Insane Reality issue #6 - (c)opyright 1994 Immortal Riot File 002 % Virus Writers % This article will be about viruswriter's, and such. First, a few interview's taken from ordinary computer magazine's will be on the topics, and then, a few comments/interview's/opinions from me and some friends, etc. will follow. I hope some find this article interesting, I mean, not even I, who code viruses, know exactly why. Nevertheless, the AV, reporter's, etc. knows _exactly_ why I do it. So, for short this is about why some people write's viruses, and what's going on inside the brain of viruswriter's. Let's start with the well known Pc-computing article.. Which included quite a number of virus writer's, and other guys in the virus arena. The main interviewed persons were, The Unforgiven (hehe), Metal Militia, Hellraiser, Time Lord, Aristotle and Nowhere Man. Also, (ofcos) The Dark Avenger (DAV) was described in a great detailed level, still he wasn't interviewed or anything like that.. For the one who doesn't know (or heard of..) all these people, here follows a short description of them: The Unforgiven - Well, you _should_ know me, heh. Metal Militia - Virus writer and member of Immortal Riot (should know him as well..) Hellraiser - Hellraiser is the former of Skism. Now, more known as Phalcon/Skism. (P/S for short..) P/S is a viruswriting group which release the 40hex magazine, and Hellraiser was in the first (5 or so.. ) issues the editor for it. He also write's viruses, and has been quite successful in that task. Time Lord - Time Lord is _not_ a programmer, and ofcos, not a virus writer either. He first was in Rabid, and probably most fame for starting the rag-war beteween NuKE and Rabid some years back.. Nowadays he's in P/S as the (according to P/S members..) only non-programmer of the bunch. He's still in "war" (sorta..) with Rock Steady's NuKE, taking party for Aristotle. When he doesn't rag, he hack systems, or atleast, claim to hack systems. :). Aristotle - This guy is the sysop of Black Axis VX board, in Virginia, USA. He's interviewed by me in Insane Reality issue #4. He releases "fake" InfoJournals in the NuKE name, and is bcos of this disliked by several people in the virus community. He's accused for "turning in" several virus writer's and hackers to SS. This ofcos, cannot be confirmed. Nowhere Man - NM is the one who wrote the first "second generation virus toolkit", this is called VCL. He was a member of NuKE, but has now retired. He's very well known by both sides of the virus-community, due to the release of VCL, and NED. Ned was the third polymorphic engine available, and was released with its fully source code in late 1992. Dark Avenger - This is with no doubt the most virus writer ever. Some consider him a true legend, due to his release of MtE. (The first polymorphic engine available..). He's now retired, of unknown reasons. My comments are between [* right bracket, star, star, leftbracket.. *]. -TU Virus, They Wrote Corey Sandler [* a.k.a. Biggus Dickus.. *] PC Computing September 1994 They lurk in the dark alleys off the Infobahn, [* Infobahn? I thought the us- dick's used the catchy word 'information superhighway'? or maybe this guy is some kinda nazi? *] these perps who love to hit and run. They do their dirty work, jump the curb and disappear from the scene of the digital grime. [* disappear? hang-up he means..*] They're virogens, the writers of perverted little programs that seduce data and corrupt programs on your computer. [* Perverted little programs? Yeh, they're kinda kinky, aren't they? *] In many was these virogens are as remorseless as the evil software they create, with no compassion for their victims, whether human or hardware. [* Yep! There is no such thing as an innocent user! *] Like a jack-in-the-box, the virus writer will hide in the dark and wait until someone turns the handle. Then pop! There he is, a harlequin with an evil grin, unexpected, unwelcom, unforgiving, vomiting bits of code and staining everything in sight. An ugly picture. [* How can he tell if we're ugly? *] These technotaggers are your worst enemy. [* Technotaggers, I kinda like that term, still I insist that greed is your worst enemy.. *] They're random beyond reason. They don't care how much cache you have on you. They don't hear when your processor screams. [* His processor screams? Shit he gotta have an A.I. machine! *] They don't twitch if your company's financial data rots just because you recalculated some spreadsheets at home one night, and it turned out your kid had just played some games from a friend's disk on your PC. And suddenly it's [* The virus or the game? :) *] over the networks and you're over at the unemployment office. [* Raising children that are game nerds is enough reason to wipe out a lamer as the person in question! *] Virogens don't need passports because they don't respect borders. They don't use names, just aliases -- monikers like Dark Avenger, The Unforgiven, Hellraiser. [* Me right after DAV :) *] If you want to find them, a few simple queries on a handful of bulletin boards can smoke them out. [* Smoke granates, watch out! *] They love publicity. [* Hrm, if the publicity is true, yes, otherwise no! *] They communicate via anonymous Internet messages with bizarre routing addresses. They call over untraceable phone lines. [* He definitly tried to trace us.. *] They're careful not to leave tracks, because they are pursued by their own personal sleuths -- virus researchers and security specialists from around the world. They're part of a weird, little symbiotic world full of intrigue, where even the good guys use on-line aliases. [* Good guys like the AV'ers? They are even worst than us, damnit! *] The virus researchers think the antivirus software developers inspire the virogens with financial rewards. [* not true *] The software developers accuse the researchers of building viruses on the side. The virogens suck up the resulting fame and infamy like oxygen. [* I rather suck on girl's titties! *] It's hard to separate truth from innuendo. Who are these virogens? [* we! *] And why would they intentionally murder an innocent passerbyte? [* ah, this shit