Hacked - Throwback: The Malware Historian
Episode Date: June 2, 2025Today malware is all nation state actors and organized crime, but in the beginning it was more about making a statement. Dan is a malware historian. He finds old hardware and viruses, runs them, and s...ees what happens. So we sat down to discuss the history of malware, where it's come from, and where he thinks it's going next. Check out his amazing YouTube channel at https://www.youtube.com/user/danooct1 Hacked is brought to you by PushSecurity.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
Hey, everybody. I hope you're doing well. Hope you're enjoying the start of summer. We got one of my
favorite episodes for you here today. My schedule was a dumpster fire this week. Scots was a dumpster fire as well.
It was dumpster fires all around. So we're bringing you a throwback episode to enjoy, brought to you
a course by push security. I'm not going to waste too much time introing the episode since the episode
itself starts with a very long introduction that kind of lays all this out other than to say that
our interview with Dan Oaktwan, aka the Malware Historian, is one of my favorites. It was really
fascinating. If you like the kind of history that tells you a lot about the present, you will
like this one. I sure did. Without any further ado, this is a throwback, the Malware Historian.
In 1986, two brothers in Pakistan. I'm Zad Farukalvi and
and Besit Frugalvi ran a computer store.
It was called Brain Computer Services,
just like a little one-room shop in Lahore, Pakistan.
And the store, it's bumping,
because rumor had it that those like 1980s brand name programs,
stuff that regularly retailed for hundreds of dollars elsewhere,
was conspicuously affordable there.
For example, when it launched,
WordStar, an early word processor,
was priced at $495 US and an extra 40 bucks for the manual.
At Brain Computer Services, as reported in Time magazine in 1988,
you could get a floppy of it for a couple of bucks.
I'll leave it to you to imagine what was going on there, Scott.
I would never be able to suspect what was going on there,
where you could buy a non-branded floppy with a copy of the program for dollars versus hundreds of dollars.
that's a legacy that I was not a part of, that whole wares thing, that I was not there for that time.
You wouldn't know anything about that.
I wouldn't know anything about that.
Brain sold software.
They even developed some of their own, some medical stuff.
And business was good.
Now remember, this was 1986.
So the idea that followed, which might sound really obvious now, was extremely novel at the time.
And the idea was, what if they were to include?
on all of these floppies they're selling, a self-replicating program, a form of copyright control,
so that the software, whether the stuff they were developing or the third-party software that they were selling at just bargain basement prices,
wouldn't get copied and resold.
In the early days, like the original IBM PC virus brain was written as a sort of copyright protection tool by two brothers in Pakistan.
That's Dan, aka the malware history.
story in. We're going to get back to him. The software replaced the boot sector of a floppy
disc with a copy of the virus and moved the boot sector somewhere else. And there's really two
important things about this virus. First, it was basically harmless. It avoided infecting hard
disks so the user's data was never at any risk, just the software that was supposed to be on
that floppy. And second, it displayed a message on the user's screen, which read.
Welcome to the dungeon, copyright 1986 Amjad's private brain computer services.
And then it listed a physical address, 730 Nizam Block Alama, Iqbal Town, Lahore, Pakistan.
And then it listed a working phone number, followed by the message, beware of this virus.
Contact us for vaccination.
So let me get this straight.
They created a little virus program to prevent people from stealing their software,
even though their store was probably selling likely reproductions of other people's software.
Yeah.
Okay, okay.
Just just checking.
I just wanted some clarity.
Yeah, it is a good point of clarification.
Now, most modern viruses would not directly advertise the brick and mortar physical location of its developers, or, you know, like a convenient phone number for contacting them.
But I'm sure I didn't really know how most modern computer viruses worked, because he had basically just made kind of the first one that would go on to go viral.
Because it was on hundreds of thousands of floppy disks that had started making their way around the world with his phone numbers.
in it. And eventually, the phone starts to ring.
The first call we received was from Miami University and somebody taking care of, I think,
a maxing down there, local medicine. And she was writing something and she was having trouble
with the floppy. And she discovered that she got some
extra piece of code down there inside and she found
our contact number when she called me and I was
very surprised and I was shopped rather because I
had no expectation that it will ever happen that it will go so far
that is edited from a 2011 documentary where security researcher Miko Hippon
traveled to Lahore to interview these brothers, creators of the first
successful computer virus.
