Skip to content
Naked Security Naked Security

Any advance on $1.2m for this virus-infested netbook?

Can you ever call malware art? That question is now up for debate as a Chinese internet artist puts a laptop full of viruses up for auction.

Can you call malware art? That’s the question up for debate this week as Chinese Internet artist Guo O Dong puts a laptop hosting a collection of viruses up for auction. Well-heeled patrons certainly seem to think it’s art – bidding had reached a cool $1.2m at the time of writing.

Dong has infected a 2008 Samsung netbook running Windows XP3 with six of the nastiest, most disruptive viruses ever created. You’d think that for $1.2m he could have at least thrown in a desktop computer with a decent GPU.

Some might call it the Netbook of Doom, but he calls the project The Persistence of Chaos. Okey dokey.

If he wanted to highlight viruses that made a splash, he’s certainly got some keepers on his list. He chose these:

  • ILOVEYOU. Also known as The Love Bug, it was released in 2000 and spread via an email with a VBScript (VBS) file, this infected at least 45 million people.
  • Sobig. Released in 2003 and distributed by email, this was both a worm and a trojan. At one point, one in every 17 emails was said to be carrying this malware.
  • MyDoom. This 2004 worm broke SoBig’s record. It enabled the perpetrators to take over the victim’s computer. They used it in a DDoS attack against SCO.
  • BlackEnergy. First released in 2007, this malware has evolved for years and researchers suspected that it was a weapon in attacks on Ukraine’s electricity grid.
  • Dark Tequila. Released in 2013, this virus has reportedly been an attack vector against banking customers in Latin America.
  • WannaCry. Unleashed in 2017, this was the granddaddy of all ransomware attacks. It infected more than 200,000 computers across at least 150 countries.

So, is it art? Absolutely not, according to Naked Security’s very own malware guru Paul Ducklin:

If you want your very own ‘cursed laptop’ for a lot less than $1m, just connect an unpatched, unprotected device to the internet and wait a while… Actually, don’t do that. That wouldn’t be art or science either – you’d simply be putting others at needless risk during your ’experiment’.

Ducklin also wonders…

Will any of the malware authors whose intellectual property has been appropriated for this artwork come forward to ask for their cut of the money? Perhaps they might even consider travelling to somewhere like the US to file a lawsuit – how good would that be!

We’ve seen other, perhaps more innovative approaches to mixing viruses and art in the past. Back in 2008, Romanian digital artist Alex Dragulescu created Malwarez, a collection of images created by analysing system calls and memory references in popular malware strains.

11 Comments

if it was art, W32.Magistr.24876@mm would have been a much better choice. One of the effects is desktop Icons running from the mouse.

What is wrong with people? This is a stupid idea and I’m very sad that someone is making money off of it.

This could be more easily called not artistic work. But there’re many who just have a few strokes of brush on a large white paper and call them artistic or “zen” of arts; and even auction or selling for Billion!

SCA Virus on Amiga was much more visually pleasing

I’d have chosen the original Tequila virus, complete with its 80×25 text mode Mandlebrot fractal plot :-)

For a trip down memory lane, here’s my published anaylsis from 1990ish:

https://nakedsecurity.sophos.com/2015/07/31/beer-and-tequila-forever-sophosretroweek-looks-at-old-school-malware/

One word for this person:

I d j i t

Unfortunate I can’t Bold or enlarge the font, though I doubt this person would read this anyway.

Interesting that he used Windows XP (presumably service pack 3). Microsoft started pushing out the mrt.exe program (microsoft removal tool) and it gets updated and run each time Windows Update does an automatic run so all his “art” would be automatically destroyed.

Except for the fact that there are no more windows XP updates so it wouldn’t be running any. Unless of course it runs it when trying to check for updates.

My first thought, did he disable the viruses to prevent them any further spread? Somehow I doubt he did the sensible thing.

I have to admit I wasn’t interested enough to check exactly what he’d done but I think the “safety” he applied was to turn off everything that he thought might be used for networking. Whether he physically removed the Ethernet and Wi-Fi hardware; whether he gummed up the USB ports; whether he blocklisted the network drivers (was that even possible on XP? I forget) I can’t tell you. I think that if you were to remove the hard disk you would find all the original malware ready to copy off. $1,200,000 sounds a lot of money for a few malware samples…

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?