Hacked - The Malware Historian
Episode Date: February 16, 2024Today malware is all nation state actors and organized crime, but in the beginning it was more about making a statement. Dan is a malware historian. He finds old hardware and viruses, runs them, and s...ees what happens. So we sat down to discuss the history of malware, where it's come from, and where he thinks it's going next. Check out his amazing YouTube channel at https://www.youtube.com/user/danooct1 Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
In 1986, two brothers in Pakistan, Amjad Farukalvi and Besit Farugovir ran a computer store.
It was called Brain Computer Services, just like a little one-room shop in Lahore, Pakistan.
And the store, it's bumping, because rumor had it that those like 1980s brand name programs,
stuff that regularly retailed for hundreds of dollars elsewhere, was conspicuously affordable there.
For example, when it launched, WordStar, an early word processor, was priced at $495 US and an extra 40 bucks for the manual.
At Brain Computer Services, as reported in Time magazine in 1988, you could get a floppy of it for a couple of bucks.
I'll leave it to you to imagine what was going on there, Scott.
I would never be able to suspect what was going on there, where you could buy a non-branded floppy.
with a copy of the program for dollars versus hundreds of dollars.
That's a legacy that I was not a part of, that whole wares thing.
I was not there for that time.
You wouldn't know anything about that.
I wouldn't know anything about that.
Brain sold software.
They even developed some of their own, some medical stuff.
And business was good.
Now remember, this was 1986.
So the idea that followed, which might sound really obvious now, was extremely
novel at the time. And the idea was, what if they were to include on all of these floppies they're
selling, a self-replicating program, a form of copyright control, so that the software, whether
the stuff they were developing or the third-party software that they were selling at just bargain
basement prices, wouldn't get copied and resold. In the early days, like the original IBM PC
virus brain was written as a sort of copyright protection tool by two.
brothers in Pakistan. That's Dan, aka the malware historian. We're going to get back to him.
The software replaced the boot sector of a floppy disk with a copy of the virus and moved the
boot sector somewhere else. And there's really two important things about this virus. First,
it was basically harmless. It avoided infecting hard disks so the user's data was never at any
risk, just the software that was supposed to be on that floppy. And second, it disposed
displayed a message on the user's screen, which read,
Welcome to the dungeon, copyright 1986 Amjad's Private Brain Computer Services.
And then it listed a physical address, 730 Nizam Block Alama, Iqbaltown, Lahore, Pakistan.
And then it listed a working phone number, followed by the message, beware of this virus.
contact us for vaccination.
So they, so let me get this straight.
They created a little virus program to prevent people from stealing their software,
even though their store was probably selling likely reproductions of other people's software.
Yeah.
Okay, okay.
Just checking.
I just wanted some clarity.
Yeah.
Yeah, it is a good point of clarification.
Now, most modern viruses would not directly advertise the brick and mortar physical location of its developers, or like a convenient phone number for contacting them.
But I'm sure I didn't really know how most modern computer viruses worked, because he had basically just made kind of the first one that would go on to go viral.
Because it was on hundreds of thousands of floppy disks that had started making their way around the world with his phone number.
in it. And eventually, the phone starts to ring.
The first call we received was from Miami University and somebody taking care of, I think,
a maxing down there, local medicine. And she was writing something and she was having trouble
with the floppy and she discovered that she got some extra piece of code down there inside
and she found our contact number when she called me and I was very surprised and I was shocked
rather because I had no expectation that it will ever happen that it will go so far.
That is edited from a 2011 documentary where security researcher Miko Hipponan traveled to
Lahore to interview these brothers, creators of the first successful computer virus.
38 years later, Brain, that little shop, still exists.
Brain.net.net.P.K. You can go there. They're a Pakistani IP. They did very well for themselves.
Oh, my God. They got, they're like a fiber internet provider. They're like a big deal now.
Yeah. One gigabit speeds. It's better than we got up in here in Canada.
Literally better than what I have. Literally better than what I'm talking to you on right now.
These guys are doing here in Pakistan.
