Ghauri2 is the name of Pakistan’s Nuclear War Head Carrier. I selected this name because it scared the hell out of many at least here in Pakistan.

I don’t know what should I say…. I like to spread the virus……….. J I think spreading a virus is also a nice exercise and experience. After all one can also call it as part of VX Scene. OK! So enough of it.

How did I spread Ghauri2. Let me see.

1. I got hold of some email addresses from web pages like penpalnow.com and other. People from different part of worlds. Sending them the files and trying to convince them to open the files which they did in most of the cases. For those seeking for love I send them a nice poem titled "Valentine poem of the Millenium" (After all it was the end of millenium then). Anyway the poem is there at the end of this file.
2. In my engineering univ there was 1 separate computer connected to laser printer. Everyone who wanted to have a printout had to insert the floppy in that computer as it wasn’t connected to the LAN. Guess what I infected that myself and the rest spread the virus did it self. Nice… I loved it…. Specially when the computer of the Head of Department R&D got struck with it. Anyway the virus is still alive in my univ.
3. On mIRC -> my NicePic …. (he he he ….)

Norton AntiVirus Heuristic Analyzer (BloodHound) had given me serious problems while I was writing my 1^st ever virus a .COM infector GHAURI. Anyway who cares about DOS nowadays.

In Macros things were changed. I tried different things like writing encryption key to a Basic’s binary file and reading it in another variable, using log and other engineering formulas but one way or another it did get hold of it. I started commenting all the lines one by one to see which is the most sensitive line which I can cover. It came out to be the names of files that I used to export and import my code to. So what I did I set the filenames like: -

Guess what ? It worked. Just a small action and there goes all the artificial intelligence of Mr. Norton. ;-)))))

At that time (somewhere in Sep 1999) I tested it with NAV 2000 to make sure it is not detected. McAfee failed badly as I think it doesn’t have any heuristic scanning ability at all. I send the virus copy to different people. It passed away all the channels except that of IEEE (Institute of Electrical & Electronics Engineering). As their Anti-Virus got hold of it and cleaned it on spot. I am still not sure which AV they used. Most probably AVP because it’s not available here in Pakistan (at least 1 drawback of Pirated software that you won’t find all the nice stuff). Otherwise maybe I would have stepped over AVP as well.

Nearly all of my friends know about my…… should I say hobby. There was a software competition being held in my university. As there are different software competitions being held in Pakistan time and again, so in order to have a different thing they asked me to write something different. It was 9^th Bit. Thanks to "Lord Julus" (one of the most versatile programmers I think !!) who helped/ guided through it.

I made the front end in VB6 which created a complete Win32 ASM file, compiled it and linked it in the form of a Virus infected file. Asking the user multiple options like Payloads, user code insertion, Encryption, Polymorphic and Metamorphic Effects (it’s effects by inserting garbage or do nothing effect code). Giving it slight a touch of floating skulls and things like that.

3 judges were to come and grade each of the software. The 1^st judge gave me 88/100 (the highest the 1^st day) and left saying that I m too complicated for him. As I got the highest score, there was a lot of hue and cry from the other programmers side as they didn’t know anything about it themselves.

The next 2 days there were bunches of students and teachers from different universities of the other participant approached and sort of went into arguments. Quite often at times the Organizing committee was to be called to control the situation.

Then something went drastically wrong. The other 2 judges didn’t know anything about ASM and didn’t understand even a single bit of what I said. They behaved as if they were understanding everything what I was trying to explain, but I can bet they didn’t understand even a single bit of it. Anyway to my surprise one of them gave me 24/100 and other gave me 6/100. God Damn it! I don’t believe it.

Anyway for those 3 days it really shudder the universities environment and the exhibition went on fairly well…… ;-)

Unlucky for me after that I joined the Mil Academy.

1 nice thing about 9^th bit or any WIN32 ASM virus that I noted is that u write the simplest virus and u would be the unluckiest person in the world if ur virus get caught by AVs heuristics. They surely fail badly in Win32 Environment.

Nowadays I m in the Mil Academy. Most often applying mud and wet grass on my face for camouflage and concealment. J . What to talk of using the computers. Anyway I have been learning different things. Reading different Ezines and other stuff.

The experience of Gahuri2 was great.

I was writing an encrypted, polymorphic virus powered by some metamorphism when the computer crashed and all my effort went to waste. Maybe when I’ll pass out from the academy I will rewrite it once as that I think will be a true virus.

I was full of erroneous statements

On the DOS and on NT

My life was full of bad commands

Not even A single access given.

But now that you are with me

My heart's data type is known

You turn my integer pointer

Into a character pointer.

You download things from my memory

Onto my new folder

My life was once an assembly code

Now it's in C++

I love the way you program things

My NT server that you can fix

With the arrays and pointers.

You have built a software of my life

I cannot survive without you

You are just like my mouse.

You have programmed my life.

Increased the size and made it recursive

And now I'll end my poem

Don't press Control, Alt, and Delete