from Hacker News

A dive into the world of MS-DOS viruses (2019)

by defaulty on 9/15/21, 2:46 PM with 31 comments

  • by drclau on 9/15/21, 4:38 PM

    This brings back fond memories. It's been a _long_ time since then, and I was about 14yo. This was pre-internet, the BBS era. My computer, an old PC XT, 8086 based. I was getting new software via mail order from various specialized magazines, or from BBS's (to which I did not have access directly at that time -- not particularly relevant to this story).

    One day, I got something infected with a virus named Romania.856 (I will always remember this name), a COM infector, as I found out from F-Prot Antivirus (which came with a great db with information about viruses -- such a great read for the young me!).

    The tools available to me were still very limited; I had not yet discovered TDD (Borland Turbo Debugger). But I was dead set to understand how the virus worked. There I was, using the very limited `debug` tool that came with MS-DOS. I've learned x86 Assembler from various texts downloaded from BBS's. I reverseengineered Romania.856, and learned how it worked, and did my own experiments. That's how I spent my summer vacation that year.

    This was the beginning of some of the most beautiful years of my life, with regard to computers. It lasted for a bit over half a decade, time in which tech evolved fast, I got an internet connection (still dialup back then), I discovered IRC, met people with similar interests and so on. What I miss the most now is the feeling of everything being new, the possibility for exploration and discovery.

  • by lbj on 9/15/21, 5:47 PM

    What a great talk, loved everything about that era.

    When I was 14 I made my first virus/prank. It would increment a counter every time input was sent to the PS/2 port, ie. keyboard. Once it hit 2000 strokes it would switch to 80x50 textmode, print "This is a shareware keyboard. You have used all of your free keystrokes" and then close the PS/2 connection until a physical reboot.

    I thought it was hilarious, but it did have some unintended consequences. Especially because that the IT guy in charge actually believed the message. So, also my last virus.

  • by ivan4th on 9/15/21, 5:09 PM

    I did write some DOS viruses back when I was a kid, including a "stealth" one (invisible when reading the infected files via int 21h) and another one polymorphic (encrypted with dynamically generated decoder). I've never spread them, although I did upload another simpler one to an antivirus vendor BBS as a "new virus", so now it's known as "Areopag-480" and such. I thought all of the sources of things I wrote back then were lost when I typed an extra space in "rm -rf ~/something" back around 2000, but recently, while looking through some old books, I've found a piece of code of the stealth virus I wrote around 1992-1993: https://twitter.com/ivan4th/status/1434625057553330178/photo... I didn't have a PC at my grandparents' dacha back then, so I was writing code on paper instead during the summer

  • by shantnutiwari on 9/15/21, 3:16 PM

    Interesting.

    I've often wondered-- if you want to learn low level C and/or hacking techniques, would it make sense to start by hacking Ms-Dos? It's easy, there is little to no protection, even for system calls, and you can do a lot with little code.

    Of course, there is no "practical" use, but it would be really interesting as a learning excercise.

    I often thought of creating a few tutorials about this, but not sure if anyone cares... (or if anyone else has done so).

  • by peanut_worm on 9/15/21, 3:14 PM

    “danooct1” is a great youtube channel where you can see DOS and 32x viruses in action.

  • by StanislavPetrov on 9/16/21, 3:52 AM

    My first experience with an MS-DOS virus was in the late 1980s with the Jerusalem virus. We wanted to play Nethack during programming class (PASCAL) in the computer lab, and so brought a disk with a downloaded version (1200 baud) from home to install on the school's computers. Needless to say, someone had an infected copy, and before long it spread to most of the machines. It would cause weird things to happen like little blue rectangles to randomly appear. At that time, nobody was familiar with viruses (the computer teacher was actually a math teacher picking it up on the fly), and so the computers stayed infected for months until someone figured it out.

  • by bnjf on 9/15/21, 4:54 PM

    for those interested in the polymorphic libraries which became prevalent in the early 90s, I've got a disassembly of MtE at https://github.com/bnjf/mte/

  • by 1970-01-01 on 9/15/21, 9:03 PM

    When John McAfee saw the first PC virus he knew that stopping them was worth something and started McAfee Associates, which later became a bad thing.

    https://www.reddit.com/r/netsec/comments/3hr9f0/i_am_john_mc...

  • by Ingon on 9/15/21, 7:22 PM

    My fascination with viruses actually brought me to programming. After reading a lot about them, one evening I said to my father (who was a programmer) that I want to learn how to write a virus. So, he gave me a book called “The C programming language”… But I never actually wrote one :)

  • by marcodiego on 9/15/21, 3:27 PM

    I really admire techniques that were used on DOS viruses. Resident viruses that could hide themselves (stealth) and able to use boot as a transmission vector were very advanced. This combined with polymorphic techniques made the virus very resistant, basically reboot resistant.

  • by mseepgood on 9/15/21, 6:30 PM

    Back then malware was fun unlike today.