again viruswriter=murderer! puke! *] The Criminals: Baudfellas [* I'm not punished, making me a non-criminal! *] "If someone gets a virus, it's their own fucking fault," growls the Unforgiven from Sweden. [* Yepp, so I said, but he cut my quote, making me look bad! *] The 19-year old virogen called one night on somebody else's krona, certainly not his own. [* I didn't call, Metal did. I gave him my card, bcos I didn't want to be traced.. ha-ha.. *] With him on the weak telephone link was his 18-year old pal Metal Militia. [* 16-year deaf-o! *] The line cracked like knuckles. [* Naw, the connection was perfect! *] But the voices were those of teenagers at a loss for weekend entertainment. [* Huh? He meant that I was out all weekend having fun, and called him on monday afternoon! *] Their outlook is simple: They're not responsible for what happens when, for fun, they create a virus that takes up residence in a computer's memory and gloms onto every disk that comes near as drive A:; B:; C:. If you're looking for the bad guys, insists Metal Militia, they're the users. "If they don't back up, it's their own fault. They're the ones using pirated software. They're the ones not using antivirus programs." [* Well, Metal, can't blame 'em for not using AV, can we? *] The boys [* Boys? *] from Sweden are part of a busy group of college students that has written more than 30 viruses. [* Way more! *] They publish them in a newsletter aptly called Insane Reality. They take a detached bloodless view of their antics. "We don't harm people. We harm data," The Unforgiven says sharply, to which his partner adds coldly, [* With the voice of Clint Eastwood :) *] "We're not affecting people's lives." Hey, they're not throwing bombs -- they're just building them. In their eyes, there's a difference. [* There IS a difference, still we are throwing them, by spreading them :) *] Are these two antisocial baudfellas typical technotaggers? [* I'm not an antisocial, suicidal virgin.. *] Even the folks who track virogens can't be sure. Security specialist Pam Kane, [* who? *] president of Panda Systems in Wilmington, Delaware, [* aha! That Pam, I thought it was Pam in Dallas! *] says, "I don't think there is ever going to be a virus-writer profile, like there is for an airline hijacker." [* True, I don't believe in steroetypes.. *] As with any other tagger, by the time their work is discovered they're gone. Staying invisible at the end of an untraceable phone-line, they prevent the authorities from building accurate psychological sketches. Maybe. But stitch together a picture of young, disaffected rebels, vicious with remorse, describe them to a Harvard headshrinker, and you get a different opinion. Professor W. Lawrence Hartmann, [* Tell me that he ain't gay.. *] a psychiatrist specializing in adolescent behavior, diagnoses the virogens thus: "It sounds like an adolescent joy in a newfound kind of potency. Writing a virus gives the author a sense of power and an exaggeration of one's own presence, like writing graffitti on a much larger scale." [* Yeh, writing viruses is pretty much alike grafitti, or atleast, tagging.. *] And once past adolescence, the virogens seem to be infected by what passes for maturity. One Chicago-area virus writer, no older than 25, has already checked out of the virus writing game. Going by the name Nowhere Man, he got into it to see "if it could be done." Once you've done it, it's not worth doing again," he says. He does, however, pass out software that helps aspiring virogens build their own viruses. His describes his "virus creation library" [* Virus Creation Laboratory, he means.. *] (VCL) utility like a developer selling an application's ease of use. "You don't have to have a programming background to use VCL," he says. [* True, one only have to be _extremely_ lame! *] Another virus writer in his 20s, going by the alias Hellraiser, ackowledges over the telephone, "I was always the rebellious type, so as soon as I got into computers I had to go to the rebellious part of the computer word -- the underground hacking, phreaking, viruses. When you are a kid with a computer what are you going to do? Do you want to go on public domain boards and download shareware and write messages on FIDO-net? No, you want to do something cool." [* Hellraiser definitly got the right attitude! *] Kane, however, doubts that many of the current, sophisticated viruses are the work of kids. "It takes a very talented programmer with a lot of experience," she says. [* A pure insult to Hellraiser and the Skism guys! Bah! *] That would describe one of the most famous players on the virus stage, The Dark Avenger. No one seems to know what he's avenging, but it's believed he started out as a computer science student at the University of Sofia in Bulgaria. [* Uh, what a secret! *] To Dark Avenger, his viruses are his passport. "The American government can stop me from going to the U.S., but they can't stop my virus," he boasted to one virus researcher. "The idea of making a program that would travel on its own and go to places its creator could never go was the most interesting thing for me." [* Yeh, kinda fascinating, isn't it? *] His darkest creation isn't a virus at all -- it's a toolkit he calls the Mutation Engine. [* Now called a polymophic engine, a catchy term invented by the AV'ers.. *] It lets viruses change their appearance and internal structure as they spread, making them difficult to find. He's also written a kind of schizoid virus. The fast-acting version actively searches for targets, spreading and replicating itself on the host system and any other system connected to it. A timed-release variant slowly and almost invisibly eats away at data on the disk so it's unlikely you'll notice until it's time to kiss your data goodbye. [* Kissing data? Yuch! *] He may be prolific, but he's also uncharacteristically shy. One person who's smoked him out is an American virus researcher named Sara Gordon. Asking to keep her employers anonymous, Gordon says she is an "independent researcher" at a Midwestern university who works under contract to several corporations as a security specialist. She first came