Reg comments91

Confession: I was a teenage computer virus writer

Did your PC crash a lot in the 90s? Yes, sorry about that

Sorry, Peter Norton

My first problem was how to build the thing. My computer at the time was an IBM PC XT clone with a 10MHz 8088 clone CPU and 640KB of RAM. Not a great machine by any means, but more importantly, I didn't really know how to program it.

I had taught myself C from books and computer magazines, but it was in a generic, high-level way. I didn't really know the PC or MS-DOS very well. Previously I'd been an Apple ][ guy. We didn't have C. We didn't even have interrupts.

I did have a secret weapon, though, and that was a book called The Peter Norton Programmer's Guide to the IBM PC. That's right, the "pink shirt book." It taught me everything I needed to know to write a dumb, annoying virus like AIDS. (Sorry, Peter.)

But I had an additional challenge. I wanted this program to be tiny, just 666 bytes. My C compiler at the time was Borland Turbo C, and while it allowed you to compile programs for various memory models, even the smallest executables had a certain amount of overhead because of the startup code. C programs were expected to parse command line arguments and do some other housekeeping when they started up. For my purpose, I didn't really need any of that.

Snippet of the Leprosy source code

Believe it or not, back in those days you could often spot a virus just by searching for the text it printed out. I solved that one

The answer to my problem, like so many answers in those days, came in the form of a computer magazine. Specifically, the December 26, 1989 issue of PC Magazine, which printed the assembly language source code to a startup routine that would keep your program size down to the barest possible minimum (page 297). I didn't really understand it, but it solved my issue, so I used it.

I also ended up writing my code using a bunch of inline assembly language, also to make the executable smaller. But it was all very simple stuff – just like I figured it would be. And I made sure to put a comment on nearly every line, so that neophyte programmers could know what I was doing.

Along the way, I added a few features to make Leprosy better than AIDS (boy, that was a strange sentence to write). I used a simple encryption on all the text strings to make them harder to spot with a file editor. Also, instead of taunting you when you ran it, it threw up a legitimate-looking system error message, in hopes of getting you to try running it again. It would infect more than one file at a time. And it knew how to jump directories on your disk, once it ran out of uninfected files.

And if you're wondering how I remember all of this from 25 years ago, honestly I don't. Remember how I mentioned that this was going to be a public domain virus? How I wanted to thumb my nose at the "1337" virus folks and make this software for anybody – any kid like me – to have and learn from? By the time I finished writing my code, I doubled down on that concept.

I wrote a manual.

Outbreak!

Confession time: I never actually did anything with Leprosy. The only person I ever infected with it was myself. Because after all, I had to run it to see if it worked, didn't I? So my first thought was, "Yay, it worked!" and my second thought was, "Hold on a minute, I just ran that in the same directory as my compiler and all my tools."

Lessons. Sometimes they come the hard way.

But believe it or not, I never really had any malicious intent when I wrote it. For me it had become your basic programming project. I just wanted to see if I could pull it off. I didn't have any enemies, or people who I wanted to harm with it. I didn't have any reason to inflict it on anybody.

So I gave it to somebody who did.

Leprosy-B source code

Too much Iron Maiden: For some reason, it was important to me that my viruses ran in just 666 bytes

Long story short, I gave it to a guy who was on one of the BBSs that I called, and who didn't share my admittedly lofty opinions of the "1337" community.  He thought Leprosy was great, and the fact that nobody else had it made it even better. He thought he had a zero-day virus on his hands, and he thought that meant he had bragging rights. So the first thing he did was upload an infected file to a BBS.

The dummy.

Short term, he got the effect he wanted. The guy whose BBS he uploaded it to freaked out, screamed and shouted, waved all the flags. For a while I couldn't tell who was more excited, the guy who uploaded my virus or the guy whose BBS got infected with a virus that nobody had ever heard of before. Both of them seemed to think they were famous.

Long term, of course, what it meant was that every antivirus vendor in the world had a signature for the Leprosy virus in less than 24 hours' time. Hence, it was useless. It was dead almost upon arrival. The source code and manual were out there for people to read and learn from, but good luck infecting anyone with it.

So I did what any sensible person would do. I wrote another one.

Next page: On to Plan B

Biting the hand that feeds IT © 1998–2017