The Malware Historian

Speaker 1: In 1986, two brothers in Pakistan, Amjad Faroukalvi and Basit Faroukalvi ran a computer store. It was called Brain Computer Services. Just like a little one room shop in Lahore, Pakistan. And the store, it's bumping, because rumor had it that those like nineteen eighties brand name programs, stuff that regularly retailed for hundreds of dollars elsewhere, was conspicuously affordable there. For example, when it launched, WordStar, an early word processor, was priced at $495 US and an extra $40 for the manual. At Brain Computer Services, as reported in Time magazine in 1988, you could get a floppy of it for a couple of bucks. I'll leave it to you to imagine what was going on there, Scott.

Speaker 2: I would never be able to suspect what was going on there. Where you could buy a non branded floppy with a copy of the program for dollars versus hundreds of dollars. That's that's a that's a legacy that I was not a part of, that whole Where's thing that I I was not there for that time.

Speaker 1: You wouldn't know anything about that.

Speaker 2: I wouldn't know anything about that.

Speaker 1: Brain sold software. They even developed some of their own, some medical stuff, and business was good. Now, remember, this was 1986, so the idea that followed, which might sound really obvious now, was extremely novel at the time. And the idea was, what if they were to include on all of these floppies they're selling a self replicating program? A form of copyright control, so that the software, whether the stuff they were developing or the third party software that they were selling at just bargain basement prices, wouldn't get copied and resold. In the early days, like the original IBM PC virus, BRAIN, was written as

Speaker 3: a sort of copyright protection tool by two brothers in Pakistan.

Speaker 1: That's Dan, AKA the Malware Historian. We're gonna get back to him. The software replaced the boot sector of a floppy disk with a copy of the virus and moved the boot sector somewhere else, and there's really two important things about this virus. First, it was basically harmless. It avoided infecting hard disks, so the user's data was never at any risk, just the software that was supposed to be on that floppy. And second, it displayed a message on the user's screen, which read: Welcome to the dungeon. Copyright 1986, Amjad's Private Brain Computer Services. And then, it listed a physical address: 730 Nizam Blak Alama, Iqbal Town Lahore, Pakistan. And then it listed a working phone number, followed by the message: Beware of this virus. Contact us for vaccination.

Speaker 2: So they so you so let me get this straight. They created a little virus program to prevent people from stealing their software even though their store was probably selling likely reproductions of other people's software?

Speaker 4: Yeah. K.

Speaker 2: K. Just just checking. I just just wanted some clarity.

Speaker 1: Yeah. It is a it is a good good point of clarification. Now most modern viruses would not directly advertise the brick and mortar physical location of its developers, or, like, a convenient phone number for contacting them. But, Amstrad didn't really know how most modern computer viruses worked, because he had basically just made kind of the first one that would go on to go viral. Because it was on hundreds of thousands of floppy disks that had started making their way around the world with his phone number in it. And eventually, the phone starts to ring.

Speaker 4: The first call we received was, from, Miami University and, some somebody taking care of, I think, a Maxine down there, a local Maxine. And she was writing something, and she was, having trouble with the floppy. And she discovered that, she bought some extra piece of code down there inside, and she found, our contact number when she called me. And I was very surprised, And I was shocked rather because I had no expectation that it will ever happen, that it will go so far.

Speaker 1: That is edited from a 2011 documentary where security researcher, Mikko Hipponen, traveled to Lahore to interview these brothers, creators of the first successful computer virus. Thirty eight years later, BRAIN, that little shop, still exists. Brain.net.pk.

Speaker 5: You can

Speaker 1: go there. They're a Pakistani IP. They did very well for themselves.

Speaker 5: Oh my

Speaker 2: god. They got like a fiber Internet provider. They're like a big deal now.

Speaker 1: Yeah. One gigabit speeds. It's better better than we got up in here

Speaker 2: in Canada. Literally better than what I have. Literally better than what I'm talking to you on right now. These guys are doing here in Pakistan. If they're on cloud platforms.

