I had left a dump of the boot sector and my disassembly of the virus in comments in the source. There's my walk down memory lane.

    I was hoping to see that virus here.

    1. Re:Not stoned? by Anonymous Coward · · Score: 0

      Right around 1990

      My bad. After posting I looked at the timestamp of the source file. I made it in 1993. (Yow! They were still using IBM-PC's even then!)

    2. Re:Not stoned? by Anonymous Coward · · Score: 0

      Stoned.No.Int was pretty funny. Sadly it could overwrite data on floppies. There were other variants like Monkey.

    3. Re:Not stoned? by Anonymous Coward · · Score: 0

      Hmph. They don't list the Stoned virus. Right around 1990 I had heard of viruses but doubted they existed--I had never seen one. It was then I was around a computer lab with a bunch of IBM-PC's (yes the original ones without hard drives!) that had this thing that would pop up every once in a few boots saying "Your PC is now Stoned!". So I got one of those shared disks, looked at the first few sectors on the disk and found that message. I saw strange code and started disassembling it. Soon I was looking at the source code of a virus. Well, damn, I said, they do exist!

      Of course, I noted a flaw in the virus. While it would install itself to the hard disk if the machine was booted from an infected floppy and from then infect more floppies, the virus was not able to make the jump from 5.25" disks to 3.5" floppies. I didn't fix the virus though. What I did do was make a little tool to distrubute around the lab to disinfect disks. The lab had both English-only and Spanish-only users, so I make that disinfection program bilingual.

      So I had to go digging around for saved files from old machines and found the source of my repair tool. I had left a dump of the boot sector and my disassembly of the virus in comments in the source. There's my walk down memory lane.

      I was hoping to see that virus here.

      OMG! I did a high school science project on that virus!

      As you say, it was a 5.25" boot sector infector. What you do not mention is that the old vanilla Stoned/Brain virus (claiming to be from Pakistan) would trash the MBR of the hard drive after 4 floppies were infected. At least, that's the variant that I worked on for that science fair project. My prestige? My reveal? I would infect 4 floppies and verify that they were so before trashing my own hard drive on the display computer.

      Oh well, I at least made it to State competition.

    4. Re:Not stoned? by cfalcon · · Score: 1

      Gods we had a stoned empire monkey b infection at my high school. It hit my home PC, and I had to claw that bastard out of the MBR. Risky days for sure.

    5. Re:Not stoned? by Trax3001BBS · · Score: 1

      Hmph. They don't list the Stoned virus. Right around 1990 I had heard of viruses but doubted they existed--I had never seen one. It was then I was around a computer lab with a bunch of IBM-PC's (yes the original ones without hard drives!) that had this thing that would pop up every once in a few boots saying "Your PC is now Stoned!". So I got one of those shared disks, looked at the first few sectors on the disk and found that message. I saw strange code and started disassembling it. Soon I was looking at the source code of a virus. Well, damn, I said, they do exist!

      The last virus was released in 2010 by the US, spread by autoplay on USB drives that made it's way to Iran to destroy their Uranium extractors. I've heard of a range of thousands being taken out by increasing and decreasing their operating speed.

  10. 3001: The Final Odyssey by superxstudios · · Score: 1

    Sounds like the start of the Pico Vault from Arthur C. Clarke's 3001: The Final Odyssey, which was a vault on the moon built to store samples of biological and computer viruses. https://en.wikipedia.org/wiki/...

  11. http://vx.netlux.org/ was a true loss. by Trax3001BBS · · Score: 1

    It was a database of almost any exploit, malware, virus, etc available. Used in an honest manner it proved very valauble. It was one of the first sites taken down under the a new rule that a site that had a potential to cause damage had to be removed.

    I can tell you that ESET NOD32 is the best antibadware program, while never 100% it always rated between 80-90%, much better than the rest.

    Test was did it download the file, if so would it open the zip file, if so would it extract it to another directory. and at which point it would you be alerted.

    Many had no problem sending it to another directory.

  12. Best shield vs. malware inside by Anonymous Coward · · Score: 0

    See subject - Custom hosts get you more speed, security, reliability, & anonymity online using what you already natively have:

    APK Hosts File Engine 9.0++ SR-4 32/64-bit:

    http://www.start64.com/index.p...

    * It's superior to antivirus tech (which even Symantec/Norton ADMITS isn't effective anymore vs. modern threat vectors) as it's NOT AS REACTIVE & far more PROACTIVE since antivirus waits till you're "sick" for detection largely, but hosts?

    HOSTS BLOCK SOURCES OF MALWARE & BOTNETS BEFORE YOU CAN TOUCH THEM!

    (& you can't be hurt by what can't get to you in the 1st place)

    Hosts files also speed you up 2 ways (hardcoded favorite sites where you spend MOST time online cached in RAM @ TOP of hosts for fastest possible resolution speed, faster than remote DNS, + of course, adblocking too). AntiVirus SLOWS YOU DOWN by way of comparison!

    Hosts also knock the chocolate outta browser addons by FAR in terms of their abilities and for LESS resource use in CPU/RAM by far too - even with UBlock Origin lately using hosts data (imitation is the sincerest form of flattery, but it falls short - it's not a resolver, hosts is, & so it blocks DNS redirect poisoning of which 99.999% of ISP DNS are NOT patched against, & makes your connection faster + more reliable resolving locally from RAM vs. them, not just blocking ads for speed & hosts work 1st (1st resolver used + far more - read the link, be enlightened!)

    Enjoy - it's free, it works on MANY fronts doing more w/ less (good engineering) using what you already have natively!

    Hosts != clarityray detectable & blockable like browser addons - it's not a browser addon w/ their weaknesses in less abilities & yet using more operating in a SLOWER mode of operations (usermode) vs. hosts (kernelmode).

    APK

    P.S.=> Custom hosts files = superior (even vs. firewalls using layered filtering drivers & MORE EFFECTIVE since hosts combat what malware uses - host/domain names MOST, not IP addresses)... apk

  13. Google ranking? by kmoser · · Score: 1

    How do they prevent Google from flagging them as a malware site?