across Dark Avenger's name during an on-line virus conference. [* Fido net.. *] Participants lambasted his work. That intrigued her. She, in turn, managed to intrigue Dark Avenger, first by posting questions about him on several bulletin boards, and finally by challenging him to write a virus for her. Sure enough, early in 1992, a new virus called Dedicated appeared. In it, an internal string read, "We dedicate this little virus to Sara Gordon." Eventually, using a Bulgarian dictionary and a British BBS, she posted a message to him. [* Damnit, he write's perfect english! *] He replied with a modem pen pal request: to scan her photo into a graphics file and send it to him. She did. [* Oh yeh, and Sarah isn't lying, yeh right! *] In the atmospher of paranoia in the virus underground, some don't believe that Sara Gordon and the Dark Avenger have actually spoken. But if you ask her, she'll hand over transcripts of conversations she had with him to reveal what makes him tick. [* Hrmp, I doubt it.. that interview Sarah did was full of rubbish and untrue material.. *] He told her that he imagined the viruses would hurt people, just data. In Bulgaria, he said, "PC's were just very expensive toys which nobody could afford and nobody knew how to use. [* Dav knew how to use one, and he's bulgarian! *] They were only used by some hotshots or their children who had nothing else to play with. [How about their own dicks? *] I was not aware that their could be any consequences. My first virus was so badly written that I never imagined it would leave town. I ownly imagined it could leave the neighborhood." Dark Avenger shrugged off any responsibility as neatly as an operator dropping a caller into voice mail. Like most of the virus writers, he separated his work from its effect. No system would become infected, he said, if people avoided pirated software. "It all depends on human stupidity, you know. It's not the computer's fault that viruses spread." [* Very true.. *] The Gumshoes: Choose Your Alias Tracking virus writers and their antagonists is like walking into a convention of JFK-assassination conspiracy buffs. All the players -- the authors, the security specialists, and the anti-virus software developers -- know each others' identities, or at least aliases. [* It would be strange otherwise! *] They have their own unshakable beliefs about who's really responsible for the problem of spreading viruses. [* The virus spreaders are, not the writers! *] Want wild theories? Some folks who claim to write viruses are actually cops trying to entrap the real criminals. [* Those folks are most likely stupid! *] Want cynical motives? Ask yourself who benefits more from the spreading of viruses than the developers of antivirus software and security consultants. Some virus authors claim that antivirus software developers are responsible for spreading many infections just to boost software sales. [Like Mcafee with the Michelangelo scare! *] Why would they say such a thing? Maybe it's because in the past at least one major antivirus maker has offered cash bounties to individuals or companies supplying examples of new viruses. That way, they can figure out a method to inoculate against it and sell updates. Are virus writers surviving and thriving because they have a ready market for their work? [* No, it's all ideological work, no financial rewards involved! *] That's ridiculous, counter the antivirus developers. Like police, lawyers, and judges, they wouldn't have anything to do unless some jokers were operating outside the bounds of ordinary society; in most cases, though, the antivirus software developers haven't caused the problems they're out to solve. [* There's always exceptions.. Mcafee's Scan, does that ring a bell? *] Their intentions may be pure. (That didn't stop some of them from exploiting the Michelangelo scare to the hilt, even if they had nothing to do with encouraging the virogen who wrote it.) Some of those same developers whisper that some academic virus "researchers" are actually creating the strains they claim to study. Other denizens of the world claim that Vesselin Bontchev, currently a member of the University of Hamburg's Virus Test Center, is none other than the Dark Avenger himself; he denies the charge, insisting he's hot on the trail of his fellow Bulgarian. [* Bontchev is _not_ DAV.. *] Bontchev started following Dark Avenger's trail when he was director of the Laboratory of Computer Virology at the Bulgarian Academy of Sciences in Sofia. Bontchev believes there are currently about 4,100 known PC viruses in the world, with less than 10 percent -- about 300 -- originating in Bulgaria. [* He always brags about bulgarians, like in the Bulgarian virus factory *] But he admits that's still a disproportionately large number of viruses for such a small group of users. He cites Russia, The Netherlands, [* Trident *] Italy [* Dr.Revenge *] and the United States as the major virus-producing countries. [* What about Sweden? *] Bontchev describes the Dark Avenger as "sick enough to enjoy causing trouble for other people. Most of his viruses are maliciously destructive, slightly and slowly corrupting your data, so that you do not notice it for a long time. When you eventually notice it, it is too late because the corrupted data is already on your backups and there is no way to determine which part of it is corrupted and which is not." [* Still, Sarah Gordon's DAV never wrote any destructive viruses :) *] Dark Avenger is such a creep that the one piece of antivirus software he wrote snuffs two of his viruses but silently unleashes a third at the same time. [* But the doctor worked, didn't it! *] Sadly [* Gory Sadly? *] all Bontchev has to show for five years of study are some clues about Dark Avenger's style. He writes his viruses so they have a round number of bytes, and he frequently refers to heavy metal groups such as Iron Maiden in his code. It's not clear what's going to happen if Bontchev collars Dark Avenger -- Bulgarian law being vague on the subject of hacking [* Like in all other countries as well.. *] but he does say that he knows some folks who'd like to rough him up for the data