Speaker 1: This episode is brought to you by VRAIN. Anyway But it is with them that a history begins. This history of malware. Today, malware is about big money and big data. It's about nation state actors and vast criminal enterprises. It's big business. But in 1986, it was two brothers with a crazy idea, some floppy disks and a dream. Dan, who we heard from earlier, is a historian of this world, a malware historian.

Speaker 3: As time went on, viruses became more of a tool of the hobbyist programmer who really just wanted to have some of their creations out there in the world. Like I said before, you know, they they really want to make their mark on the world and this is one way you can certainly do it. It might not be a good mark, but you're making you're making an impression on people.

Speaker 1: So he's almost like an Indiana Jones historian. Like he goes to the ruins, he finds the actual old viruses, the actual hardware systems they ran on, and he runs it. Just to see what it's gonna do. That's great. Honestly great. So we called him up to hear his story, just to try and understand, like, how have we gotten from that little shop in Lahore to all of this? And what kind of strange stuff he's discovered woven throughout that history? Our conversation with Dan, a. K. A. Dan O'Oct one, a. K. A. The Malware Historian.

Speaker 2: Wait, wait, wait, wait,

Speaker 5: wait, wait,

Speaker 1: wait, wait, wait, wait,

Speaker 5: wait, wait, wait, wait, wait, wait,

Speaker 1: wait, wait, wait, wait, wait, wait, What's up, Scott?

Speaker 2: You know how there's all the, like, conversation about, like, viruses frozen in the ice in, like, Siberia and stuff?

Speaker 1: Oh, dang.

Speaker 2: Everybody's worried about, like, old viruses coming up and, like, reinfecting and things like that. Imagine Dan did that. Imagine Dan brought back some old worm or virus from way back in the day, put it on to, like, a 1991, you know, PC, and then bang, all of a sudden, it's, like, running around the Internet, like, causing havoc. Could you imagine?

Speaker 1: Yeah. Yeah. It was laying dormant on a floppy disk, one of the one of the big ones, and he just unleashes it on the world.

Speaker 2: Modern antivirus just doesn't even pay attention to it. It's just like this

Speaker 1: is Totally. It's not inoculated against this.

Speaker 2: Old. It's like does it matter? Like, we don't need to worry about these anymore. And that even in the database.

Speaker 1: And boom. Boom. Suddenly, it's a it turn there's a zero day for iPhones hidden on an old, old, floppy disk from 1994. How does that work? Let's find out. Here on Hacks.

Speaker 2: Here on Hacks.

Speaker 1: The second time. Dan, thank you so much for joining me. I really appreciate it.

Speaker 3: Yeah. Thank you for having me on.

Speaker 1: For anyone familiar with your work, you are a malware historian. And I guess just to start broadly, like, what does that mean to you? What drew you into this world to the point that you decided to start documenting it on YouTube?

Speaker 3: So initially, my first exposure to the world of malware was in 2004 when my home computer was infected with a network worm called Sasser. This I think it was the very beginning of May, April 2004, so almost twenty years ago. When this happened, the computer just started rebooting forever. Like, it would restart, and it would boot up, and a little window would pop up saying Windows is shutting down in sixty seconds, save all your work, and then it would just keep rebooting. And my mom and I, she, was a computer programmer, she's retired now, but we had printouts from Norton Antivirus online, you know, Sasser Removal, and all these different documents, and we were basically just trying everything in them to try and stop this. And eventually after several hours, we were successful, but at that point I was just, I was bitten by the bug. So I found a website, there's an antivirus vendor called F Secure. I think they recently rebranded to WitSecure. They're from Finland, but they had, at that time, pages and pages of alphabetized malware descriptions, and it wasn't just stuff like Sasser, or big names like the Love Letter worm from 2000, but they had stuff from the 1980s like BRAIN, or the very early computer viruses like Cascade for MS DOS, and they were all written out, when these viruses were new, and then they just sort of kept them on their website published as they advanced through the internet. So I read through all of these, this was about 2005 or so, I really started immersing myself in it. And that's generally how I became exposed to it. Yeah, there was just so much information, it was super cool to read about. I'd find some cool ones, and I'd show my dad, I'd be like, Hey dad, check out what this virus does. And he'd be like, Oh yeah, okay son, that's interesting. But to me it was just so cool, And it was something that not a lot of people ever really talked about. I mean, lots of people know what computer viruses are, and many people blame everything that ever goes wrong with their computer on computer viruses. But to actually know the history behind them and what makes them viruses is something super appealing to me. I

Speaker 1: want to get to something you just mentioned, which is, you know, what makes it a virus. But very briefly, do you know how Sasser, do you know how you got infected with it?

