Interview with Stormbringer
Interviewer: T-2000
Tell us a bit about yourself, hobbies, music, etc.
Well, these days I'm a professional software engineer, mainlyfocusing in computer vision and systems programming. My hobbies include
electronics, coding (useful stuff generally), traveling around, and drinking lots of wine and stolichnya.
As far as music, it depends on the mood. My tastes run from artists like Loreena McKennitt and Mary Jane
Lamond to Switchblade Symphony and Metallica. I still pull out stuff like Rob Zombie, Iron Maiden, and King Diamond on long
coding sprees. Danzig's Black Aria is another favorite, and Enigma's first album or
two make great "zone" music.
How did you get your handle? Is there a specific meaning behind it?
I started out as Black Wolf, which I'm still rather partial to. No special
meanings, 'cept I like wolves. I choose the handle "Stormbringer" (from Michael Moorcock's
Elric series of books) as a one-shot thing for Ludwig's virus writing contest, and it ended
up sticking. Also went by Jesus Christ of the Trinity, but then that's another story. If you're
the Messiah and you know it clap your hands!
How and when did you start out with computers?
I've had a computer for almost as long as I can remember. The first one I wrote programs
on was a TRS-80 Color Computer with 16K of RAM that my parents got. I remember hooking it up to my
tape deck and messing with the treble until it could load the programs - that was fun. Learned Basic
on it, and messed with Peek and Poke a lot. It wasn't until high school that I started really coding,
though - picked up C and 80x86 asm when I was around 14.
Which programming languages do you know and which ones do you prefer using?
Most days now I use C++. I also find occasional use of C and 80x86 assembler for low-level
code and optimized routines. Aside from that, I dabble in whatever the language du jour is -
Perl, Java, shell, whatever. Only ones I really haven't learned much appreciation for are Haskell and
Lisp - they rarely fit the way I think through a project.
How do you layout your source?
Whiteboards and/or graph paper are my general first step. Sitting in a coffee shop (preferably
one that doesn't know what a Frappuccino is) with a few books, some paper, and a pen usually gets the
best results for me. Once I've figured out most of the details of what I want to do, I'll do a high
level design. I've used Rational and DOME, but honestly still think paper is best for most projects
with one to five coders. After that, it depends on the project. Sometimes I start with the high-level
stuff (a GUI, simple functionality) and code down. Other times, especially if there are some high risk
or high complexity portions of the code, I'll code bottom up in at least those sections to ensure they
work as planned. Since I'm mainly a C++ coder these days, I'm a big fan of seperating code out into
the old one file = one class style. I probably overkill on the comments unless I'm on an unreasonable
deadline, but I've found that it makes maintenance far easier later regardless of who is doing it.
Besides, I started out on code disassembling viruses, so comments come pretty naturally.
How and why did you start out with virii?
Back in the day they were a kind of "black magic" in the computer world. You could only get
viruses either by being infected, or by finding one of the underground VX BBS's. I got hit by Stoned,
and decided to disassemble it and learn assembler at the same time. Then, at one point the moderator
of a Fido network went on vacation or something and a bunch of VX'ers posted their BBS numbers to the
virus channel. I called one up, and began downloading viruses to disassemble, then would upload the
disassemblies to get credit to download more viruses. During that time I also wrote cures for various
viruses that would show up.
Eventually I saw one of them, my disassembly of Trident's CLUST virus, published in Urnst
Kouch's Crypt Newsletter. That was my entrance into the real "scene", and me writing for Crypt.
I mainly experimented with things, like "Black Wolf's File Protection Utilities" and such and got
a pretty good grip on the techniques. When Ludwig had his "First International Virus Writing Contest"
I entered a couple of viruses under the name Stormbringer, and won. I met the P/S guys on IRC soon
after, and the rest is history.
Anyway, on why... Viruses were not commonly known about, and the information that was
available was hard to get - it gave them a certian mystique. Once I had started, it also gained
me some notoriety which I have to admit I appreciated at the time. And, of course, I was very
interested in programming in general - viruses were the way I choose initially to learn low
level system programming. It was a game to me, an intellectual excercise to bypass all current
methodologies of protection and do something "new". There was also a level on "one-upmanship"
between virus writers at the time that kept me going. I had no intention of my viruses actually
hitting the wild.
What (virus-)groups are you/have been a member of?
Phalcon/SKISM and the Trinity (of Revelations, the one with only one issue <g> ).
Are you active in other scenes, or have you been?
Not active in any scenes since '95 or before, although I keep an eye on them. I cracked
a few encryptions with some friends (Word Perfect Office and the like) and hacked around a bit
back then. I occasionally show up incognito at a hacker convention though.
Are there irl people that know of your vx 'career'?
