/-----------------------------\ | Xine - issue #1 - Phile 005 | \-----------------------------/ Here is a small interview that I, b0z0, made to Rogue Warrior of Genesis. Let's see what he prospects for the future and what does it think about some specific topics of interest to our readers :) Well, is our guest Rogue Warrior and is the interviewer :) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Who you are and what you do everyday??? :) I am Rogue Warrior, I am mainly using my computer all day. Why 'Rogue'? I chose that to make it sound evil. Which newspaper will write about "Snoopy" the virus coder? not many... When did you started dealing with computers? I started when young (forget exactly when), then i stopped and later restarted with an IBM PC when in school. Which was your first experience in the underground computing world? I first discovered a fidonet VIRUS group and found some friend who gave me a few viruses. I taught myself to code viruses from it. When did you join Genesis? Rajaat and myself formed Genesis, so it is more a matter of when was it started - about 1 year ago. Why do you write virii and when you started writing them? I write them for revenge, fun, fame, challenge, protest, so many reasons :) Started writing them in school. Which docs/material do you keep for most valuable for programming viriis? Well being famous for the crappy Nuclear, i got all my info from the Help sections (hit F1 key) As for my DOS viruses i use INTERRUPT list by Ralph Brown (rarely) and some reference books which are really crap - I know most stuff off by heart so don't usually need reference material. Which did you used most? Hmmm I don't know probably the very first ASM book i got - I stick with what I know :) Which programming languages do you know and which do you use? Asm, C, C++, Word Basic ... about 9 total languages, and a few scripting languages. Only use: asm, C All languages are self-taught except for one. How many viriis did you write? I have written heaps (30 or more) but I have only ever released Nuclear to public - I will release some good DOS viruses now that I am in Genesis. How do you name your viriis? I pick cool sounding names on TV :) or evil sounding names. Eugene's crew picked WinMacro.Nuclear name and i thought it was an EXCELLENT choice - good job bastards!.. it was called Winword but the AV had to change because of MicroSloth trademarks and shit. How do you spread your viriis? I have never spread viruses. Do you make also destructive viriis? Yes sure! What good is a virus without a payload. Do you prefer a specific type of virus? Yes, I like Polymorphic viruses, especially ones which are very hard to remove (gives AV support persons more grief) - One Half is probably my favourite virus. Which virus do you consider 'a good virus'? One Half - difficult to remove and detect Bomber - for same reason (easier to remove) Natas - cleaness of code (ie lack of errors) Do you think to continue to working on wordmacros? Yeah only for fun, they are so easy to detect butI'm sure there will be people wanting to see more still :) Have you spreaded Nuclear yourself or how it spreaded? No, I never spread nuclear. Although I did attach it to Eugene's text for a joke. If someone spread Eugene's infected document I did not request for it to happen. Which can be the right approach from tha AV people to fight macro-virii? Heuristic Document Scanning building a profile of Macro Names -and- the tokens in the template, adding a weighting for each particular attribute a file has and then triggering an alert if the sum of these values goes above a threshold. Not many macro's should need to use MacroCopy, Kill, AutoOpen. Pretty simple crap really.. What do you think about the rumours that Concept was written by a MS employee? Sounds plausible, they could have made it do something more - It's rather lame (Isn't it like an M$ programmer to make a crap program? ;) - but then again so is Nuclear. Nuclear is 99% AV marketing hype. Look at Joe's wild list - it isn't even reported in one place yet. Plus it's got those bugs! I hate bugs - Nuclear2 will be bug free and the dropper will work and it will drop DOS or/and Windows viruses (I've tested it! ;). Maybe I will deliver a payload when ToolsMacro is activated (like Vess suggested). Any plans for Win95 or NT native virii? Yes, in the future I will switch to writing for Win95/NT. How do you consider the actual virus scene? 1% great virus writers 4% good virus writers 5% average virus writers 30% collectors 60% morons I don't know where i fit in this table - we'll see. How are your contacts with components of other vw groups? I talk to many people from the different active and inactive groups, but usually I do it anonymously. Who is the greatest virus writer in your eyes? Well I cannot pick just one, Dark Avenger must be the best for new ideas, vyvojar must be the best for troubling AV scanners and Bit Addict is a wizard with size+speed+correctness of his viruses. What do you think about the current circumstances in alt.comp.virus? It sucks shit. AV get the fuck out (go back to comp.virus now it's back up) - VX start posting *NEW* viruses to group. What do you think about Antivirus Resarchers? Researchers :) I think it's an alias for "virus collector" :) What is there to research eh? Neural nets for detecting viruses? Researchers at the virus labs? well they are just asm programmers who work in AV sweatshops. They should join the VX team! TBAV's heuristics could be MUCH better than the shit it is now. All the other scanners suck too. What do you think about the AV market in general? If it were not for us - they would not exist - they denounce us in public and cheer us when they pay for their mortage. They had better start thinking about moving out of the AV business because it won't be big enough for all of them soon. Which AV product would you use if you had to? AV product? Probably one you've never heard of :) The mainstream AV product I would choose is AVP it has a nice code emulator and the author(s) are not afraid to use unclean methods to detect viruses. I also like the way AVP cures viruses in memory while the virus is still active - F-PROT and TBAV are too gutless for this and say "please boot from a clean boot disk". AVP realise that most people don't have a boot disk and if they do it's probably infected :-) What do you think about the future of viriis? Their future is bright for Win* systems - they will not become extinct as some people say. MS-DOS will be around for many years yet and Win95 has security flaws ;) It's just a case of applying old tricks to the new environments. What do you think about the Java language in virus writing? Java - possible to make a very cheesy virus JavaScript - impossible Do you make part also of other parts of computer underground (hacking, phreaking, carding...)? none What do you think about general legal problems concerning virii writing in your country? Making virus writing a jailable offence would not work - It would only inspire me to work harder and be even more careful about it. What do you think about countries where even the storing of virii code is strongly prohibited? Where does this lead us to? I don't care much for local laws - I reside on the Internet this place is essentially anarchy and you can do what you want. What is your opinion about the internet censorship? it is bad of course! stop it. What do you thing about the IKX? I think you are a great group. With good ideas for the future. Do you have any advice for us? You should work hard to bring freshness to the collective scenes (h/p/a/v/c) and don't worry about your non-destructive policy :). Any new release from you in the near future? Nope ;) too lazy! Rogue. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Well, thanx again Rogue!