Speaker 3: So Sasser was an autonomous worm. So traditionally, before Sasser, worms were generally emailed out or shared on file servers, peer to peer networks like Kazaar, Limewire. Sasser was actually developed by a teenager in Germany after a patch was released by Microsoft for a certain, vulnerability in a, I think it was a security, like a logon authentication service for Windows. And he reverse engineered this patch, which led to the discovery that you could essentially just scan for IP addresses, find computers vulnerable to this vulnerability, and send them a specially crafted message or packet, and it would open an FTP server, send the worm on over, and execute it on the target computer, which would then start scanning for more computers. So this worm actually, globally impacted the internet. There were millions of infections worldwide, and the only thing you had to do to get infected was be online and have a vulnerable computer.

Speaker 1: Oh wow.

Speaker 3: And not many people had patched for this, so there was quite a lot of, infections and just, it was everywhere. It was very similar to a worm the previous year called Blaster, which affected a different vulnerability, but the end result was the same where the computers were rebooting over and over.

Speaker 1: You, I mean, the way I found you, you broadcast yourself letting these viruses infect a system that you control. What what is your setup for this? This? Like, what are your personal security processes? Like, what's your rig, man? Like, how how are

Speaker 3: you doing this? So initially, I started making videos in high school when I stumbled upon a few live malware samples. I think it was the Love Letter worm, some random MS DOS virus, and the Happy 99 email worm from late nineteen ninety eight. I think it was just some random forum post somewhere, somebody said, Hey, I found these cool bugs, you know, whatever, and I managed to find them and download them, and that was my first exposure to actually seeing in action these viruses and worms that I'd read so much about. And at the time I took an old desktop computer that our family no longer used, it was just sitting in a closet gathering dust, I pulled it out and just tried them out. I was like, I wonder if this works? And the Love Letter worm did work, I think it was a Windows XP computer, and it worked just fine. This was late two thousand and eight, and that's when I started thinking, well maybe I could format this and install something like Windows 98 or MS DOS even and see does this work? And as I did this more and more, I'd find more and more things that did work and eventually found a huge database of pretty much every sample I had ever read about. I think it was a leak of Kaspersky's actual virus data from some point in time. I'm not sure who or how or when it happened, but I'm glad it did. Because that really let me, run wild. So the initial setup was just some random old computer. As time went on, I've actually purchased, period accurate computers, so I've got a three eighty six on the desk behind me from the early 1990s, which runs MS DOS. For everything that I infect with MS DOS videos, that's the computer I use. I've got some others for Windows 90 five and 90 eight. I've used virtual machines in the past, which is just, you know, virtualization software and a share folder set up with my host computer. But now I like to try and kind of keep the authentic feel of what you would see and experience back in the day if you had actually been affected with this stuff.

Speaker 1: Yeah, the authenticity comes through. The way you capture it on the screen, it feels you can imagine being in a basement in like 2003 and getting a dodgy file on LimeWire and a bunch of bad stuff unfolding.

Speaker 3: It's funny you mention that. I've gotten quite a few comments over the years like, what's wrong with this guy's lights? Does he not pay, you know, like, enough for electricity? Why is he always in the dark? And to answer that, it's mainly just, I don't want, especially with CRT monitors with the glass front, I don't want the reflections coming off of light or anything like that. So it's easiest to turn off all the lights. And when I really ramped up doing this, I was in college and I lived with three other roommates at the time and the only time period I would really ever have to record videos in peace without loud things happening all the time was in the dead of night, so I would always record after the sun went down everybody went to bed and that was my prime time to actually get this stuff done, so.