38 years later, brain, that little shop, still exists.
Brain.net.net.P.K. You can go there. They're a Pakistani IP. They did very well for themselves.
Oh, my God. They're like a fiber internet provider. They're like a big deal now.
Yeah. One gigabit speeds. It's better than we got up in here in Canada.
Literally better than what I have. Literally better than what I'm talking to you on right now.
These guys are doing here in Pakistan.
They have their own cloud platforms.
This episode is brought to you by brain.
Anyway.
But it is with me.
them that a history begins, this history of malware. Today, malware is about big money and big data.
It's about nation state actors and vast criminal enterprises. It's big business. But in 1986,
it was two brothers with a crazy idea, some floppy disks, and a dream. Dan, who we heard from
earlier, is a historian of this world. A malware historian. As a time went on, virus has
became more of a tool of the hobbyist programmer who really just wanted to have some of their
creations out there in the world. Like I said before, you know, they really want to make their mark
on the world. And this is one way you can certainly do it. It might not be a good mark,
but you're making, you're making an impression on people. He's almost like an Indiana Jones
historian. He goes to the ruins. He finds the actual old viruses, the actual hardware systems they
ran on and he runs it just to see what it's going to do.
That's great.
Honestly great.
So we called him up to hear his story just to try and understand like how have we
gotten from that little shop in Lahore to all of this.
And what kind of strange stuff he's discovered woven throughout that history?
Our conversation with Dan, aka Dan Oakt 1, aka the malware historian.
Wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, what's up, Scott?
You know how there's all the, like, conversation about, like, viruses frozen in the ice and, like, Siberia and stuff?
Oh, dang.
Everybody's worried about, like, old viruses coming up and, like, reinfecting and things like that.
Imagine Dan did that.
Imagine Dan brought back some old worm or virus from way back in the day, put it on to, like, a 1991, you know, PC.
one, you know, PC and then bang, all of a sudden it's like running around the internet and causing
havoc. Could you imagine? Yeah. Yeah, I was laying dormant on a floppy disc, one of the, one of the
big ones. And he just unleashes it on the world. Modern antivirus just doesn't even pay attention
to it. It's just like, this is totally. It's not inoculated against it. It's like, this is old. It's like,
it doesn't mad. Like, we don't need to worry about these anymore. They're not even in the database.
And boom.
suddenly it's a there's a zero day for iPhones hidden on an old, old floppy disk from 1994.
How does that work?
Let's find out.
Here on Hacks.
The second time.
Dan, thank you so much for joining me.
I really appreciate it.
Yeah, thank you for having me on.
For anyone familiar with your work, you are a malware historian.
And I guess just to start broadly, like, what does that mean to you?
What drew you into this world to the point that you decided to start documenting it on you?
So initially, my first exposure to the world of malware was in 2004 when my home computer was infected with a network worm called Sasser.
I think it was the very beginning of May, late April, 2004, so almost 20 years ago.
When this happened, the computer just started rebooting forever.
Like it would restart and it would boot up.
boot up and a little window would pop up saying Windows is shutting down in 60 seconds, save all your work,
and then it would just keep rebooting. And my mom and I, she was a computer programmer, she's
retired now, but we had printouts from Norton antivirus online, you know, Sasser removal and all
these different documents. And we were basically just trying everything in them to try and stop
this. And eventually, after several hours, we were successful.
But at that point, I was bitten by the bug.
So I found a website.
There's an antivirus vendor called F Secure.
I think they recently rebranded to With Secure.
They're from Finland.
But they had at that time pages and pages of alphabetized malware descriptions.
And it wasn't just stuff like Sasser or big names like the Love Letter Worm from 2000,
but they had stuff from the 1980s like Brain or,
the very early computer viruses like Cascade for MS DOS.
And they were all written out when these viruses were new.
And then they just sort of kept them on their website published as they advanced through the internet.
So I read through all of these.
This was about 2005 or so.
I really started immersing myself in it.
And that's generally how it became exposed to it.
yeah, there was just so much information.
It was super cool to read about.
I'd find some cool ones and I'd show my dad.
I'd be like, hey, dad, check out what this virus does.
