A Portrait of the Virus as a Young Program

cmos

The virus is one of nature’s simplest and most successful concepts. The ability to latch onto a host and corrupt its own laws or characteristics against itself has made for the propagation of all kinds of organisms, from the lowest genomes to much larger species. It’s no surprise then that the machine code humming life into our apps and operating systems, governed by its own structure and laws, could fall victim to the same disease. John von Neumann identified the mathematical conception of a virus as early as 1949, and the same concept cultivates our modern worries of cyber warfare and self-replicating grey goos. The organic made artificial but smarter. But the artificial virus has something its organic cousin does not — purpose. Before they were keyloggers, webcam palantir, and weapons of war between nations, computer viruses were often embedded with playful or egotistical missions, spawning their own personality of sorts. They were bets between rivals or plain showmanship, outlier programs working against serious and stable systems, introducing chaos through code. A shady looking .exe, .zip, or even .jpg these days can be like a docile hive from the outside, the depths of your gullibility not evident until you open that bad boy up.

In that sense, what separates a guy like TomKTW from your everyday user is like what separates a beekeeper from a kid with a stick.

A Croatian programmer and malware mage, Tom (Q&A below) has assembled a YouTube channel chock full of computer viruses from the early MS-DOS days to Windows XP. Many of the videos are simple examples of one particular virus and the way it messes with your control of the computer. Viruses like this one interrupt any process with a loud and declarative message on the screen, while more advanced ones like Halen turn your computer into a roving gradient of blood. But Tom’s AVG 5.0 Virus Demo Payloads video is like a small time capsule from our digital near-past, explored like one might with an old shoebox.

AVG was an early version of the infamous anti-virus program for MS-DOS written by John McAfee (yes, that McAfee). Included was a sampling ground of different virus payloads, ie the boom to the viruses’ bombshell. The majority of the viruses included were written between the years of 1987 to 1997, a decade’s worth of tinkering and one-upmanship limited by the confines of ASCII UIs and tiny memory banks (the average for a computer in ’95 was around four or eight megabytes). They work as a collection of the broad spectrum of dreams, desires, and obsessions of the programmers at the time, some of the viruses working maliciously to destroy files or burn hard drives in early troll manner, while others display simple messages for a better future or are just trying their best to be seen and avoid detection.

hydera

A mischievous, trickster sense pervades many of the more innocent seeming viruses. Imagine sitting down at your computer with a coffee, ready for some coding work, only to find all the text is backwards or there’s a chirpy little MIDI tune coming from your computer speaker. The Ear virus actually has you answer a quiz to regain access to your work, while helloween.1684 seems sinister but is actually an ad for (hedging bets here) the programmer’s other program, The Volkov Commander! Touted at only 62KB and with many new functions! This guy even has the balls to ask you not to pirate his program, a tall order from the guy who just hijacked your computer. Shock value rates high with other programs, where the inducing the fear of something terrible happening is the goal over something terrible itself. CMOS_Dead really gets in your face about it, wailing a kind of banshee death scream that could be an ancestor to our modern screamer videos, and Hydra_II seems to shatter the very foundation of your petty UI itself, turning your computer into a waterfall of logos before allowing a sigh of relief. The relentless nature of Uruguay’s Beatlemania might raise the hairs on a users’ neck, but it turns out it’s only for research. Others still touch on the personal and political, with Billboard giving some shout-outs and beefs and Pojer interrupting your daily routine for a rousing speech about freedom and parliamentary democracy (with a side of girl advice too).

Yet others still remain a mystery, some simply coded with a name and date, a kind of flag-in-the-sand, leaning now with all colors drained. Who is Monika? The hearts could imply a crush, a lover, or it could simply be the name of the virus itself, the hearts sent out to the user whose blushing is lost in the red glow of the CRT.  We may never know, but at least you can appreciate some impressive visuals concocted under such tight hardware regimes.

dance

These early, exploratory days of viruses and coding gave way to the much more common and malicious viruses of the Windows era and on, where intrusion and identity theft became a big deal as computers weaved their way into everyday institutions. Anti-virus programs became more widespread, and operating systems themselves were worked over and patched to a degree where only the most sophisticated of attacks could gain similar access and control to a computer as seen in these early examples. Now computer systems make up such large parts of our infrastructure that cyberwar through massively sophisticated viruses like Stuxnet and Flame is a reality and modern governments are pivoting towards new methods of offense and defense in a digital real.

I shot Tom some questions about his channel and was lucky enough to get some words back.

A. I presumed you were a programmer just based on your channel but that may not be true. Did the channel start as a hobby or do you work with computers professionally?

T. It’s not true that I’m programmer, as I haven’t managed to develop any kind of program (yet). Channel started as a hobby after noticing danooct1’s channel. I do not work on computers professionally due to no budget or equipment.

A, What interests you in particular about viruses/malware? Have you had a bad first encounter with one in the past?

T. The main thing what interests me about malware is the actual payload as that the only thing we can notice. The code itself isn’t interesting for me as I can’t fully understand it. The actual encounter with malware was in school as most of PCs were infected with autorun worm Brontok.A. There were some previous encounters, but they were mostly adware or false positive.

A. Do you believe there is a difference to earlier viruses/malware like in MS-DOS compared to what we have today? What’s changed?

T. Old computer viruses were mostly designed to work and either show off or go stealth as far as possible. Today, there are no actual computer viruses (with small exception of proof-of-concepts, but not in wild), there are only trojan horses and worms which are designed to stay stealth, make it hard to remove and to profit as any kind of unauthorized action could be violation against the law and they have to make sure that they don’t get identified.

A. Whats your process for making videos for your channel? Do you go looking for cool viruses you remember or do you have a bunch saved somewhere? Does it involve a lot of computer reformatting or do you use restore points/disk images?

T. I only use source which stays confidential, looking for malware which I can manage to demonstrate properly, while analysis might take longer and may cause incomplete details. No reformatting is involved, only virtual machine running on disk image which can either discard or save new changes.

A. Out of the ones you’ve posted, do you have a favorite (virus/malware)?

T. I do have favorite malware, which is WinFixer as it’s pretty much the first rogueware.

A. Any horror stories?

T. If you’ve heard of creepypastas, then you know what I’ve heard.

A. Any opinions on the more modern ideas of viruses, ie in cyber warfare like Stuxnet/Flame?

T. As I don’t notice any kind activity with Stuxnet/Flame in my region, I’m not that interested about it. Additionally, as most of new malware might be aware of virtual machines, I’m trying to avoid them for now due to possible exploits which may cause infection from guest to host machine.

A. Are you going to keep adding content to your channel?

T. I’m going to post more stuff other than malware, yet it should be related to old stuff, but it may take some time.

##

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s