he's destroyed. [* He didn't destroy any data, the payloads in his viruses did! *] Back here in the states, another cynical detective in the virus underworld is Joe Piazza, president of the Institute of Data Security and Integrity, a computer security firm in Wilmington, Delaware. He blames the antivirus software developers for priming the market with cash bounties. "It is absolutely in their best interest to keep the viruses flowing," he says, accusing them of significantly contributing to the nasties' numbers. [* 666? *] Of course, viruses also keep Piazza and other security professionals in business, because they assess companies' exposure to security lapses. He believes companies will thrive or die based on the safety of their data. And in this oddly symbiotic world, he needs the virus writers, too. "The hackers and crackers are serving a good function -- they are letting us know what the loopholes are so that we can fix them." [* Yeh, aren't we *too* nice? *] The Hideouts: Where Taggers Dare In this rats nest of intrigue, where do the rodents hang out? Same place any group of technoenthusiasts hang out -- electronic bulletin board systems. [* Most groups has moved out to Internet.. *] On these BBSes, virus authors spew their nastiest bugs in hopes of not only getting the plaudits of fellow outlaws, but also widespread distribution. [* It's *way* smarter to give them to a few fellow spreaders on IRC, bcos AV-folks bugs the VX-boards! *] People like Dark Avenger, Hellraiser and Nowhere Man are heroes sanctified in great awe. Other authors -- those stupid or unfortunate enough to be caught (like Internet worm creator Robert Morris, Jr.) -- are categorized as either martyrs to the cause or cautionary examples of poor procedure. Not surprisingly, the antivirus makers also freqent these bulletin boards in search of the latest viruses. [* Robert was a genius damnit, and SS destroyed his life! *] A man who goes by the alias Aristotle [* We all know this guy, don't we? *] is the system operator of one of those boards. [* Black Axis VX *] At age 34, [* Is he getting younger? 35 he told me.. *] he's an old man among the virus kids. "People in the underground think because I'm 34, I'm some kind of fed," he says. [* Not bcos of that, bcos of the Priest story, damnit! *] Married and a father of two, he recently went back to school to complete his college degree and now does computer consulting work for a government contractor. He is also a self-proclaimed [self-proclaimed, yepp! *] expert on the way antivirus makers purposely or accidentally move viruses around the world. He says that on many BBSes, the system operators require users to upload contributions in return for downloads of the latest files. He accuses antivirus makers of adding a new infectious agent for each one they retrieve. [* Might be true, however.. *] Aristotle tracks viruses the way some folks track carrier pigeons. "I'd create a virus and give it out to somebody then delete it from my system, and see what happens. The first one I gave somebody showed up three days later on a bulletin board in Switzerland." [* Savage Beast's system? Well, consider that's a NuKE site, I find it not very strange really! *] Aristotle's no anomaly. A 20-year old computer store employee who goes by the initials TL [* Time Lord *] is already a retired virus BBS sysop. He's moved on to phone-phreaking -- using long distance lines without paying -- and was, naturally, calling on what he said was a temporary and untraceable line. [* I thought Time Lord only started rags.. *] TL insists that anyone outside the virus clique couldn't possibly understand the kick somebody gets out of having the power to destroy an entire computer system. "When you hack a system, it takes no brain at all to come in and nuke everything, but it takes one hell of a brain to remain on the system. It's a lot more challenging to avoid antiviral software, than to nuke a drive." As for the idea of an online community of taggers, TL compares it to a literary roundtable. Writing viruses shouldn't be illegal [* At least, he got one good opinion! *] -- it should be thought of as a creative process like writing a book. "Some people write books about suicide. That's a lot more destructive," TL insists. [* It's true.. *] "I don't think it should be illegal to write viruses, but it should be to spread them." But where's the glory in being the author of a work you dare not acknowledge publicly? Panda Systems Pam Kane has an interesting analogy for the sort of fame that "successful" virus authors might achieve. They're like some wealthy crazy who hires a theif to steal a famous work of art."The person who now owns it cannot display it. It hangs in a very small room of a very large house." [* Naw.. We can show 'em up, I believe this magazine is enough proof on that! *] She insists we're still not safe from really nasty viruses. They're not likely to be posted on BBSes frequented by the Unforgiven and his ilk, because that gives the antivirus developers an immediate heads-up that a new strain is a potential threat. [* My nick again? Shit, I gotta have impressed them, heh. Well, I rather include them in our magazine, in which they can be spread before or after they have been released.. *] "If there is a seriously malevolent virus writer out there," says Kane, "he will not put it on a BBS." [* Again, I'll put them in our magazine, and let some readers help me with the spreading.. :) hehe. *] It's the same old story: When you're walking in a bad neighborhood you gotta watch your back. But now that your PC makes the entire world your neighborhood, you've gotta watch your disk. They'll find you if you let them. % Comments about Pc-Computing % Well, frankly said, I'm kinda dissapointed. When we talked to that guy, he seemed nice, or shall we say atleast resonable? This however turned out to be exactly the opposite. That man wanted us (the virus writers, or virogens as he refer us as.. ) to look as bad as possible. Hence, his definition of our creations was the worst I've ever seen! Furthermore, he cutted my quotes i.e. changing their meaning, making me look even worse than I already am. Due