/-----------------------------\
                                        | Xine - issue #3 - Phile 005 |
                                        \-----------------------------/

                 ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
                    The South American Virus-Scene
                   ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
                       Written by Int13h [iKx]
                      ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ



INTRODUCTION
ÄÄÄÄÄÄÄÄÄÄÄÄ

B0z0 asked me to write an article about the virus scene in South America, I
did it and here you have it :)
Firstly, I must apologize for my poor english level, my native language
is spanish and in english I can't bring you literary files :)
To speak about this activity in a big part of this continent maybe looks
like a giant task, but it isn't really. In South America there are a lot
of countries, but the virus writing is almost null compared to the
old Europe and with others continents (at least I think there are more
coders than Antartida :)
All the things that you will read in this article are according to the infor-
mations I was able to compile; I consulted AVPVE, sometimes to my fragile
memory and sometimes to other sources less trustables like Patty's VSUM ;)
South America's countries are the following: Argentina, Bolivia, Brasil,
Chile, Colombia, Ecuador, Guyana, Paraguay, Per£, Surinan, Uruguay
and Venezuela. I hope I haven't forgot anyone.



VIRUSES BY COUNTRY
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ

Surely this list is incomplete. Here are viruses from simple overwriting
level to multipartite and complex polymorphic ones. I must say thanks to
Vecna and Jacky Qwerty for the information provided about their countries.


ARGENTINA: Ada, Anti-D, AntiEnter, Androide, Anti-Win, Argentina102, Avispa
           Avfuck, Bugs, Babas¢nicos, Bengal Tiger, Camouflage II, Camale¢n
           Cancerbero, Chains, Caos, Chiche, Dad, Dan, Diablo, Dtm,DiskFull
           Dumb,  Error,  EMMA,  Ebola,  Ejemplo, Flying-V, Guillon, Halka,
           Killer,  Jason,  Jacinto,  Lapidario,  Lapiddan,  Max,  Mediocre
           Mordor,  Mutator  (mutation  engine),   Mosca,  Mr. X,  MultiWMA
           NRLG (virus generator),  Oktubre, Patoruz£, Phx, Piazzola, Piojo
           Rael,  Rosario,  Los Salieris de Charly,  Sarmiento, SFT, Tigre,
           Trebujena,  Traka-Traka,  Tigre, TVED (Trurl Variable Encription
           Device),  USA94,  Vinchuca,  Xuxa, 786,  Fisu,  Leproso,  Gripe,
           Flaco.Megadeth,  Flaco.Ozzy, Tucum n,  Jorgito, Kurt, Nightmare,
           Visite, SanLorenzo, Smuggler, Treblinka.

BOLIVIA  : Miky

BRAZIL   : Brazilian Bug, Freddy Krueger, Leandro & Kelly, Vecna, Outsider,
           OBJ overwriting,  Orgasmatron,  Nutmeg,  Ultimate Evil, Banshee,
           KissThis, Little Imp, Astronauta.

CHILE    : Chile Mediera (CHM), CPW

PARAGUAY : Angra,  AntiCPAV,  AntiCachaca,  Asterix,  Asimov,  Bar¢n  Rojo,
           Cobain, DictatorShit, DreamSpace,   Eur¡pides,  Fuxpro, Guaran¡,
           Herm‚tica,   Hernani,   Heavy  Metal,  King  Diamond,  KureLuke,
           Lancelot,  Literatura, Luque¤o.666, Mandr gora, Mbore, Mercosur,
           Morgana  Le  Fay,   Nostradamus,   Paraguay   (three  versions),
           Parricide, Pombero, PostData, Soledad, Stratovarius, Sudam‚rica,
           Tembolo, Xavirus Hacker, Xavier.

PERU     : CAP,  WM.Crema,  Win32.Jacky, Win32.Cabanas, WM.Lithium, WM.Moss

URUGUAY  : Uruguay#1, Uruguay#2,Uruguay#3,Uruguay#4...Uruguay#9, Uruguay#10.

VENEZUELA: Tabulero, ByWay.


I didn't found information about viruses written in Guyana, Surinan,
Ecuador and Colombia. Probably because they doesn't exist (I hope to be
wrong :) Virus coders that aren't present in this file, ­please!, let me
know about you: i13h@hotmail.com.
Just some of these viruses are spreaded in the wild. The Hardcore2 virus
written by Vecna (detected as BadBoot by SCAN) is travelling arround
Brazil and Argentina. Paraguay was visited by Pirate, Leandro&Kelly,
PHX and Freddy Krueger.



SOME DESCRIPTIONS
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ

These are just some viruses created in this part of the third planet:

Angra     : this is a paraguayan virus, stealth multipartite. Infects floppy
            boot sector, master boot record and COM files. Anti-tunneling.

ByWay     : advanced virus from Venezuela using the cluster redirection
            method for the quick infection of COM and EXE programs.
            Is polymorphic and stealth. Is in the wild internationally.
            Is a lot better than the ancient bulgarian DIR-2.
            A jewel written by Wai-Chan.

