ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.001]ÄÄÄ The Virus Meeting mini-magazine ------------------------------- After 3 hours, we abandoned the windows nt ring0 and started something like real project. Wintah under acids has good ideas. - Why not a Virus meeting magazine ? Reply: - Send here the joint bastard Oh, we've gotta start sumthing you know... writing and editorial or something for a coolio magazine yeah Time for greetings ? Nahh... Now, get the index and watch what we have thought for you these fuckin smoked days in Amsterdam. INDEX vmmm.001 - This crap vmmm.002 - Greetings vmmm.003 - Introduction&News vmmm.004 - Vmmm crew vmmm.005 - About 29A#4 vmmm.006 - About the meeting vmmm.007 - MMFs and Memory Paging vmmm.008 - Macro Shit vmmm.009 - Virus writers joint vmmm.00A - Why Russia ? vmmm.00B - How stooopid cartoons can kill your mind ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.001]ÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.002]ÄÄÄ ÕÍÍÍÍÍÍÍÍÍÍÍ¸ Õ¾ GREETINGS Ô¸ ÔÍÍÍÍÍÍÍÍÍÍÍÍÍ¾ From all of us- Personal greetingz: abasl0m: come back AssemblerHead: Still workin' on your COM encrypted virus? 8-) Atroce: Saludos desde Holanda !!! benny: you are great, using thread make you much,..., macho billybelcebu: stop infecting .tmp file Bit Addict: cool you could also attend. man, you're a drinker! :-) bozo: keep enjoying the meeting bronstein: when will you realise ? cicatrix: Continue VDAT it rocks cicatrix: (please, add starzero as virus writer) CyberYoda: You're so fucking serious darkman: you have to box with your big friend billyb. Duke[SMF]: Big shit Evul: /kick #virus Evul Thats abuse of power Eddow: Keep NT ring0 coding F2: to save Griyo: I wanted the exclusivity on win2K virus Gigabyte: You are really sexy Int13h: I heard kuarakhy infect 21 targets now.... Ioctl: thats a greet JackyQ: You have to write tutorial on how to interprete your code LethalMind: Well, when will be Champagne + resident pack released? X-D Kryzia: ya vendras a la siguiente ;) Klunky: come back to VX scene Mental Driller: All this time preparing a poly ? Damn man, wanna watch it MidNyte: you will have to send us gangja Mist: can you release your productions othewhere than yar hd ? MrSandman: bring me a beer Murkry: Wake up, you have to code! Neko: hiz ! Owl[FS]: The magazine of your group rocks hahaha Pockets[FS]: Learn from Owl ! Qark: We still remember your code Qozah: Why didn't you come to Amsterdam ? Quantum: Any more win32 stuff ? :)) Rajaat: Thanks for all !!! Raid: BASIC> Beginners All Purpose... Retch: We've been laughing all night long about your photo !!! Reptile: Stop Coding Start Smoking Sopinky: Viva la Argentina !!! Spanska: Hope you are eating a lot of ice-cream you know ? Super: How is it going your operation in Africa ? O:) T-2000: Criticise "29A technique" and use pewrsec ? You're mad. Tcp: You come to Moscow !!! TheMight: Cool meeting ! Trevelyan: So New Zealand is in Europe ? huh ? Veedee: Slam #5 ? Vecna: Quiero verte programando otra vez :) VirusBuster: You're marrying ? Oh, deep shit man Wintermute: Come back on virus-writing ! Yesnah: Write something and stop hanging out on #virus :) Ypsilon: did you finish it???????? Z0mbie: cool ideas man, keep on touch Group greetingz: 29A: U rock! X-D CodeBreakers: Stop interviewin' your own members! |-) DDT: Come back, guys! FS: Your mag was very cool, so new techniques, we're impressed IkX: Yer t-shirt rules PANiC: OK, proc se treba neprejmenujete na PaNNA ??? X-D Slam: Still alive ? UC: When da fuck u leave your lame and start coding? VLAD: Tha old way, return u guys ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.002]ÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.003]ÄÄÄ NEWS&INTRO ÍÍÍÍÍÍÍÍÍÍ Many time has passed since we last released something. Never ? No, not that much, but 1999 is beeing a long year. New techniques and viruses arrive, and we are proud to write some of them, anyway we don't know which ones. This is the II european virus meeting, this time it's in Amsterdam, and we think next year we'll be at Moskva, so we also meet people like Z0mbie and S... I mean, cool people like Z0mbie. We are working in this kind of improvised magazine, but don't expect so much; we're stoned and unable to code by this moment ( you remember the meeting is in Amsterdam ? ) so we'll just try to write some articles about what comes to our brains, such as new techniques for joint rolling. Enough intro for the moment, watch out the magazine. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.003]ÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.004]ÄÄÄ So here you have us, the meeting crew: Benny BitAddict B0z0 Darkman Eddow F0re GigaByte Griyo Itchi Maia MidNyte Rajaat Reptile Rhape97 StarZero TheMight Wintermute etc Well, most of them aren't writing this, but who cares. These was the meeting crew. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.004]ÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.005]ÄÄÄ 29A#4 ÄÄÄÄÄ 29A is not dead at all; and the next magazine can maybe be better than the ones before. Maybe, we lost some very gewd coderz, nevertheless, many other kewl guys r sendin' us new and new materials, some of those guys r now members of 29A. This time, we have tons of perfect work, our own and contributated, such as new viruses, new revolutional techiques to introduce u, new tutorials and articles, etc, ready to be released. We know some members left the group; so you could think 29A was unstable. We lost coders such as Vecna, Winter, Sandman, Z0mbie and Jacky, and we miss their code, but we have some new people such as Mental Driller, Benny and Qozah which will help us continue the magazine maybe better than ever. 29A#4 will be released. We have a lot of shit to publish, and we'll have more. Just keep waiting ;) ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.005]ÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.006]ÄÄÄ THE MEETING ÄÄÄÄÄÄÄÄÄÄÄ From here, we can't remember a lot what we've done this days. We got the coffeshop-eat sumthing-coffeshop way so we can just tell you we visited really a lot of coffeshops. Bad stuff is we can't remember anything in a chronological way because we were so stoned or so tired. We can't even recall the names of the internet coffeshops we infected with our viruses. Some of us knew each other in person by the 1998 meeting in Madrid, some more new came and some from the other year didn't. You can know our names just by watching the "crew" part anyway. Yeah, Amsterdam is beautiful, and has a lot of ganja, putitas and monuments, that's for sure. Sometimes it's light, sometimes is dark, yeah, they have night and day too. OK, the meeting officialy started in 16:00, 5th of August in Amsterdam, outside of Golden Tulip hotel, but Darkman, B0z0, GriYo and Maia (GriYo's girlfriend) arrived some days sooner. Benny and Itchi (Benny's friend) arrived in 11:00, and together with otherz, they went out to walk a city and visit some coffeeshops. Stoned, they went to hotel, when was the official meeting. We met many ppl, but I can't remember them all. We met: Reptile, GigaByte (with her grandpa), MidNyte, Rhape97, The Might, Rilo, f0re (with his friend), Wintermute and otherz (sorry to anyone, I forgot). Then (that was about midnight - we was waitin' for Rilo, and that was late), we went to city to explore local (every) coffeeshops. I can remember, Benny with Itchi took the photo. They were sittin on the chair, below the biiiiig picture of some Jamaican man and smoking weed. And after everybody was stoned (that was a deep night), everybody went to hotels or to Rilo's house (60km off Amsterdam). The night (or morning?) was finished. Next day we went, as usualy, to coffeeshop(s) to breath a local air. Some of us r still breathing air X-D. Then, we met StarZero with Eddow and we went to celibrate their great presency to coffeeshop and stoned went to sleep. Third day was very strange. We (which sleeped at Rilo) couldn't come to Amsterdam, becoz all da day was very rainy. That time, we was breathing THC and nicotin at Rilo's house. In the evening, we went out to coffeeshop. We were smoking/drinking there for 4 hours! After everything we went to cinema to see some funny movie (Mummy was that). Imagine, that u r stoned and drunk and sittin' on your ass for one and half hours. To sleep we went, when it was 3:30. At home, we was smoking to 6 o'clock. Fourth day, argh! We got up at 10 o'clock (Rilo switched on the radio with some heavy metal music ;) to catch the train to Amsterdam. Hard to remember what we did in the fourth day. Smoking. That's it, man. Oh, and SexMuseum. Not so porn for us anyway ;P ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.006]ÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.007]ÄÄÄ MMFs and MEMORY PAGING ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ This is not an "innovation" article, I'm not telling you anything new; instead of that, I'll try to explain the basics on memory paging and why are MMFs possible. MEMORY PAGING ÄÄÄÄÄÄÄÄÄÄÄÄÄ When you are in a Windows environment (well, also UNIX ones of course), there are two kind of addresses: we'll call them "physical" and "virtual" ones. The difference between them two is that the "physical" address points just to the memory in that specific address; the "virtual" ones can point to anywhere, even the hard disk. In example, you can watch many process starting at their address "400000h", at the same time. That address is the "virtual one", as each process has to be in it's own virtual space and can't watch or touch any other process's contents. So, the redirection of the virtual address is done by paging the memory. In most systems, memory is divided into 4 Kb blocks, and that's called a page. In example, it's page reference can tell us that the real address is 01214156eh, and we will just watch another one, the virtual one. Let's see a picture from this ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÚÄÄÄÄÄÄÄÄÄÄÄ¿ ³Physical Addresses³ ³ Hard Disk ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÀÄÄÄÄÄÄÄÄÄÄÄÙ + + + + + + + ³ ³ ³ ³ ³ ³ ³ ÃÄÅÄÅÄÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÁÄÁÄÙ <ÄÄÄÄÄÄÄÄÄ Translation ÚÄÁÄÁÄÁÄÁÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Virtual Addresses ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ That "translator", as I said before, can translate to hard disk or physical addresses; it's specially done to manage swapping in multitasking environment. Let's say that you looked at a page descriptor. One of the things in that page, would be a signal telling you if it's on the hard-disk or in the memory. Now, imagine you wanted to access the contents on that page. Apart from checking if you can do that, if that page isn't in the main memory (i.e it's in the hard disk, as virtual memory) you will generate a page exception, and the OS will load the one in the disk to memory so you can access it (there is a big problem on computers that is called "overpaging", just think what having so much pages with this structures can make, you could be all day making page faults) NOW MEMORY MAPPED FILES ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Now I'm showing you the beauty of Memory Mapped Files. Bad stuff some watch it as something new but Unix have had this MMF system from really a lot ago. Well, the idea behind Memory Mapped Files is that the physical address doesn't necessarily have to be in swap zone. So, you can redirect addresses to random locations of the hard disk. Now, when you open a file mapping, it will not just load the contents in memory, but configure the page descriptors so they point to the file. So, when you access it in memory, you generate a page fault and that specific part of the file is loaded. So you access the file only when you require it; fast and cool way of handling them. When you close the mapping handle, all changes are saved and so; just as in swap (I know you knew this last stuff, ok) Isn't it really beautiful ? ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.007]ÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.008]ÄÄÄ MACRO SHIT ÄÄÄÄÄÄÄÄÄÄ Hello all macro coderz. Here u have our stoned opinion, what's about macro stuph. This is opinion of all 29Aerz and IKXerz, and etcerz, which were present on meeting. Macro code is form of pseudocode, that is usualy written by users and coderz, which don't use their brain as fully, as they should. Macro virus is form of virus, written in macro language, which can infect file by copyin' macro(s) into it. Average macro virus is about 20 text lines. Ain't it wonderful? OK, when I heard about macro viruses, I tried to code my own. I made macro copy stage, some payload and it all was written in 20 minutes and it was about 15 text lines. As I did, every other lamerz can do this. And they are doin' it! Since 1995, we can find about 2k macro viruses "in the wild". Many of those viruses r in fact really silly. They can only copy macros, display message and delete whole harddisk. Macro virus can code everybody, who has a brain. Many viruses contain a destructive payloads, and that's the worst. This is the worst problem on computers. OK, everyone has a PC and so there are many dumb users unable to press "NO" to "do you want to execute the macros in this document"; bad stuff of this is that lamer quantity also becomes bigger and bigger, so we have these kind of "lame viruses for lame users" that are programmed most by stupid kiddies. If you don't have anything really special to show us in a macro virus, just DONT CODE IT. Please, stop this crap, stop making our brains die because you are unable to code assembler. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.008]ÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.009]ÄÄÄ ÖÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ· Ö½ Virus writers joint Ó· ÓÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ½ We're here showing you a new technique we just developed. Go for it: the ingredients you need: - some buds of white widow (if you don't have any near you, you may also some high qua- lity ind00r weed like super/ red hair skunk, misty, orange bud..) - 1g of skuff (this is the hash which is made of the red hair of pure sensemilla weed.. if you don't have this right now could also use some black bombay with opium as alt- ernative) - smoking papers or a b0ng/vaporizer if you want to kill yourself - 1/2 - 1/3 of a cigarette - a tip - dry fingers - something to drink - a lighter - a cd or a video cover to roll on if you aren't in a coffeshop - a couch or a bed to lie down after smoking - money to buy something to eat or somthing to eat and now roll the joint, hit the bong or whatever and get stoned as hell like we are ri- ght now. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.009]ÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.00A]ÄÄÄ Why Russia ? ÄÄÄÄÄÄÄÄÄÄÄÄ Why not ? - whores are only about two bucks - Moscow isn't expensive at all (if you know where to go) - Zombie lives there - There's another virus ermh... living there, kick some asses there - We can burn AVP - We can burn DrWeb - In Africa it's too hot - Natalya Kasperskaya deserves a good fucking - Natalya Kasperskaya is only about two bucks - Natalya Kasperskaya is Eugene Kasperskys wife (also worth two bucks) - We can meet all the Stealth group maybe ? - We love vodka, and wanna GOOD Vodka ( so next meeting we will be drank but not stoned ) - There's a lot of monuments to take photos from (and tell at home we were "cultural visitors") - We want to see the preserved corpse of Lenin - They have an alcoholic president, and we want to follow his way - We want Milla Jovovic for two bucks ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.00A]ÄÄÄ ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.00B]ÄÄÄ How stooopid cartoons can kill your mind ======================================== No secret to us, but apparently most antivirus authorities are oblivious to this fact, is that there are numerous ingenious ways to put virus writers more and more to the place of oblivion, and retire from the scene. Much has remained secret to the outside world, but there has to come a time we have to come clean with ourselves and explain our periods of complete unproductiveness. Unlike many people think, these periods of inactiveness are not due to serious things as study, girlfriends or arrestments. Instead we can blame it on the massive growth of satellite channels which we can view on the television. One of these novel channels that makes a virus writer incapable of tearing his gaze from the screen is Cartoon Network. This is a 24 hours non-stop mind controlling machine, feeding you with 24 frames per second painted blasphemy. In 85 countries, on 4 (in)continents virus writers are able to see this, and they will once they have seen idols like Dexter (or DeeDee for Gigabyte), Johnny Bravo (who of us doesn't want to be a stud with females all around him, ehum?) or Cow & Chicken (for the people equipped with the same IQ as Aristotle). I would not be surprised if the broadcasting of these time-consumers are the combined efforts of antiviral authorities like Alan Solomon and Jim Bates, and the New Scotland Yard. After all, Cartoon Network is an English product, and you can find their website at the following URL http://www.cartoon-network.co.uk but be advised: only look there if you aren't a virus writer or good at it anyway :-) ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[VMMM.00B]ÄÄÄ