And he'd be like, oh, yeah, okay, son, that's interesting.
But to me, it was just so cool.
And it was something that not a lot of people ever really talked about.
I mean, lots of people know what computer viruses are and many people blame everything
that ever goes wrong with their computer on computer viruses.
but to actually know the history behind them and what makes them viruses is something super appealing to me.
I want to get to something you just mentioned, which is what makes it a virus.
But very briefly, do you know how Sasser, do you know how you got infected with it?
So Sasser was an autonomous worm.
So traditionally, before Sasser, worms were generally emailed out or shared on files,
servers, peer-to-peer networks like Kazar, LimeWire.
Sasser was actually developed by a teenager in Germany after a patch was released by Microsoft
for a certain vulnerability in a, I think it was a security, like a log-on authentication service
for Windows. And he reverse engineered this patch, which led to the discovery that you could
essentially just scan for IP addresses, find computers vulnerable to this vulnerability,
and send them a specially crafted message or packet, and it would open an FTP server,
send the worm on over, and execute it on the target computer, which would then start scanning
for more computers. So this worm actually globally impacted the internet. There were millions of
infections worldwide, and the only thing you had to do to get infected was be online and have a
vulnerable computer. Oh, wow. And not many people had patched for this, so there was quite a lot
of infections and just it was everywhere. It was very similar to a worm the previous year called
Blaster, which affected a different vulnerability, but the end result was the same where the
computers were rebooting over and over. You, I mean, the way I found you, you broadcast yourself
letting these viruses infect a system that you control.
what is your setup for this like what are your personal security processes like what's your rig man
like how are you doing this so initially um i started making videos in high school when i stumbled upon
a few live malware samples i think it was the love letter worm some random ms dos virus and the
happy 99 email worm from late 1998 um i think it was just some random forum post somewhere somebody
said, hey, I found these cool bugs, you know, whatever, and I managed to find them and download them.
And that was my first exposure to actually seeing in action these viruses and worms that I'd read so much about.
And at the time, I took an old desktop computer that our family no longer used.
It was just sitting in a closet gathering dust.
I pulled it out and just tried them out.
I was like, I wonder if this works.
And the Love Letter Worm did work.
I think it was a Windows XP computer and it worked just fine.
This was late 2008.
And that's when I started thinking, well, maybe I could format this and install something like Windows 98 or MS DOS even and see does this work.
And as I did this more and more, I'd find more and more things that did work and eventually found a huge database of pretty much every saman.
I had ever read about, I think it was a leak of Kaspersky's actual virus data from some point in time.
I'm not sure who or how or when it happened, but I'm glad it did, because that really let me run wild.
So the initial setup was just some random old computer. As time went on, I've actually purchased period-accurate computers,
So I've got a 386 on the desk behind me from the early 1990s, which runs MS DOS.
For everything that I infect with MS DOS videos, that's the computer I use.
I've got some others for Windows 95 and 98.
I've used virtual machines in the past, which is just a virtualization software and a share folder set up with my host computer.
but now I like to try and kind of keep the authentic feel of what you would see and experience
back in the day if you had actually been affected with this stuff.
Yeah, the authenticity comes through.
The way you capture it on the screen, it feels, you can imagine being in a basement in like 2003
and getting a dodgy file on Limewire and a bunch of bad stuff unfolding.
It's funny you mentioned that.
I've gotten quite a few comments over the years.
Like, what's wrong with this guy's lights?
Does he not pay, you know, like enough for electricity?
Why is it always in the dark?
And to answer that, it's mainly just, I don't want, especially with CRT monitors with the glass front,
I don't want the reflections coming off of light or anything like that.
So it's easy to turn off all the lights.
And when I really ramped up doing this, I was in college.
And I lived with three other roommates at the time.
and the only time period I would really ever have to record videos in peace without loud things happening all the time was in the dead of night.
So I would always record after the sun went down, everybody went to bed.
And that was my prime time to actually get this stuff done.
So much of the stuff we talk about on this show is very modern things.
And a lot of that has to do with like nation states going after each other, big massive organized cybercrime ring.
and I'm watching your videos
and I feel almost like a warm, fuzzy
sense of nostalgia
is not to say that some of these things
aren't really destructive,
that there isn't harm,
but like that early 2000s malware,
I think of the like,
I think it was the Lecona worm
that had like a home star runner payload to it.
