Interview with MrSandman of 29A

... known as Tarantino's film lover.
As i wanted to gain some interviews for this issue i started with Sep. But due some problem with my mailer daemon, actually the first interview was this one. Lem'me introduce dude from Spain, who stayed some time in Romania. I guess, that the Romania episode was the reason why Mr. Sandman started to write viruses. Just for explanation. Romania borders on Bulgaria.... And Bulgaria.....



Can you introduce yourselves ?
Well, we're just a group of friends who knew themselves in a BBS, started changing ideas and decided (me) to found a virus writing group and release a virus magazine. Most of us are studying a career at the university, other are in the military service, and the rest are studying at the school, very near to start a career.

Your relationship to girl, beer and another lovely subjects
Hehe... well, my relationship with my girlfriend is ok, we even travelled to India and live (sometimes) together in a flat of mine... we've been going out for more than a year :)
About beer, i'm sorry, but i don't like it :) I don't like drinking, i only do it in very special circumstances. Other lovely subjects could be music, cinema, and, of course, computing and writing viruses. Anyway, i don't have many free time, as i have a lot of exams and a lot of unreplied BBS and Internet mail... i guess you know this situation :)

When and why did you start to be interested in computers ?
I had my first experience with a 8088 bought by my brother, when i was only 6 or 7. I didn't have any adaption process or shit like that, i just liked computers since the first time i knew them. Anyway, i must say that my first love was my first Macintosh :)

Your first contact with virus ...
It was some time after buying my first Mac, with a virus called WDEF with which there were some infected applications my brother brought from his work. Anyway, it was also an AV contact, as i did a disinfection work with an application called ResEdit (the equivalent in Mac OS for the debug.exe of DOS) :)

Two years later, more or less, my PC got infected with the Traceback.3066 virus, and that's when i really got interested on viruses, albeit i could not do any 'serious' work until i got a modem and downloaded more virus stuff (especially virus magazines) from spanish underground boards.

What about your first virus ?
Heh... well, there were some projects. The first virus i coded was a 30-byte-more-or-less overwriting infector :) Later i wrote an appending non-resident COM infector, later i tried the EXE infection, SYS files, etc. And that's when i started combinating different kinds of infections and inventing some new original stuff.
The boot/MBR thing came later, but that's something i never liked, dunno why... this is... i can write a boot/MBR infector in two minutes, but i don't like them at all; don't ask me the reason :)

How did u land in 29A staff ?
Well, actually i never landed... it was the rest of the people who did it :) We all used to interchange ideas and material via a spanish BBS called Dark Node; one day i realised that we had enough stuff to release a zine, and then i proposed it. Many people accepted, so we founded 29A and we started to work in order to release our first zine asap.

Anyway, in 29A there's no staff, there's just a boss who takes decissions according to the opinion of the rest of the members, but there are no 'range' differences between us.

Perspectives of polymorphism
Polymorphism has some advantadges if we compare it with other viral techniques such as stealth, for instance. There's no any unique routine which mutates viruses, it's something very personal, more personal even than a virus itself. So it depends on the imagination of a virus author to write a powerful-supercomplex poly engine... anyway, right now we must focus the slow poly stuff, as it's the unique way to fuck AVers and make them worth of the money they earn.

And this last thing depends on the point of view of each virus author; some of us bet for originality, other writers prefer to release their viruses and see how long do they stay in the wild... so there's no any unique answer.

Perspectives of stealth
Stealth is almost dead, it's the opposite thing to polymorphism. There are very few stealth techniques, as everybody uses the ones which already exist... they only vary a little if you mean full stealth, as it's something which takes a bit more of time.

They work, so everybody uses them; they're very simple, so it's very difficult to write something really original and special on them. Anyway, Super (new 29A member!) has something to say about this ;)

New systems (W95, NT OS/2 ) and viruses ...
Since Bill Gates is the wealthiest man in the earth right now, we must assume that Windows (and i don't mean Windows95 or NT) is the future. Heh, anybody could make all the people think that a crock of shit is good, and even eat it... if he has the money Bill Gates has :)

Operating systems such as Linux, OS/2 and Mac OS are very good, but they will die soon as the number of dickheads increases every day. Of course, Windows95 won't be the definitive operating system... anyway, i think that it's a positive thing to spend our time trying to find out more stuff about PE infection under Windows95, as things won't change radically in a LOT of time.