They have their own cloud platforms.
This episode is brought to you by brain.
Anyway.
But it is with them that a history begins.
This history of malware.
Today, malware is about big money and big data.
It's about nation state actors and vast criminal enterprises.
It's big business.
But in 1986, it was two brothers with a crazy idea, some floppy disks, and a dream.
Dan, who we heard from earlier,
is a historian of this world, a malware historian.
As a time went on, viruses became more of a tool of the hobbyist programmer who really just
wanted to have some of their creations out there in the world.
Like I said before, you know, they really want to make their mark on the world, and this is one
way you can certainly do it.
It might not be a good mark, but you're making an impression on people.
He's almost like an Indiana Jones historian.
He goes to the ruins.
He finds the actual old viruses, the actual hardware systems they ran on, and he runs it just to see what it's going to do.
That's great.
Honestly great.
So we called him up to hear his story.
Just to try and understand, like, how have we gotten from that little shop in Lahore to all of this?
And what kind of strange stuff he's discovered woven throughout that history?
our conversation with Dan,
AKA Danoach 1,
aka the malware historian.
Wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait.
What's up, Scott?
You know how there's all the, like, conversation about, like, viruses frozen in the ice and, like, Siberia and stuff?
Oh, dang.
Everybody's worried about, like, old viruses coming up and, like, reinfecting and things like that.
Imagine, Dan did that.
Imagine Dan did that.
brought back some old worm or virus from way back in the day, put it on to like a 1991, you know, PC, and then bang, all of a sudden it's like running around the internet, like causing havoc. Could you imagine? Yeah. Yeah, I was laying dormant on a floppy disc, one of the big ones, and he just unleashes it on the world. Modern antivirus just doesn't even pay attention to it. Just like, this is... Totally, it's not inoculated against it. It's like, this is old. It's like, it's mad. Like, we don't need to worry about these anymore.
they're not even in the database.
And boom.
Suddenly it's a, there's a zero day for iPhones hidden on an old, old floppy disk from 1994.
How does that work?
Let's find out.
Here on Hacks.
The second time.
Dan, thank you so much for joining me.
I really appreciate it.
Yeah, thank you for having me on.
For anyone familiar with your work, you are a malware historian.
And I guess just to start broadly, like, what does that mean to you?
what drew you into this world to the point that you decided to start documenting it on YouTube?
So initially, my first exposure to the world of malware was in 2004
when my home computer was infected with a network worm called Sasser.
I think it was the very beginning of May, late April, 2004, so almost 20 years ago.
When this happened, the computer just started rebooting
forever. Like it would restart and it would boot up and a little window would pop up saying
Windows is shutting down in 60 seconds, save all your work and then it would just keep rebooting.
And my mom and I, she was a computer programmer, she's retired now, but we had
printouts from Norton Antivirus online, you know, Sasser removal and all these different
documents. And we were basically just trying everything in them to try and stop this.
And eventually after several hours, we were successful.
But at that point, I was just, I was bitten by the bug.
So I found a website.
There's an antivirus vendor called F Secure.
I think they recently rebranded to With Secure.
They're from Finland.
But they had at that time pages and pages of alphabetized malware descriptions.
And it wasn't just stuff like Sasser or big names like the Love Letter Worm from 2000,
but they had stuff from the 1980s like brain or the very early computer viruses like Cascade for MS DOS.
And they were all written out when these viruses were new.
And then they just sort of kept them on their website published as they advanced through the Internet.
So I read through all of these.
This was about 2005 or so.
I really started immersing myself in it.
and that's generally how it became exposed to it.
Yeah, there was just so much information.
It was super cool to read about.
I'd find some cool ones and I'd show my dad,
I'd be like, hey, dad, check out what this virus does.
And he'd be like, oh, yeah, okay, son, that's interesting.
But to me, it was just so cool.
And it was something that not a lot of people ever really talked about.
I mean, lots of people know what computer viruses are
and many people blame everything that ever goes wrong with their computer on computer viruses.
