Slashdot Mirror

← Back to Stories (view on slashdot.org)

Online Museum Displays Decades of Malware (thestack.com)

Posted by yaelk on from the looking-for-malware dept.

An anonymous reader writes: archive.org has launched a Museum of Malware, which devotes itself to a historical look at DOS-based viruses of the 1980s and 1990s, and gives viewers the opportunity to run the viruses in a DOS game emulator, and to download 'neutered' versions of the code. With an estimated 50,000 DOS-based viruses in existence by the year 2000, the Malware Museum's 65 examples should be seen as representative of an annoying, but more innocent era of digital vandalism.

21 of 39 comments (clear)

  1. Obilgatory XKCD by jfdavis668 · · Score: 5, Funny

    http://xkcd.com/350/

    1. Re:Obilgatory XKCD by Psicopatico · · Score: 4, Insightful

      Just ask, it's already done.
      Check http://www.viruszoo.com/
      (And don't forget to check the FAQ, which clearly references xkcd.)

      To be honest, TFA references a MS-DOS era scenario, which is a little different.

      --
      Mastering the English language is fucking easy: all you have to do is to put an f* word in every fucking sentence.
    2. Re:Obilgatory XKCD by Cthulhu's+Physicist · · Score: 1

      http://xkcd.com/301/

  2. Attack the webserver! by dohzer · · Score: 1

    That website is just begging for someone to upload a virus to its server.

  3. Decades of makware by rossdee · · Score: 1

    Do they have the disk-validator vorus?
    That gets my vote for the cleverest virus of the early days
    just pop it in your drive and you were infected
    of course kickstart 2.0 made it obsolete
    I wonder if John Veldthuis is still around

    1. Re:Decades of makware by Blaskowicz · · Score: 1

      a PC isn't able to know if a floppy was inserted into a drive, hell it can't even know if the floppy drive is connected or not hahaha.

    2. Re:Decades of makware by Osgeld · · Score: 1

      well eventually it will when you try to access it, then it will forget once you clear the bitch message

    3. Re: Decades of makware by hackwrench · · Score: 1

      https://blogs.msdn.microsoft.c... has the details as to why it was partially the drive's fault. They could have asked the user to verify which type of drive they had at the beginning, but it's a bit like the current NumLock situation today.

    4. Re:Decades of makware by drinkypoo · · Score: 1

      Some could. Amigas (and Macs too I believe?) would automatically pop up an icon for floppies when they were inserted, without needing to do anything else.

      While those absolutely are technically "personal computers", everyone understands "PC" to mean "IBM PC or compatible". And yes, both Amigas and Macs had floppy detect. Actually, it was technically possible to do it on the PC as well, and ISTR some programs actually doing it. The solution to the training problem is pathetically obvious (as evinced by the fact that I figured it out while reading TFA which I just google'd) which is to train the system the first time the user successfully reads a floppy disk, and thus you know that there's a disk in the drive. But... Microsoft

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    5. Re:Decades of makware by Trax3001BBS · · Score: 1

      Do they have the disk-validator vorus?
      That gets my vote for the cleverest virus of the early days
      just pop it in your drive and you were infected
      of course kickstart 2.0 made it obsolete
      I wonder if John Veldthuis is still around

      Amiga? Remember the bootsector checker made for the best of reasons that became malware in it's own right, it tried to protected floppies by jumping to a floppy that didn't have the program installed so it could be scanned, where it remained.

    6. Re:Decades of makware by Trax3001BBS · · Score: 1

      Some could. Amigas (and Macs too I believe?) would automatically pop up an icon for floppies when they were inserted, without needing to do anything else. There was an insertion and removal event sent from the drive to the operating system. It would read the disk label and icon upon insertion, display them, then spin back down again until you did something.

      The Amiga impressed all with that ability, it would start a playing a demo, or music the moment the floppy was inserted.

  4. The Simpsons have already done it by ThePTPguy · · Score: 2

    Nice trip down the memory lane. MkS_Vir, developed by the late Marek Sell, used to be the de facto standard antivirus software used in Poland for many years in the DOS days. I'm not sure if it's been ever exported anywhere outside Poland. So MkS_Vir contained a collection of amusing neutered virus demos the user could play from the UI. I recall many of the ones on display in the Malware Museum. MkS_Vir has had this built-in collection since at least 1993 and it kept growing. It also contained technical descriptions of some of the clever viruses' method of operation... and even a "catalog" of viruses found in Poland. You used to get monthly updates sent to you on floppies to your mailbox (the metal thing with a flap). Nobody used the term "malware" back then, and these viruses were written by well-versed Assembly programmers, mostly for fun, unlike today when it's mostly for profit, political or monetary.

    1. Re:The Simpsons have already done it by cfalcon · · Score: 1

      Malware wasn't a term yet because it wasn't needed.

