Hunting vintage MS-DOS viruses from Cuba to Pakistan

Security researchers and enthusiasts try to understand and preserve the history of malware.

The Caribbean country of Cuba is a vintage car museum, with Chevys and Plymouths from the 1940s and 1950s, some in mint condition, others rusting away and featuring spare parts from Volgas, Ladas and other Soviet vehicles imported since the 1960s.

While classic cars appear in photographs and are often cited as a top tourist attraction, another side of retro Cuba is hidden from view. The country has some of the oldest computers still in use, and it was likely the place where the last MS-DOS viruses were seen in the wild not very long ago.

An open time capsule

Software developer Victor Manuel Alvarez, the creator of the malware research tool YARA, is a Cuba native. He got his B.Sc. in Computer Science from the University of Havana in 2001, and during the last year of his studies, he worked for Segurmática, the only Cuban antivirus lab.

Alvarez became interested in security just in time to catch the end of the DOS malware era in Cuba and, probably, in the world. “It wasn't uncommon to see MS-DOS running in some places even in the early 2000s,” he says by email. Several current and former Segurmática employees confirm this for CSO, and one says that the lab’s products are still working on Pentium III CPU-based computers running Windows XP. The company did not reply to our requests for comment.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!