But to actually know the history behind them and what makes them viruses is something super appealing to me.
I want to get to something you just mentioned, which is what makes it a virus.
But very briefly, do you know how Sasser, do you know how you got infected with it?
So Sasser was an autonomous worm.
So traditionally, before Sasser,
worms were generally emailed out or shared on file servers,
peer-to-peer networks like Kazar, LimeWire.
Sasser was actually developed by a teenager in Germany
after a patch was released by Microsoft for a certain vulnerability
in a, I think it was a security, like a log-on authentication service for Windows.
And he reverse engineered this patch,
which led to the discovery that you could essentially just scan for IP addresses,
find computers vulnerable to this vulnerability,
and send them a specially crafted message or packet,
and it would open an FTP server,
send the worm on over, and execute it on the target computer,
which would then start scanning for more computers.
So this worm actually globally impacted the internet.
There were millions of infections worldwide,
and the only thing you had to do to get infected was be online and have a vulnerable computer.
Oh, wow.
And not many people had patched for this, so there was quite a lot of infections and just, it was everywhere.
It was very similar to a worm the previous year called Blaster, which affected a different vulnerability,
but the end result was the same where the computers were rebooting over and over.
You, I mean, the way I found you, you broadcast yourself.
letting these viruses infect a system that you control.
What is your setup for this?
What are your personal security processes?
What's your rig, man?
How are you doing this?
So initially, I started making videos in high school
when I stumbled upon a few live malware samples.
I think it was the love letter worm,
some random MS-DOS virus,
and the happy 99 email worm from late 1990.
I think it was just some random forum post somewhere.
Somebody said, hey, I found these cool bugs, you know, whatever.
And I managed to find them and download them.
And that was my first exposure to actually seeing in action these viruses and worms that I'd read so much about.
And at the time, I took an old desktop computer that our family no longer used.
It was just sitting in a closet gathering dust.
I pulled it out and just tried them out.
I was like, I wonder if this works.
And the Love Letter Worm did work.
I think it was a Windows XP computer and it worked just fine.
This was late 2008.
And that's when I started thinking, well, maybe I could format this and install something like Windows 98 or MS DOS even and see does this work.
And as I did this more and more, I'd find more and more things that did work.
and eventually found a huge database of pretty much every sample I had ever read about.
I think it was a leak of Kaspersky's actual virus data from some point in time.
I'm not sure who or how or when it happened, but I'm glad it did,
because that really let me run wild.
So the initial setup was just some random old computer.
As time went on, I've actually purchased period-accurate computers,
So I've got a 386 on the desk behind me from the early 1990s, which runs MS DOS.
For everything that I infect with MS DOS videos, that's the computer I use.
I've got some others for Windows 95 and 98.
I've used virtual machines in the past, which is just a virtualization software and a share
folder set up with my host computer.
But now I like to try and kind of keep the authentic feel of what
what you would see and experience back in the day
if you had actually been affected with this stuff.
Yeah, the authenticity comes through.
The way you capture it on the screen,
it feels, you can imagine being in a basement in 2003
and getting a dodgy file on LimeWire
and a bunch of bad stuff unfolding.
It's funny you mentioned that.
I've gotten quite a few comments over the years,
like, what's wrong with this guy's lights?
Does he not pay enough for electricity?
Why is always in the dark?
And to answer that, it's mainly just,
I don't want, especially with CRT monitors with the glass front,
I don't want the reflections coming off of light
or anything like that, so it's easy to turn off all the lights.
And when I really ramped up doing this,
I was in college, and I lived with three other roommates
at the time, and the only time period
I would really ever have to record videos in peace
without loud things happening all the time was in the dead of night.
So I would always record after the sun went down,
everybody went to bed.
And that was my prime time to actually get this stuff done.
So much of the stuff we talk about on this show is very modern things.
And a lot of that has to do with like nation states going after each other,
big massive organized cyber crime rings.
