; For matrix zine ... ; send to t2000_@hotmail.com Tell us a bit about yourself, hobbies, music, etc. I'm 17 years old now (some days ago i have had birthday), I live in Czech Republic and I love to code and listen to good music. How did you get your handle? Is there a specific meaning behind it? First i was only Rat. But when i came for the first time on IRC some stupid guy flooded me becoz I have "stolen" him his nick. I was a newbie on the IRC so i rather changed my nick to Ratter. Specific meaning? Yepie. The rat is the main sign (with black and red color) of the anarchistic movement. I don't have name; I'm nobody. No! I'm worse than nobody - I'm Ratter, the master of rats. I will sepherd the weak into the darkness. Follow my pipe ... How and when did you start out with computers? So that's some years ago. I think i was 7 when I for the first time saw a computer - Commodore64 and an old Atari. I started to learn Basic but after some time i began with Pascal. In that time I've heard a little of rumours about some weird programming language for strange ppl. Yep rite it was assembly :)) So I started to learn. This time changed my life I think. I coded for dos - drivers, tsrs and I also started my operating system :)) (I was learning the i386 architecture so first i was working on a memory managment - i had paging, v8086 (multiple instances), task switching, disk swap and other thingiez ... its somewhere on my disk until now) It was a nice time. The next dividing line was the Internet. I was really excited when i saw so much information i was looking for! I started with the Windows assembly and finally joined the vx scene ... (ehm joined :) i in reality joined #virus on Undernet. and there i met Benny/29a and all other is history) Which programming languages do you know and which ones do you prefer using? I know Basic, Pascal, C, i could also write sth in PC Fand (one czech database system based on Pascal), some shell scripts and Perl a little, PHP and I'm learning Java. And of course IAPx86 assembly. I prefer using the assembly. I write mostly everything in it. Then i like combination of C and assembly - a really powerful junction. How do you layout your source? Hehe fine question :) So i don't like comments. The only thing i do when i want to know what the procedure means is some caption and in/out params specification. Nothing else. Imho the source is the comment :) and i use also imho accurate label names. I need a tab between first char of the line and the beginning of line and no tabs between instruction and operands. Everything should be small chars and using (d)word ptr while using variables sounds too kewl to me. I also love biig sources with a lot of lines and code. Hehe you asked i answer XD How and why did you start out with virii? When I started with assembly, I bought a book about viruses. It was a very good book and I have learned a lot from it (well most czech vxers started with this book :)) - it also pointed me on 40Hex magazines - that was my path to the first viruses I have written. What (virus-)groups are you/have been a member of? Now I'm (and would like to stay for some time) a member of 29a imho one of the best virus writing groups in the scene. Thats my first group I'm a member of. Are you active in other scenes, or have you been? No.But I crack for myself and my friends, but when i finally was on Internet i decided to join the vx scene. I think it was a very good choice :) Maybe i would like to work a little more in reverse engineering - that is very interesting to me ... Are there irl people that know of your vx 'career'? Yep. My parents know that i write viruses and also some of my friends around me. I don't keep back it because I'm proud of it. Which virii have you written and which ones do you like most? I haven't written lot of viruses. Here I give you a brief description about what they do and which name they have... !Brain My first virus written some years ago (three or four). It was some kinda of boot virus. But in boot sector it changed only 1 byte - the directory entry ie which file (cluster) should the boot sector load and run. It moved the third entry from the root directory to the end of it (usually it is command.com) then found free cluster in FAT, copied itself there and maked a reference to this cluster from the directory entry. So when the machine started the original boot sector (with 1 byte changed) loaded first instead of io.sys the file !brain.bin (the third root directory entry) which hooked int13h restored the one byte of boot sector and pass execution to that boot sector which normally runned io.sys and all worked as usual. the int13_hook infected all harddisks and boot diskets. no int21 file operations are present at the time of boot so everything was done via direct access to FAT and root directory entries. This can be called my first "normal" virus. (I also did some easy *.com and *.exe infectors but thats not what i would like to talk about) Win2k.Stream My first cooperation project. I wrote this with Benny/29a and this virus had good medial success. It uses NTFS stream companion as a infection method. Simple but imho with a good idea. I-Worm.Anarxy my newest babe. Its an IWorm with backdoor features. It installs itself as a Service under WinNT/2k and via registry under Win9x/ME. It has a SMTP engine, Base64 (you can send files via email to yourself), IRC backdoor interface, POP3 interface, integrated SOCKS5 proxy, gets email addresses from The Bat! address book. It can update itself from HTTP or FTP account (command !upgrade . It can also send notice when victim connects to internet ... It has some other futures I think; just have a look at my page where you can find the source of it. I like all of my virii. All are important for me because in every of them are my ideas, feelings and other thingiez. Have you ever released any of them in the wild? If so, how? No I haven't released any of my virii in the wild and I even don't want to do something like this in the future. I just don't need to be ITW list. Were they destructive? No. They weren't. Are any of your virii in the wild? Hehe no :) What is your view about destructive payloads? I don't write destructive payloads. Moreover i don't think that destructive stuff is useful. But that of course depends on every single coder. He has to decide. I don't want to do harm more than its needed (every virus does harm - it spreads) I rather want to point on someting or show a new technique. How do you name your virii? Well I don't have any special procedure for choosing my virii names. I code and then I look for a good name for it. Sometimes I name according to the name of a song of my beloved music group sometimes it's simply a word that has a deeper meaning for me. It depends on situation. What are your favourite e-zines? I really love 29a magazine, xine, matrix zine and 40Hex. I also like the only first issues of DDT and Vxtasy. I learned from all of them. What are your favourite viruses and why? I like a lot of viruses. I don't want to name them all here. In general that are viruses with new great ideas, techniques or viruses that are improving old "perfect" ways of making the life for AVers harder. A lot of great code was written by a lot of kewl coders. I don't want to forget on anyone. What are your favourite AV's and why? My favourite AV is my brain. I don't use any other AV product :) Which persons in the scene do you respect most? I respect people that code and that try to improve theirself. You can see it on their codings. Every next virus is better than the previous one and they're making they're code style better and better. They don't have to be the best. I really respect beginners that try and want to learn. But there are also people in scene who for example didn't code any virus but they're there to give you a moral support and they're too respected by me. Which ones do you disrespect most? Hmmm hard question. Let's say that i most disrespect people that only talk and criticise and do nothing to make things better. What VX technique are you most interested in? I'm very interested metamorfing/permutation, Internet worms and all of those low level system routines for non-infectable operating systems such as WinNT. What do you think about macro/script virii? I don't write macro/script viruses now because I'm more interested in assembly and I think it will stay like this for a long time. But I also don't say no. There are good written macro/script virus and a bad written ones. Exactly as in Win32 assembly. Do you have any goals VX-wise? I'm still learning and I will forever I hope. That is exactly what is so attractive for me on coding. Everytime comes someone and surprises you with brand new kewl written code or new technique and you have something to learn from ... Is there any way you can be reached? Yep you can reach me via my email - ratter@atlas.cz and on Undernet channels #virus and #vxers. Any plans in the future as a coder and in general? I don't want to plan. I have some opened projects which I want to code and then we'll see. Any last words/greets? Yeas. I would like to greet all 29a members and would like to say that it's really kewl to be one of you. I would also like to greet all people that knows me (I don't want to forget on anyone - you know who you are) and my special greets goes to Benny, BumbleBee and VirusBuster. Have a good time! Ratter - I'm a stranger in the world I haven't made.