PATRICICA M HOFFMAN AND VSUM ============================= -------------------------------------------------------------------------------- OK, well here's what VSUM has to say about some of our mutations, that we released in the last issue, along with about 3 others (which didn't came in the VSUM 3.09, and wasn't included in the 3.10)...Will see what happends after the Fido-NET attack Anyway! Read whole this article, and tell me later whats your reaction of VSUM!?..Gosh, it's FULL of Rubbish!! I know this is a very very long article, but read atleast our information and comments about the viruses here. -------------------------------------------------------------------------------- VSUM: Immortal Riot: Received in August, 1993, Immortal Riot is a memory resident infector of .COM programs including COMMAND.COM. It installs itself memory resident at the top of the system memory, but below the 640k DOS boundary in 3,072 bytes of memory. Interrupt 21 will be hooked. Immortal Riod infect .COM files when they are executed. Infected files will increase in size by either 1,054 or 1,055 bytes, or may have the first 1,054 bytes overwritten by the viral code. The virus will be at the beginning of the file. The program's date and time in the DOS disk directory listing will not be altered. The following text strings are visible within the viral code in all infected file: "Senseless Destruction..." "Protecting what we are joining together to take on the world.." "METAL MiLiTiA [iMM0RTAL Ri0T] SVW" The first text string above will occassionally be displayed as a message on the system monitor. At this time a system hang will occur. Origin: Unknown August, 1993. -------------------------------------------------------------------------------- IR comments on: Immortal Riot: Hahahah, Patty made that description worth SHIT. It doesn't over- write files at all, and that extra SVW in the last text string, NO WAY..So, Patty talks lots of shit, that's for sure, so hey.. VSUM, a trip on LSD with magic dreams? :) And what the fuck does she really mean with Origin: Unknown? Well...don't really ask me! But I can guess that she added the "SVW" (Swedish Virus Writers?), instead of place the right origin (..SWEDEN!..) Anyway, who really cares about it! ;) Get some real VX-contact in Sweden, AT&T isn't really hard to use! Btw! check what you write, "Riot" as Riod".. -------------------------------------------------------------------------------- VSUM: Bad Brain 1.2: Received in August, 1993, Bad Brain 1.2 is a 554 byte variant of the virus described above. Infected programs will have the first 554 bytes overwritten by the virus. The following text is visible within the viral code in all Bad Brain 1.2 infected programs: "The Thing That Should Not Be" "He searches" "Hunters of the shadow is rising" "Crawling chaos, underground," "out from ruins once possessed" "Fallen city, living death.." "* *.COM \" "Metal Militia / Immortal Riot" Origin: Unknown August, 1993. -------------------------------------------------------------------------------- IR Comments on: Bad Brain 1.2: On thisone she actually was right, one extra IQ saved is one earned? I have also found out that she LOVES to write "Unknown" on viruses, except if they are from either USA, or in some cases CANADA, unless the author himself sends them to her. I think she could atleast check a bit better with her "sources" or start programming, and look through the .ASM's herself..... -------------------------------------------------------------------------------- VSUM: Seventh Son-473: Seventh Son-473 is a 473 byte virus based on the Seventh Son virus. It infects all .COM programs in the current directory when an infected program is executed. Infected programs will have a file length increase of 473 bytes with the virus being located at the end of the file. The program's date and time in the DOS disk directory listing will not be altered. The following text strings are visible within the viral code in all infected files: "Fight Fire With Fire..." "*.COM" "Soon to fill our lungs the hot winds of death" "The gods are laughing, so take your last breath" "Immortal Riot..Death Greets me warm.." Origin: Unknown August, 1993. -------------------------------------------------------------------------------- IR comment on: Seventh Son-473 Well Patty, kinda boring mutation name on this one huh? Like first you label our "Senseless Destruction" mutation to our group-name, then label our "The Thing That Should Not Be" to Bad Brains 1.2, then we got this shitty little 473-variant name, what's up? Well, am really looking forward to see what you'll write when our SCRATCH viruses with the text string: Proud to be a Swede! Hits the VSUM, I guess, origin: Unknown (well, we spread it in the US, so you'll probably get it from some local VX board there?) as you did with the Mexican Mud (but you had atleast right there, BetaBoys was a Swedish virus-writing group), Bravo! Well, what more to say, except that you forgot (or excluded) tree of our others mutations, and well, in the Seventh Son-473, you missed one little shitty liner, don't you got the source codes from the AV-nerds? We uploaded atleast the magazine to a 30 great bbs:es in the states..so I guess it wasn't that hard to get your hands on, huh? Anyway, this line could aslo be visible in the "Seventh-Son 473" ' é]`x·u… '...Well, It was just some dully size-filling (ascii-stolen from the .COM file). It was placed between the "so take your last breath", and Immortal Riot, I guess it was some really un-necassary text, but why exclude it?..Aha..afraid to chance that it was a encrypted message, right? Well, what more to say right now, get the hole magazine, with comp- leately .ASM sourcers, that makes the virus much more easy to write about, and no mis-takes (haha..Your Handle: Miss-Take:)), have to been made!..Don't you think? Every virus writing group have comp- lained about all your mistakes.. It ain't really fair to write un- truths (lies) in your magazine, we don't! But that might be the diffrent between us? We believe in what's right..you don't huh? -------------------------------------------------------------------------------- Now we'll check what happened