Cabanas   : this complex autoreplicable program infects Win32 executables.
            Is an extraordinaire sample of high code skills.
            Coded by Jacky Qwerty/29A, who is currently one of the gurues
            in the Win32 infection.

Cpw       : parasitic chilean COM/EXE fast infector. Resident manipulating
            MCB. Erases some antiviruses when they are executed. Redirects
            INT 24h. A guy from IRC told me that the author was in jail
            for his authory of this virus :-(

Flying-V  : resident companion encrypted. It was coded by WMA [DAN]

Literatura: the second version of this virus made in Paraguay is polymorphic,
            has size-stealth and is memory resident. Is a fast infector of
            COM files, it builds a polymorphic header that brings control
            to the virus code (polymorphically encrypted) which is in an
            aleatory offset in the hoste (mid-file infection).

Miky      : made in Bolivia. It hits COM/EXE files, is resident, has
            a graphic payload and lost a cluster with every execution
            of an infected file. Is a great virus, considering the
            date when it was created (year 1991)

Outsider  : the second version of this viurs infects COM/EXE/BOOT SECTOR.
            Is full stealth in files and boot sectors, is polymorphic,
            it has routine that dificults it disassembly and emulation.
            In the directory entry the initial cluster of .EXE and .COM
            programs is reapointed to the file 0ffh hidden in the root
            dir, and has the virus code. This virus can use all antiviruses
            as a vector. Magnific Vecna's creation.

Uruguay#8 : this virus rules. Programmed in Montevideo by F3161, is a
            resident infector of COM/EXE, it tunnels to find the original
            handlers of interruptions, hooks INT 9 and when it detects
            CTRL+ALT+DEL prints the copyright. Is partially encrypted in
            memory. Its mutation engine ocuppies more than 3KB, is super
            flexible and eficient. It introduced the table-driven poly-
            morphic engine, where the virus works like a compiler, this
            is one the the most polymorphic virus of the planet and the
            decryptors it generates utilizes almost all the processor's
            opcodes. F3161 db 'Assembler God'


Vampiro   : Drako's [DAN] and Zarathustra's [DAN] work. Is a tsr COM/EXE
            infector with size-stealth, it can infect to COMMAND.COM
            placing itself to the unused space at the end of file.
            It turns off VSAFE's flags before infection and turn them
            on after. Erases some checksum files of antiviruses.
            Encrypted. Doesn't infect certain antiviruses.



VIRUS CODERS
ÄÄÄÄÄÄÄÄÄÄÄÄ

Evidently the following list is terribly incomplete, there are more coders
that create life. I don't know the handle of the Miky's coder, I don't
know also the nick of a lot of brazilian virus creators.

ARGENTINA: Ramthes Jones,  Elijah Baley,  Hugo Pe¤a,  Azrael, Drako,  Trurl,
           Satan Klaus, Lapidario, WMA, Zarathustra, Somnium, Anubis, Vixer,
           Armaged¢n,  Bugs Bunny,  Cancerbero, Jason, TruchoSoftware, D.M.,
           Demeth  Knox,  JPG,  El  Flaco, Mr.Bithead, Jorgito, Mantis King.
BRASIL   : Vecna
PARAGUAY : Xavirus Hacker, Int13h
CHILE    : Cpw
PERU     : Jacky Qwerty, DarkSide1
URUGUAY  : F3161
VENEZUELA: Wai-Chan



VIRUS GROUPS
ÄÄÄÄÄÄÄÄÄÄÄÄ

Once again, my information is limited.

The most active group is DAN (Digital Anarchy) from Argentina, with a lot
of members, they has (had?) an e-zine called Minotauro written in spanish,
which reached the issue #10 far as I know. The firsts three issues of their
magazine were translated to english, thanks to the patience of Anathema :)

DIABOLICAL KREATIONS, this was a pseudo-group that I started with
Xavirus Hacker. We were the only two members. Xavirus Hacker leaves
virus-scene in order to orient his keyboard to demoscene. The group
is dead (always was:)

COEAC, Creatures of Electronical AntiChrist, another argentinan group,
also they has an electronic magazine. SENTINEL ANARCHIST and RESIDUO
were other argentinian vx-zines.

South America is sleeping yet. There are just a few groups. Almost zero.
Then, is easier the joining to external virus groups instead of creating
the own. That is what some guys thought :)
Azrael was member of the dissapeared NuKe. Vecna and Jacky Qwerty are
part of the spanish group 29A, Darkside1 is SLAM member and the crazy
who is writing this is battling in iKx's rows ;)
Before the membership in 29A, Vecna was joined to the ukrainians SGWW.



FINAL BYTES
ÄÄÄÄÄÄÄÄÄÄÄ

And that is all what I know about this topic. I would like to take
contact with other south american virus creators in order to update
this file. As I said, in South America the activity isn't very
popular like in other parts of the Earth, but there are some, a
little number but something is something :) There are great virus
coders like F3161, Jacky Qwerty and Vecna.
I hope to see growing the number of life creators. The important
thing is to take the decision and time will bring the rest.



                                                                     CD13
<*** End of File ***>