Nine years and a handful of data loss scares later, White has amassed perhaps the most comprehensive archive of malware-in-action found anywhere on the web. His YouTube channel, which he started in 2008, includes more than 450 videos, each dedicated to documenting the effect of some old, outdated virus. The contents span decades, stretching from the dawn of personal computing to the heyday of Windows in the late '90s. It's a fascinating cross-section of the virus world, from benign programs that trigger goofy, harmless pop-ups to malicious, hell-raising bits of code. Happening across one of White's clips for a virus you've done battle with back in the day can be a surprisingly nostalgic experience.
But while the recent Windows worms may be the most familiar, another subset of White's archive is even more interesting. The viruses he's collected from the MS-DOS era are malware from a simpler time–a glimpse into a largely forgotten and surprisingly creative subculture.
//www.youtube.com/embed/j3H0FjgACjM
"In the DOS era it was very much a hobbyist sort of thing," White explains. Skilled coders wanted to show off their skills. They formed groups, and those groups pioneered different ways to infect and proliferate. A community coalesced around bulletin boards and newsgroups. Techniques were exchanged; rivalries bubbled up. For many writers, though, a successful virus didn't necessarily mean messing up someone's computer–or even letting users know that they'd been infected in the first place. Quietly, virus writers amassed invisible, harmless networks as testaments to their chops. "Not all authors were complete dicks," White says. "There were far more viruses that only infected files and continued spreading than there were viruses that damaged data or displayed 'gotcha' messages."
>A community coalesced around bulletin boards. Techniques were exchanged; rivalries bubbled up.
As we see here, though, some of those "gotcha" messages–a virus' payload, as it's called–were spectacularly unique. Amidst the dull monochromatic world of the command line, these viruses exploded to life. One, created by the French virus writer Spanska, flooded an infected machine's display with a dramatic flow of digital lava. Another showed a menacing skull, clearly rendered with patience and care. Others were more playful: a billiards-themed virus turned command line text into a colorful game of pool, with letters bouncing around the display and knocking others along the way. Some were downright sweet. The Ithaqua DOS virus showed a gentle, pixelated snowfall accumulating on the infected machine's screen–and only on one day a year.
For at least some of these mischievous coders, the virus truly did serve as a creative medium. When asked about his view on destructive code in a 1997 interview, Spanska, the French lava master, replied: "I really do not like that...There are two principal reasons why I will never put a destructive code inside one my viruses. First, I respect other peoples' work...The second reason is that a destructive payload is too easy to code. Formatting a HD? Twenty lines of assembler, coded in one minute. Deleting a file? Five instructions. Written in one second. Easy things are not interesting for the coder. I prefer to spend weeks to code a beautiful VGA effect. I prefer create than destruct [sic]. It's so important for me that I put this phrase in my MarsLand virus: 'Coding a virus can be creative.'"
Of course, no matter how widely they might've spread in the weeks and months following their deployment, these old viruses were inevitably squelched. Systems were patched and upgrades rendered their exploits obsolete. Even the F-Secure database that sparked his obsession is largely inaccessible today, White points out, discarded in favor of a "more 'consumer friendly' website." So White resolutely keeps on preserving the things–infecting virtual machines and filming the results. Now a graduate student specializing in satellite imaging systems, he still finds time to upload a new video every month or so, often working with files that tipsters send him to fill in holes in his collection. Thankfully for him and his hardware, the hobby isn't quite as risky as you might think. "For the most part, the stuff I handle won't do much of anything, if anything at all, on modern PCs and operating systems," he says. But you never know. "I live by the philosophy 'if you're not willing to lose all the data on every PC on the network, don't start toying with malware.'"
