ic3qu33n

# My Super Sweet 16-Bit Malware *MS-DOS Edition * [project]

Introductions and icebreakers

Like a good host, I like to begin by making sure that all my guests have time for introductions [didn’t we just go through that? No, I introduced you to the project overall. But we’re mingling with the 1980s/1990s vx crème de la crème here, so you’ll want to know some basics. You can thank me later.]

This project, irl

I recently gave two talks based on the research for this project:

  1. At Hushcon Seattle, December 2022. [Slides are VIP access only. lmk if you want to get on the list.]
  2. At BSides, San Francisco, April 2023.

Greetz

And what would a vx project be without a greetz section? Shoutout to the following for their help with reviewing these posts/providing feedback and edits, a v big thank you to them:

Definitions

Let’s begin by defining our terms. It only makes sense to start with the definition of a computer virus.

For this, I turn to Fred Cohen (credited as being the “creator” of the term “computer virus” as a way to describe a self-reproducing program, which he used in his 1984 paper “Computer Viruses, Theory and Experiments.”

Cohen’s definition was thus:

We define a computer 'virus' as a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself. With the infection property, a virus can spread throughout a computer system or network using the authorizations of every user using it to infect their programs. Every program that gets infected may also act as a virus and thus the infection grows. — Fred Cohen, “Computer Viruses, Theory and Experiments,” 1984

Now technically, if we want to go to the very origins of the term, John von Neumann was, surprise surprise, really the OG in this respect, though he didn’t use the term “computer virus.” Mostly because von Neumann was an academic baddie who liked using the lexicon of theorists and academics because well, that was the space he was working in. We stan von Neumann. His papers on this are peppered with theoretical terminology and beautiful math, the two most relevant of which are “Theory and Organization of Complicated Automata”(1949) and “Theory of Self Reproducing Automata” (1966).

Terminate and Stay Resident Programs

How does a virus on MS-DOS go memory resident?

I’ve written two blog posts to bring you up to speed:

These two posts go together; they’re cosmically bound soulmates. So don’t break them up. Read them sequentially.

An in-depth exploration of the etymology of the term “computer virus” is outside the scope of this project (because I don’t have time and we’re already falling down this rabbit hole). If you’re interested in reading more, I refer you to the following sources:

“When did the term 'computer virus' arise?”

Scientific American

October 19, 2001

When did the term 'computer virus' arise?
Scientific American is the essential guide to the most awe-inspiring advances in science and technology, explaining how they change our understanding of the world and shape our lives.
https://www.scientificamerican.com/article/when-did-the-term-compute/

Theory of Self Reproducing Automata”

John von Neumann

edited and completed by Arthur W. Burks

University of Illinois Press, 1966

https://cba.mit.edu/events/03.11.ASE/docs/VonNeumann.pdf

“Computer Viruses - Theory and Experiments," Introduction and Abstract

Fred Cohen

1984

https://web.eecs.umich.edu/~aprakash/eecs588/handouts/cohen-viruses.html

We would of course be remiss if we failed to acknowledge Ken Thompson’s seminal, groundbreaking earth-shattering etc etc 1984 Turing award lecture, “Reflections on Trusting Trust,” which includes the source code for a program that produces a self-reproducing program (yeah okay, metanarrative king). The paper is three pages and is jam-packed with gems, so go read it.

“Reflections on Trusting Trust”

Ken Thompson

Turing Award Lecture

Published in “Communications of the ACM, Volume 27, Number 8”

August, 1984

https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf

Ken Thompson’s paper preceded the first “in-the-wild” PC virus (an important distinction that we will return to) by two years, but the concept of computer virii was well… on the brain.