Tuesday, February 9, 2016

The Malware Museum

Mikko Hypponen and Jason Scott at the Internet Archive have put up the Malware Museum:
a collection of malware programs, usually viruses, that were distributed in the 1980s and 1990s on home computers. Once they infected a system, they would sometimes show animation or messages that you had been infected. Through the use of emulations, and additionally removing any destructive routines within the viruses, this collection allows you to experience virus infection of decades ago with safety.
The museum is an excellent use of emulation and well worth a visit.

I discussed the issues around malware in my report on emulation. The malware in the Malware Museum is too old to be networked, and thus avoids the really difficult issues that running software with access to the network that is old, and thus highly vulnerable, causes.

Even if emulation can ensure that only the virtual machine and not its host is infected, and users can be warned not to input any personal information to it, this may not be enough. The goal of the infection is likely to be to co-opt the virtual machine into a botnet, or to act as a Trojan on your network. If you run this vulnerable software you are doing something that a reasonable person would understand puts other people's real machines at risk. The liability issues of doing so bear thinking about.


David. said...

And Jason goes one better with The Windows 3.X Showcase, with over 1500 Windows emulations, mostly of shareware. Sam Machkovech at Ars Technica has an interview with Jason and many of the details.

Jason Scott said...

Glad you like it, David!

As mentioned in the description, these EXACT viruses on the site have all had all writing routines removed from them - they can't infect anything, even if they were running on actual vintage MS-DOS boxes. It was a big surprise to me how much this has been done by virus researchers over the decades - the ones on the archive come from three different sources.

When putting it up, I had the option of putting in real, live DOS viruses as well, but I opted to go with the smaller, 100% safe set, just so we wouldn't have to put an asterisk in the description. That said, I might make a more risky one down the line.

As for the possibility of cross-contamination among a Javascript-based VM and the actual filesystem of a machine running a browser, I absolutely agree the risk is there. Maybe not for the DOS virus being transferred to a machine, but that a malevolent program running in the Javascript VM (or maybe just Javascript) exploiting across a browser. I'd be a fool not to say that isn't possible; although it seem extremely unlikely.

Either way, hundreds of thousands of people got to experience DOS and viruses in this past week, so it's a pretty good week for Emulation.

David. said...

Seth Morabito, who used to work with the LOCKSS Program, is working on an emulator for the AT&T 3B2. For you youngsters, the 3B2 was a PC-sized 32-bit machine built by AT&T starting in 1983 that ran Unix. It used technology from the duplex fault-tolerant computer at the heart of phone switches such as 5ESS.

David. said...

More fun than malware! The Internet Archive now has a huge collection of Amiga software.