
The Malware Museum - mikkohypponen
https://archive.org/details/malwaremuseum?sort=-publicdate
======
luso_brazilian
Back in the days a lot of thought and ingenuity was put into making these
viruses. For instance, the Friday 13th [1][2][3] virus:

* was only 419 bytes long

* infected both .COM and .EXE, increasing the size of the former by only 1813 bytes

* on infection, became memory resident (using only 2kb of memory)

* hooked itself into interrupt processing and other low level DOS services to, for instance, suppress the printing of console messages in failure cases (like trying to to infect a file on a read-only floppy disk)

* activated itself every friday 13th and deleted programs used that day

It still managed to spread itself worldwide (mostly via floppy disk sharing as
the world wide web didn't exist yet) and went mainstream enough for the
broadcast news to advise people not to turn on their computers on that date or
to push the date one day ahead.

All that in 419 bytes, about a third of the size of this post.

[1]
[https://en.wikipedia.org/wiki/Jerusalem_%28computer_virus%29](https://en.wikipedia.org/wiki/Jerusalem_%28computer_virus%29)

[2]
[https://www.f-secure.com/v-descs/jerusale.shtml](https://www.f-secure.com/v-descs/jerusale.shtml)

[3] [http://www.pandasecurity.com/mediacenter/malware/famous-
viru...](http://www.pandasecurity.com/mediacenter/malware/famous-virus-
history-friday-13th/)

~~~
cademetz
Hello Luso Brailian: I'm a senior writer with Wired (www.wired.com). Am
putting together a small story on this. Would love to chat, if you have a
second: cade_metz@wired.com

~~~
luso_brazilian
No problems, I'll e-mail you. My hash is
66aaeaf1850395a78696b3b6c178d49fd71bf5c3

~~~
dcposch
curious, what does that mean?

~~~
tgsovlerkhgsel
Most likely authentication. He'll e-mail the reporter and include the input
that hashes to the value. This way, the reporter can be sure it's him.

------
PeekPoke
I wrote an AV Scanner (for the lulz) in the early 1990's and ended working at
Symantec for my sins. Some of the programs were seriously well coded with
self-hamming code, polymorphism, multi-partite capabilities, etc. Some of my
favourites were the 'Eddie' series - written by a Bulgarian guy with a liking
for Iron Maiden. :)

------
jrcii
I remember this ezine 40Hex used to have virus assembly in it, which to my 12
year old self was pretty much the coolest thing I could imagine, until I
compiled and accidentally ran it and destroyed my parents Windows 98
installation.

~~~
mikkohypponen
I believe I have a full collection of the 40Hex zines. Maybe I should add them
to this archive.

~~~
jrcii
Jason Scott has some too, I'm not sure how complete his collection is
[http://www.textfiles.com/magazines/40HEX/](http://www.textfiles.com/magazines/40HEX/)

~~~
EvanAnderson
It looks to be complete. Dark Angel's virus writing guides ("ps_vir..." files
here [http://textfiles.com/virus/](http://textfiles.com/virus/)) are good for
some nostalgia, too.

------
Kristine1975
The good old days... when viruses merely displayed a funny message or erased
your hard disk, but didn't turn your computer into part of a botnet controlled
by organized crime.

~~~
eric-hu
There was an insidious period when viruses would attempt to flash the bios
with garbage, rendering the computer useless. I heard that some crafty
individuals would recover by purchasing a motherboard of the same model,
swapping the bios chip to boot up, hot swapping the old chip back and then
reflashing the old chip with a good bios. After that, you could also reinstall
the new bios chip in the motherboard and return it, slightly used.

I'll take a botnet computer over a bricked one any day.

~~~
kosma
I'll take a trashed BIOS over a backdoored BIOS any day. Firmware viruses are
a very real threat today.

~~~
nickysielicki
If anyone feels like researching this, don't look at the BadBios conspiracy,
that's an internet meme.

Instead look at things like Intel's trusted computing. Igor Skochinsky (of
fame from Hexrays / IDA, and moderator on /r/reverseengineering) has an
excellent powerpoint highlighting some research on their Management Engine,
which is probably in your computer right now.

pdf:
[https://github.com/skochinsky/papers/raw/master/2014-10%20%5...](https://github.com/skochinsky/papers/raw/master/2014-10%20%5BBreakpoint%5D%20Intel%20ME%20-%20Two%20Years%20Later.pdf)

------
punnerud
Viruses were so much better before
[https://archive.org/details/malware_ZOHRA.COM](https://archive.org/details/malware_ZOHRA.COM)

~~~
morsch
That's just what early MS DOS looked like.

------
krzrak
I remember back in the 90s, demonstration of the viruses (with all animations,
music, etc.) was one of the coolest features of popular Polish antivirus
mks_vir.

