A couple of years ago, a friend of my teenage son showed up at our house with an old computer he'd found in his Grandma's attic .. a Commodore PC20-II, which was a very early PC clone, as in 8088 and MS-DOS ..
The story went that his grandparents had bought the thing brand new, used it for a couple of months, and then 'something went wrong with it', they stashed it in the attic and its been there ever since.
Would I take a look at it and see whats up?
Indeed I would! I have a bit of a thing for old computers.
We plug it in, boot it up, and there she is in all the amber glory, C:\>
I tell the kids "let her settle for a bit, lets just bathe in the glory a little more", a few seconds go by .. and sure enough .. that old clunky 20Meg hard drive gives a little tick.
Okay, I have a hunch.
C:\> echo > DEADBEEF.COM
C:\> dir DEADBEEF.COM
DEADBEEF.COM 0 bytes
(I'm paraphrasing)
Okay .. interesting, what happens if we:
C:\>DEADBEEF.COM
<blink blink>
C:\> dir DEADBEEF.COM
DEADBEEF.COM 76 bytes
Ah hah! Kids, we have a Virus. And probably one of the very, very early viruses. "And very well self-contained", I proclaim as I duct-tape the 5.4" floppy drive with great drama, because there's no way any of the highly valuable 5.4" floppy disks in my collection are ever going in there ..
We spend a few days delighting in all the things we can do with C:\DOS\DEBUG.COM and that little virus, which happily copies itself wherever we tell it to, and the kids get a boot camp introduction into interrupt service routines, BIOS calls and old-school hygiene techniques ..
After a week or so of this, the caps blow, and the virus returns to its slumber.
We'll replace the caps soon enough, and it'll become an exhibit .. its the perfect way to explain to interested young computer nerds what a virus is, how it works, and what you can do with it/for it/against it, in a controlled environment ..
I didn't want to write a wall of text here, but my single-line dismissive comment was probably worse. So here goes:
There are so many "little details" to nitpick, that in combination it becomes unbelievable. It has a similar feel to hallucinated GPT output. Or someone with a bit of half-remembered knowledge about old computers making things up for a movie script.
>a hunch (because the disk drive was ticking once?)
>creating empty file using echo
>a 0-byte program that returns to DOS instead of crashing
>5.4" floppy disks
>duct taping the drive shut
>the size of the virus (assuming the paraphrased 76 bytes is supposed to mean something close to it, like less than 100)
I spent some time trying to write the smallest possible virus that can actually infect files instead of overwriting them, just as an experiment in a VM. I managed to get the code down to 96 bytes.
It moves itself into a reserved area in low memory and hooks INT 21h. Whenever a file is written that starts with byte E9h (common for .COM programs), the virus then prepends itself to the program. So it only infects certain programs, does so when they are copied, and also may corrupt data files that start with this byte.
I consider myself a fairly good x86 asm programmer, but certainly someone out there might have managed to make a better & smaller virus. However, anything that tiny will be limited in what it can do, and likely make more assumptions about the environment it is run in (186+ instruction set available, initial register state matching a particular DOS version, etc).
It would be very bad at spreading "in the wild", and not be found on some grandma's computer.
You're really pushing the boundaries of paranoia. I'm just a good writer. Every single thing happened pretty much exactly as I described it.
Yes, back in the day, unexpected drive activity was a sign there was an active virus. (I have 40 years experience in systems software development and know where to look.)
Creating an empty file with echo: common, standard practice. Hey, maybe it was "copy con: deadbeef.com", so sue me (like I said, I was paraphrasing..) Its also common knowledge that a zero-byte .COM is perfectly executable on DOS ..
5.4" disks - I am a systems software developer who has kept every machine I've ever worked with since 1978, and with hundreds of 5.4" discs in my collection of works, over 40 years worth. This is why the kids brought the machine to me in the first place. Want me to bust out my tape drives and card decks?
76-byte viruses, or even less, were common in those days. Your 8088/MSDOS assembly fu is simply weak. Check the book "The Giant Black Book of Computer Viruses" for examples. I may have gotten the exact number incorrect, perhaps it was 67 bytes, but whatever .. the point is the 0-byte .COM got infected immediately.