Speaker 1: So much of the, the stuff we talk about on this show is like, is very modern things and a lot of that has to do with like nation states going after each other, big massive organized cybercrime rings. And I'm watching your videos and I feel almost like a warm fuzzy sense of nostalgia. It's not to say that some of these things aren't really destructive, that there isn't harm, but like that early two thousands malware, I think of the like I think it was the lacono worm that had like a home star runner payload to it. Right. Like, I guess, one, I just wanna reflect on that sense of nostalgia and almost a sense of humor some of them had and use that as a jumping off point for like what's your favorite era of these things? You got the eighties, nineties, February. What are you drawn to personally?

Speaker 3: So I am most drawn to well, it's hard to pick an era. Sure. Probably early two thousand, late eighties to early two thousands. Just generally because at that point in time, there was no way to really make malware. That's only purpose, it's only purpose was to, you know, as it is today, gather money, intelligence, steal data, credentials, whatever. Back then, this was essentially the way to promote your creation to the world. So a lot of them were very in your face, they had calling cards, there were wars that developed between various virus groups, there was just so much going on, they got right in your face. I especially like all the MS DOS viruses that print out graphics on the screen because MS DOS is a very text based operating system, almost everything you do is through the command line, graphics are reserved solely for programs that you might run, or Windows, and these viruses you'll just be typing away and then all of a sudden there's a giant, you know, head in a noose on your screen saying like, Sorry, I've disinfected this file, but your PC is still infected. Or just crazy stuff like that. And, it's all these programmers making computers do things that you would not expect them and would not want them to do, but since they are computers, they do what they're told. And without the protections built into modern operating systems, they pretty much had free reign of anything they desired to do on your system. I know there are many exploits nowadays that generally lead into corporations being hacked or, you know, a workstation gets infected with something and then they move laterally through the network through a combination of NSA tools and various other high level super complex attack vectors. Back in Windows '95, '98, the late 90s, there was a worm called Opaserv, or Opasoft, depending on which vendor you look at, and it utilized an exploit. It kind of scanned computers like Sasser did, but much slower and with much less of a chance of success. But if it found network shares that were open to the Internet but password protected, there was a vulnerability in Windows that allowed it to suggest the first character of the password, which Windows would then take and authenticate and let you in. So this worm spread, like if your password was 20 characters long but started with an A, the worm would suggest the letter A, and Windows would say, alright, cool, Come on in. And it's just these kinds of crazy oversights and bugs that they exploit that just you don't see anymore nowadays, so definitely MS DOS to early Windows XP, early Windows NT era. That's the sweet spot. Yeah. It's my sweet spot.

Speaker 1: You used a phrase that I like. You said it's hard to pick an era. And when you said that I was reminded like, yeah, it'd be like me asking you what's your favorite decade of music? Sixties, seventies, eighties, nineies. It's like, oh, there's great stuff in all of them. That's true.

Speaker 3: You then use the word creation. Is there an artistry to it? Like an artistic element to making these things? Kind of a creativity behind them? Absolutely. I mean, there's even a virus called Spanska for MS DOS which printed out like a graphical three d, like a rolling Mars land, like a, like you would see from a lunar lander almost, but it would just kind of roll past on your monitor. And I believe the text on the screen was making a virus can be fun. And, there's just, there's an artistry that goes into it, even with some of the ways that these programmers would infect your PC. Like CIH, also known as Chernobyl, also known as Space Filler, was a virus in the late 90s that had the ability on certain Pentium systems to actually gain access to and overwrite your BIOS. So your computer would become unbootable unless the BIOS chip was reflashed. But the way it infected files and why it got the name SpaceFiller is, unlike traditional viruses of the time, which would write a little jump command right at the beginning of the file and then store all of its code at the end, which increases file size, CIH would look for little pockets of empty space in programs, and it would analyze the entire program, and if there wasn't enough empty space throughout to infect it, it would leave it alone. But if it had enough space, it would carve up its code to fit into those spaces, and link itself all together, and the file size did not increase after that. So, it was very sneaky, very stealthy, and then ultimately incredibly destructive, and it's just that kind of thing. There is a real artistry to what can be done. That's not saying that there's not shovels, like huge boatloads of script kitty nonsense from back then too, because that exists too, but the true, I don't know how you want to say it, the specimens, the elite of their time were definitely well made and I guess that's why they are the elite specimens.

