Interview with Lord Julus ~~~~~~~~~~~~~~~~~~~~~~~~~ U> Tell me a little about yourself as a person, hobbies-music etc? Well, I am ok as a person... Really... sometimes I look in the mirror and say to myself: man, do you look cool!! ;-) Hehehehe... Well, really, you might say that I am a nice person to be friend to. I love music... I could stay for hours just listening to music. Listening, I repeat, not doing anything else in the same time. I am a great fan of Manowar, Dio, Iron Maiden, Rainbow, Deep Purple, Uriah Heep, and other bands that most people probably don't even remember... ;-) I am also learning to play guitar and I love to go out and travel mostly at the mountains... U> Where you get your handle? It was back in 1994 when I got connected for the first time onto the net. In those times we were using some shity text mode browser called Lynx or something and only allowed me to browse some sites including some sort of chat rooms. In one of the days I was trying to download my favorite Sandra Bullock pictures, I stumbled over one of these chat rooms where all members there were called "count", "marquis", "duke", and so on... So I quickly typed "Lord Julus" and so it stayed. I never used any other nick name. U> Do your family/friends know about your virus activities? What do they think about it? Do you care of their opinion? Yes, they know. My family doesn't say anything except some seldom reminders that I am doing something which is not really all right and all my friends seem to think I am some sort of super-hacker or something. In reality I never did more than write virus es in the H/V/C/P fields. U> How did you start out in computers? I started in 1988 when I first met with a Sinclair Spectrum computer and the art of doing eclipses in 20 lines of basic or moving a turtle in the LOGO language amazed me... I imediately started to write programs even if I didn't own a computer, but I sim ply imagined what they would do... Later I bought a computer similar to Sinclair ZX Spectrum. Later I bought my first PC in 1991. It was an XT with 640K of RAM and 20M of HDD and a Hercules Graphix card... I will never forget the "Barbarian" game I playe d on that computer... Later I had a 286, and so on, until today... As far as I remember I always tried to stay up to the latest technology. U> What was your first virus? My very first virus was a simple DOS virus I called "Whiplash". It never got anywhere, but, heck... it was my first try... U> How did you start out in the virus scene? I do owe my entrance in the vx scene to the 29A group and especially to MrSandman who first read my article on polymorphism and agreed to publish it in the 29A issue #2. It was a big honor for me and that's when I really decided that I like the virus scene... U> Which programming languages do you use? I mostly program in ASM, but I love Borland Pascal. I rarely program under C, Visual C. At the office I have to use a lot of VB (iiiih) and FoxPro... At a certain moment I wanted to write a FoxPro virus... but then I woke up ;-) U> Where do you live and how is the situation of the virus scene in your land? Well, I live in Romania, but this situation is going to change pretty soon. In Romania the virus scene does not exist. There exist virus authors, some of them even wrote famous viruses like Alex, Dodgy. Let me not forget my friend VirtualDaemon who proud ly conducted the SLAM group for a couple of years. But there is no such thing as chats or meetings. There are some know av's also here, probably you heard about RAV and AVX. I have to say also that in about 9 months I will be moving to the USA, hopefuly forever... U> How many and which viriis did you write? Which do u like best? why? Let me recall: 1. Win95.Julus - my very first windows virus. Was supposed to be win32 but it's not. Stupid and full of bugs 2. Win32.Undertaker - my first real windows virus. This one worked pretty well. Had a few bugs, but I liked it. 3. Win32.DROL - one of the very first viruses that inserted a section before the last two sections. It was a pretty nifty piece of code this one 4. Win95.Manowar - this was my first Ring0 virus, pretty good, completely NOT original 5. Win95.SignOfTheHammer - the second Ring0 virus that featured complete memory encryption 6. Win95.Cargo - very neat idea, using the toolhelp. Unfortunately had bugs and it's considered intended. 7. Win32.Hatred - This one was a very nice win32 virus, one of the first that completely parsed all the directories on all available hdd's. There exists a so called Hatred.b, which is really a ripped version done by Lucky. 