Anyone that read the PC World or Rolling Stones articles, saw the television news interviews,
or kept tabs on the virus scene at the time is fully aware of who I am. I've told previous employers
as well when there was going to be publicity to avoid problems. My friends knew, even back then. And
of course, I stood up in front of the entire AV industry and told them who I was.
Which virii have you written and which ones do you like most?
Almost every virus I wrote was either a test of some new trick or some tongue-in-cheek joke.
I'm kinda partial to Jump.466, although Hermanni was the only AV to recognize why it was called that
to my knowledge. Shifting Objective was one that I was proud of back then, as although it really
lacked finess in its methods it was the first .OBJ infector. Crucifixion probably got the best ratings,
and CorporateLife had some neat tricks (some of which I must say I thought of after looking at Musad
Khafir's DOS1 virus). Dark Angel liked my BATVIR enough to make fun of me with BLAH. Of course, the
greatest achievement of all of us back then was PLuRG.
Have you ever released any of them in the wild? If so, how?
One thing that a lot of people mistake with me is that I was entirely "VX" then became a
"traitor" or something and went AV. Under the name Stormbringer, long before quitting writing
viruses, I wrote several AV programs to clean up other people's messes that had made it into the wild.
Things like ISMBRVR for removing stealth MBR viruses, and KillSMEG for detecting/removing Pathogen and
Queeg. I never intended my viruses to get into the wild - it was a game for me, and a way to improve
my programming skills and technical knowledge.
At any rate, KeyKapture2 did make it into the wild, which is why I quit after helping the
guy clean it up. I've been told it has made additional appearances from time to time, but I've never
had any of the other accounts verified. As far as I know, that would be the only one, and it's never
made the WildList.
Were they destructive?
What constitutes a destructive virus? No, they didn't have nasty payloads, but yes they
could cause inadvertant damage and considerable lost time. KeyKapture2 would eventually fill a drive
with keystrokes, assuming you typed a *lot*. Just about any virus in an environment it's not wanted
though is destructive. Just look at all the time wasted these days on such lousy macro viruses.
Anyone who's held a real job in a company with an internet connection knows that a lot of time is
wasted on "harmless" viruses. I've had to spend several evenings and weekends fixing stuff when
some clueless user in accounting clicks on an attachment - times when I had much better things to be
doing.
Are any of your virii in the wild?
I doubt any of them are anymore, although as I said earlier one got out at least once.
What is your view about destructive payloads?
What's the point? If you're doing it for the love of technology and an interest in the
workings of a system, then obviously destructive payloads make no sense. It changes the action from
the naive negligence of a curious teenager to a criminal act of wanton destruction. If you're doing
it to "bring down the system", then you don't know enough about the "system" or life in general.
Destructive viruses have never nor ever will "bring down the system". What they will do is cause some
student, researcher, or professional to loose a considerable amount of time and effort, possibly
causing them to fail a class, loose a grant, or loose a customer. You have to take responsibility for
the damage you cause, and realize that the people damaged are real people - not just some faceless
company. I've dealt with people that were in tears because some virus messed up their system to the
point that they couldn't work on it, and they had work due the next morning that was critical to them.
And you can't blame the victim for being too stupid to understand viruses. Each person has his/her own
specialties - it's like blaming a heart attack victim for being too stupid to perform heart surgery on
him/herself. Viruses, when released into the wild, cause damage to real people. Destructive payloads
cause even more.
How do you name your virii?
I always named them in some way related to what they did. E.g. Crucifix had the crucifixion
joke in it, Shifting Objective did .OBJ infection, etc. For the most part, the AV community kept
the names - a bit of confusion on the Pro-Alife vs. Rescue virus, but the rest stuck.
What are your favourite e-zines?
40Hex of course ;) I've been out of reading them often for a while, but VLAD, 29a,
and Phrack were good to pass the time. This one's pretty good too... wait... who am I being
interviewed by? Oh yeah... Matrix rocks ;)
What are your favourite viruses and why?
PlayGame.2000 will always be a classic. Casino is good to show just how cruel a virus can
be. Blah was a masterpiece of insanity. Hybris is quite impressive, but of course PLuRG will always
be the ultimate. Beware of PLuRG!
What are your favourite AV's and why?
I generally use F-Secure. It's got two of the best engines in it (Frisk's and Kaspersky's) and
is kept updated. When it has bugs, they aren't the "oops - we deleted your hard drive" style
everyone has come to love and expect from Network Associate's products, and are generally remedied
quickly. The old pre-NAI Dr. Solomon's was always good - shame to watch that one get muddled, and
Norton's has gotten better than it used to be at least.