Right.
Like, I guess one,
I just want to reflect on that sense of nostalgia
and almost a sense of humor some of them had
and use that as a jumping off point
for like, what's your favorite era of these things?
You get the 80s, 90s, 2000s.
What are you,
drawn to personally. So I am most drawn to, well, it's hard to pick an era. Sure.
Probably early 2000, late 80s to early 2000s, just generally because at that point in time,
there was no way to really make malware that's only purpose. Its only purpose was to, you know,
as it is today, gather money, intelligence, steal data, credentials, whatever. Back then,
this was essentially the way to promote your,
creation to the world. So a lot of them were very in your face. They had calling cards.
There were wars that developed between various virus groups. There was just so much
going on. They got right in your face. I especially like all the MS-DOS viruses
that print out graphics on the screen because MSDOS is a very text-based
operating system. Almost everything you do is through the command line. Graphics are
reserved solely for programs that you might run or Windows. And these viruses
you'll just be typing away and then all of a sudden there's a giant you know head in a noose on your screen saying like sorry I've disinfected this file but your PC still affected or just crazy stuff like that and it's all these programmers making computers do things that you would not expect them and would not want them to do but since they are computers they do what they're told and without the protections built into modern operating systems they pretty
much had free reign of anything they desire to do on your system.
I know there are many exploits nowadays that generally lead into corporations being hacked
or a workstation gets infected with something and then they move laterally through the network
through a combination of NSA tools and various other high-level super complex attack vectors.
Back in Windows 95, 98, the late 90s, there was a worm called Opaserve or Opasoft,
depending on which vendor you look at.
And it utilized an exploit.
It kind of scanned computers like Sasser did, but much slower and with much less of a chance of success.
But if it found network shares that were open to the internet but password protected,
there was a vulnerability in Windows that allowed it to suggest the first character of the
password, which Windows would then take and authenticate and let you in.
So this worm spread, like if your password was 20 characters long but started with an A,
the worm would suggest the letter A.
And Windows would say, all right, cool, come on in.
And it's just these kinds of crazy oversights and bugs that they exploit that just you don't see
anymore nowadays.
So definitely MS DOS to early Windows XP, early Windows NT era.
that's the sweet spot
that's my sweet spot
used a phrase that I like
you said it's hard to pick an era
and when you said that
I was reminded like yeah
it would be like me asking you
what's your favorite decade of music
60, 70s, 8,000,
it's like oh there's great stuff
in all of them
you then use the word creation
is there an artistry to it
like an artistic element
to making these things
kind of a creativity behind them
absolutely I mean
there's even a virus
called Spanska for MSDAS
which printed out like a graphical 3D, like a rolling Mars land,
like you would see from a lunar lander almost,
but it would just kind of roll past on your monitor.
And I believe the text on the screen was making a virus can be fun.
And there's just, there's an artistry that goes into it,
even with some of the ways that these programmers would infect your PC,
like CihH, also known as Chernobyl,
also known as Space Filler, was a virus in the late 90s that had the ability on certain Pentium
systems to actually gain access to an overwrite your BIOS. So your computer would become
unbootable unless the BIOS chip was reflashed. But the way it infected files and why it got the name
Space Filler is unlike traditional viruses of the time, which would write a little jump command
right at the beginning of the file and then store all of its code at the end, which increases file size,
C-IH would look for little pockets of empty space in programs, and it would analyze the entire program,
and if there wasn't enough empty space throughout to infect it, it would leave it alone.
But if it had enough space, it would carve up its code to fit into those spaces and link itself altogether,
and the file size did not increase after that. So it was very sneaky, very stealthy,
and then ultimately incredibly destructive. And it's just that kind of, that kind of,
of thing. There is a real artistry to what can be done. That's not saying that there's not
shovels like huge boatloads of just script kidding nonsense from back then too because that exists too.
But the true, I don't know how you want to say the specimens, the elite of their time
were definitely well made and I guess that's why they are the elite specimens.
And require a historian to dig into them.
I guess while we're on that subject, I've just kind of going through some that popped a mind.
I don't want to just go with favorites because that's too broad.
Let's start with funniest.
Can you share like the funniest one that you're like, God damn,
whoever made this just has a sense of humor?
Funniest is, it's hard to pinpoint.
I mean, there's subtle humor.
There's stuff like the one-half virus on MS does,
which it infects your boot sector.
So every time you boot your PC, it runs too.
It infects floppy disks when you use them.
And then every time you boot, it encrypts the last two cylinders of data on your hard drive.
And it starts at the end and starts working its way back towards the middle.
Two cylinders at a time, tiny amounts of data.
And when you try to access those encrypted cylinders of data,
one half in memory will detect that, decryptive for you,
and then present the data normally.
When it gets to the halfway point of your hard disk,
you boot your PC and you get the message,
Dis is one half. Press any key to continue. And that's all you see. And you have no idea anything is wrong up until this point.
If you think to yourself, well, no, I've got a virus and you try to do an F-disc slash MBR, which rewrites your master boot record with a clean copy,
all of a sudden your hard disk is completely unusable because the last half is still encrypted, but now there's no virus to decrypt it.
So it's the sort of like, I got you humor, you know? It's not true.
traditionally funny. There are a lot of viruses and worms that do try to be funny. There are some
that are just like obnoxiously immature in the way they do these things. I'm trying to think of a
good example. Like it's just like there's one, I think it's a worm called badass and it sends
you an email that it's got a little smiley face icon and when you run the worm it pops up this
message box, I think it's in Dutch, but it translates to like this user like cannot run the
program because he does not wash his ass or something like that. Is this true? And it's got a yes
to no and you try to hit no, but the no button jumps around and you can't, you can't click it.
You're forced to click yes. And it's just there's there's really, it's, it's up to the author
to be really funny. I guess there is one that was tongue in cheek. It was an email where I'm
called dumbass. So this was early 2000s right around the time when love letter would spread
and Anna Kornikova and stuff like Melissa, which were mass mailed and they'd have enticing things
like check the love letter coming for me or here's a list of triple X porn website passwords,
click here now and then your file name would be love letter for you.tects.
.vBS or some obvious double extension that anybody whose computer savvy would know would infect your PC, but everybody else had no idea and would just run them.
So the dumbass worm would send it out
And it's like
I can't remember exactly what it says
But it's like here just run this file dumbass
And it's like
Obviousvirus.text.text.v.v.c.v.c.c.v.c.c.v.c.v.v.v.v.v. It.m.c.m. It's got this huge chain of file extensions.
And it's just taking the piss out of
I guess all these users it thinks are just complete dumbasses. Hence the name.
I don't know if it reveals something about me not being as mature as I think I am.
but the washer ass one struck me as kind of funny.
Oh, it's funny.
Don't get me wrong.
It is very funny, but it's just not quite, you know,
the high brow comedian-level humor that you see on Netflix.
That we crave.
Yeah.
Okay.
So funny.
Let's just swing to the other side of the pendulum.
The least funny.
Like, have you ever been scared or at least unsettled?
So scared happened quite frequently in the early days of me recording this
because I would just,
read about something it says this virus activates on September 19th. So me having never seen it before
would put it on floppy disk pick up my camera in the early days I have these super shaky freehand cameras
it's really crappy video like this was me the high school student just shoving this camcorder
in the screen. So I fired it up start recording never seen it before and I'd switch to
September 19th and I'd run it and it's just full screen immediately blaring music or like
like loud PC speaker and I would shake you know it it would surprise me because I'd never
never experienced it before it so these things they just pop up when you're not expecting
them and it's just they can be very surprising when I think of like scary on a level of what it
does that's a little trickier I guess it depends on how prepared you are for viruses
Stuff like Wanna Cry and not pet you, that's pretty scary because that, you know,
first one encrypts all your data and the second one is just a wiper.
And if you can't recover from that, you're pretty much screwed.
Identity attacks.
Fishing.
Credential stuffing.
Session hijacking.
Account takeovers.
Are the number one cause of breaches right now.
But both security tools still focus on endpoints, networks, and infrastructure.
Meanwhile, the browser, the actual place where we're working, has been ignored.
Push changes that.
They built a lightweight browser extension that observes identity activity in real time,
gives you visibility into how identities are being used across your whole organization,
like when login skip multi-factor authentication,
when passwords are reused, or when someone unknowingly enters credentials into a spoofed login page.