And I'm watching your videos and I feel almost like a warm, fuzzy sense of nostalgia.
is not to say that some of these things aren't really destructive, that there isn't harm,
but like that early 2000s malware, I think of the, like, I think it was the Lacanoa worm
that had like a homestar runner payload to it.
Right.
Like, I guess, one, I just want to reflect on that sense of nostalgia and almost a sense
of humor some of them had and use that as a jumping off point for like, what's your favorite
era of these things?
You get the 80s, 90s, 2000s.
What are you drawn to personally?
So I am most drawn to, well, it's hard to pick a,
era. Probably early 2000, late 80s to early 2000s, just generally because at that point in time,
there was no way to really make malware that's only purpose. Its only purpose was to, you know,
as it is today, gather money, intelligence, steal data, credentials, whatever. Back then,
this was essentially the way to promote your creation to the world. So a lot of them were very
in your face. They had calling cards.
There were wars that developed between various virus groups.
There was just so much going on.
They got right in your face.
I especially like all the MS-DOS viruses that print out graphics on the screen
because MS-DOS is a very text-based operating system.
Almost everything you do is through the command line.
Graphics are reserved solely for programs that you might run or windows.
And these viruses, you'll just be typing away.
And then all of a sudden there's a giant, you know, head.
in a noose on your screen saying like, sorry, I've disinfected this file, but your PC is still affected, or just crazy stuff like that.
And it's all these programmers making computers do things that you would not expect them and would not want them to do.
But since they are computers, they do what they're told.
And without the protections built into modern operating systems, they pretty much had free reign of anything they desire to do on your system.
I know there are many exploits nowadays that generally lead into corporations being hacked or, you know, a workstation gets infected with something, and then they move laterally through the network, through a combination of NSA tools and various other high-level, super-complex attack vectors.
Back in Windows 95, 98, the late 90s, there was a worm called Opaserve, or Opasoft, depending on
which vendor you look at. And it utilized an exploit. It kind of scanned computers like
Sasser did, but much slower and with much less of a chance of success. But if it found network
shares that were open to the internet but password protected, there was a vulnerability in Windows
that allowed it to suggest the first character of the password, which Windows would then
take and authenticate and let you in. So this worm spread, like if your password was 20 characters
long but started with an A, the worm would suggest the letter A. And Windows would say,
all right, cool, come on in. And it's just these kinds of crazy oversights and bugs that they
exploit that just you don't see anymore nowadays. So definitely MS DOS to early Windows XP,
early Windows NT era. That's the sweet spot. That's my sweet spot. You used a phrase that I like,
you said it's hard to pick an error. And when you said that, I was reminded like, yeah, it'd be like me
asking you what's your favorite decade of music, 60, 70s, 8, and eyes, it's like, oh, there's
great stuff in all of them. You then use the word creation. Is there an artistry to it,
like an artistic element to making these things, kind of a creativity behind them?
Absolutely. I mean, there's even a virus called Spanska for MS. Das, which printed out like a graphical
3D, like a rolling Mars land, like a, like you would see from a lunar lander almost, but it would just
kind of roll past on your monitor and I believe the text on the screen was making a virus can be fun.
And there's just, there's an artistry that goes into it, even with some of the ways that these programmers
would infect your PC, like C.I.H, also known as Chernobyl, also known as space filler, was a virus in
the late 90s that had the ability on certain Pentium systems to actually gain access to an
override your bios.
so your computer would become unbootable unless the BIOS chip was reflashed.
But the way it infected files and why it got the name Space Filler is,
unlike traditional viruses of the time,
which would write a little jump command right at the beginning of the file
and then store all of its code at the end, which increases file size,
Cih would look for little pockets of empty space in programs,
and it would analyze the entire program,
and if there wasn't enough empty space throughout to infect it,
it would leave it alone. But if it had enough space, it would carve up its code to fit into those spaces and link itself all together.
And the file size did not increase after that. So it was very sneaky, very stealthy, and then ultimately incredibly destructive.
And it's just that kind of thing. There is a real artistry to what can be done.