There's something lacking though in the pure scanner solutions these days for corporate
protection. For a home computer, I can protect it using DEBUG.EXE and by disabling Windows
Scripting Host and Word's macros, but for a corporate situation one needs better protection
than *any* of the current AV programs offer. I remember when the LoveBug hit a place I was
working at their AV software missed it. When I got involved and tried to update the software,
the AV web sites were so swamped I couldn't get through - so I had to write my own disinfectant
on the spot to get us back online as quickly as possible. There needs to be a way to prevent
new viruses from entering companies. Nick Fitzgerald has been championing some methods to do
this in alt.comp.virus and at Virus Bulletin meetings for quite some time, and I think he's
on the right track.
Which persons in the scene do you respect most?
The people who are in it for learning and fun. I started out with Trident's Masud Khafir and
P/S's Dark Angel as the two people I respected the most in the scene. Made a lot of friends and met
a lot of people over time that I could list, but it would get pretty long.
Which ones do you disrespect most?
People in it for politics (Falc, Aristotle, etc) or just to cause some misguided harm. Some
of them are just kids and will learn. Others just need psychiatric help, or at least some heavy shock
therapy.
What VX technique are you most interested in?
I always glance at whatever the "novel" technique of the time is. Mutation engines were
interesting at one point, as was full stealth. The whole morphing concept is still intriguing, and
Hybris' updating technique is another landmark.
What do you think about macro/script virii?
For the most part, I think it pretty much removes the learning aspect from the scene. Who
*can't* write a macro/script virus? The languages were written so non-technical people could do stuff,
and unfortunately now non-technical people can write viruses. It definitely dropped the bar for
who can write them - all those people that were endlessly asking how to infect someone with a .asm file
can now, thanks to Microsoft's views on security and the line between code and data. There are a few
that stand out with some unique ideas and techniques, but for the most part its even worse than the
VCL/PS-MPC glut that happened.
Can you tell us some more about that AV meeting (or whatever i'll fix the
name when i can think of it ;) you went to?
I applied for a job at Sophos, and was completely honest with them about my past. I
still maintain that I could have easily gotten hired if I had lied (there *are* ex-virus writers
working in the AV, just no openly honest ones), but regardless - they didn't hire me and basically
sent me a nasty letter saying how evil I was. I apparently defended myself well enough in the
response, as they forwarded the letter to Nick Fitzgerald (then the coordinator of the Virus
Bulletin conference and editor of the magazine of the same name) and he asked me to speak
at the conference.
So I went. Several people were very kind to me, others kept their distance, and of course a few
were absolutely venomous towards me. My topic was basically why I could be extremely useful (and no,
I wouldn't give out the names of virus writers - a few people asked) to the antivirus industry and
should be considered for a job, rather than just catagorically rejected and painted as an evil
person. Mr. Bontchev was of course one of the less polite when I spoke, although I managed to
pull a nice round of applause at his expense for his efforts. In the end, the one standing reason
for them not to hire me that I really couldn't reject was that if any one company hired me, all the
others would sick their marketing droids on them "exposing" the fact that I once wrote viruses
generating public relations problems for my new employer.
They did take a vote, of just the business people outside of the AV industry, as to whether
I should be hired by an AV company. I won overwhelmingly. But of course, none of the AV people
voted. Only a few said later they would, and on all such cases either they weren't in a hiring
position or the offer was forgotten later. On the bright side, I got quite a few complements on
the size of my cahonas.
One amusing event happened after I spoke. Some guy came up to me with his wife, and accused
me of being the reason that he hadn't spent any time at home with his wife and kids for years - he
had been trying to save the world from my code. His wife looked so totally embarrassed by his
behaviour that I didn't have the heart to rip him as I was initially thinking. I'm glad my life has
never been so unhappy as theirs seemed.
I have to say, in retrospect, that I'm glad it didn't work out. My salary's higher, and I
don't have any chance of getting bought out by NAI ;) But at the time the end result was a lot of
disappointment, and quite a bit more press than I might have liked.
Do you have any goals VX-wise?
If anything, to make people think. Other than that, I'm a bystander.
Is there any way you can be reached?
Once in a blue moon, I'll be on #virus. Occasionally I'll read/post alt.comp.virus. Emails
sans viruses are accepted at wolf@fc.net, but don't expect a quick reply.
Any plans in the future as a coder and in general?
My career has been going quite well as a coder. I'm expanding my skills and expertise in
several areas, playing with cool toys, and generally doing quite well. I've had the opportunity
to see a lot of the world because of my career, and am thoroughly enjoying it.
Any last words/greets?
Greetz to Dark Angel, GHeap, Lapse, Priest, sCryptKeeper, Meta, Qark, Quantum, Antigen,
Urnst, HSpirit, Nightmare, God, Sarah Gordon, Hermanni, Ludwig, Knowdeth, Virogen, and a hell of a lot of other people.
Beware of PLuRG!