I didn't want to write a wall of text here, but my single-line dismissive comment was probably worse. So here goes:
There are so many "little details" to nitpick, that in combination it becomes unbelievable. It has a similar feel to hallucinated GPT output. Or someone with a bit of half-remembered knowledge about old computers making things up for a movie script.
>a hunch (because the disk drive was ticking once?)
>creating empty file using echo
>a 0-byte program that returns to DOS instead of crashing
>5.4" floppy disks
>duct taping the drive shut
>the size of the virus (assuming the paraphrased 76 bytes is supposed to mean something close to it, like less than 100)
I spent some time trying to write the smallest possible virus that can actually infect files instead of overwriting them, just as an experiment in a VM. I managed to get the code down to 96 bytes.
It moves itself into a reserved area in low memory and hooks INT 21h. Whenever a file is written that starts with byte E9h (common for .COM programs), the virus then prepends itself to the program. So it only infects certain programs, does so when they are copied, and also may corrupt data files that start with this byte.
I consider myself a fairly good x86 asm programmer, but certainly someone out there might have managed to make a better & smaller virus. However, anything that tiny will be limited in what it can do, and likely make more assumptions about the environment it is run in (186+ instruction set available, initial register state matching a particular DOS version, etc).
It would be very bad at spreading "in the wild", and not be found on some grandma's computer.
You're really pushing the boundaries of paranoia. I'm just a good writer. Every single thing happened pretty much exactly as I described it.
Yes, back in the day, unexpected drive activity was a sign there was an active virus. (I have 40 years experience in systems software development and know where to look.)
Creating an empty file with echo: common, standard practice. Hey, maybe it was "copy con: deadbeef.com", so sue me (like I said, I was paraphrasing..) Its also common knowledge that a zero-byte .COM is perfectly executable on DOS ..
5.4" disks - I am a systems software developer who has kept every machine I've ever worked with since 1978, and with hundreds of 5.4" discs in my collection of works, over 40 years worth. This is why the kids brought the machine to me in the first place. Want me to bust out my tape drives and card decks?
76-byte viruses, or even less, were common in those days. Your 8088/MSDOS assembly fu is simply weak. Check the book "The Giant Black Book of Computer Viruses" for examples. I may have gotten the exact number incorrect, perhaps it was 67 bytes, but whatever .. the point is the 0-byte .COM got infected immediately.
Anyway, your doubt is entirely misguided. The machine exists, we played with the virus for weeks. In a few months it'll get its caps replaced and be installed in a retro computing museum for kids of the future to learn assembly techniques and generally get exposed to old-school computer viruses in a controlled setting.
Okay, you're most likely trolling. Hexdump of this alleged virus or it didn't happen.
Just to make sure, I tested this on MS-DOS 2.0 in an online emulator[1] for a machine of the vintage you described, and it did exactly what I expected:
A> echo>deadbeef.com
A> dir deadbeef.com
DEADBEEF.COM 12
A> type deadbeef.com
ECHO is on
A> deadbeef
(starts spewing gibberish)
COPY CON can't create an empty file either.
Running an empty program (or falling off the end of this one containing the message from ECHO) will execute whatever happens to already be in memory at the time. Might work if there was another program loaded before, but not from a freshly booted system.
The disk format is 5.25", not 5.4"
Unexpected disk activity when the machine is idle would mean the virus also hooks the timer interrupt and does stuff in the background, instead of (or in addition to) infecting programs you actively run. Implementing that on an OS not designed for multitasking is certainly possible, but would take quite a bit more than 100 bytes of code.
As for viruses of 76 bytes or less being common, AFAIK all of those are direct-action overwriting. Meaning that they don't stay active in the background, and any infected program will no longer work. Too simple and destructive to be viable.
There is apparently a memory resident 76-byte virus, however note that it simply overwrites programs when they are copied, is "Rare", and was discovered in 1994, quite late for the machine you described:
Oh p'schaw, you are the troll. Copy CON: can create an empty file, you just don't know how to do it.
An 'empty program' such as a zero-byte .COM file created with COPY CON: is loaded into memory by DOS, and thus attackable by any virus set up with the suitable vector to do so.
5.25" was supposed to be typed 5¼", duh.
Unexpected disk activity when the machine is idle would mean the virus also hooks the timer interrupt and does stuff in the background, instead of (or in addition to) infecting programs you actively run. Implementing that on an OS not designed for multitasking is certainly possible, but would take quite a bit more than 100 bytes of code.
False. Read more virus code.
I don't care for your conclusions, which are merely fallacious and ill-intentioned. The machine exists, as does the virus, and it'll be in a museum in a month or so, folks will play with it. That's all that matters to me. Your faith in your own knowledge doesn't impress me.
