12.03.12

Mark Ludwig & the Black Books of Viruses

Posted in Cyberterrorism at 2:03 pm by George Smith

The intrigues of John McAfee in Belize made me curious about what a former acquaintance who had decamped to that country many years ago was up to.

Using Google, I found an era had quietly passed without notice.

Mark Ludwig, the publisher of The Virus Creation Labs, my book, and author of the infamous black books of computer viruses, had died.

From an October 2012 piece on the web:

The former [Richard Feynman] student who stands out to me the most was a friend of mine and fellow homesteader in the jungle here in Belize who, sadly, died of cancer about two years ago at age 51. Mark Ludwig had a doctorate in particle physics. For his PhD thesis, he had worked out by a different means one of the classic math derivations of modern physics. I marveled that it had not been worked out as he did it long before, but it was not a simple feat.

True? Probably.

It has the ring of it. Unlike John McAfee, Mark Ludwig was rock solid truth. However, there was always an element of mystery to him and it got stronger when he left the country for Belize and other parts in Central America many years ago. It lives on in his old books, by far the strangest and most idiosyncratic things on my bookshelf.

I knew Ludwig was a student of Richard Feynman’s at CalTech and the reference contains additional information congruent with what he’d told me over a few years back in the Nineties.

I first came to know the man in 1992, around the time of John McAfee’s hyping of the Michelangelo virus. I was interested in these contagious programs and found there was little information on their innards, their exact programming. Ludwig had written The Little Black Book of Computer Viruses, pictured, and it came with compilable source codes for a few simple viruses. (Two were basic DOS viruses. Two others, more accurately, worked at the level of the BIOS — since they operated from the boot sector of hard disks and floppies. This was the most effective method of virus spreading prior to common use global networked communication. There was a slang term to describe it — via sneaker net — or the running of disks and diskettes between machines.)

Ludwig sent me a copy of the book. This was forbidden stuff in 1992, you didn’t get malware every other day as an attachment in your spam folder, and it set me on a path into the virus underground, the results of which were published in my old virus-code Crypt Newsletter and, later, The Virus Creation Labs, which Ludwig published.

Although I have no figures, the original The Little Black Book (first edition is pictures, later editions revised the cover art) sold enough to launch Ludwig’s publishing company and make him infamous. For a time, he was successful at riling the anti-virus industry whose members were often compelled to purchase his CD-ROM virus collections so their programs didn’t miss anything.

The computer viruses in The Little Black Book were fairly simple by today’s standard. All written in assembly language, two file infectors didn’t do much of anything except slowly infect other small programs. One simple boot sector infector, called Kilroy, never spread. It had a habit of landing in a place on the hard disk the PC used as book-keeping for your files. And that immediately killed everything, requiring a clean-up.

However, the last virus in the book traveled around the world on floppy disks and diskettes. Dubbed Stealth.Boot.C, it was successful in the wild. A couple years after The Little Black Book was published I found from a colleague that it had infected quite a few PCs at the Washington Post. The friend remarked it was discovered because it often corrupted diskettes which were full of data.

The virus hid itself by copying part of its code to the data sectors on these diskettes. And if the diskette was full or near full when the virus tried to infect it, data was overwritten and lost.

The Little Black Book was eventually optioned in France through the publisher Addison Wesley as Naissance d’un virus where it came with a diskette containing its programs, the latter of which provoked a short-lived and futile attempt to ban it. I had a copy and one can see from the cover the book lost a bit of something in translation.

From 1990 to 2002 Ludwig wrote virus black books, including even a dense, tangled volume on them as artificial life interleaved with a discussion on intelligent design/creationism. (It was uncharacteristically unpopular with the usual hacker crowd that bought his paperbacks.)

The last Ludwig volume was The Black Book of E-mail Viruses (also pictured).

By the time it was printed Ludwig had moved to Belize. Prior to 2000, he told me he thought the US was either going to fall or descend into total chaos and tyranny during a Millenium Bug crisis and occasional self-published pamphlets reflected this belief. Whatever the case, he wanted out of the country.

And so Ludwig left with his family to make a home in Belize where he pursued a hard fundamentalist Christianity, a life of faith (writing a couple more extreme books on this subject) and the building of geodesic domes.

Ludwig’s American Eagle, which an interesting publisher, was not the best place for my kind of book. The audience was all wrong, terribly so, now a matter of bemusement more than regret. You need a sense of humor to get what I did. Publishing black books on computer viruses was mostly for a totally humorless audience.

Indeed, a few years after the publication of VCL the company’s bestseller was a deplorable thing called Civil War II, a “think piece” on an alleged coming race war in America brought on by Hispanic gang revolt in southern California.

It was big with neo-Nazis.

I have a complete set of the black books of computer viruses and they indeed remain unique things. (Interested? They’re all mint to new. Plus you get an official GS “I was there” provenance. I might let go of them for a handsome figure.)

A new copy of Computer Virus Super Technology — 1996 reads “It is being published in a strictly limited edition of 500 copies and sold by invitation only to qualified people.” My copy is marked “review” in Ludwig’s handwriting. A collectible edition is billed as selling for 780-some bucks on Amazon.

Computer Virus Super Technology sold for $395 (see the back cover snap) which came to about two dollars/page although it was advertised, pre-publication, at a discounted $99.

In The Little Black Book of E-Mail Viruses, Ludwig’s last in 2002 — published from Panama, the author writes about progress and his philosophy:

[The Internet] has greatly increased the speed at which information flows and is generated. So one the one hand, a fairly simple virus can infect a million computers in a week, whereas that might have taken a year in the past. On the other hand, if a virus exploits a certain security weakness today, that weakness can be patched up by a software vendor this week and made widely available by automatic internet update next week …

These facts demand a different approach to learning about viruses. Frankly, I could write a book that contained examples of viruses that could be typed into your computer and let loose which would be fully capable of destroying the data on 100 million computers in one week. The problem is, first, that I don’t want to be responsible for doing that, and I know some idiot out there somewhere would actually sit down and type in anything I printed and send it on its merry way without having a clue to what he was doing. So it would be irresponsible to print such code. But secondly, this book would become obsolete after the idiot did that because it would force vendors to change programs so these viruses no longer worked.

So Ludwig asked readers to think of viruses more “conceptually,” to do a little of the mental work themselves. For this purpose, he included exercises.

“Get on the Internet and sleuth around with a search engine to see if you can locate a copy of the source code for the first generation file infecting virus called Jerusalem-B,” Ludwig wrote, for the first such exercise.

Now it’s an elementary task.


Time blows away everything. The physical reality of these books and what they contained are difficult to describe to people who are now growing up on smartphones and iJunk. Will apps for doing stupid, non-essential and unproductive things outnumber trivial PC viruses? Yep, and soon.

Comments are closed.