Throwback: The Malware Historian
47:18 Share

Hey everybody, hope you're doing well. Hope you're enjoying the start of summer. We got one of my favorite episodes for you here today. My schedule was a dumpster fire this week. Scott's was a dumpster fire as well. It was dumpster fires all around. So we're bringing you a throwback episode to enjoy. Brought to you of course by Push Security. I'm not going to waste too much time introing the episode since the episode itself starts with a very long introduction.

that kind of lays all this out, other than to say that our interview with Dan O'Octwan, aka the Malware Historian, is one of my favorites. It was really fascinating. If you like the kind of history that tells you a lot about the present, you will like this one. I sure did. Without any further ado, this is a throwback, the Malware Historian. In 1986, two brothers in Pakistan, Amjad Farooq Alvi and Basit Farooq Alvi ran a computer store.

It was called Brain Computer Services. Just like a little one-room shop in Lahore, Pakistan. And the store, it's bumpin'. Because rumor had it that those like 1980s brand name programs, stuff that regularly retailed for hundreds of dollars elsewhere, was conspicuously affordable there. For example...

When it launched, WordStar, an early word processor, was priced at $495 US and an extra 40 bucks for the manual. At Brain Computer Services, as reported in Time Magazine in 1988, you could get a floppy of it for a couple of bucks. I'll leave it to you to imagine what was going on there, Scott. I would never be able to suspect what was going on there, where you could buy...

A non-branded floppy with a copy of the program for dollars versus hundreds of dollars. That's a legacy that I was not a part of, that whole wares thing. I was not there for that time. You wouldn't know anything about that. I wouldn't know anything about that. Brain sold software. They even developed some of their own, some medical stuff. And business was good.

Now remember, this was 1986, so the idea that followed, which might sound really obvious now, was extremely novel at the time. And the idea was, what if they were to include, on all of these floppies they're selling, a self-replicating program? A form of copyright control. So that the software, whether the stuff they were developing or the third-party software that they were selling at just bargain basement prices, wouldn't get copied and resold.

In the early days, like the original IBM PC virus brain was written as a sort of copyright protection tool by two brothers in Pakistan. That's Dan, aka the malware historian. We're going to get back to him. The software replaced the boot sector of a floppy disk with a copy of the virus and moved the boot sector somewhere else. And there's really two important things about this virus. First, it was basically harmless.

It avoided infecting hard disks so the user's data was never at any risk, just the software that was supposed to be on that floppy. And second, it displayed a message on the user's screen, which read, "Welcome to the Dungeon. Copyright 1986. Amjad's Private Brain Computer Services." And then it listed a physical address, "730 Nizam Blok, Alama, Iqbal Town, Lahore, Pakistan."

And then it listed a working phone number, followed by the message, beware of this virus. Contact us for vaccination. So they, so let me get this straight. They created a little virus program to prevent people from stealing their software, even though their store was probably selling likely reproductions of other people's software? Yeah. Okay. Just checking. I just wanted some clarity. Okay.

Yeah, it is a good point of clarification. Now, most modern viruses would not directly advertise the brick and mortar physical location of its developers or like a convenient phone number for contacting them. But Amshad didn't really know how most modern computer viruses worked because he had basically just made kind of the first one that would go on to go viral.

Because it was on hundreds of thousands of floppy disks that it started making their way around the world with his phone number in it. And eventually, the phone starts to ring. The first call we received was from Miami University. And somebody taking care of, I think, a local magazine down there.

And she was writing something and she was having trouble with the floppy. And she discovered that she bought some extra piece of code down there inside. And she found our contact number when she called me. And I was very surprised. And I was shocked rather because I had no expectation that it will ever happen, that it will go so far.

That is edited from a 2011 documentary where security researcher Miko Hiponen traveled to Lahore to interview these brothers, creators of the first successful computer virus.

38 years later, Brain, that little shop, still exists. Brain.net.pk. You can go there. They're a Pakistani IP. They did very well for themselves. Oh my god, they're like a fiber internet provider. They're like a big deal now. Yeah. One gigabit speeds. Better than we got up in here in Canada. Literally better than what I have. Literally better than what I'm talking to you on right now. These guys are doing in Pakistan. They have their own cloud platforms. Yeah.

