Preserving the Ancient Art of Getting Pwned

Getting infected with a computer virus used to be so much more fun.
July 30, 2016, 4:00pm
Image: danooct1.

Getting infected with a computer virus used to be so much more fun. Take the Caterpillar virus, for example, which back in 1991 quietly infected .COM and .EXE files on MS-DOS. After lying in wait for two months, a line of ASCII characters in the shape of a caterpillar would begin to crawl across the screen, kind of like the game Snake, eating white characters as it goes and pooping them out in yellow.

That's so much more entertaining than finding a mysterious charge on your credit card, only to realize that you were one of millions of people who were victim to a massive security breach at Target, or one of the many other sites that are hacked on a regular basis.

That's what getting pwned usually feels like these days, but thanks to Daniel White, a YouTuber who goes by the name danooct1, we can see Caterpillar in action, as well as other viruses from back in the day when getting pwned came with a little bit of flair.

"I started recording videos because I wanted to see some of the stuff I read about for myself rather than just imagining it in my head," White told me over chat. "So I used an old computer I had lying around. Shortly after that I figured maybe I'd put some videos of it on YouTube, just for myself really. I didn't expect anyone else to find it interesting."

White's fascination with old malware started with an internet worm called Sasser, which he was infected with in 2004. Sasser would spread itself across networks by launching an FTP server on infected computers and immediately scanning for other vulnerable targets. Once infected, Sasser would use up all system resources, forcing the user to restart the computer, which didn't help much since Sasser would relaunch.

To demonstrate how Sasser jumped from machine to machine without any human interaction, White set up a network of five Windows XP and Windows 2000 machines with hardware from the time the virus first appeared.

It's an elaborate setup, but one that White is used to putting together after years of uploading similar videos to his channel.

"There's a lot of preparation that goes into it," he said. "One video in particular, for a virus called CIH, requires a pentium MMX processor. The virus exploits a bug in the architecture to gain write access to the BIOS and overwrite it, causing the computer to fail to boot until the BIOS chip is reflashed. So I sacrificed an old computer for that video which was really neat."

In addition to running old hardware and hunting down old malware—White's main source is the Ukrainian site VX Heaven—capturing these videos also involves a certain amount of risk. It's a very low risk, White admits, since it's unlikely any of these ancient viruses will be able to make the leap to a modern computer, but he isn't taking any chances—he has off-site backups for everything.

Either way, it's a lot of effort for a YouTube channel with a growing but still modest following of 124,000 subscribers.

"I think it's something not a lot of people really give much thought to," he said. "Computer viruses are this sort of threat that always lingers around but isn't quite tangible. Most people experience malware at some point or another but it's usually nothing more than your antivirus picking something up and telling you about it."

Older viruses had a personal touch, White said, because they were made by enthusiasts, many of them teenagers, who were learning how to program. They were more interested in finding interesting ways to infect files, hide infections, and taunt their rivals in the community (or even antivirus industry professionals), then they were in making money. It was just a hobby.

"Authors like Spanska wrote a few viruses where he talked about viruses being art and that coding them can be fun, and often had non-damaging payloads with a really neat graphical component," White said.

That visual component inspired what is my favorite part of White's channel: viewer-made viruses. Since he started the channel in 2008, White has received 200 viruses his viewers have made and asked him show off in a video. These, much like Spanska's work, aren't so much concerned with spreading and damaging users, but in creating the trippiest visuals possible.

The best example of this is from White's most recent user-made virus video, a creation called MEMZ, which led us to discover his channel earlier this month.

The Trojan—a type of malware which infects a computer by masquerading as a non-malicious program—begins by informing the user that their computer "has been fucked by the MEMZ Trojan" and that any attempt to kill the Trojan will cause their "system to be destroyed instantly."

It then opens web pages for Club Penguin and Google searches "how to buy weed," but things get weird when the screen starts inverting its colors to a soundtrack composed of Windows XP error pings. At this point the Trojan begins taking dozens of screenshots to create a tunneling effect, which prompts White to attempt to restart his computer. As promised by the Trojan's original note, the computer was totaled and now is good for nothing besides running an animation of the Nyan cat.

Since they're coming from his viewers, viruses like MEMZ focus on the least malicious part of malware. Like the scene in the '80s and '90s they try to emulate, they're more focused on creative, artistic aspects of getting pwned, and that's exactly what White hopes to inspire.

"I figure whether I condone it or not, people are still going to be writing things to send to me to make them into videos, so I might as well try it out to give back to the people who have followed the channel so loyally," White said. "And maybe if they have this creative outlet then they won't be swayed by the dark side…"

The Hacks We Can't See is Motherboard's theme week dedicated to the future of security and the hacks no one's talking about. Follow along here.