Speaker 1: And require a historian to dig into them. I guess while we're on that subject, I'm just kind of going through some that pop to mind. I don't want to just go with favorites because that's too broad. Let's start with funniest. Can you share like the funniest one that you're like, goddamn, whoever made this just has a

Speaker 3: sense of humor? Funniest is it's hard to pinpoint. I mean there's subtle humor. There's stuff like the one half virus on MS DOS, which, it infects your boot sector, so every time you boot your PC, it runs to, it infects floppy disks when you use them, and then every time you boot, it encrypts the last two cylinders of data on your hard drive. And it starts at the end and starts working its way back towards the middle. Two cylinders at a time. Tiny amounts of data, and when you try to access those encrypted cylinders of data, one half in memory will detect that, decrypt it for you, and then present the data normally. When it gets to the halfway point of your hard disk, you boot your PC and you get the message, DISS IS ONE HALF, PRESS ANY KEY TO CONTINUE, and that's all you see. And you have no idea anything is wrong up until this point. If you think to yourself, Oh no, I've got a virus, and you try to do an fdiskMBR, which rewrites your master boot record with a clean copy, all of a sudden your hard disk is completely unusable because the last half is still encrypted, but now there's no virus to decrypt it. So it's this sort of like I got you humor, you know, it's not traditionally funny. There are a lot of viruses and worms that do try to be funny, there are some that are just, like, obnoxiously immature in the way they do these things. I'm trying to think of a good example, like, it's just like, there's one, I think it's a worm called Badass. And, it sends you an email that's got a little smiley face icon, and when you run the worm, it pops up this message box, I think it's in Dutch, but it translates to like, this user cannot run the program because he does not wash his ass, or something like that. Is this true? And it's got a yes and a no, and you try to hit no, but the no button jumps around, and you can't click it. You're forced to click yes, and it's just There's really it's up to the author to be really funny. I guess there is one that was tongue in cheek, it was an email worm called dumbass. So this was early two thousand's, right around the time when Love Letter would spread and, Anna Kournikova and stuff like Melissa, which were mass mailed and they'd have enticing things like check the love letter coming for me or here's a list of, triple x porn website passwords, click here now, and then, you know, your your file name would be love letter for you dot text dot vbs or some obvious double extension that anybody who's computer savvy would know would infect your PC, but everybody else had no idea and would just run them. So the dumbass worm would send it out, and it's like I can't remember exactly what it says, but it's like, here, just run this file, dumbass, and it's like obvious virus dot text dot vbs dot pif dot scr dot bat dot exe, and it's got this huge chain of file extensions and it's just it's just taking the piss out of, I guess, all these users it thinks are just complete dumbasses, hence the name.

Speaker 1: I don't know if it reveals something about me not being as mature as I think I am, but the washer ass one struck me as kind of funny.

Speaker 3: Oh, it's funny. Don't get me wrong. It is very funny, but it's just not quite, you know, the high brow comedian level humor that you see on Netflix.

Speaker 1: That we crave. Yeah. Okay. So funny. Let's just swing to the other side of the pendulum. The least funny. Like have you ever been scared or at least unsettled?

Speaker 3: So scared happened quite frequently in the early days of me recording this because I would just read about something and it says this virus activates on September 19. So me, having never seen it before, would put it on floppy disk, pick up my camera, in the early days I have these super shaky freehand cameras and it's really crappy video, like, this was me, the high school student, just shoving this camcorder into the screen. So I fire it up, start recording, never seen it before, and I'd switch to September 19 and I'd run it and it's just full screen immediately blaring music or, like, loud PC speaker, and I would shake. It would surprise me because I'd never experienced it before. So these things, they just pop up when you're not expecting them. And, it's just, they can be very surprising. When I think of, like, scary on a level of what it does, that's a little trickier. I guess it depends on how prepared you are for viruses. Stuff like WannaCry and, NotPetya, that's pretty scary because that, you know, first one encrypts all your data and the second one is just a wiper And if you can't recover from that, you're pretty much screwed.

