I think the first time I ever heard someone talk seriously about computer viruses was in 1988.
I was studying computing in the leafy home counties of England, when I played a joke on a friend.
I showed him that everytime I typed the letter “s” on my keyboard it would come up on the screen as “ssh”, slurring his words, and every now and then a loud “-HIC!-” would be injected into the text.
“You must have a virus!” my classmate exclaimed, his eyes opening widely. The truth was that he had just encountered a joke DOS TSR program I had written called “Drunk Simulation”. It hid in the background and messed around with whatever you typed.
But for the first time, I had seen how strange behaviour on a computer could raise the pulse of onlookers.
It wasn’t until December 1991, when I went for an interview to be a programmer at British security firm Dr Solomon’s Software, that I saw some real computer viruses for the first time.
It was often hard to ignore that you had a virus in those days. The New Zealand virus declaring “Your PC is now Stoned!”, Italian virus bouncing a ping-pong ball across your screen, or the Maltese Casino virus playing Russian Roulette with your file allocation table.
Sure, all of these viruses were irritating – they spread without your consent, and ate up system resources – but only some of them like Casino were deliberately destructive. In many ways, a lot of the malware could fairly be compared to electronic graffiti.
The Green Caterpillar, for instance, which crawled across your screen, eating up letters and pooping them out a shade of brown. Or the Plane companion file virus, which featured a stick man parachuting out of a bi-plane.
The media were obssessed with the Cascade virus (clearly it had decided by this point that naming viruses after the places they had first been seen was a bad idea), believing that every crime drama incorporating an infected computer had to show letters dripping down the screen like falling rain.
Even as malware turned nastier, and more destructive, there was still some art to be seen.
Virus-writing gangs like Phalcon/SKISM (Smart Kids into Sick Methods) used colourful ANSI-style art to declare that they had infected your computer.
Viruses like Phantom, with its use of 256 colour palette cycling and a large skull displayed spookily on the screen, and Spanska, with its simulated flight cross the Mars landscape, probably demonstrated a highpoint for art in viruses.
Here’s a video of Spanska in action, made by Danooct1 who has published a great collection of retro virus payload movies on YouTube.
And even though I knew malware was wrong, and not to be encouraged, I had a sneaking regard for the graphical payloads some of the virus writers were building into their creations. I recognised that this *was* a form of art.
And there was art in the malware’s code as well. Virus writers would often spend months, tweaking their code, using innovative new techniques in an attempt to make it undetectable by anti-virus products. I didn’t agree with what they were doing, but had to admire the coding skill deployed by some of them.
Like much modern art, you didn’t necessarily have to like it to acknowledge the skills used to produce it.
But then things started to change. Malware got commercial.
The reasons for writing a virus, or – increasingly – a Trojan horse, became more about stealing data, or recruiting a PC into a botnet, rather than displaying a silly message or gory graphics.
The new malware creators couldn’t care less about getting attention through visual payloads, and they didn’t care much about the quality of their mass-produced malware either. They were churning out new Trojans, unbothered that some anti-virus products spotted them generically so long as they knew there might be *some* people out there who would get infected.
They didn’t care if their latest Trojan wasn’t any good, as they’d have three more along in a minute. And they certainly didn’t want them to draw attention to themselves.
Increasingly, when people asked you what visual clues they might spot that they had a virus you had to tell them that chances were they were would see a screen like this:
Just a regular Windows desktop, with no way of telling by the naked eye if it’s infected or not.
Now, in 2013, anti-virus researchers are dealing with thousands of silent, stealthy pieces of malicious code every day, which have no intention of unnecessarily drawing attention to themselves, and mostly from families of malware that have been seen hundreds of times before.
The art has gone from malware. The commercial cybercriminals rule the roost, and the hobbyists who incorporated dramatic visual payloads and cared about the quality of their code (the artists, if you like) have largely disappeared, frightened off by stiff punishments and prison sentences.
Are we better because of it? I don’t think so.
I hanker for the old days, when viruses *did* something visual to entertain you, as you reached for your backup.
A shorter version of this article first appeared in the August 2013 edition of Virus Bulletin magazine. Many thanks to them for allowing me to reproduce the full piece here.
If you want to see the payloads of more retro viruses, check out Danooct1’s YouTube channel.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.