to the above named reasons, I give him a A-. % CHIP - Yet another virus-article % What more? Yeh, after the release of that issue of Pc-Computing, a German computer magazine named CHIP searched virus writer's to do an article about virus-writer's and such. A guy (reporter) named Bob contacted me on our HQ, and uploaded an interview that I should fill in. I don't know if their article is published yet, or if it will be published either.. any way, here follow that interview. Please note that I'm _not_ including this bcos of I want to show you how great my ego is, rather see it as a 'safe' way to get the _correct_ message's out, i.e. before they cut your quotations, and twist's your words around, making you look like a complete malajustise mitfit. - General comments added later is between the [* and *] characters! BOB> How many viruses did you create? TU> I think I've written about twenty viruses or something like that. I often writes a new virus when my earlier creations are detected by the most popular anti-virus programs. Though, sometimes I might just write a virus to try out a new idea, technique or simply just for destructive purposes. It can vary how often and how many viruses I write. It's also a question of time. [* Now I've written way more.. :) *] BOB> Did they have a destructive payload? Yes. All my viruses are programmed highly destructive with the intensions to destroy as many harddrives as possible. [* Kinda good reason to create viruses, isnt it? Hrm, well, not completely true.. but it would be fun if they made me look like a total maniac, NOT! :) *] Though, sometimes the pay-loads used is not destructive at all, screen-tricks, music and that kinda things. [* Had to make a creative impression :) *] BOB> Did you release them (into public)? If yes, why? TU> Yes. I do release ‚m all into public such as on BBSes and companies if that is possible. They'll probably also be send to various FTP sites on Internet carrying illegal copyrighted software because of the great number of PC-users there. I am releasing them because if I wasn't, lotsa time should be wasted with debugging as well as bug fixing. Who would notice if they worked or not if they only were printed as source code in our magazine? Noone would. It's also interesting to see how far they can travel on their own and it's a pure pleasure to see reports by infected loosers. That motivates me to create more. BOB> Can you give examples? TU> Red Mercury was sent out in several infected files on all major BBSes in Sweden. We've had quite a few reports concerning Red Mercury because it will trash the harddrives a bit too often. Bad Attitude, Eternity_II and DreamWorld has as well been reported, but since they're [* were *] all complete undetectable by all anti-virus program, most of the infected users don't know which virus that blowed their harddrives or infected their files and cannot report a specific virus. It's for us though easily noticed that it's our virus that caused them the great damage. BOB> Apart from "just for fun and curiosity/interest in programming etc." - did you have any other motives for writing viruses? TU> What motivates a virus writer does really vary. It's said that we writes viruses for either destructive purposes, intellectual challanges or for publicity reasons. This is ofcause not true. What motivates me to write viruses is that I just like it. One who're writing viruses will learn to how to program assembly language and how the computer works in a great detailed level. That's not bad! But what motivates me most is that I have met quite a few nice friends, etc. Virus writing is not an anti-social hobby as most people think it is. BOB> Are you (I think so) member of a virus-writing/phreaking/hacking group currently or have you been earlier? I founded together with a friend called Metal Militia, Immortal Riot. [* Forgot to tell him that we're still alive! *] BOB> Could you give a description of the group (main interests, number, age and type of members). TU> We're mainly a virus writing group but are also interested in other topics of the underground-computing, such as hacking and phreaking. Ofcause we all program - all in our all different style and languages, the viruses is though written i pure assembly. We're four members as for now, and we don't have any plans to expand. We're between 16 and 20 years old and studying on different school's or university's. [* We're only three members as for now, since B-Real left IR.. *] BOB> Do you prefer Cyberspace-contacts to talking over a beer (or a glass of wine or ...)? TU> Well. Since I know all of Immortal Riot in a private matter and have known Raver for a very long time it's kinda natural to met as normal friends. This is the reason that we'll not accept new members even if they're great coders. [* Well, they can be accepted, but only if they know us quite well.. *] BOB> You seem to dislike av-people because of their making money out of the virus-business. So they take the users' money, viruses take away time and data - or do you object? TU> I don't dislike anti-virus people because of they're making money out of what let's say I'm doing. But what I don't like is their narrow-minded attitude toward us. Also it's sad to see such rich people like for example John Mcaffe lie about a virus capability just because he want to sell more of his crappy anti-virus program. They're mainly motivated by greed and not interested in helping their customers. If they were, they would have printed correct information about viruses. Knowledge is always the best way to avoid and get rid of viruses. BOB> About your person: TU> I think of myself as a normal youth who like parties, babes and fun and I doubt anybody who know me would describe me much different. I'm just normal - to normal maybe? Pretty hard question. [* Even though Scavenger, said to me "You're not normal - you're fucking _nuts_" I disagree him. Well, aren't we all scitzo?? *] BOB> How old are you? TU> I'm 19 years old. BOB> Are you male (silly question - but just to make sure ...)