      Your three basic types of infection are virus, worm, and trojan horse. Viruses make copies of themselves, and in an era where it was EXTREMELY common to move binaries around from one machine to another, this was a very effective manner of transmission. You didn't need an existing vulnerability for a virus to work, because you were tricked into executing the code. Everyone will ALWAYS be one social engineering attack away from a computer virus. A worm also replicates itself, requires some kind of exploit or issue, and also requires network connectivity. You are very likely safe from worms almost all the time, because you run very few things like a server- and the few that you do run are not ubiquitous, nor as generally vulnerable. A trojan horse is much more targeted, because it doesn't replicate itself.

      So these three things are still good terms for malicious software, but then other things started happening. You might be fooled into installing a piece of software that does bad stuff, but it was mentioned in the EULA. It's not a trojan horse, because you said you were ok with it. It's not a virus, because it doesn't replicate itself and because you said you were ok with it. It's not a worm in any event. Possibly, you browsed to a site with a 0 day exploit in your javascript, and then got infected that way. Is that a trojan horse? Not really, because you didn't choose to run it. It isn't replicating, so it's not a virus or a worm. What is it?

      Now we have the general term malware, and we have the old subsets underneath it, as well as new ones. We didn't need to call it "malware" back then, because we had so few infection vectors compared to today, that malware simply couldn't do what it could now- the newer types of malware simply couldn't exist back then, without javascript and flash and internet explorer and always-on IP networks to help them out.

  5. "Annoying"? by __roo · · Score: 1

    Annoying? Only like someone who never had a boot sector virus wipe out half their files because it detected it was the 26th of the month would dismiss DOS viruses as "anoying". Or, worse, someone who never had to work on a support desk when that happened.

    Or someone who's only lived in a time when all computers are networked, so backing up a hard drive doesn't involve swapping 3.5" (or 5.25"!!) floppies in and out of your machine for half an hour, or waiting two hours for your tape backup to finish.

    Annoying? Ha.

    --
    Building Better Software
    1. Re:"Annoying"? by cfalcon · · Score: 1

      Not all viruses deleted data, is the point. MANY viruses were not able to generate personal gain in any way, and didn't destroy all your files.

      There was one that replaced all the "Microsoft" on your hard drive with "Machosoft". Just a global search and replace in every text file and binary. Machosoft DOS prompts and everything.

    2. Re:"Annoying"? by Trax3001BBS · · Score: 1

      Not all viruses deleted data, is the point. MANY viruses were not able to generate personal gain in any way, and didn't destroy all your files.

      There was one that replaced all the "Microsoft" on your hard drive with "Machosoft". Just a global search and replace in every text file and binary. Machosoft DOS prompts and everything.

      My Fav Apple "attack" (as in concept) was when the Energizer bunny would roll across the screen pounding it's drums while the hard drive was being formatted.

  6. 3001: The Final Odyssey by superxstudios · · Score: 1

    Sounds like the start of the Pico Vault from Arthur C. Clarke's 3001: The Final Odyssey, which was a vault on the moon built to store samples of biological and computer viruses. https://en.wikipedia.org/wiki/...

  7. Re:Not stoned? by cfalcon · · Score: 1

    Gods we had a stoned empire monkey b infection at my high school. It hit my home PC, and I had to claw that bastard out of the MBR. Risky days for sure.

  8. http://vx.netlux.org/ was a true loss. by Trax3001BBS · · Score: 1

    It was a database of almost any exploit, malware, virus, etc available. Used in an honest manner it proved very valauble. It was one of the first sites taken down under the a new rule that a site that had a potential to cause damage had to be removed.

    I can tell you that ESET NOD32 is the best antibadware program, while never 100% it always rated between 80-90%, much better than the rest.

    Test was did it download the file, if so would it open the zip file, if so would it extract it to another directory. and at which point it would you be alerted.

    Many had no problem sending it to another directory.

  9. Re:Not stoned? by Trax3001BBS · · Score: 1

    Hmph. They don't list the Stoned virus. Right around 1990 I had heard of viruses but doubted they existed--I had never seen one. It was then I was around a computer lab with a bunch of IBM-PC's (yes the original ones without hard drives!) that had this thing that would pop up every once in a few boots saying "Your PC is now Stoned!". So I got one of those shared disks, looked at the first few sectors on the disk and found that message. I saw strange code and started disassembling it. Soon I was looking at the source code of a virus. Well, damn, I said, they do exist!

    The last virus was released in 2010 by the US, spread by autoplay on USB drives that made it's way to Iran to destroy their Uranium extractors. I've heard of a range of thousands being taken out by increasing and decreasing their operating speed.

  10. Google ranking? by kmoser · · Score: 1

    How do they prevent Google from flagging them as a malware site?