That's not saying that there's not shovels, like huge boatloads of just script kiddie.
nonsense from back then too, because that exists too. But the true, I don't know how you want to say,
the specimens, the elite of their time were definitely well made. And I guess that's why they are
the elite specimens. And require a historian to dig into them. I guess while we're on that
subject, I've just kind of going through some that popped a mind. I don't want to just go with
favorites because that's too broad. Let's start with funniest. Can you share like the funniest? Can you share like
the funniest one that you're like, God damn, whoever made this just has a sense of humor.
Funniest is, it's hard to pinpoint. I mean, there's subtle humor. There's stuff like the
one-half virus on MS DOS, which it infects your boot sector. So every time you boot your PC,
it runs to. It infects floppy disks when you use them. And then every time you boot,
it encrypts the last two cylinders of data on your hard drive. And it starts at the end and starts
working its way back towards the middle, two cylinders at a time, tiny amounts of data.
And when you try to access those encrypted cylinders of data, one-half in memory will detect
that decrypt it for you and then present the data normally.
When it gets to the halfway point of your hard disk, you boot your PC and you get the message,
this is one-half, press any key to continue.
And that's all you see.
And you have no idea anything is wrong up until this point.
If you think to yourself, oh, no, I've got a virus and you try to do an F-disc slash MBR, which rewrites your master boot record with a clean copy, all of a sudden your hard disk is completely unusable because the last half is still encrypted, but now there's no virus to decrypt it.
So it's the sort of like, I got you humor, you know, it's not traditionally funny.
There are a lot of viruses and worms that do try to be funny.
there are some that are just like obnoxiously immature in the way they do these things.
I'm trying to think of a good example.
Like, it's just like there's one, I think it's a worm called badass.
And it sends you an email that it's got a little smiley face icon.
And when you run the worm, it pops up this message box.
I think it's in Dutch, but it translates to like this user, like,
cannot run the program because he does not wash his ass or something like that.
Is this true?
And it's got a yes and a no, and you try to hit no, but the no button jumps around.
And you can't click it.
You're forced to click yes.
And it's just, there's, there's really, it's up to the author to be really funny.
I guess there is one that was tongue in cheek.
It was an email worm called Dumbass.
So this was early 2000s, right around the time when Love Letter would spread.
and Anna Kornikova and stuff like Melissa,
which were mass mailed and they'd have enticing things like,
check the love letter coming for me,
or here's a list of triple X porn website passwords, click here now,
and then your file name would be love letter for you.tects.
.v.b.s or some obvious double extension that anybody whose computer savvy would know
would infect your PC, but everybody else had no idea.
and would just run them.
So the dumbass worm would send it out.
And it's like,
I can't remember exactly what it says,
but it's like, here, just run this file dumbass.
And it's like obvious virus.text.v.v.tex.v.t.v.v.c.
bbs.piff.s.cr.bAT.exe. And it's got this huge chain of file extensions. And it's just
taking the piss out of, I guess, all these users it thinks are just complete dumbasses,
hence the name. I don't know if it reveals something about me not being as mature as I
am, but the washerass one struck me is kind of funny. Oh, it's funny. Don't get me wrong.
It is very funny. But it's just not quite, you know, the highbrow comedian-level humor.
that you see on Netflix.
That we crave.
Yeah.
Okay.
So funny.
Let's just swing to the other side of the pendulum.
The least funny.
Like, have you ever been scared or at least unsettled?
So scared happened quite frequently in the early days of me recording this because I would
just read about something.
It says this virus activates on September 19th.
So me, having never seen it before, would put it on floppy disk, pick up my camera
in the early days I have these super shaky freehand cameras.
It's really crappy video.
Like, this was me, the high school student,
just shoving this camcorder in the screen.
So I'd fire it up, start recording,
never seen it before,
and I'd switch to September 19th, and I'd run it,
and it's just full screen immediately blaring music
or, like, loud PC speaker,
and I would shake.
You know, it would surprise me
because I'd never experienced it before.
