Explanation of some words.
Before I start, I will explain some words. You will probably not only see these words in Viral Introduction, you might see them in the rest of the zine as well.
VX: Virus eXchanging. VXers are those who are pro-virus, collect viruses, write them, exchange them..
AV: Anti Virus. They make virus scanners. Examples are: Anti Viral Toolkit Pro, Norton Antivirus, McAfee...
IRC: Internet Relay Chat. People use it to chat, to communicate. There are many different IRC servers, Undernet for example.
IRC client: What people use to connect to an IRC server. Examples are: mIRC, PIRCH, Xircon, VIRC..
ASM: Assembly language. This language is most used to code viruses in.
TASM: Turbo Assembler. This is most used in the VX scene to assemble ASM source code into executable files. (Requires TLINK)
VBA: Visual Basic for Applications. It's a part of the Microsoft Office products.
VBS: Visual Basic Scripting language. Can be inside an HTML page. (for more information see the part about script viruses in "What is:", further down in this document.
Where to find information about viruses and collecting?
Well, I think I should give you some links to virus sites to begin with. Your first stop for finding any VX site should be coderz.net. Check the "Hosted pages" part, you'll find many interesting sites on coderz.net, and they might contain other links to VX sites elsewhere.
Coderz.net
29A
#virus Homepage
Virus Trading Center
Tally's Virus Link Reference
If you're looking for IRC channels about viruses, you could come to #vir and #virus on Undernet. Watch out: NEVER ask or beg for viruses, you'll get kicked out. And DON'T TURN THE CAPS LOCK ON LIKE THIS, it's annoying, and it looks like you're yelling all the time, or you'll get kicked out. Viruses can be found on the net, if you put in a bit of effort. If you can’t be bothered, or haven’t got the intelligence to find even a few, then you’re not likely to be helped out. People in the scene will gladly help you out if you put in the effort first to prove you’re not just going to infect someone’s computer. They need to know you’re interested in learning.
In which language are viruses written?
Mainly in Assembler (ASM), but there are also macro-viruses, which are made in Visual Basic for Applications (VBA). VBA is a part of the Microsoft Office products. There are viruses that are written in other languages, but they're a rarity. Newer is VBS, a scripting language that can be used for making worms or viruses.
How to learn how to write viruses?
If you wanna learn how to write viruses, you might want to read a tutorial. There are some tutorials in VDAT, for example. VDAT contains a lot of information about viruses, VXers, VX groups and also tutorials about how to write viruses. You can find answers on all kind of virus-related questions in VDAT, you can find some VX history, etc. One warning about VDAT though: it’s currently nearly 10Mb and can take a long time to download. It is definitely worth it though. Also, yes it is an exe, yes it is made by someone interested in viruses, but NO, it is not a trojan as I have been asked before. If you were going to write a trojan, would you make it 10Mb? I guess you’ll have to trust me on that :)
Download VDAT from:
And also the Codebreakers magazines are good.
Get them from:
Codebreakersor
Coderz.net's FTP(Most of their tutorials can be found in VDAT)
Don't be discouraged when you start out coding, once you get the hang of the simple parts you can go at your own pace with the rest.
For which words to search when looking for viruses or information about viruses?
Search for: virus, viruses, virii, VX, computervirus The best search engine to use is http://www.hotbot.com for an exact match. This can be useful when URL's of virus sites I gave you are down.
How to get into the VX scene?
You can meet VXers on IRC. Try #vir and #virus on Undernet. Read some tutorials (see "How to learn how to code viruses?"). Have some patience. You have to get to know the people and they have to get to know you. And learning how to code viruses might also take some time. If you have questions, first look if you can find the answer in VDAT before asking. Start with the first tutorial, not with the last. Don't go to the next until you've finished.
Is it illegal?
That depends on the country you live in. Usually writing viruses isn't illegal, exchanging isn't illegal either, but spreading is. So if you send someone a virus without informing the person that it's a virus, that would be considered spreading. Always check your country’s laws before doing anything virus-related. Governments don’t generally understand you can be interested in a virus without needing to spread it, if you have a virus they assume you intend to spread it.
Why do people write viruses?
There can be many reasons: challenge, fame, buck authority, they want to do something different..
What is:
an overwriter: A virus that completly overwrites files to infect them, so it doesn't save the original file. This is what you start with when you learn to code viruses. The host file is completely destroyed so the virus is noticed almost immediately. Have a look at Codebreakers magazine #1, or SLAM magazine #2.
an appender: A virus that saves the parts of the infected file that are changed, then writes itself to the end of the host program. At the end of the virus is some code to restore the program (in memory only) and run it. Because the host program still works, your virus has a better chance of going un-noticed than an overwriter. This is explained in Codebreakers magazine #2 or SLAM magazine #3.
a prepender: - A prepending virus will write itself to the start of a program instead of the end. This has the advantage of not requiring a calculation called the ‘delta offset’. Don’t worry about this yet, the tutorials will explain it when you get there, I just mention it so you know that there is a difference between a prepender and an appender.
encryption: - Encryption is a way to hide the true function of your virus code, and any messages contained in it. An encrypted virus has a decyptor at the start that decrypts the rest of it then passes control to the now unencrypted part.
polymorphism: A virus that creates a completely different decryptor every time, to avoid the AV being able to make a scan-string for the virus.
TSR: - A virus that stays resident in memory. This can be particularly effective, because any program even listed in a ‘DIR’ command can be infected by a TSR virus.
bootsector: - A bootsector is the part of the disk that is read automatically when the computer starts and loads the operating system. A virus that infects here can load before the operating system, and therefor before any AV program can be installed in memory.
a macro-virus: Infects MS Office documents, is written in VBA. An example is the Melissa virus.
a script virus: A virus made in Java script or VBS. Those languages can be used inside an HTML page, so the virus can be inside the HTML page. That's why they're sometimes called HTML viruses. VBS is also called 'Winscript'. Scripting languages are also good to make worms in. An example is Bubbleboy.
How to get recognized?
Have patience.. I hope, after you have read Viral Introduction, you've found the information you were looking for, know where to look for tutorials and virus sites and that you know what the VX scene is.
Good luck,
Gigabyte
Thanks a lot to MidNyte, for all the help with the article and suggestions, and to Spyda for the 'Viral Introduction' picture.