Computer viruses, trojans and worms

THE VIRUS HISTORY PROJECT
A museum of malicious software from bygone days

Main repository : The Virus History on GitHub



NONE OF THESE FILES SHOULD BE ABLE TO HARM MODERN SYSTEMS IN THEIR STORED FORM
Most of the samples will simply not execute on modern operating systems. A few might; for example batch files or macro viruses - these will be zipped with password: "history".

That does not mean you should be careless around unverified content. There are no guarantees as to safety, so please know your way around malware and always use a VM if you want to research these files. And be aware that they very much are detected by antivirus products. Downloading these to a work system is likely to earn you a concerned visit from the IT department.

The period from mid-1980’ies until the end of the century was an incredibly important period in cybersecurity.

Nowadays, malware are commercial tools of theft and fraud - commoditized, automated and churned out in millions of samples. Although some of them break new ground, 99.99% of them are uninteresting and discardable.

However, the early malwares weren’t. They often explored entirely new concepts and weaknesses. They were sometimes pranks. They were sometimes social statements or personal posturing. They often showed messages or had screen effects. And a handful were destructive. In this era, we saw replicating software - what became known as computer viruses - that targeted multiple operating systems and platforms. There were huge computer worms, traversing networks. There were destructive programs, the origin of the moniker ‘trojans’.


This history is fading out.

These old files are leaking out of history, though bitrot, deletion and unindexing. My own collection was added to the Norwegian AV company Norman when I joined them in 1998 - and that Norman file database was many years later just deleted when the company was acquired, files by then irrelevant for the product. Many of the old virus files may still be located in other antivirus companies vaults but they’ll be hashes among billions of hashes, all context gone, and fairly useless.


What this collection contains

In the period from 1990 to 1998, I was incredibly interested in the computer virus phenomenon. I developed a database system called AVID (AV-ID, get it?) to compare detections between different antivirus products, a sort of pre-VirusTotal comparison mechanism. As part of this project, I built a computer virus collection that rivaled many AV products in scope. Remember, this was before the incredible proliferation and automation of the 2000’s. Viruses were manageable. To make sure the detections were consistent, I also personally maintained, analyzed and replicated most viruses.

As I mentioned, I gave my collection to Norman when I joined them. HOWEVER: I saved a backup on IOMega ZIP drives, stored them in the basement and forgot about them. I stumbled upon them when cleaning up earlier this year. I had to buy a used drive online (god knows where my old drive is), but luckily it worked, and I was able to restore the collection with just a minimum of read errors.

image

This collection is what I am now making available. It won’t be relevant for most of you. You won’t learn much with regards to modern day cybersecurity. But of you are an uber-geek, interested in concepts and history, then this collection is for you.

Note that it is not yet complete - I am missing one or two zip drives where I had A-B file infectors and boot virus samples. They have to be here somewhere, I’ll add those when I find them.

You will also see that a lot of samples have unfamiliar file extensions (*.vom, *.vxe). I had an automated process renaming executable file formats *.com and *.exe to avoid running the programs by accident. Files with the .boo extension are boot/mbr images.



What more can be added?

As mentioned, this is an effort to preserve history. But all these viruses have more context than I usually have. Such as who made them, and what was the motivation? Any anecdotes, any war stories? Virus creation was very much frowned upon at the time, to the point of being career-threatening. However, for these DOS viruses, statute of limitaton must have expired. I really doubt anyone cares 25 years later - at least as long as you weren’t doing large scale damage. I know for a fact that some virus creators went on to have incredibly impactful careers in several areas of computing, though I won’t name anyone here.

However, if you are one such person, either author, or have stories to tell about these viruses or the period they were made, please feel free to add text files or readme.md’s in the applicable folders. Should you have good (commented) disassemblies or source, please add. If you previously have done experiments with replicating code without publishing it - if the code is no longer a threat, feel free to share. Lets keep the history alive.



Other sites

There are a few other sites that contain information about malware. Most of these are do not host actual samples, but they are valuable sources of information, and I’ll be referencing them at times in connection wth the entries here. Some of these are:



Can I use this collection for testing of security products?

lol, no.