Speaker 1: Starting something new isn't just hard. It can be downright terrifying. You put a lot of work into a thing. You're not entirely sure it's gonna work out. You're taking a huge leap of faith. I've started a few things. Now I know I was right for believing in, you know, the idea, the product, despite all of those fears and hesitations. But boy, does it sure help when you have a partner like Shopify on your side. Shopify is the commerce platform behind millions of businesses around the world and 10% of all e commerce in The US. From household names like, well, hacked podcasts merch, to brands just getting started. You can get started with your own design studio with hundreds of ready to use templates. Shopify helps you build a beautiful online store that matches your brand style. Did I mention that that iconic purple shop pay button that's used by millions of businesses around the world? I don't know why I wouldn't. I should. It's why Shopify has the best converting checkout on the planet. It also helps boost conversions, meaning less carts, sort of getting abandoned in the parking lot, and more sales for you. It's time to turn those what ifs into sign up for your $1 per month trial at shopify.com/hacked. Go to shopify.com/hacked. One more time, that's shopify.com/hacked.

Speaker 6: When you finally find your thing, you want the whole world to know about that thing. So you use a thing called Canva to make it an even bigger and better thing. Whether you want to create flyers for that thing, make presentations for that thing, or design merch for that thing, You can do anything. So people can see your thing, feel your thing, love your thing. The next thing you know, it's a thing. Canva, the thing that makes anything a thing.

Speaker 2: Study

Speaker 5: And play. Come together on a Windows 11 PC. And for a limited time, college students get The best

Speaker 6: of both worlds.

Speaker 5: Get the Unreal College deal, everything you need to study and play with select Windows 11 PCs. Eligible students get a year of Microsoft three sixty five premium and a year of Xbox Game Pass Ultimate with a custom color Xbox wireless controller. Learn more at windows.com/studentoffer. While supplies last, ends June 30, terms at aka.ms/collegepc.

Speaker 7: Thinking about refreshing the carpet in your home? Now's the time to do it. For a limited time at The Home Depot, get 10% off installed carpet projects on trusted brands like Lifeproof, Lifeproof with PetProof Technology, Home Decorators Collection, and Traffic Master. Plus, with installation starting at just 49¢ per square foot, upgrading your space is more affordable than ever at The Home Depot. Offer valid 06/11/2026 through 06/28/2026. Exclusions apply for licenses. See homedepot.com/licensenumbers.

Speaker 1: Something we talk about internally when we make this show has to do with, like, I guess, the ethical boundaries of walking the fine line between education and entertainment. Like, we tell cyber security stories. I'm curious, like, how do you navigate the ethical implications of showing stuff, making sure that you're creating something that's like informative and interesting without encouraging anything malicious. So, funny story actually. I do just try to show these things.

Speaker 3: I don't offer any sort of download link for anything that I feature in my videos, although that is probably the number one question. I've probably been asked that more than anything else, several thousand times at least. Where do you get your viruses? On rare occasions people have stumbled across them, I've gotten a few that were like I ran this thing I saw in your video, and now my computer is all fucked up.

Speaker 1: What do I do? And, I

Speaker 3: have to respond, I'm not tech support, like I'm sorry you did that, but these videos aren't just, you know, for fun, these are actual malware. And then there was another side of that same coin where I'd get a lot of people saying I wrote this virus that I'd like for you to make a video on. How can I send it to you? And I got so many of these kinds of requests that at one point I had a forum where I opened it up. I made a little short lived series called Viewer Made Mouse.