8. Win32.Thunderpick - not very exceptional, but pretty cool 9. Win32.Rammstein - This is the best virus I have ever written. Almost removed all incompatibilities with the PE structure and has almost 100% Win32 compatibility. I really love this baby... It's the first virus, I think, that really creates windows and processes their messages. Ongoing projects: Win32.Discreditor, Win32.AI, Win32.Iris. U> How do you name your viriis? Mostly from music, but I cannot say that I have a specific thing in my mind... Whatever comes more handy... I think that leaving an open door to the mind and let it flow is much more interesting than torturing yourself to find something that you can late r call "interesting". I think spontaneity is best! U> How do you spread your viriis? I do not really spread them because I have no time for that. I simply send them to virus traders like Sledge, Tally, etc and I publish the source and the binary on the web. For the rest, let God take care of it... U> Do you prefer a specific type of viriis? Which virus(es) do you like best? Of course! I always did and always will prefer executable file infection. So basically nowadays you may say that I like PE infection. So, saying this, it means I do not like other things like macro virii, vbs scripts, html or java, or whatever. My favorite viruses are Prizzy's creations and Z0mbie's stuff. U> What E-zine you most of all like? Of course I like 29A and I will always will, but among the rest I have to say that from the old crews I love IR and VLAD and from the latest years XZine, RSA, Matrix. But the biggest impact on me ever had the IR zines. U> Which AV product do you like best and why? Which do you piss off most? AVP is one of my favorites. That's because they always had good virus analisys, very good emulators and heuristic scanners. I am very pissed of Norton's Antivirus products because they try to set it as an international av product (they try to stick like a leach to the Microsoft OS), while their detection ability is far lower than most of the products on the market. In other words: they suck! ;-) U> What VX technique are you most interested in? Polymorphism is the technique that always fascinated me. I studied many poly engines written in the past years and have written some myself, but this is a field that always allows more and more to be developed. I think that there's nothing that makes a v irus stronger than the poly engine included inside. Combine it with strong arithmetic encryption and compression and you have the perfect one. Next on my agenda comes metamorphism and this is a fields which I am in the process of studying and testing. If you cannot imagine what you can do with poly, you don't have the slightest idea what you can do with meta... U> What viruswriters you most of all respect? I will always respect Z0mbie and Vecna for their work. I say for their work because I didn't get a chance to know them well enough. Both of them have fascinating pieces of code and it will be no wonder to me if I will find them over years working for NAS A with those ideas of theirs. I also have great respect for Jacky Qwerty whom I knew better and proved to be a hell of a guy. And I respect Sandman for peeing into the toiled and not around when he was drunk ;-))) U> What do you think about virii genenerators? Let me get this straight once and for all. Virus generators are very good for beginners, because they can generate all kinds of viruses and see how depending on the options the source code is changeing and they can learn from that. But of course, the le arning capacity generated by a virus generator is limited to the knowledge of the generator programmer. And also, let's not forget that unicity and .... are two qulities that should exist in a virus. Generators make quantity but the same quality. U> Are there things or people you dislike within the VX ? I don't like big egos. Even if you are the best coder or just some newbie just stay in your own space and do not breathe the other's air. There's enough air for everybody and the scene does not need inside fights. U> What do you think about macro and script viruses? ;-) I already told that. Not interesting but effective in the wild. I played a little bit with Excel VB programming and I made quite an interesting excel macro virus. Let us not forget that office tools are the most used tools in the bussiness world and not only and that email is the way of communication in these days. So, that's why they are effective. But the way to create them... It just doesn't give me that ice on the back like creating cracks inside the complicated PE structure... U> What do you think about poly engines? Which do you like best? Oh, I love them, as I said... I can't rememeber which one I like best but from the latest I remember I simply loved the polys in Prizzy's viruses as well as Mentals. Mine are not so complicated, but I am working on a huge poly engine called Modularis whi ch will probably be released in 29A#6 and I hope it's gonna meet the tops. U> What do you think about destructive viruses? No, no, no. I've been there (got my systems down once by DIRII and once by OneHalf - remember? ;-)) I think there is nothing interesting in destroying a computer. That of course if by destructive virus you only understand a virus that wipes information. But think of a virus that steals important documents, or access passwords? Is that destructive? Might be... U> What are generally your goals in the virus writing context? Learning. It's always been learning. As I said many times, virus writing allows one person to develop programming skills in many fields. The domain is so vast that you can basically get a grip on a little bit of everything. My goal is far from "1|/|f3kt the W0rlD"... I just want to learn and share knowledge to other interested people... and anoy avers from time to time ;-)) U> What happened with SLAM team? We just disbanded. I joined SLAM when most of the members were entering a new phase in their life like college and others so nobody had time