Then when something risky is detected, push can enforce protections right there in the browser,
no waiting, no tickets.
And it's not just about prevention.
Push also monitors real-time threats like adversary in the middle attacks, stolen session tokens, and even new techniques like cross-idP impersonation, where attackers bypass single sign on a multifactor authentication by essentially setting up a fake identity provider for your company.
The way to think about it, it's kind of like EDR, but in your browser.
Team behind it, they're all offensive security pros.
They publish some of the most interesting identity attack research out there, like the software as a service attack matrix, which breaks down exactly how these kinds of threats bypass all those traditional controls.
Identity is the new endpoint and push.
Our proud sponsor push is treating it that way.
Check them out at pushsecurity.com.
Think about the last time you heard a breach story on this show.
It always starts the same way.
Someone somewhere saw something too late.
An alert buried, a signal missed, an SOC that just couldn't keep up.
Arctic Wolf set out to solve that problem by rebuilding security operations from the ground up for a world.
where attackers are already using AI.
They created the Aurora Super Intelligence Platform,
a fully agentic system powered by the swarm of experts.
Instead of single-purpose bots or lucky-guess LLMs,
this swarm is full of deterministic agents
that handle whole entire workflows.
Humans stay in the loop and on the loop
to validate the critical decisions and keep everything trustworthy,
and all of this is just off running on their secure operations graph.
A constantly updating intelligence engine
fueled by more than 9 trillion telemetry events every week,
and over a decade of real-world incident response.
The system reasons on real signals and real context not synthetic training data.
And the result is the new Aurora Agent SOC.
It's the first SOC that is agent-led-by-design.
You get agents that coordinate, agents that investigate,
agents that respond at machine speed,
and hundreds more that automate the repetitive work that normally buries human analysts.
Arctic Wolf didn't try and bolt AI onto an old model.
They rebuilt the model entirely.
What makes it even more effective is how it works with Arkansas.
Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform so every
AI-driven decision reflects your environment instead of generic assumptions.
The automation frees your concierge security team to focus on higher value strategy and
proactive risk reductions while the agents handle the grind.
If you want to see what trustworthy, production-ready AI and security operations actually
looks like, go to Arcticwolf.com slash hacked.
Ever feel like cyber threats are evolving faster than anyone can keep up?
Last year, 2025 was nothing short of a record-breaking year for major breaches,
from sophisticated ransomware operators to AI-enabled attacks that turn defenses on their head.
Organizations around the world saw headlines they never expected and cybersecurity teams
were tested like never before.
But here's the thing.
These incidents aren't just news headlines.
They're learning opportunities.
And that's why Arctic Wolf is hosting a live webinar on February 5th.
diving into the most impactful breaches of 2025.
Their field CTO and security leaders are going to unpack not just what happened,
but why these attacks succeeded,
and most importantly, what businesses can do to fortify their defenses for it's too late.
You're going to walk away with real insights into how threat actors are evolving,
how defenders are responding,
and what strategies can help you stay ahead of the next big breach.
It's not fear-mongering.
It's practical, actionable, intelligence from experts in the trenches.
Register now at arcticwolf.com slash hacked.
Something we talk about internally when we make this show has to do with like, I guess the ethical boundaries of walking the fine line between education and entertainment.
Like we tell cybersecurity stories.
And I'm curious, like, how do you navigate the ethical implications of showing stuff, making sure that you're creating something that's like informative and interesting without encouraging anything malicious?
So, funny story, actually.
I do just try to show these things.
I don't offer any sort of download link for anything that I feature in my videos,
although that is probably the number one question.
I've probably been asked that more than anything else,
several thousand times at least.
Where do you get your viruses?
On the rare occasions, people have stumbled across them.
I've gotten a few that were like,
I ran this thing I saw on your video,
and now my computer is all fucked up.
What do I do?
And I have to respond.
I'm not tech support.
I'm sorry you did that, but these videos aren't just, you know, for fun.
These are actual malware.
And then there was another side of that same coin where I'd get a lot of people saying,
I wrote this virus that I'd like for you to make a video on.
How can I send it to you?
And I got so many of these kinds of requests that at one point I had a forum where I opened it up.