~~~
nathell
Mks_vir, especially its DOS incarnations from its heyday back when it was
developed by Marek Sell himself, definitely deserves much more international
publicity than it got.

------
api
Malware back then was usually pranks. Today it's mostly run by organized
crime. Money changes everything.

I wrote DOS viruses when I was fifteen or sixteen. Most of them didn't do
anything or did silly little pranks, but it's how I learned X86 ASM.

------
mperham
Sadly due to copyright law, malware is one of the safest things to publish.
Who's going to bring a copyright claim?

------
ssharp
I remember actually getting infected with one of these when I was a teenager.
From what I recall, it was mostly harmless.

Me and some friends pooled together and bought a couple of CD-ROM's full of
warez from some guy we found online and one of the games or applications was
infected. Looking back, I'm actually pretty more all of them weren't infected!

~~~
slipstream-
A long shot, but just in case...

Even shady 1990s warez CDs need to be preserved :)

------
nikolay
In the early 90s, I created a stealth benign virus in just 127 bytes. Good old
times!

Back then, one of the most amazing virus was Whale [0]!

[0]:
[http://www.mycal.net/Group42/virus/40hex/40hex22.htm](http://www.mycal.net/Group42/virus/40hex/40hex22.htm)

------
chippy
Imagine being a virus writer crafting a virus so complicated that it would
only work in a future not written different kind of OS or virtual machine, and
work in differing operating systems, and identify and poke for weaknesses by
itself.

Perhaps it would just be a Science Fiction plot device!

~~~
ivanca
Well, something more nefarious is already possible with a bit of money.
Someone could hide a few armed drones set to wake up 100 years from now,
setted up to shoot everyone they find. The perfect crime in the sense that
police can't capture him if he is already dead.

~~~
Vespasian
Luckily this seems not easy. Mechanical parts do not like being unmaintained
for decades, while being stored in a damp/sandy/cold/hot environment.
Batteries, solar cells and other means of stored energy are not to fond of
that either.

A virus on the other hand that inserts itself for example into source code
could very well live a long time.

------
anjc
This fills me with all sorts of romantic nostalgia.

------
TazeTSchnitzel
Reminds me of danooct1's work on YouTube. He does videos of DOS (and Win9x)
viruses.

------
annnnd
What a great compilation! I would love to know what harmful effects they had
though. It is quite a difference if the virus is erasing your HDD while it is
slowly printing the nice message or not...

------
Isamu
I used to collect these too! Thanks for posting!

I'll have to look to see if there are any familiar boot sector viruses - the
kind that propagated via floppies. Those made the rounds at work.

I enjoyed disassembling them and seeing how they work. It was an education
that kids miss out on today.

Come to think of it, back when I was teaching a Perl class one of my first
assignments was to create a "virus" that found Perl scripts and copied itself
into them. Good times.

------
nchelluri
This is awesome. But, I was really hoping for Stoned. It was the first virus I
got.

[https://en.wikipedia.org/wiki/Stoned_%28computer_virus%29](https://en.wikipedia.org/wiki/Stoned_%28computer_virus%29)

------
bad_alloc
If you're interested in this stuff, there#s also an awesome archive at VX
Heaven [1], which not only includes malware sources but also a lot of
documentation, simulators etc.

[1] [http://vxheaven.org/](http://vxheaven.org/)

------
xuhu
An F-PROT v2 with its virus descriptions running in em-dosbox would be an
appropriate addition to those viruses:
[http://patraulea.com/fprot/](http://patraulea.com/fprot/)

------
ommunist
Sweet days, when your OS was larger than your virus.

------
int0x80
Relevant XKCD: [https://xkcd.com/350/](https://xkcd.com/350/)

~~~
Roritharr
Someone really should build this. I'd pay handsomely for an easy to setup
linux version that i could just boot on a beefy machine and keep running as an
installation like that.

~~~
dr_zoidberg
Most antivirus/security firms have a similar kind of network where they
analyze samples. It's detached from the internet to avoid spreading the
infections, but they usually have mechanisms to emulate being online, etc.