This episode is brought to you by brain. Anyway. But it is with them that a history begins. This history of malware. Today, malware is about big money and big data. It's about nation state actors and vast criminal enterprises. It's big business. But in 1986, it was two brothers with a crazy idea, some floppy disks and a dream. Dan, who we heard from earlier, is a historian of this world.

a malware historian. As time went on, viruses became more of a tool of the hobbyist programmer who really just wanted to have some of their creations out there in the world

Like I said before, you know, they really want to make their mark on the world. And this is one way you can certainly do it. It might not be a good mark, but you're making an impression on people. He's almost like an Indiana Jones historian. He goes to the ruins. He finds the actual old viruses, the actual hardware systems they ran on, and he runs it just to see what it's going to do. That's great. Yeah.

Honestly, great. So we called him up to hear his story just to try and understand how have we gotten from that little shop in Lahore to all of this and what kind of strange stuff he's discovered woven throughout that history. Our conversation with Dan, aka DanoOct1, aka the malware historian. Wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait, wait. What's up, Scott?

You know how there's all the like conversation about like viruses frozen in the ice and like Siberia and stuff. Oh dang. Everybody's worried about like old viruses coming up and like reinfecting and things like that. Imagine Dan did that. Imagine Dan brought back some old worm or virus from way back in the day, put it onto like a 1991, you know, PC and then bang, all of a sudden it's like running around the internet and causing havoc. Could you imagine?

Yeah, he was laying dormant on a floppy disk, one of the big ones, and he just unleashes it on the world. Modern antivirus just doesn't even pay attention to it. Totally, it's not inoculated against it. It's like, this is old. It's like, this is mad. Like, we don't need to worry about these anymore. They're not even in the database. And boom, suddenly there's a zero day for iPhones hidden on an old floppy disk from 1994. How does that work? Let's find out.

Here on Hacks, for the second time. ♪♪♪

Dan, thank you so much for joining me. I really appreciate it. Yeah, thank you for having me on. For anyone familiar with your work, you are a malware historian. And I guess just to start broadly, what does that mean to you? What drew you into this world to the point that you decided to start documenting it on YouTube? So initially, my first exposure to the world of malware was in 2004.

when my home computer was infected with a network worm called Sasser. I think it was the very beginning of May, late April 2004, so almost 20 years ago. When this happened, the computer just started rebooting forever. It would restart and it would boot up and a little window would pop up saying Windows is shutting down in 60 seconds, save all your work, and then it would just keep rebooting.

And my mom and I, she was a computer programmer, she's retired now, but we had printouts from Norton Antivirus online, you know, Sasser removal and all these different documents. And we were basically just trying everything in them to try and stop this. And eventually after several hours we were successful. But at that point I was just, I was bitten by the bug.

So I found a website. There's an antivirus vendor called F-Secure. I think they recently rebranded to WithSecure. They're from Finland.

But they had at that time pages and pages of alphabetized malware descriptions. And it wasn't just stuff like Sasser or big names like the Love Letter Worm from 2000, but they had stuff from the 1980s like Brain or the very early computer viruses like Cascade for MS-DOS. And they were all written out.

when these viruses were new and then they just sort of kept them on their website published as they advanced through the internet. So I read through all of these. This was about 2005 or so. I really started immersing myself in it and that's generally how I became exposed to it. Yeah, there was just so much information. It was super cool to read about.

I'd find some cool ones and I'd show my dad. I'd be like, hey dad, check out what this virus does. And he'd be like, oh yeah, okay son, that's interesting. But to me, it was just so cool. And it was something that not a lot of people ever really talked about. I mean, lots of people know what computer viruses are and many people blame everything that ever goes wrong with their computer on computer viruses. But to actually know the history behind them and what makes them viruses is...

Something super appealing to me. I want to get to something you just mentioned, which is what makes it a virus. But very briefly, do you know how Sasser, do you know how you got infected with it? So Sasser was an autonomous worm. So traditionally, before Sasser, worms were generally emailed out

or shared on file servers, peer-to-peer networks like Kazaa or LimeWire. Sasser was actually developed by a teenager in Germany after a patch was released by Microsoft for a certain vulnerability in a, I think it was a security, like a logon authentication service for Windows. And he reverse engineered this patch

which led to the discovery that you could essentially just scan for IP addresses, find computers vulnerable to this vulnerability, and send them a specially crafted message or packet, and it would open an FTP server, send the worm on over, and execute it on the target computer, which would then start scanning for more computers. So this worm actually globally impacted the internet. There were millions of infections worldwide.

And the only thing you had to do to get infected was be online and have a vulnerable computer. Oh, wow. And not many people had patched for this. So there was quite a lot of infections and just, it was everywhere. It was very similar to a worm the previous year called Blaster, which affected a different vulnerability, but the end result was the same where the computers were rebooting over and over. You, um...

I mean, the way I found you, you broadcast yourself letting these viruses infect a system that you control.

What what is your setup for this? Like what are your personal security processes? Like what's your rig man? Like how are you doing this? So initially I started making videos in high school when I stumbled upon a few live malware samples. I think it was the love letter worm, some random MS-DOS virus and the happy 99 email worm from late 1998 and

I think it was just some random forum post somewhere. Somebody said, "Hey, I found these cool bugs," you know, whatever. And I managed to find them and download them. And that was my first exposure to actually seeing in action these viruses and worms that I'd read so much about. And at the time I took an old desktop computer that our family no longer used. It was just sitting in a closet gathering dust. I pulled it out and just

tried them out. I was like, I wonder if this works. And the Love Letter Worm did work. I think it was a Windows XP computer and it worked just fine. This was late 2008. And that's when I started thinking, well, maybe I could format this and install something like Windows 98 or MS-DOS even and see, does this work? And

As I did this more and more, I'd find more and more things that did work and eventually found a huge database of pretty much every sample I had ever read about. I think it was a leak of Kaspersky's actual virus data from some point in time. I'm not sure who or how or when it happened, but I'm glad it did because that really let me run wild. So the initial setup was just some random old computer

As time went on, I've actually purchased period accurate computers. So I've got a 386 on the desk behind me from the early 1990s, which runs MS-DOS for everything that I infect with MS-DOS videos. That's the computer I use. I've got some others for Windows 95 and 98. I've used virtual machines in the past, which is just the virtualization software and a shared folder set up with my host computer.

But now I like to try and kind of keep the authentic feel of what you would see and experience back in the day if you had actually been infected with this stuff. Yeah, the authenticity comes through. The way you capture it on the screen, it feels... You can imagine being in a basement in 2003 and getting a dodgy file on LimeWire and a bunch of bad stuff unfolding. It's funny you mention that. I've gotten quite a few comments over the years like,

What's wrong with this guy's lights? Does he not pay enough for electricity? Why is it always in the dark? And to answer that, it's mainly just I don't want, especially with CRT monitors with the glass front, I don't want the reflections coming off of light or anything like that. So it's easy to turn off all the lights. And when I really ramped up doing this, I was in college.

And I lived with three other roommates at the time. And the only time period I would really ever have to record videos in peace without loud things happening all the time was in the dead of night. So I would always record after the sun went down, everybody went to bed. And that was my prime time to actually get this stuff done.

So much of the stuff we talk about on this show is very modern things. And a lot of that has to do with nation states going after each other, big, massive, organized cybercrime rings. And I'm watching your videos and I feel almost like a warm, fuzzy sense of nostalgia. It's not to say that some of these things aren't really destructive, that there isn't harm, but that early 2000s malware, I think it was the Lakana worm that had a Homestar Runner payload to it. Right. Like-

I guess...

One, I just want to reflect on that sense of nostalgia and almost a sense of humor some of them had and use that as a jumping off point for like, what's your favorite era of these things? You get the 80s, 90s, 2000s. What are you drawn to personally? So I am most drawn to, well, it's hard to pick an era. Sure. Probably early 2000s, late 80s to early 2000s, just generally because at that point in time, there was no way to really make malware that's only purpose, its only purpose was to, you know,

as it is today, gather money, intelligence, steal data, credentials, whatever. Back then, this was essentially the way to promote your creation to the world. So a lot of them were very in-your-face, they had calling cards, there were wars that developed between various virus groups,

There's just so much going on, they got right in your face. I especially like all the MS-DOS viruses that print out graphics on the screen because MS-DOS is a very text-based operating system. Almost everything you do is through the command line. Graphics are reserved solely for programs that you might run or windows. And these viruses, you'll just be typing away and then all of a sudden there's a giant, you know...

head in a noose on your screen saying like "sorry, I've disinfected this file but your PC is still infected" or just crazy stuff like that. And it's all these programmers making computers do things that you would not expect them and would not want them to do, but since they are computers they do what they're told. And without the protections built into modern operating systems, they pretty much had free reign

of anything they desire to do on your system. I know there are many exploits nowadays that generally lead into corporations being hacked or, you know, a workstation gets infected with something and then they move laterally through the network through a combination of NSA tools and various other high-level, super complex attack vectors.

Back in Windows 95, 98, the late 90s, there was a worm called Opaserv or Opasoft, depending on which vendor you look at. And it utilized an exploit. It kind of scanned computers like Sasser did, much slower and with much less of a chance of success. But if it found network shares that were open to the internet but password protected, there was a vulnerability in Windows that allowed it to suggest the first character of the password

which Windows would then take and authenticate and let you in. So this worm spread, like if your password was 20 characters long but started with an A, the worm would suggest the letter A. And Windows would say, "Alright, cool! Come on in!" And it's just these kinds of crazy oversights and bugs that they exploit that you don't see anymore nowadays. So definitely MS-DOS to early Windows XP, early Windows NT era.

That's the sweet spot. That's my sweet spot. You used a phrase that I like. You said it's hard to pick an era. And when you said that, I was reminded like, yeah, it'd be like me asking you what's your favorite decade of music, 60s, 70s, 80s. It's like, oh, there's great stuff in all of them. This is true. You then used the word creation. Is there an artistry to it? Like an artistic element to making these things? Kind of a creativity behind them? Absolutely. I mean...

There's even a virus called Spanska for MS-DOS, which printed out like a graphical 3D, like a rolling Mars land, like you would see from a lunar lander almost, but it would just kind of roll past on your monitor. And I believe the text on the screen was making a virus can be fun and fun.

There's just, there's an artistry that goes into it, even with some of the ways that these programmers would infect your PC. Like CIH, also known as Chernobyl, also known as Space Filler, was a virus in the late 90s that had the ability on certain Pentium systems to actually gain access to and overwrite your BIOS. So your computer would become unbootable unless the BIOS chip was reflashed.

But the way it infected files and why it got the name "Space Filler" is unlike traditional viruses of the time, which would write a little jump command right at the beginning of the file and then store all of its code at the end, which increases file size,

CIH would look for little pockets of empty space in programs and it would analyze the entire program and if there wasn't enough empty space throughout to infect it, it would leave it alone. But if it had enough space, it would carve up its code to fit into those spaces and link itself all together and the file size did not increase after that. So it was very sneaky, very stealthy, and then ultimately incredibly destructive. And it's just that kind of thing.

There is a real artistry to what can be done. That's not saying that there's not shovels, like huge boatloads of just script-kitty nonsense from back then, too, because that exists, too. But the true, I don't know how you want to say it, the specimens, the elite of their time were definitely well-made. And I guess that's why they are the elite specimens. And require a historian to dig into them.

I guess while we're on that subject, I'm just kind of going through some that pop to mind. I don't want to just go with favorites because that's too broad. Let's start with funniest. Can you share like the funniest one that you're like, God damn, whoever made this just has a sense of humor. Funniest is it's, it's hard to pinpoint.

I mean, there's subtle humor. There's stuff like the 1/2 virus on MS-DOS, which it infects your boot sector. So every time you boot your PC, it runs too. It infects floppy disks when you use them. And then every time you boot, it encrypts the last two cylinders of data on your hard drive. And it starts at the end and starts working its way back towards the middle, two cylinders at a time, tiny amounts of data. And when you try to access those encrypted cylinders of data,

One half in memory will detect that, decrypt it for you, and then present the data normally. When it gets to the halfway point of your hard disk, you boot your PC and you get the message "Disk is one half. Press any key to continue." And that's all you see. And you have no idea anything is wrong up until this point.

If you think to yourself, "Oh no, I've got a virus," and you try to do an FDISC/MBR, which rewrites your master boot record with a clean copy, all of a sudden your hard disk is completely unusable because the last half is still encrypted, but now there's no virus to decrypt it. So it's this sort of, like, "I got you" humor, you know? It's...

It's not traditionally funny. There are a lot of viruses and worms that do try to be funny. There are some that are just like obnoxiously immature in the way they do these things. I'm trying to think of a good example. Like, it's just like...

There's one, I think it's a worm called Badass. And it sends you an email that it's got a little smiley face icon. And when you run the worm, it pops up this message box. I think it's in Dutch, but it translates to like, this user cannot run the program because he does not wash his ass or something like that. Is this true? And it's got a yes and a no. And you try to hit no, but the no button jumps around and you can't click it. You're forced to click yes. And it's just...

There's really, it's up to the author to be really funny. I guess there is one that was tongue-in-cheek. It was an email worm called Dumbass. So this was early 2000s, right around the time when Love Letter would spread and Anna Kournikova and stuff like Melissa, which were mass-mailed and they'd have enticing things like, check the Love Letter coming from me, or here's a list of

"XXX porn website passwords, click here now" and then your file name would be "loveletter4u.txt.vbs" or some obvious double extension that anybody who's computer savvy would know would infect your PC but everybody else had no idea and would just run them. So the dumbass worm would send it out and it's like, I can't remember exactly what it says but it's like, "Here, just run this file, dumbass." And it's like,

obviousvirus.txt.vbs.piff.scr.bat.exe and it's got this huge chain of file extensions and it's just it's just taking the piss out of

I guess all these users it thinks are just complete dumbasses, hence the name. I don't know if it reveals something about me not being as mature as I think I am, but the washer-ass one struck me as kind of funny. Oh, it's funny. Don't get me wrong. It is very funny, but it's just not quite the highbrow comedian-level humor.

That you see on Netflix. That we crave. Yeah. Okay. So funny. Let's just swing to the other side of the pendulum. The least funny. Like, have you ever been scared or at least unsettled? So scared happened quite frequently in the early days of me recording this because I would just read about something. It says this virus activates on September 19th.

So me, having never seen it before, would put it on a floppy disk, pick up my camera. In the early days, I have these super shaky freehand cameras. It's really crappy video. Like this was me, the high school student, just shoving this camcorder in the screen. So I fire it up.

Start recording never seen it before and I'd switch to September 19th and I run it and it's just full screen immediately blaring music or like loud PC speaker and I would shake you know it it would surprise me because I'd never never Experienced it before it so these things they just pop up when you're not expecting them and it's just they can be very surprising when I think of like scary on a level of what it does

That's a little trickier. I guess it depends on how prepared you are for viruses. Stuff like WannaCry and NotPetya, that's pretty scary because that first one encrypts all your data and the second one is just a wiper. And if you can't recover from that, you're pretty much screwed. Identity attacks. Phishing. Credential stuffing. Session hijacking. Account takeovers.

Push changes that. They built a lightweight browser extension that observes identity activity in real time, gives you visibility into how identities are being used across your whole organization, like when logins skip multi-factor authentication, when passwords are reused, or when someone unknowingly enters credentials into a spoofed login page.

Then when something risky is detected, Push can enforce protections right there in the browser. No waiting, no tickets. And it's not just about prevention. Push also monitors real-time threats like adversary in the middle attacks, stolen session tokens, and even new techniques like cross-IDP impersonation, where attackers bypass single sign-on and multi-factor authentication by essentially setting up a fake identity provider for your company.

The way to think about it, it's kind of like EDR, but in your browser. Team behind it, they're all offensive security pros. They publish some of the most interesting identity attack research out there, like the software as a service attack matrix, which breaks down exactly how these kinds of threats bypass all those traditional controls. Identity is the new endpoint and Push, our proud sponsor Push, is treating it that way. Check them out at pushsecurity.com.

At GMC, ignorance is the furthest thing from bliss. Bliss is research, testing, testing the testing, until it results in not just one truck, but a whole lineup.

The 2025 GMC Sierra lineup featuring the Sierra 1500 Heavy Duty and EV. Because true bliss is removing every shadow from every doubt. We are professional grade. Visit GMC.com to learn more.

As a contractor, I don't pay for materials I don't use. So why would I pay for stuff I don't need in my mobile plan? That's why the new MyBiz plan from Verizon Business is so perfect. Now I can choose exactly what I want, and I only pay for what I need.

Right now, with MyBizPlan, get our best price, as low as $25 a line. Visit Verizon.com slash business to get started today. Price per month with 5 plus lines. Includes auto pay and paper free billing and special intro offer discounts. Taxes, fees, economic adjustment charge and terms apply. Offers end June 10th, 2025. At Sierra, discover top workout gear at incredible prices, which might lead to another discovery. Your headphones haven't been connected this whole time. Awkward. Awkward.

Discover top brands at unexpectedly low prices. Sierra, let's get moving. Something we talk about internally when we make this show has to do with like, I guess the ethical boundaries of walking the fine line between education and entertainment. Like we tell cybersecurity stories. And I'm curious, like how do you navigate the ethical implications of showing stuff, making sure that you're creating something that's like informative and interesting without

encouraging anything malicious. So, funny story actually. I do just try to show these things. I don't offer any sort of download link for anything that I feature in my videos, although that is probably the number one question. I've probably been asked that more than anything else several thousand times at least. Where do you get your viruses?

On the rare occasions people have stumbled across them, I've gotten a few that were like, "I ran this thing I saw in your video and now my computer is all fucked up. What do I do?" And I have to respond, "I'm not tech support. I'm sorry you did that, but these videos aren't just for fun. These are actual malware." And then there was another side of that same coin where I'd get a lot of people saying, "I wrote this virus that I'd like for you to make a video on. How can I send it to you?"

And I got so many of these kinds of requests that at one point I had a forum where I opened it up. I made a little short-lived series called Viewer Made My Words. I was going to ask about that. That was my next question. Yeah. So if you wanted to, you could write this and you would put it on my forum with the description of everything it does. And I picked the coolest stuff and I'd make a video of it. After a certain number of them, there was one that was like a ransomware. I can't remember what it was called, but...

It got picked up by a security researcher on Twitter who started posting about this as if it was a new threat. And they posted, you know, MD5 hashes. And they're like, here's how to detect it. It's been submitted. And then, like, the person who wrote it was like, oh, I wrote this for Dan, you know. And I was like, yeah, this isn't like an actual threat. They had, like, a backdoor key you could use to decrypt everything. But it was still...

kind of a hairy situation because I kind of indirectly contributed to this thing being created by virtue of having this series. Now, there's even, you know, there's more to this because I stopped making those viewer-made malware videos not long after that and took down my website. I just didn't have the time or the patience to moderate a forum with and everything that comes with that and

There was a group that was on Twitter that actually exploited FossHub and they replaced downloads for Audacity and Classic Shell with an MBR Trojan. So when people downloaded these and ran these, it actually opened up this Trojan that would replace your MBR with a message. It was like, "On your adventures, it seems you have failed." I'm paraphrasing, but

And then it was like shout outs to all these people. And I wrote to them on Twitter, like, could I get a sample of this to make a video on it? And they're like, oh yeah, we were actually going to put you in the greet, but we figured that might lead more trouble to you than you would want. So we just left your name out. And I was like, oh shit. So it's like, damned if I do, damned if I don't like,

is what's the way to go on this? Do I encourage people who are going to write these things anyway to send them to me and not compromise a very prominent file sharing website to infect innocent people? Or do I not do anything and just see what happens? I mean,

Even now, there's still many people that are asking, am I ever going to continue it? And right now, I think that question's up in the air just because, I don't know, there's still so much interest. And I think if the focus was on making it for older operating systems, maybe that might be the way to go. But...

Like you said, there's a fine line, and I'm not sure how to walk it at this point. You're opening a bunch of big thorny philosophical questions on that one. Right. And I guess just to stay there in a philosophical sense, do you think that, I guess the desire to create and spread this stuff reflects a bigger...

bigger aspect of human nature or societal trends or something? Like, do you think it says something about people that we want to make and share this stuff? Spread it is maybe a better word. I think it definitely does. Um, it's interesting seeing the types of people who wrote this stuff in the original days. It was generally, uh,

young men usually on, they would find BBS groups of like-minded individuals and they would trade secrets and how-tos and tutorials. And, you know, they generally at that point weren't super popular at school or they spent a lot of their time on the computer, which in the late 80s, early 90s was not the norm as opposed to nowadays with everybody having access to the internet everywhere. Back then it was very much a

I found my people and now we can do the things to make our mark on the world, essentially. So that's why there's a lot of these viruses that are like greets to all the members of our crew. So nowadays there's big money in it, which is why you see a lot of threat groups that are all basically acting to make as much money as possible.

Yeah, you talked about that pre and post monetization, almost like a BCAD thing for malware, like this really hard line in the sand. I guess I'm curious to talk about the evolution of it, where it's come from, where it currently is, and then where do you think it's going? You know, there's a lot, there's more think pieces that is useful about the rise of AI in the context of malware and cybersecurity. Where does it come from and where do you think it's going? So, excuse me, where it came from,

really was generally in the early days, like the original IBM PC virus, Brain, was written as a sort of copyright protection tool by two brothers in Pakistan. And as time went on, viruses became more of a tool of the hobbyist programmer who really just wanted to have some of their creations out there in the world.

Like I said before, you know, they really want to make their mark on the world and this is one way you can certainly do it. It might not be a good mark, but you're making an impression on people. And with that, that sort of drove the hobbyist angle from the late 80s to probably the late 90s with the advent of the internet becoming more popular everywhere.

the focus shifted from traditional computer viruses to worms, which are executables that don't infect files. They don't infect a host file to spread themselves, but instead they just spread via user interaction or an exploit. And

With these online groups, you now have groups that are starting to fight with each other. You see it before in the early 90s with some BBS boards, you know, the bulletin board systems between various virus groups and, you know, this group sucks, we're the best, and they'd write it in their virus, you know, in the little comments, you'd see, like,

"We hate these guys, they suck. Their viruses are terrible, ours are the best." You know, just back and forth. But that really exploded with the advent of the internet. So now you have the ability to reach millions of PCs around the world very quickly. As opposed to the early days where you were basically limited to the physical area around wherever you released it on a floppy disk and you hoped it would spread somewhere beyond it.

So with the internet just sort of exploding the scene, that really set the stage from the shift from malevolent fun to serious business malware. It became less of a deal of "we can write this to print out on the screen that you suck and we got you"

to now we can exploit 300,000 PCs worldwide and install a botnet on them so that they send Viagra spam. And from that we got to the very beginnings of ransomware in the mid 2000s with GP code

there was the advent of rogue antiviruses which you would be infected with and it would look like a legitimate antivirus and it would say "your computer is infected with 6,000 viruses. Buy now and we'll solve it for you." And of course none of them were actually on your PC, it was just this fake rogue antivirus, you know, shitting everything up and requiring you to pay and you can't just uninstall it. And from that

It just evolved further to, especially with cryptocurrency, what we see now with ransomware, nation state actors. It's just, there's no more joy or fun that you can really see behind the code. At least with the big stuff. There's no more joy or fun behind the code.

And I guess on that note, you know, we're on the nation state cyber crime, organized crime level now. Where do you think it goes next? See, that's something I've been thinking about. Like, where do we go next? I mean, we've had, you know, the United States and Israel create and release Stuxnet. And that's been in development since the mid 2000s.

And now we see the NSA who have developed all of these specialized exploits that have been leaked. And we see responses to those leaks. And it's just, I'm not sure where we go. I mean, NotPetya was a huge global event. And I'm surprised we really haven't had significantly more of those. So I'm guessing there's going to be something more along the lines of NotPetya where...

The target was Ukraine, ended up impacting global shipping with Maersk. And I imagine we'll see some more attacks along those lines, because with these cyber attacks, it's very easy or at least easier to obscure their source and where they're coming from. Yeah, just more of these giant global, I don't know.

with unclear perpetrators and unclear targets and unclear goals. Right. Maybe I should relaunch Viewer Made Malware and, you know,

just release some of those into the wild and then we'll have some of the fun yeah sure right back into it yeah sure that'll balance it out yeah it needs to fork we need like the really scary serious stuff that's basically like standing in for organized crime and warfare and then we need the memes man we just need the the good times yeah uh in fact in your system memes are great especially when they take over your pc and you can't do anything anymore

Okay. So I've taken up a bit of your time. I want to close with this one. I read an interview you gave years ago in kind of prepping for this a little bit, where you described malware as kind of a cultural artifact. You've spoken a bit to this, but I think you likened it to American Civil War rifles and Soviet space gear in terms of like being able to witness a technological evolution through it. And I'm curious, how do you think future generations are going to look back at the malware of our era? Yeah.

That's an interesting question. I think the biggest thing is going to be the impact that the malware has, as opposed, you know, there won't be so much emphasis on how did it spread or what new exploits did they use, but how far reaching was it? You really started to see that line of thinking or emphasis on malware with these worms as they rose to prominence in the early 2000s. But I think now more than ever,

as security has taken on new meaning for organizations and with the Apple iPhone being super locked down, it's going to be how successful was your malware able to be? Because it doesn't matter just how crazy or innovative it is if it doesn't infect much, if it doesn't make much of a difference in the grand scheme of things.

I think, you know, the larger disruption that there can be would be a measure of how we look at malware going forward. It's about how big the ripples in the pond are. Right. Dan, thank you so much for sitting down with me, man. This was a really fun one. Yeah, thanks for having me. This was a lot of fun.