I made a little short-lived series called Viewer Made Mail.
going to ask about that. That was my next question. Yeah. So if you wanted to, you could write this
and you would put it on my forum with the description of everything it does and I picked the coolest
stuff and I'd make a video of it. After a certain number of them, there was one that was like
a ransomware. I can't remember what it was called, but it got picked up by a security researcher
on Twitter who started posting about this as if it was a new threat and they posted, you know,
MD5 hashes and they're like, here's how to detect it, it's been submitted, and then like
the person who wrote it was like, oh, I wrote this for Dan, you know, and I was like, yeah,
this isn't like an actual threat. They had like a, a backdoor key you could use to decrypt
everything, but it was still kind of a hairy situation because I kind of indirectly contributed to
this thing being created by virtue of having.
this series. Now, there's even, you know, there's more to this because I stopped
making those viewer made malware videos not long after that and took down my website. I
just didn't have the time or the patience to moderate a forum and everything that comes
with that. And there was a group that was on Twitter that actually exploited FOSTER
Hub and they replaced downloads for Audacity and Classic Shell with an MBR Trojan.
So when people downloaded these and ran these, it actually opened up this Trojan that would
replace your MBR with a message. It was like, you, on your adventures it seems you have failed.
I'm paraphrasing, but and then it was like shout outs to all these people and I wrote to them on
Twitter like, could I get a sample of this to make a video on it? And they're like, oh yeah,
We were actually going to put you in the greet, but we figured that might lead more trouble to you than you would want.
So we just left your name out.
And I was like, oh, shit.
So it's like, damned if I do, damned if I don't.
Like, what's the way to go on this?
Do I encourage people who are going to write these things anyway to send them to me and not, you know, compromise a very prominent file sharing website to infect innocent people?
or do I not do anything and just see what happens?
I mean, even now, there's still many people that are asking,
am I ever going to continue it?
And right now, I think that question's up in the air,
just because, I don't know, there's still so much interest.
And I think if the focus was on making it for older operating systems,
maybe that might be the way to go.
but it's it's a like you said there's a fine line and I'm not I'm not sure how to walk yeah
at this point it's a big you're you're opening a bunch of big thorny philosophical questions on
that one right and I guess just to stay there in a philosophical sense do you think that I guess the
desire to create and spread this stuff reflects a bigger bigger aspect of human nature or societal
trends or something. Do you think it says something about people that we want to make and share
this stuff? Spread it is maybe a better word? I think it definitely does. It's interesting seeing
the types of people who wrote this stuff in the original days. It was generally young men,
usually on, they would find BBS groups of like-minded individuals and they would trade secrets and
how-toes and tutorials. And, you know, they just, you know, they just,
generally at that point weren't super popular at school or they spent a lot of their time on the computer,
which in the late 80s or early 90s was not the norm, as opposed to nowadays, with everybody having access to the internet everywhere.
Back then, it was very much a, I found my people, and now we can we can do the things to make our mark on the world, essentially.
So that's why there's a lot of these viruses that are like greets to all the members of our crew.
So nowadays there's big money in it, which is why you see a lot of threat groups that are all basically acting to make as much money as possible.
Yeah, you talked about that pre and post monetization, almost like a BCAD thing for malware, like this really hard line in the sand.
I guess I'm curious to talk about the evolution of it, where it's come from, where it currently is, and then where do you think it's,
going. You know, there's a lot. There's more think pieces that is useful about the rise of
AI in the context of malware and cybersecurity. Where does it come from and where do you think it's
going? So, excuse me, where it came from really was generally in the early days, like the
original IBM PC virus brain was written as a sort of copyright protection tool by two
brothers in Pakistan. And as a time went on, viruses became more of a tool of the hobbyist programmer
who really just wanted to have some of their creations out there in the world. Like I said, before,
you know, they really want to make their mark on the world. And this is one way you can certainly
do it. It might not be a good mark, but you're making an impression on people. And with that,
That sort of drove the hobbyist angle from the late 80s to probably the late 90s,
with the advent of the internet becoming more popular everywhere.
The focus shifted from traditional computer viruses to worms, which are executables that don't infect files.
They don't infect a host file to spread themselves, but instead they just spread via user interaction
or an exploit.
And with these online groups,
you now have groups that are starting to fight with each other.