So these things, they just pop up
when you're not expecting them. And it's just they can be very surprising. Um,
when I think of like scary on a level of what it does, that's a little trickier. I guess it depends
on how prepared you are for viruses. Like stuff like want to cry and uh not pet ya, that's pretty
scary because that, you know, first one encrypts all your data and the second one is just a white
and if you can't recover from that, you're pretty much screwed.
Think about the last time you heard a breach story on this show.
It always starts the same way.
Someone, somewhere, saw something too late,
an alert buried, a signal missed, an SOC that just couldn't keep up.
Arctic Wolf set out to solve that problem by rebuilding security operations from the ground up
for a world where attackers are already using AI.
They created the Aurora Super Intelligence Platform,
with fully agenetic system powered by the swarm of experts.
Instead of single-purpose bots or lucky-guess LLMs, this swarm is full of deterministic agents that handle whole entire workflows.
Humans stay in the loop and on the loop to validate the critical decisions and keep everything trustworthy.
And all of this is just off running on their secure operations graph.
A constantly updating intelligence engine fueled by more than 9 trillion telemetry events every week and over a decade of real-world incident response.
The system reasons on real signals and real context not synthetic training data.
And the result is the new Aurora Agent SOC.
It's the first SOC that is agent led by design.
You get agents that coordinate, agents that investigate, agents that respond at machine speed,
and hundreds more that automate the repetitive work that normally buries human analysts.
Arctic Wolf didn't try and bolt AI onto an old model.
They rebuilt the model entirely.
What makes it even more effective is how it works with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform so every AI
driven decision reflects your environment instead of generic assumptions. The automation frees your
concierge security team to focus on higher value strategy and proactive risk reductions while the agents
handle the grind. If you want to see what trustworthy, production-ready AI and security operations
actually looks like, go to arcticwolf.com slash hacked. Never feel like cyber threats are evolving
faster than anyone can keep up? Last year, 2025 was nothing short of a record-breaking year for major
breaches, from sophisticated ransomware operators to AI-enabled attacks that turn defenses on their
head. Organizations around the world saw headlines they never expected and cybersecurity teams
were tested like never before. But here's the thing. These incidents aren't just news headlines.
They're learning opportunities. And that's why Arctic Wolf is hosting a live webinar on February 5th
diving the most impactful breaches of 2025. Their field CTO and security leaders are going to
unpack not just what happened, but why these attacks succeeded. And most importantly,
what businesses can do to fortify their defenses for it's too late.
You're going to walk away with real insights
and how threat actors are evolving,
how defenders are responding,
and what strategies can help you stay ahead of the next big breach.
It's not fear mongering.
It's practical, actionable, intelligence from experts in the trenches.
Register now at arcticwolf.com slash hacked.
Something we talk about internally when we make this show
has to do with like,
I guess the ethical boundaries of walking,
the fine line between education and entertainment.
Like we tell cybersecurity stories.
And I'm curious, like, how do you navigate the ethical implications of showing stuff,
making sure that you're creating something that's like informative and interesting
without encouraging anything malicious?
So funny story, actually.
I do just try to show these things.
I don't offer any sort of download link for anything that I feature in my videos.
although that is probably the number one question.
I've probably been asked that more than anything else,
several thousand times at least.
Where do you get your viruses?
On a rare occasions, people have stumbled across them.
I've gotten a few that were like,
I ran this thing I saw in your video,
and now my computer is all fucked up.
What do I do?
And I have to respond.
I'm not tech support.
I'm sorry you did that, but these videos aren't just, you know,
for fun.
These are actual malware.
And then there was another side of that same coin where I'd get a lot of people saying,
I wrote this virus that I'd like for you to make a video on.
How can I send it to you?
And I got so many of these kinds of requests that at one point I had a forum where I opened it up.
I made a little short-lived series called Viewer Made Mail.
I was going to ask about that.
That was my next question.
Yeah.
So if you wanted to, you could write this and you would put it on my forum with the description of everything it does.
and I picked the coolest stuff and I'd make a video of it.
After a certain number of them, there was one that was like a ransomware.