? TU> Yes. I think most virus writers are male. BOB> Are you student at high-school, college, university or where are you occupied? TU> I am studying at a university somewhere in Sweden. [* Didn't want to reveal to much of my own identity.. *] BOB> How do you make your living? TU> I don't ;). I'm just wastening borrowed money. I have had the opporunity to work, but that's pretty boring so I rather not. [* Yeh, and the university supplies me with full internet account as well, so the choice wasn't too hard, right? :) *] BOB> Do your parents, close relatives, non-cyberspace-friends, does your partner know about your activity and Unforgiven-identity? TU> They know that I'm interested in computers but not exactly what I'm doing behind it and they definitly not know my handle. Girls and parents don't understand too much about computers, so what's the point in telling them? [* My close friends knows though.. *] % Vlad - The new virus gang % Now follow a interview done by me with Metabolis/Vlad. Due to complaints from an anonymous "Dark Future" member, I will give a short introduction to the person being interviewed. Metabolis is an Australian guy. He formed Vlad (Virus Labs and Distribution) some while ago. Vlad is ofcos a viruswriting group. This group (vlad) releases a magazine. Metabolis duty in Vlad, is pretty much alike my position in IR. He organize some things, keep the group releasing things, and code some stuff. Metabolis is also a very nice guy. If someone want to get a closer view who this guy is, read the vlad magazine's (two issue's relesed..), or get on IRC #virus, in where, he spend quite some time. TU = The Unforgiven MB = Metabolis TU> Gimme a short intruduction of you you are! MB> Well heh I'm 18, basically I sit at the computer most of my spare time, I don't do much coding.. just enough to keep Qark happy :) hehe. My job's more the promotional side of things, getting people to grab our magazine etc. Not much time for hobbies when I'm always trying to get on IRC as much as I can :) but hmm I go to the occasional rave party.. that's pretty cool. I don't work, at the moment I'm trying to finish a course at college. Not doing too well since I'm hardly there but hey, I'll get there :). TU> Any thoughts behind that handle, Metabolis? MB> The thing I really hate, is thinking up handles. I've had quite a few over the last few years and I was sort of running out of things to use. So I just opened my age old box of ZX Spectrum 48k computer games and saw one called Metabolis. End of story! :) TU> When did you discovered the world of computers, and why did you start with this expensive shitty hobby? MB> I've always liked being part of a group, there's a central goal and it gives you something to do, and if you're good at what you do.. there's a slight self satisfaction kick involved. So one time I figured it'd be cool to have a go at this virus business, I wasn't too serious since I could hardly code assembler at all, but heh I did it. Then one day someone told me I should talk to Qark cos he's into virus stuff too. I got hold of him and yep, he was pretty good. From there we set out to make the vlad magazine, we weren't really aiming at such a global scale as what we ended up with. TU> So.. why did you start creating viruses? MB> Hmm I wasn't too interested with the coding side of things originally, just the scene and organisation etc. I wrote the pascal one in vlad#1 because I dunno, I felt I had to contribute something and at the time I knew nothing about assembler. Then Qark came round and went through a parasitic .COM infector with me and hey presto, I get it now :) So I guess that was when I had the ability to. Prodigy 3.0 was an ok virus, not the best but I wasn't really aiming at it being a classic, more for other people as shit as me at it to learn from. That's one of the things we're all about. TU> Have you been involved in any other group that Vlad? MB> Let's just say I've tried many different things, and they always seemed to collapse in my face. VLAD has been good, there have been no problems, no abuse from anyone :). We actually have respect from some people which is good. TU> What's the groups goal? MB> Our goal really is to teach others how this virus shit is done.. to promote our country :). erm, I dunno that's about it really. We'll keep coding/writing until we have no more ideas I guess. Which should be quite a few more issues yet. TU> Why did you decided to release a magazine? I mean, you could as well release a package of viruses, etc. if it only was for the viruswriting itself.. MB> Well that's just it you see, originally I couldn't really write much in the way of virus code. I just knew a fair amount of what went on in the scene etc. Most of my contributions to the magazine have been articles virus related but not code. So yeah, a magazine seemed right. We have things to say so we needed a medium through which we could portray this. TU> Are you planing to expand? MB> We did go on a member haul a while back but I think we're pretty much settled now with four. There are two others that might be joining soon but I think the ranks are full :). So, nah we're not really looking for anyone to join right now. Might do in the future.. we'll see. TU> Are you into other things in the underground computing, such as hacking, phreaking, etc? Or are you _solely_ a viruswriting group? MB> I guess you could say I'm into it, I've read quite a large amount of text files on various things, and have tried a bit of this and that, but nothing serious. I only bother when it serves a purpose. No need getting myself in trouble just for the fuck of it :). TU> How many viruses have you in person written? MB> Well I'll only count my assembler ones :) erm.. 5 I think, but they're very simple. Two of them I never bothered releasing (they were overwriting :). The other three, being Prodigy 3.0, Rod Fewster's Gonads (bwahahaha) and my contribution for the next magazine Overdrive. TU> Which one was the hardest to write? MB> Overdrive, my latest was the hardest. Doing the xor encryption I found a daunting task to begin with, it took me quite some time to get it to work :). It wasn't that difficult though, but I am at a basic stage still. TU> What do you think of the term non-destructive virus, or even a GOOD