Speaker 1: I was gonna ask about that. That was my next question. Right,

Speaker 3: yeah. So if you wanted to, you could write this and you would put it on my forum with the description of everything it does and I pick the coolest stuff and I'd make a video of it. After a certain number of them, there was one that was like a ransomware. I can't remember what it was called, but it got picked up by a security researcher on Twitter who started posting about this as if it was a new threat. And they posted, you know, MD5 hashes, and they're like here's how to detect it, it's been submitted, and then like the person who wrote it was like Oh, I wrote this for Dan. And I was like Yeah, this is like an actual threat. They had like a backdoor key you could use to decrypt everything, but it was still kind of a hairy situation because I kind of indirectly contributed to this thing being created by virtue of having this series. Now, there's even, you know, there's more to this, because I stopped making those viewer made malware videos not long after that, and took down my website, I just didn't have the time or the patience to, moderate a forum with everything that comes with that. And, there was a group that was on Twitter that actually exploited FOSSHub and they replaced downloads for Audacity and Classic Shell with an MBR trojan. So, when people downloaded these and ran these, it actually opened up this trojan that would replace your MBR with a message, and it was like, you on your adventures it seems you have failed. I'm paraphrasing, but and then it was like shoutouts to all these people, and I wrote to them on Twitter like could I get a sample of this to make a video on it? And they're like oh yeah, we were actually gonna put you in the greets but we figured that might lead more trouble to you than you would want so we just left your name out. And I was like oh shit So it's like damned if I do, damned if I don't. Like, is what's what's the way to go on this? Do I encourage people who are going to write these things anyway to send them to me and not, you know, compromise a very prominent file sharing website to infect innocent people? Or do I not do anything and just see what happens? I mean, even now there's still many people that are asking, am I ever going to continue it? And, right now I think that question is up in the air just because, I don't know, there's still so much interest and I think if the focus was on making it for older operating systems, maybe that might be the way to go, but it's like you said, there's a fine line and I'm not sure how to walk it at this point.

Speaker 1: It's a big you're you're opening a bunch of big thorny philosophical questions on that one.

Speaker 3: Right.

Speaker 1: And I guess just to stay there in a philosophical sense, do you think that I guess the desire to create and spread this stuff reflects a bigger bigger aspect of human nature or societal trends or something? Like, do you think it says something about people that we want to make and and share this stuff? Spread it is maybe a better word.

Speaker 3: I think it definitely does. It's interesting seeing the types of people who wrote this stuff in the original days. It was generally, young, young men usually on they would find BBS groups of like minded individuals and they would trade secrets and how tos and tutorials and, you know, they generally at that point weren't super popular at school or they spent a lot of their time on the computer which in the late eighties or early nineties was not the norm as opposed to nowadays with everybody having access to the internet everywhere. Back then it was very much, I found my people, and now we can, we can do the things to make our mark on the world, essentially. So that's why there's a lot of these viruses that are like, greets to all the members of our crew. So, nowadays, there's big money in it, which is why you see a lot of threat groups that are all basically acting to make as much money as possible.

Speaker 1: Yeah. You talked about that pre and post monetization, almost like a BCAD thing for for malware, like this really hard line in the sand. I guess I'm curious to talk about the evolution of it, where it's come from, where it currently is, and then where do you think it's going? You know, there's a lot there's more think pieces that is useful about the rise of AI in the context of malware and cybersecurity. Where does it come from and where do you think it's going?