I can't remember what it was called, but it got picked up by a security researcher on Twitter
who started posting about this as if it was a new threat.
And they posted, you know, MD5 hashes.
And they're like, here's how to detect it.
It's been submitted.
And then like the person who wrote it was like, oh, I wrote this for Dan.
you know and i was like yeah this isn't like an actual threat they had like a a backdoor key you could
use to decrypt everything but it was still kind of a hairy situation because i kind of indirectly
contributed to this thing being created by virtue of having this series now there's even you know
there's more to this because i stopped making those viewer made mouth
videos not long after that and took down my website I just didn't have the time
or the patience to moderate a forum and everything that comes with that and
there was a group that was on Twitter that actually exploited FOS Hub and they
replaced downloads for Audacity and Classic Shell with an MBR Trojan so
when people downloaded these
and ran these that actually opened up this Trojan that would replace your NBR with a message.
It was like, on your adventures, it seems you have failed.
I'm paraphrasing, but, and then it was like shoutouts to all these people.
And I wrote to them on Twitter, like, could I get a sample of this to make a video on it?
And they're like, oh yeah, we were actually going to put you in the greet, but we figured
that might lead more trouble to you than you would want.
So we just left your name out.
And I was like, oh, shit.
So it's like, damned if I do, damned if I don't.
Like, what's the way to go on this?
Do I encourage people who are going to write these things anyway to send them to me and not, you know,
compromise a very prominent file sharing website to infect innocent people?
Or do I not do anything and just see what happens?
I mean, even now, there's still many people that are asking,
am i ever going to continue it and right now i think that question's up in the air just because
i don't know there there's still so much interest and i think if the focus was on making it for
older operating systems maybe that might be the way to go but it's it's a like you said there's a
fine line and i'm not i'm not sure how to walk yeah at this point it's a big you're you're opening
a bunch of big thorny philosophical questions on that one.
Right.
And I guess just to stay there in a philosophical sense,
do you think that,
I guess the desire to create and spread this stuff
reflects a bigger,
bigger aspect of human nature or societal trends or something?
Like, do you think it says something about people
that we want to make and share this stuff?
Spread it is maybe a better word?
I think it definitely does.
It's interesting seeing the types of people who wrote this stuff in the original days.
It was generally young men usually on, they would find BBS groups of like-minded individuals,
and they would trade secrets and how-toes and tutorials.
And, you know, they generally at that point weren't super popular at school or they spent a lot of their time on the computer,
which in the late 80s or early 90s was not the norm, as opposed to nowadays with,
everybody having access to the internet everywhere.
Back then, it was very much a, I found my people,
and now we can do the things to make our mark on the world, essentially.
So that's why there's a lot of these viruses that are like greets to all the members of our crew.
So nowadays, there's big money in it,
which is why you see a lot of threat groups that are all basically acting to make as much money as possible.
Yeah, you talked about that pre and post monetization, almost like a BCAD thing for malware,
like this really hard line in the sand.
I guess I'm curious to talk about the evolution of it, where it's come from, where it currently
is, and then where do you think it's going?
You know, there's a lot.
There's more think pieces that is useful about the rise of AI in the context of malware
and cybersecurity.
Where does it come from and where do you think it's going?
So, excuse me, how?
Where it came from really was generally in the early days, like the original IBM PC virus,
brain was written as a sort of copyright protection tool by two brothers in Pakistan.
And as a time went on, viruses became more of a tool of the hobbyist programmer who really
just wanted to have some of their creations out there in the world.
Like I said before, you know, they really want to make their mark on the world, and this is one way you can certainly do it.
It might not be a good mark, but you're making an impression on people.
And with that, that sort of drove the hobbyist angle from the late 80s to probably the late 90s, with the advent of the internet becoming more popular everywhere.
The focus shifted from traditional computer viruses to worms, which are executables that don't infect files.
They don't infect a host file to spread themselves, but instead they just spread via user interaction or an exploit.
And with these online groups, you now have groups that are starting to fight with each other.