virus? MB> I think the term non-destructive virus applies to all of VLAD's creations! :) You won't find any formatting or random sector writes in our code. hmm I wrote an article on this very question I believe hehehe. In different people's eyes the word GOOD (when applied to a virus) can mean different things. Some see just the fact that a virus has appended to a file thus altering it's contents to be BAD. Whereas I would see this as good since it can most probably be removed if the need arises. TU> Do you have any sort of company or law-enforcement who are trying bust Vlad? MB> No, not that I know of. If there was I most probably wouldn't know, not having any "contacts" etc in any law enforcement agencies. We haven't done anything wrong so there isn't much reason for any law enforcement dudes to be interested in what we're doing. TU> What's your opinion about making viruswring illegal? MB> It would be like making any coding illegal, i.e. not possible! A more underground virus scene (than it already is) perhaps would be a good thing. It would kill a lot of the lamers that hang around :). TU> Do you spread your viruses in programs? MB> Well.. that's just it, if we started doing that we definately would have law enforcement agencies on our tail. No, we don't bother to release our viruses to the public through any sort of software (except our magazine of course :). If any infections occur overseas it's the readers, not us heh. A much safer situation to be in. TU> What's your opinion about newspaper, and computer-mags writing stuff about the virus scene? MB> So long as the shit isn't prejudiced or one of these virus=gun and virus author=murderer type article I have no problems with that. Unfortunately most of the time it is exactly the opposite of how I like it :( TU> What do you think they, can do to improve the quality of the material published? MB> First get an understanding of what they're crapping on about, it seems most just talk to the AV ppl, and leave the VX out of it totally. This sorta makes us look like bad guys and basically a bunch of assholes. Which is not the case :) TU> Why do you think most reporters often twist one's words around, cutting quotes and in nearly all possible way, without lying, making us look very bad? MB> It sucks, nothing else to say about it really. It's not just the fact that they lie and twist what you say. Like, say if they told you they wouldn't print your real name etc, they don't. They print your school/uni, your height, your looks etc etc. The press are mostly a bunch of wankers :) TU> Has the scene in any way influented on your real life? MB> I guess it has, I never used to bother about internet before. I was just a local modem type person. Now I try and spend as much time on there (in IRC) as I can! My phone bill has gone up so you're right about it costing me money hehe. TU> Does your parents, close relatives, know what you're doing behind the computer? MB> Yeah, my parents know what I do. TU> So.. what's their opinion about it? MB> They don't mind at all so long as I don't get our computers infected :). They're fairly computer literate. TU> Whould you feel guilty if one of your viruses made damage to a hospital, or if someone DIED bcos of your virus? For example, knocking down the the server to 911, or something like that? MB> Hmmm our viruses should just infect and sit there, I guess they might cause destruction somehow but it's pretty unlikely. If it did, then it would be because of lack of virus security at the hospital or the 911 server! No foreign disks etc blah blah, that sort of shit.. usually that will fix things up for them. Sure I'd feel guilty but I don't think my parasitic .COM infectors will do much :) TU> Do you like, or admire any virusprogrammer? MB> Sure there are plenty, anyone who has made a worthwhile contribution to the scene. I admire Talon being the best virus coder in Australia (well that's what I reckon!). hehe he'd really like to read this now I think. TU> What do you think it takes to become a respected virus writer? MB> To become respected, you have to try and do what no one else has done! I may not have come up with anything brilliant but I did think up a few heurstics dodging methods when I wrote Prodigy 3 (hehe check out face of death/80hex for it :) [* Hrm, only 80hex, which was more or less a trojan.. - TU *] Or if you can't think of anything new, just keep turning out as many (non ripped) viruses as you can! VCL/G2/PS-MPC/NRGL/IVP hacks get lower than zero respect from me. TU> What's your opinion about the anti-virus persons? MB> I find most to be self righteous and arrogant. They never listen to what virus authors have to say, they just keep maintaining that we're bad and they're good. Well, it's time to start thinking about who pays their wages :). TU> which anti-virus product do you prefer? MB> I like tbav for its heuristics, they are an endless supply of fun to think of how to code around them. I like f-prot for the lengthy virus names (great for scanning collections with :). Also AVP has some really good VSUM-like descriptions in it. They are the only ones I ever bother to execute. TU> Do you think there ever going to be a av-program able to guarantee 100% safety agains all viruses, worms and trojans for all future? MB> No, nothing can be 100% there will always be a way. I'm sure viruses will grow in size to get around these things but still they will always be around. TU> Do you know/heard of any new virus writing technique MB> I hear of a lot of things, various stealth things.. but never see any proof. Our flash bios infector was a new virus, not really in technique just the infection media (had to be said :). Bios and sector level stealth is what I hear about most, quite a few people reckon they've found new methods for this, but like I said, have yet to see anything. TU> Any advice to people who want's to learn the basic of virus-writing? MB> Sure, stick to it! After I learnt how the basics were done, I never bothered to keep on with it. I'm too lazy really hehe. Just read as many virus writing guides as you can, they never really helped me but they might someone. The best thing is for someone