to code. I was in my best year then so that is why I decided to release my own work in the VXtasy ezine. I have t o say all the guys in the SLAM team were absolutely great and very good friends, especially VirtualDaemon. It was a very nice group and I hope all went well for all the members. U> When, why and how have you joined 29a? As I said 29a was the group that first published my stuff, me and Sandman became very good friends so I always felt something special for this group. Since I also liked darkman a lot a while after he joined 29a I decided to go along with them so that was it. Since then quite a few new members appeared and quite a few disappeared but things are going ok for the moment. We are looking forward for a new ezine a lot of quality code! Heh... I wrote the above sentance 3 days ago, and today I quit 29A. I am not going to tell my reasons, they are personal, but I have to say that it has nothing to do with any of the 29A guys who are absolutely great. I the mean time I am trying (not really with too much success) to form my own group, and (maybe?!?!) release a second Vxtasy? God knows... U> What do you think about the current VX scene worldwide? It would be a clishee to say it is "fucked up", but unfortunately, as always the worldwide scene IS fucked up. Servers are being shutdown, pages are erased, members are roaming between groups, people fight over IRC and ban eachother, more and more copyca t code appears. No, there is no real unity in the scene and the avers are watching this, I assume, quite happy. There are three big sides to the vx scene: people who do not code too much or very good but they want to show-off, people who code wonderful b ut stay hidden and people who are between those somewhere in the middle. It's like the underground vx world is like a subway that comes upground from time to time. But, anyway, overall speaking and looking at the amount of new viruses that emerge each mo nth, I would say that the vx world is far from going down. There are still many rounds to play! U> Do you do other computer stuff outside VX (hacking, phreaking, warez etc.)? No, I just play games... I am a strategy games freak ;-) My forever favorite game is Civilization, then comes Tycoon series, Sims. As for adventure I simply adore all Lucas games and some of Sierra's. U> How would you consider the perfect virus? The perfect virus in the year of 2001? Well: It should: - be able to infect PE files on all Win32 platforms - insert itself in the original code section - be compressed with a good algorithm (LZ, LZSS, LZW or Huffman) - have a strong encryption algorithm - have a strong poly engine (should generate a decryptor as big as the virus itself) - use FPU and MMX instructions - decrypt itself at startup in more than 3 seconds (die to emulators ;-)) - allocate memory and run from there - use SEH - recalculate the checksum - use per-process residency - use CRC32 to find apis - erase av checksum files - avoid certain files including av - infect all files that are PE (not only exe and scr) - restore all regs and stack as at entry before returning to host - be able to look/browse main email client's address boxes (outlook, netscape, eudora, etc) - be able to attach itself to email messages - be able to modify IRC scripts and send itself over IRC sessions - be ablt to infect the Local Network It should NOT: - contain any unencrypted ascii strings - have ONE single byte as a scan string - launch more than one thread - modify sections characteristics - move the entrypoint from the code section - modify values in the header except checksum - try to kill av windows - use ring0 or any undocumented apis or interrupts In my opinion the above combination gives the perfect virus in the following idea: a virus who is highly infectious, hard to detect and runs safely. U> Your plans in the future as coder and in general? I still have a great deal of ideas and probably you will see some more stuff from me. In general I will be moving to the USA and completely change my life so I cannot really say what is going to happen to me. I might have so much work to do there that I might not have any time for coding, or maybe not... Who knows? U> Where can you be reached ? My usual email address is lordjulus@geocities.com. If this one doesn't work you may try any of my webmail addresses: lordjulus@hotmail.com, lordjulus@home.ro, lordjulus@rol.ro. I love receiving mails so don't hesitate to write me. My web page is at http: //lordjulus.cjb.net. This is a forwarder so if you will receive an error it means I am searching for another free server. As I write this now my page is working. Also, do not forget that I host a virus list which is already almost 3 years old and has around 350 subscribers. You can subscribe to this list by sending an email to virus-list-subscribe@yahoogroups.com, or mail me if you have problems. U> Any greetz? Sure: to the entire Matrix crew, to MrSandman, Darkman, all the present, past and future members of 29A, iKX members, TheUnforgiven, and all the guys that I ever spoke with on email or irc. U> Any final word? I hope I will be able to write something again in the Matrix#20 ;-) Thank you for taking this interview and it is a big honor for me to appear in your fine ezine. All the best and all the rest! Stay well, Lord Julus / 29A