Nav Trigger

That Time I Wrote a Virus

Virus Detected AlertIn early 2001, the company that my brother Aaron and I had started was still itty bitty. How small? Our business plan from July 2000, stated that we had 75 dialup Internet customers. That’s pretty small. Maybe even microscopic.

Until now, we had survived on our initial shareholder investments, and about $20,000 in loans I had made to the company. We had reached the point where we would do just about anything legal in order to fund our startup.

Aaron had read about a company named Email Gatekeeper that was developing a new email server that would stop email-bourne viruses. To test their software, and for a bit of publicity, the company was offering a $10,000 reward to anyone that could get a virus through their software. Since $10,000 would be a windfall for our company, we decided to have a crack at the prize.

The premise of Email Gatekeeper’s software was simple. It stripped, and quarantined, any attachments in an email that were deemed to be potentially dangerous. Essentially, any file type that could be used to run code on the user’s computer would be stripped from the email.

Aaron’s idea was simple. We needed to trick the software into thinking that the file we attached to the email was a safe. Wordpad (the free version of Word included with Windows) allowed executable files to be embedded. To run the executable file, all the user would need to do is open the Wordpad file and double-click on the executable’s icon. There was just one problem. Email Gatekeeper had thought of this. Wordpad files were on the list of prohibited files.

After some more poking around I made an interesting discovery (I can’t really remember if it was me, but I’m the one telling the story). If a text file was over a certain size the user would be promoted to open it in Wordpad instead of the text file editor. What if we simply changed the file extension on our Wordpad file to .TXT? Sure enough it worked. When this “text file” was opened in Wordpad it would be read as a Wordpad file, complete with the embedded executable.  Even better, Email Gatekeeper allowed text files!

The rest was easy. I whipped together a quick executable file (the virus) that placed a file on the user’s computer to prove that we had been there. For fun, I had it display a picture of the check made out to Aaron and I for $10,000. We embedded it in a Wordpad file, changed the extension, attached it to an email and sent it to the challenge’s email address.

A few days passed and we received a call from the president of Email Gatekeeper. Our virus had gotten through, and we had won the $10,000 prize!

When we set out to start our company, funding it by winning $10,000 was not in our business plan. We quickly learned that starting a company is way harder than it sounds. We also learned that when our backs were against the wall that we could use our whatever-it-takes attitude to find a way to press forward. It was a good lesson to learn. It would not be the last time our whatever-it-takes approach would be needed at our company.