You see it before in the early 90s with some BBS boards, you know, the bulletin board system.
between various virus groups and this group sucks. We're the best and they'd write it in their
virus you know in the little comments you'd see like we hate these guys they suck their viruses are
terrible ours are the best you know just back and forth but that really exploded with the advent of
the internet so now you have the ability to reach millions of PCs around the world very quickly
as opposed to the early days where you were basically limited to the physical area around
wherever you released it on a floppy disk and you hoped it would spread somewhere beyond it
So with the internet just sort of
exploding the scene that really set the stage from the shift from like malevolent fun
to serious business malware. It became less of a deal of we can write this to print out on the screen that you suck and we got you
to now we can exploit 300,000 PCs worldwide and install a botnet on them so that they send Viagra spam.
And from that, we got to the very beginnings of ransomware in the mid-2000s with GP code.
There was the advent of rogue antiviruses, which you would be infected with, and it would look like a legitimate antivirus.
and it would say your computer is infected with 6,000 viruses by now and we'll solve it for you.
And of course, none of them were actually on your PC.
It was just this fake rogue antivirus, you know, shitting everything up and requiring you to pay and you can't just uninstall it.
And from that, you know, it just evolved further to, especially with cryptocurrency, what we see now with ransomware, you know, nation state.
actors. It's just
there's no more
joy or fun that
you can really see behind the code
at least with the big stuff.
There's no more joy or fun
behind the code. And I guess
on that note,
we're on the nation state
cyber crime, organized crime level now.
Where do you think it goes next?
See, that's
something I've been thinking about. Like, where do we
go next? I mean, we've had, you know, the United States
and Israel create and release.
Stuxnet and that's been in development since the mid 2000s and now we see the NSA who
has developed all of these specialized exploits that have been leaked and we see
responses to those leaks and it's just I'm not sure where we go I mean not
Petya was a huge global event and I'm surprised we really haven't had significantly
more of those.
So I'm guessing there's going to be something, you know, more along the lines of
not Petya, where, you know, the target was Ukraine, ended up impacting global shipping
with Maersk.
And I imagine we'll see some more attacks along those lines, you know, because with
these cyber attacks, it's very easy or at least easier to obscure their source and where
they're coming from.
Yeah.
Just more of these giant global.
I don't know, attacks with unclear perpetrators and unclear targets and unclear goals.
Right. Maybe I should relaunch viewer made malware and, you know, just release some of those
into the wild and then we'll have some of the fun. Yeah, sure. Right back into it. Yeah, sure.
That'll balance it out. Yeah, it needs to fork. We need like the really scary, serious stuff
that's basically like standing in for organized crime and warfare. And then we need the memes, man.
We just need the good times. In fact, in your sense.
Memes are great, especially when they take over your PC and you can't do anything anymore.
Okay, so I've taken up a bit of your time.
I want to close with this one.
I read an interview you gave years ago in kind of prepping for this a little bit,
where you described malware as kind of a cultural artifact.
I've spoken a bit to this, but I think you likened it to American Civil War rifles and Soviet space gear
in terms of like being able to witness a technological evolution through it.
And I'm curious, how do you think future generations,
are going to look back at the malware of our era.
That's an interesting question.
I think the biggest thing is going to be the impact that the malware has,
as opposed, you know, there won't be so much emphasis on how did it spread
or, you know, what new exploits did they use, but how far reaching was it?
And you really started to see that line of thinking,
or emphasis on malware with these worms as they rose to prominence in the early 2000s.
But I think now more than ever, as security has taken on new meaning for organizations
and, you know, with the Apple iPhone being super locked down, it's going to be, you know,
how successful was your malware able to be?
Because it doesn't matter just, you know, how crazy or innovative it is if it doesn't infect much,
if it doesn't make much of a difference in the grand scheme of things.
I think, you know, the larger disruption that there can be
would be a measure of how we look at malware going forward.
It's about how big the ripples in the pond are.
Right.
Dan, thank you so much for send out with me, man.
This was a really fun one.
Yeah, thanks for having me.
This is a lot of fun.