to actually sit down with ya and show you how it's done on the spot, I'd been trying to learn for ages and when Qark went through it with me, it was like an instant recognition of all the wrong shit I'd been doing. TU> Something else you wish to say, but never before have had the opportunity to say? MB> Not really, I tend to say what I want in our magazine :) although.. here's something I'd like to say in your magazine :) you can email any member of VLAD at these addresses meta@tempest.rhn.orst.edu qark@tempest.rhn.orst.edu darkman@tempest.rhn.orst.edu automag@tempest.rhn.orst.edu and if you don't have our magazines you can grab them at ftp: ftp.netcom.com /pub/bradleym/misc-zines or if you can IRC you can get them from VLADdist (my robot) They should be available on any decent VX BBSs anyway. TU> Any helloes or goto hell messages? :) MB> Ah, I know so many people these days.. hello to everyone I know, to those I don't try and get in touch with me :). Always happy to hear comments/suggestions from people. (no abuse mail please :). As to goto hell messages.. well, hmm I can think of a few, but I'll hold back I think .. don't need any wars starting now do we hehe. TU> Well, that's it Metabolis.. thanks for your time. (typing /exit.. :) ) -------------------------------------------------------------------------------- % Some words from Zerial % Ok. We'll read a few words from Zerial. For the one who doesn't know Zerial, he's 17:ten years old, lives in The Netherlands, and still hasn't send me that MJ I asked for. What more? Yeh, he's a computer-programmer, and does quite well when it comes to asm (and ofcos in high-level languages as well..). He likes to dissassembly viruses, and nag on the author of it. (Look in the "my little pony" disasm for instance - and you'll get my point.. ) Zerial is also a phreaker, and loves to call and disturb me in the middle of the "Simpsson's show". Hope the sucker gets busted "Doooon't" :). He's also a hacker, and are the one who has most IRC-account's. On IRC (when he's reechable very often, bcos he frequently skips school..) he often "hijack's" the #christian channel as a true beliver of "Magick" (a topic he can discuss for hours!) should do. He's also facinated by the "information age", and not worried about the authorities, bcos he as a half-genious uses cryptographic to secure his data, or information as he refer it as. Well. ok, I know this guy very well, due to several long talks/chats, but his profile should look something like "phreaker/hacker/coder or a 21first- century-digital-boy" for short. If you want to know this guy better, simple get on #virus and I'm sure you'll find him sometime.. " My view on the motivations that allow the divine art of Virus Development to perpetuate. " OR " How The Unforgiven forced me into contributing to Insane Reality. " - 1N+R0 A while ago The Unforgiven, to whom I will henceforth refer as TU for brevity's sake, asked me if I would be interested in contributing to the magazine his rad posse publishes. After a few random thoughts hardly related to his question, my ego shouted yes to yet another opportunity for blatant self-glorification. Luckily, TU already had a topic in mind so I could skip the part where I torture myself just to make a creative impression. Actually, he had two: "Why are viruses written?" and "How come you're involved?" - W3Y3 V1R11 4WR R1TT3N. In the early days of computerviruses, writing and releasing a few critters would get you recognition, as you were one of the few. Ever since the start of the nineties, there became more and more of the few until we now have what can indeed be called an enormous stack of people that have once written a virus for fun, just to see if they could do it, but also a true global virus community. Now that one is no longer one of the few renegade virus experts, what drives the members of this community to live and breathe viruses, or 'virii' on a daily basis? I say the answer is simple: Hackers, in whatever shape or form are just misunderstood by non-hackers so they tend to hang out together whenever they can, even if this means being on #virus for 14 hours (you know who you are). Looking at the productivity of virus writers, we can see that they do not reach for their assemblers on a daily basis, closer too weekly actually! So why not just hang out together and stop writing? Well, that would leave us all with nothing to talk (about - TU) wouldn't it? Although the above may be a bit too simplistic for you, some wanna-be psychologists have said the same thing in essence. Yes, in essence, since they naturally had to mention that teens have a tendency to form groups, or cliques, showing off their immense age prejudice explaining this. - 4B0U+ M33. Most of the above goes for me, with the only exception that I code just about anything except viruses these days. The community still has a firm grip on me just cuz they're cool.. - GR33+1NG5. (Virus people only) Automag, Azrael, Crom-Cruach, Crypt Keeper, Darkman, Digital Justice, Ferris, Firecracker, Garbage Heap, Grayarea, Halflife, Hellraiser, John Tardy, King_Dan, Levski, Lookout Man, Masud Khafir, Memory Lapse, Metabolis, Michael Paris, Omega, Peter Venkman, Priest, Qark, Stormbringer, The Unforgiven, Urnst Kouch. Yes I wrote this article just so I could do some greetings... Zerial. % Ending % Alright.. well, he said that the article suck himself, but I promised to include all contributions, etc. so what the fuck? Anyhow.. viruses are written mainly bcos it's fun to write viruses. I.e. It's fun to learn, experiment, and meet nice people. I _must_ agree with Zerial on the fact that virus-writers are misunderstood by most other people. Why? Well, they just can't realize what writing viruses is all about before they've done it themself. The writing itself is just a _small_ part of a big thing for short. So, viruses are written, and since no system will be complete save against viruses, trojans, and worms, there will always be someone like us. Some who find a loophole in an OS, and takes advantage of it. Hackers, manages nearly as tasks that really interests him, no matter what.. So, that's life. - __ The Unforiven __