Posted by: David Harley | February 8, 2016

The Malware Museum: another take on emulation

I’ve been feeling pretty old recently. Well, I am old: at any rate, past the age where anyone with half a life would be spending their waking hours walking the dog or practicing the ukulele.

Right now, though, I feel particularly old. That’s because I’ve been reminded several times in the past few days of those halcyon days when malware meant (mostly) viruses, discussions about whether worms were viruses, and whether the correct plural is virii. It isn’t, but I rather liked the explanation that it’s one virus, two virii, three viriii, four viriv and so on – hat tip to my friend and sometime co-author Robert Slade for drawing my attention to that one. Though if you’re creating a virus clock, it should be four viriiii but five virv. (I apologise to whoever pointed out to me that clocks use IIII for Roman clockfaces, not IV – I can’t remember who it was!)

clock copy

I can’t actually remember anyone doing a virus clock, but anti-virus companies did, in the 1990s, offer various awareness-raising goodies such as calendars with the dates on which payloads were triggered, virus simulations, and so on. (Whether the intention was to raise awareness of malware or of anti-virus products is moot.) And while part of my present state of depression is because I’ve been getting rid of virus-related books, magazines and even hard-copy conference proceedings, it’s also because Mikko Hypponen has revisited that era with the announcement of the Malware Museum, ‘ a collection of malware programs, usually viruses, that were distributed in the 1980s and 1990s on home computers.’ Though this isn’t an opportunity to top up your collection of malware so that you can test whether security products detect obsolete malware. Destructive code has been removed and the visual effects of malware such as Cascade, Casino and Ambulance (see screenshot below) are displayed in Javascript using DOSbox emulation.


David Harley

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: