I was a teenage computer virus author

On to Plan B

I had been studying since I wrote the original Leprosy and I had grown a bit more ambitious. So Leprosy Strain B – as I decided to call it – was going to be written not in C but in 100 per cent assembly language. That would both give me more control and make it easier to keep the size of the program down (that 666-byte length was still important to me).

Top of mind was this idea that the original Leprosy was now instantly detectable, because everyone had seen it. What to do about that? After all, I couldn’t keep writing these things forever.

What I decided to do is have the virus encrypt itself, albeit in a trivial way. It would generate a random number and use that to XOR its own code – a reversible binary operation that would make it harder to recognize the virus, because each copy would be slightly different.

If I’m honest, probably this achieved absolutely nothing. I imagine that just the part of the code that decrypted the rest of it left a large enough signature that any antivirus software around would be able to detect it with no difficulty. But it was a challenge for me as a budding programmer, and adding this feature certainly made me feel clever.

Leprosy-B source code

I needed a hobby, so I taught myself 8086 assembly language. Maybe I needed a better hobby

I called this feature “Cybernetic Mutation Technology™,” mainly to thumb my nose at a company called Omen Technology, which made communications software that was important at the time but which also had the habit of trademarking things. Like I said, I was a bit full of myself in those days.

So I wrote Leprosy-B, I released it … and here is where the story gets a little hazy, because it was about this time that I lost interest in the whole project. Who knows what distracted my attention away from writing computer viruses. Horror movies? A job? God forbid, girls? It’s lost to time, and I really had nothing more to do with it after that.

Almost famous

That is, I never heard anything about it again until a couple of years later, when my friend Thad had gone to university, got onto the internet, and discovered a digital magazine about computer viruses called 40HEX.

This self-described “down and dirty zine” was created expressly for the purpose of distributing the source code to computer viruses so that people could learn from them. In short, it was exactly the sort of thing I would have liked to have seen from the virus community when I first set out to write Leprosy. And wouldn’t you know it, the very first issue listed the source code to Leprosy-B. Maybe I inspired them. Who knows?

“While the virus is no great wonder,” the editors of 40HEX wrote of Leprosy-B, “the simple encryption method is what is used by almost all viruses.”

That line gave me a couple of minutes’ pause. Was it actually true? I had no idea what methods other viruses used, because I had never seen the source code to a virus before. With Leprosy-B, I was just trying to dream up a way to make my virus harder to spot, by making it look slightly different each time.

As it turned out, though, that was hardly even necessary. After all, mine was the public domain virus. I had given away the source code. And sure enough, hackers all around the world took it and made dozens if not hundreds of variants, each slightly different.

Some of them actually added new features, sometimes to do even nastier things to PCs than I had dreamed up. Others just changed the text strings so that the virus would give a shout-out to their girlfriends – or, more likely, would-be girlfriends – and while I wasn’t impressed with their work ethic, I thought it was sort of sweet.

Misspent youth

40HEX called my virus “no great wonder,” and it surely wasn’t one. It was never really meant to be. There were already viruses at the time that would terminate and stay resident, infect the boot sector of your drive, disguise themselves when you did directory listings, and various other stealthy tricks. I still maintain, though, that none of that was really very impressive compared to the programmers who were writing actual, useful software that helped people do their work, organize their lives, and everything else that personal computers are good for.

At the time I was writing my viruses, in 1990, I had never heard of Richard Stallman, the Free Software Foundation, or the GNU General Public License (GPL). And it took maybe four or five more years for me to leave BBSs behind and get onto the internet full-time.

But a couple of years after I released Leprosy-B, this Finnish guy named Linus Torvalds released the Linux kernel version 0.12 to the internet under the GPL, meaning it was Free Software. The GNU Project already had a slew of free tools to go along with this kernel, making it a complete, Unix-like OS that you could have for free. And the world started changing very rapidly after that.

I missed my opportunity to be part of something good and useful to the world by just a few short years. Instead, I was a cyber-vandal. Ironically, though, when I set out to make Leprosy the public domain virus, where the code would be free and available to anyone who wanted it, I had the right idea all along.

CONCLUDING NOTE: For archival purposes only, you can find most of the original Leprosy source code and manual files on GitHub, here.

 

Pages: 1 2 3

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.