> 1. > Please tell something about yourself and about your project > "VirusShare". About your hobbies, maybe the music, you prefere or > about what you do in your free time... > How did you get the idea for VirusShare? I'm Forensication, a full-time digital forensics examiner and lone administrator of the VirusShare malware repository. VirusShare was an idea that I started working on in early 2011 when a friend of mine was trying to find a particular malware sample. After digging through my own collection and trying a few others I knew of with no success, I started sketching out ideas about what would become VirusShare. The idea was to have a semi-open malware repository that would be readily available for malware analysts, forensic examiners, and incident responders to have access to malware samples they may need when the original sample may not be available on the system they have on hand. Think of the classic "a virus did it" defense: A computer gets infected with malware and some bad things were then done with that computer, but unfortunately the antivirus eventually did its job and eradicated the malware before anyone was able to preserve the system. Now all that's left is a log file reporting the eradication of the malware and the user of the computer claiming it was the virus that did the bad stuff. Not having the exact sample may make disproving the virus defense difficult, but having access to a large set of malware samples that have the same detection or similar characteristics will make it easier to chip away at the problem and hopefully find the truth of the matter. > 2. > When did you get first in contact with computer viruses and > computers in general? What made you become interested in it? My history with computers goes back quite a bit. I was extremely lucky to have an uncle who was really into the early computer scene and let me work with machines like the Sinclair ZX-80 and the Apples I through IIc. High school brought about exposure to IBM terminals, UNIX and networking in my typing class where I spent more time browsing the server than practicing my typing. College kept the path going and I finally had a shell account and access to the internet. Well, it wasn't quite the internet as we came to know it, but it was a start. The first virus I recall learning about was Michaelangelo when I was at university. Being an architecture major it really didn't mean much to me at the time, but years later after transitioning to the very technical world of 3D rendering and eventually IT management, I found myself entering a world of constant threats. Melissa, ILOVEYOU, and Kournikova were the start of an ever increasing onslaught of malicious code. Add in the spam and adware and I had plenty to keep me busy and learning. > 3. > What do you think about writing viruses for educational purposes or > developing new techniques for self replicators to spread, infect, > mutate, ...? So in general what's your opinion on the VX'ing scene? Every piece of software is just a tool designed to serve a specific purpose. In the case of "malware" it is the malicious intent of the user or creator that makes it bad. Malicious is also a matter of perspective. For example, the Sysinternals suite of tools are extremely helpful for system administrators and also happen to be regularly blocked by some security software because they have been labeled "hacking tools". While I find the label a bit extreme, the point the security vendor is typing to make is many of these tools have the potential to be used for good and/or for evil. That being said, I find it really interesting to see the lengths some programmers will go to evade detection and solve their particular technical problem. > 3. > In March 2012, the virus library VX Heavens has been closed by the > Ukrainian police. What is your opinion of librarys like VX Heavens? > What do you think about the fact, that herm1t wasn't prosecuted > because someone spreaded a coded but because Hungary increased their > efforts do stop cybercrime and so they raided VXHeavens, even though > he didn't do anything illegal. VX Heavens was a great library and one of my first sources of malware outside of the samples I occasionally had the (mis)fortune to encounter. One thing I thought was really cool were the samples that came with the original source code. While I am not totally certain, I think I have all of the samples that were in the original VX Heavens library before it was taken offline. > 4. > Some people say, that the AV industry or one AV company is > responsible for herm1t's prosecution. What do you think about that > rumor? I fail to see how the AV industry would benefit from shutting down VX Heavens and prosecuting herm1t. > 5. > Did you ever write a virus yourself? Did you publish it? > So here is the first part I haven't written any intentionally malicious code. With my luck, I'd be caught if I tried. In my days as a sysadmin I wrote a good number of tools that had the potential to be used for malicious purposes, but were created to make my life easier or solve the occasional technical problem.