You see it before in the early 90s
with some BBS boards,
the bulletin board systems between various virus groups,
and this group sucks.
We're the best, and they'd write it in their virus,
you know, in the little comments, you'd see,
like, we hate these guys, they suck.
Their viruses are terrible.
Ours are the best, you know.
Just back and forth.
But that really exploded with the advent of the end.
internet. So now you have the ability to reach millions of PCs around the world very quickly,
as opposed to the early days, where you were basically limited to the physical area around
wherever you released it on a floppy disk, and you hoped it would spread somewhere beyond it.
So with the internet just sort of exploding the scene, that really set the stage from the shift from
like malevolent fun
to serious business malware.
It became less of a deal of
we can write this to print out on the screen
that you suck and we got you to
now we can exploit
300,000 PCs worldwide
and install a botnet on them so that they send
Viagra spam.
And from that we got to
the very beginnings of ransomware
in the mid-2000.
with GP code, there was the advent of rogue antiviruses, which you would be infected with,
and it would look like a legitimate antivirus, and it would say your computer is infected with 6,000 viruses.
Buy now, and we'll solve it for you.
And, of course, none of them were actually on your PC.
It was just this fake rogue antivirus, you know, shitting everything up and requiring you to pay,
and you can't just uninstall it.
And from that, you know, it just evolved further to, especially with cryptocurrency,
what we see now with ransomware, you know, nation state actors.
It's just there's no more joy or fun that you can really see behind the code,
at least with the big stuff.
There's no more joy or fun behind the code.
And I guess on that note, you know, we're on the nation state cybercrime,
crime, organized crime level now. Where do you think it goes next?
See, that's something I've been thinking about. Like, where do we go next? I mean, we've had,
you know, the United States and Israel create and release Stuxnet. And that's been in
development since the mid-2000s. And now we see the NSA who have developed all of these
specialized exploits that have been leaked. And we see responses to those leaks. And it's just
I'm not sure where we go.
I mean, Not Petya was a huge global event,
and I'm surprised we really haven't had significantly more of those.
So I'm guessing there's going to be something, you know,
more along the lines of Not Petya,
where, you know, the target was Ukraine,
ended up impacting global shipping with Maersk,
and I imagine we'll see some more attacks along those lines,
you know, because with these cyber attacks,
it's very easy or at least easier
to obscure their source
and where they're coming from.
Yeah.
Just more of these giant global,
I don't know,
attacks with unclear perpetrators
and unclear targets and unclear goals.
Right.
Maybe I should relaunch viewer-made malware
and, you know,
just release some of those into the wild
and then we'll have some of the fun.
Yeah, sure.
Right back into it.
Yeah, sure.
That'll balance it out.
Yeah, it needs to fork.
We need, like, the really,
scary, serious stuff that's basically like standing in for organized crime and warfare.
And then we need the memes, man.
We just need the good times.
In fact, in your system.
Memes are great, especially when they take over your PC and you can't do anything anymore.
Okay.
So I've taken up a bit of your time.
I want to close with this one.
I read an interview you gave years ago and kind of prepping for this a little bit,
where you described malware as kind of a cultural artifact.
I've spoken a bit to this, but I think you likened it to Americans.
Civil War Rifles and Soviet space gear in terms of like being able to witness a technological
evolution through it.
And I'm curious, how do you think future generations are going to look back at the malware
of our era?
That's an interesting question.
I think the biggest thing is going to be the impact that the malware has.
As opposed, you know, there won't be so much emphasis on how did it spread or, you know, what
new exploits did they use, but how far reaching was it? And you really started to see that
line of thinking or emphasis on malware with these worms as they rose to prominence in the early
2000s. But I think now more than ever, as security has taken on new meaning for organizations
and, you know, with the Apple iPhone being super locked down, it's going to be, you know, how
successful was your malware able to be because it doesn't matter just, you know, how crazy
or innovative it is if it doesn't infect much, if it doesn't make much of a difference in the
grand scheme of things. I think, you know, the larger disruption that there can be would be a measure
of how we look at malware going forward. It's about how big the ripples in the pond are.
Right. Dan, thank you so much for send out with me, man. This was a really fun one.
Well yeah, thanks for having me. This is a lot of fun.