Anyway, your doubt is entirely misguided. The machine exists, we played with the virus for weeks. In a few months it'll get its caps replaced and be installed in a retro computing museum for kids of the future to learn assembly techniques and generally get exposed to old-school computer viruses in a controlled setting.
Okay, you're most likely trolling. Hexdump of this alleged virus or it didn't happen.
Just to make sure, I tested this on MS-DOS 2.0 in an online emulator[1] for a machine of the vintage you described, and it did exactly what I expected:
A> echo>deadbeef.com
A> dir deadbeef.com
DEADBEEF.COM 12
A> type deadbeef.com
ECHO is on
A> deadbeef
(starts spewing gibberish)
COPY CON can't create an empty file either.
Running an empty program (or falling off the end of this one containing the message from ECHO) will execute whatever happens to already be in memory at the time. Might work if there was another program loaded before, but not from a freshly booted system.
The disk format is 5.25", not 5.4"
Unexpected disk activity when the machine is idle would mean the virus also hooks the timer interrupt and does stuff in the background, instead of (or in addition to) infecting programs you actively run. Implementing that on an OS not designed for multitasking is certainly possible, but would take quite a bit more than 100 bytes of code.
As for viruses of 76 bytes or less being common, AFAIK all of those are direct-action overwriting. Meaning that they don't stay active in the background, and any infected program will no longer work. Too simple and destructive to be viable.
There is apparently a memory resident 76-byte virus, however note that it simply overwrites programs when they are copied, is "Rare", and was discovered in 1994, quite late for the machine you described:
Oh p'schaw, you are the troll. Copy CON: can create an empty file, you just don't know how to do it.
An 'empty program' such as a zero-byte .COM file created with COPY CON: is loaded into memory by DOS, and thus attackable by any virus set up with the suitable vector to do so.
5.25" was supposed to be typed 5¼", duh.
Unexpected disk activity when the machine is idle would mean the virus also hooks the timer interrupt and does stuff in the background, instead of (or in addition to) infecting programs you actively run. Implementing that on an OS not designed for multitasking is certainly possible, but would take quite a bit more than 100 bytes of code.
False. Read more virus code.
I don't care for your conclusions, which are merely fallacious and ill-intentioned. The machine exists, as does the virus, and it'll be in a museum in a month or so, folks will play with it. That's all that matters to me. Your faith in your own knowledge doesn't impress me.
The story went that his grandparents had bought the thing brand new, used it for a couple of months, and then 'something went wrong with it', they stashed it in the attic and its been there ever since.
Would I take a look at it and see whats up?
Indeed I would! I have a bit of a thing for old computers.
We plug it in, boot it up, and there she is in all the amber glory, C:\>
I tell the kids "let her settle for a bit, lets just bathe in the glory a little more", a few seconds go by .. and sure enough .. that old clunky 20Meg hard drive gives a little tick.
Okay, I have a hunch.
C:\> echo > DEADBEEF.COM
C:\> dir DEADBEEF.COM
DEADBEEF.COM 0 bytes
(I'm paraphrasing)
Okay .. interesting, what happens if we:
C:\>DEADBEEF.COM
<blink blink>
C:\> dir DEADBEEF.COM
DEADBEEF.COM 76 bytes
Ah hah! Kids, we have a Virus. And probably one of the very, very early viruses. "And very well self-contained", I proclaim as I duct-tape the 5.4" floppy drive with great drama, because there's no way any of the highly valuable 5.4" floppy disks in my collection are ever going in there ..
We spend a few days delighting in all the things we can do with C:\DOS\DEBUG.COM and that little virus, which happily copies itself wherever we tell it to, and the kids get a boot camp introduction into interrupt service routines, BIOS calls and old-school hygiene techniques ..
After a week or so of this, the caps blow, and the virus returns to its slumber.
We'll replace the caps soon enough, and it'll become an exhibit .. its the perfect way to explain to interested young computer nerds what a virus is, how it works, and what you can do with it/for it/against it, in a controlled environment ..