Speaker 3: So, excuse me. How where it came from really was generally in the early days, like the original IBM PC virus Brain was written as a sort of copyright protection tool by two brothers in Pakistan, and as time went on, viruses became more of a tool of the hobbyist programmer who really just wanted to have some of their creations out there in the world. Like I said before, you know, they really want to make their mark on the world, and this is one way you can certainly do it. I mean, it might not be a good mark, but you're making an impression on people. And with that, that sort of drove the hobbyist angle from the late 80s to probably the late 90s. With the advent of the internet becoming more popular everywhere, the focus shifted from traditional computer viruses to worms, which are, executables that don't infect files, they don't infect a host file to spread themselves, but instead they just spread via user interaction or an exploit, and with these online groups, you now have groups that are starting to fight with each other. You see it before in the early 90s with some BBS boards, you know, the bulletin board systems between various virus groups, and this group sucks, we're the best, and they'd write it in their virus, you know, in the little comments you'd see like, we hate these guys, they suck, their viruses are terrible, ours are the best, you know, just back and forth, but that really exploded with the advent of the internet. So now you have the ability to reach millions of PCs around the world very quickly, as opposed to the early days where you were basically limited to the physical area around wherever you released it on a floppy disk, and you hoped it would spread somewhere beyond it. So with the Internet just sort of exploding the scene, that really set the stage from the shift from, like, malevolent fun to serious business malware. It became less of a deal of we can write this to print out on the screen that you suck and we got you to now we can exploit 300,000 PCs worldwide and install a botnet on them so that they send Viagra spam. And from that, we got to the very beginnings of ransomware in the mid two thousands with GP code. There was the advent of rogue antiviruses, which you would be infected with, and it would look like a legitimate antivirus, and it would say your computer is infected with 6,000 viruses. Buy now, and we'll solve it for you. And, of course, none of them were actually on your PC. It was just this fake rogue antivirus, you know, shitting everything up and requiring you to pay and you can't just uninstall it. And from that, you know, it just evolved further to, especially with cryptocurrency, what we see now with ransomware, you know, nation state actors. It's just there's no more, joy or fun that you can really see behind the code, at least with the big stuff.

Speaker 1: There's no more joy or fun behind the code. And I guess on that note, you know, we're we're on the nation state cybercrime, organized crime level now. Where do you think it goes next?

Speaker 3: See, that's something I've been thinking about. Like, where do we go next? I mean, we've had, you know, The United States and Israel create and release Stuxnet, and that's been in development since the mid two thousands. And now we see the NSA who has developed all of these specialized exploits that have been leaked, and we see responses to those leaks, and it's just, I'm not sure where we go. I mean, NotPetya was a huge global event, and I'm surprised we really haven't had significantly more of those. So I'm guessing, there's gonna be something more along the lines of NotPetya, where, you know, the target was Ukraine, ended up impacting global shipping with Maersk and I imagine we'll see some more attacks along those lines, you know, because with these cyber attacks it's very easy or at least easier to obscure their source and where they're coming from.

Speaker 1: Yeah. Just more of these giant global, I don't know, attacks with unclear perpetrators and unclear targets and unclear goals.

Speaker 3: Right. Maybe I should, relaunch Viewer Made Malware and, you know, just release some of those into the wild and then we'll have some of the fun Yeah, sure. Right back into it. Yeah, sure. That'll balance it out.

Speaker 1: Yeah. It needs to fork. We need like the really scary serious stuff that's basically like standing in for organized crime and warfare. And then we need the memes, man. We just need the good times, infecting yourself.

Speaker 3: Memes are great. Especially when they take over your PC and you can't do anything anymore.

Speaker 1: Okay, so I've taken up a bit of your time. I want to close with this one. I I read an interview you gave years ago in kind of prepping for this a little bit where you described malware as kind of a cultural artifact. You've spoken a bit to this, but you likened it to American civil war rifles and Soviet space gear in terms of, like, being able to witness a technological evolution through it. And I'm curious, how do you think future generations are gonna look back at the malware of our era? That's an

Speaker 3: interesting question. I think the biggest thing is going to be the impact that the malware has, as opposed, you know, there won't be so much emphasis on how did it spread or, you know, what new exploits did they use, but how far reaching was it? And you really started to see that line of thinking or emphasis on malware with these worms as they rose to prominence in the early two thousands. But I think now more than ever, as security has taken on new meaning for organizations and, you know, with the Apple iPhone being super locked down, it's going to be, you know, how successful was your malware able to be? Because it doesn't matter just, you know, how crazy or innovative it is if it doesn't infect much, if it doesn't make much of a difference in the grand scheme of things. I think, you know, the larger disruption that there can be would be a measure of how we look at malware going forward.

Speaker 1: It's about how big the ripples in the pond are. Right. Dan, thank you so much for sitting down with me, man. This was a really fun one.

Speaker 3: Oh yeah, thanks for having me. This is Yeah. It was a lot of fun.