with the other active virus writing group here in Sweden, ANOI...Cuz their CyberCide 1.00 was included in the 3.10 issue of VSUM..God! Read hers article, and then mine! -------------------------------------------------------------------------------- VSUM: Virus Name: Cybercide Aliases: V Status: New Discovery: September, 1993 Symptoms: .COM file growth; DOS CHKDSK file allocation errors; decrease in total system & available free memory; DOS DIR command performance slowed Origin: Unknown Eff Length: 2,299 Bytes Type Code: PRhCK - Parasitic Resident .COM Infector Detection Method: F-Prot 2.09f, VNet, NProt Removal Instructions: Delete infected files General Comments: The Cybercide virus was submitted in September, 1993. Its origin or point of isolation is unknown. Cybercide is a memory resident stealth virus which infects .COM programs, including COMMAND.COM. When the first Cybercide infected program is executed, the Cybercide virus will install itself memory resident at the top of system memory but below the 640K DOS boundary, not moving interrupt 12's return. Total system and available free memory, as indicated by the DOS CHKDSK program, will have decreased by 4,800 bytes. Interrupts 09, 1C, and 21 will be hooked by Cybercide in memory. Once the Cybercide virus is memory resident, it will infect .COM programs when they are executed or opened, as well as when they are included as a part of the target of a DOS DIR command. Programs infected with the Cybercide virus will have a file length increase of 2,299 bytes, though this file length increase will be hidden when the virus is memory resident. The virus will be located at the end of infected files. The program's date and time in the DOS disk directory listing will not be altered. The following text strings can be found within the viral code in all Cybercide infected programs: "... I SHALL FEAR NO EVIL ..." ">>> A.N.O.I <<<" "**CYBERCIDE** -- FLOATING THROUGH THE VOID" "iS AROUND!" "* *I* *h*e*r*e*b*y* *p*r*o*c*l*a*i*m* *t*h*i*s* "*!*!* *A*L*L* *H*A*I*L* *D*A*R*T*H* *V*A*D*E*R*!*!*" "-=CYBERCIDE=- 01-30-1993 * COPYRIGHT (C) 1992-93 A.N.O.I DEVELOPMENT" The asterisks (*) in the fifth and sixth messages are actually a  character, or hex 0F. Users of systems infected with Cybercide may notice that the performance of the DOS DIR command is sluggish due to the virus infecting .COM files included in the command output. Additionally, the DOS CHKDSK program will return file allocation errors on all infected files when Cybercide is memory resident. ------------------------------------------------------------------------------- IR comments on Cybercide: Gee..first of all, the origin, did she just "forgot" the Swedish flag which will be shown after four o'clock on Saturdays. Would someone from another country than Sweden display the Swedish flag?..NO WAY! And that message in Swedish, Okey, it was written backwards, but anyway, you should really see the ascii text included. And what a message then! The message would make my guess at "Ultima Thule's" song called "Poltava". The song is about when our Karl XII was out kicking the ass of our Russian brother. Karl XII is the symbol for all true Swedes! Yes, we could easily say that this one comes from Sweden! Origin: Unknown..blah! try with something better Patti! He had also included much other text written backwards, and criss- cross like "Never be cruel to an Entity", and "Jaywalker is a evil fellow", or something like that (hehe:)) This might not be _that_ easy to notice, but afterall, it was written in pure ascii, and since no encryption was needed, you should really be able to see it (if you take a look at the disassembly), Hm, what can "db Never be cruel to an Entity" mean? .... And then the functions?? (Read the interview with ANOI), What happened with the "Imperial March" tune?? And the letters shown when CTR-ALT- DEL, are being pressed?? And the "iS AROUND" message?? And the "every new hour random sector trasher" ALL THIS WAS CENSORED OR EXCLUDED!!! And worst of all! How could she forgot the best STEALTH function avalible! YES!, UNINFECT! If a file is opened, Cybercide will un- infect that file. Not infect as she wrote in her's description! Just talked with Macaroni Ted, the programmer of CyberCide (was called Cruel Enity when he wrote CC 1.00), and he was REAL pissed on Patti for making this description worth NOTHING! But then again..since this VERY GOOD virus was written in SWEDEN, she just ignored all good stuffs! This ain't fair! This ain't democracy! This is sick! God! If you can't analyse a virus, then PLEASE let Mcafee or someone with great knowledge about viruses do the work! If you think that we've been a real pain in the ass for you, sorry! But we'll write some nice article about you if you could write the truth, and nothing but the truth in our common/old viruses! We don't have any bad attitude, do we?? We're not insolent, and we're not doing any ass licking. We'll be "neutral", which means, we tell the readers the truth! If you started with that, we all would be VERY pleased! I am even thinking about sending you this issue of Insane Reality so you could check the things up, and then later you might even change the WRONG information in VSUM. This is not to make us more famouse, or some- thing. We're not selfish nor greedy ones as you might think. We're just normal youth who believes in what's right. If wanna help the people who are infected with viruses, it's VERY good to know about them. VSUM surely could be the very best source to descripe how viruses works..But it isn't, and will never be if the data you've entered ain't correct! For example this Cybercide virus. You makes the victim's of this one think it's some sort of undestructive virus, and the user might not even care if his file is 2229 bytes bigger. What S/he doesn't know is that it slowly destroys their's harddrives! God! It's VERY good to know how the viruses works if no scanners finds them! A format isn't _that_ funny afterall! Hope you enjoyed this Cruel En..oupps..sorry "Macaroni Ted" :) Hope she re-writes this silly article (do you Patti?)..To lie or not to lie..that's the question. ...What?...Hmm..rubbish..better quit! :) = THE UNFORGIVEN =