Today I got a message about first virus under Linux. What do you think about it
Good news for the virus community, of course :) That's the second part of the future... 50% will be Windows-dickheaded users, and 50% will be Internet applications developers who will work under Linux/Unix with programming languages such as Java.

Anyway, Linux is still a very 'rough' operating system which evolves with very slow but firm steps into a definitive consistent alternative.

Virus as weapon ( bunch of paranoid geeks like NSA,CIA,DIA,SIS 're asked to skip this question and answer)
It'd be very difficult to write such a virus (if you're expecting a good success ratio), cause it'd have to be a slow infector... but not so slow, cause it'd then leave more time for people to discover it. It'd a good idea to copy itself into unusual places, either using the cavity infection method or the Pascal/C trick used by Zhengxi and Lucretia.

There would be much more doubts about this, such as, for instance, wether to be small (the virus) but with a stupid encryption, or to be around 10k long, but encrypted with five highly polymorphic complex engines.

As an Spanish dude, can you describe local virus scene ?
There's no scene besides 29A in Spain... there are many underground boards, but almost all of them without any special relevance. The two most important underground BBSs in Spain are Dark Node and Edison's Temple. In both of them you can find a lot of virus writers, but most of them are members of 29A, or just write a common virus from time to time.

It seems that hacking/phreacking is more popular here. In fact, Edison's Temple is a hacking-oriented BBS, just ask Mr. White or Wintermute, two of the most important persons there.

The same stuff as previous but AV
Some time ago there was an antivirus called Skudo, written by a dood from Barcelona called Jordi M=A0s. Anyway, it was designed for preventing against viruses, not for detecting/disinfecting them. As its author left Barcelona and now lives in France, we didn't know anything else about Skudo.

There are some other 'pure' AV packages, such as Artemis, Panda, Oyster, XScan, PC-Cillin, and so on, but they're just commercial shit (the typical ignorant dickheads who claim that their antivirus detects over 9000 viruses , you know...).

Your favourite virus and why
Errrhmm... never had anything clear on this. I think i'd choose Zhengxi as my favourite virus, as it's the most complex i've ever seen in my life, and there are still lots of unexplored (commented tho) things on it which can be used in other viruses.

It's original, it uses a very insidious infection way, it's the most difficult virus to detect/disassemble, and its poly engine is *awesome*.

Your favourite antivirus programm and why
AVP, of course. It's the most professional (well, i'd even say it's the unique professional AV), very reliable, easy to use for lamers and very flexible for gurus, it's the one which detects/disinfects more viruses, and the unique AV which includes so necessary (and easy!) techniques such as disinfecting known viruses in memory. Its code analyzer is the best, and it's probably the most difficult AV to fool. Besides, i love AVPUtil and AVPRO, two utilities of its registered version :)

Vx coder you would like to meet personally and why
Dunno, this is probably the most difficult question. I think Qark, he's very funny, he's the virus writer i admire most, and i have a very good relationship with him; of course, i'd like to meet other people i admire a lot, such as Quantum, Stormbringer, Rajaat, Q the Misanthrope... who knows, there are a lot.

All the 29Aers usually meet in Spain two or three times a year, and we ave a lot of fun, we even bring computers to our meetings, so we can execute/write viruses, and so on :) Of course, it would be very nice to do an european VX meeting, that would be da freak! ;)

AV people you would like to meet
I'd like to meet Kaspersky in order to discuss technical stuff... in other to do other things, i'd rather choose Patty Hoffman, for masturbating in her tits, Vesselin Bontchev, in order to suggest him a new haircut, and Frans Veldman, for waking him up.

Are there in Spain some laws against viruses and their author?
There's just a law which forbids to modify/destruct any data, but there's nothing against writing self-reproducting code and/or releasing it, you're guilty only if you're the one who executes it intentionally.

What do you think 'bout maniacs who want to bust and prosecute us, the vx coders and would like to erase the vx scene ?
I call that envy. They can't just understand that the word 'virus' doesn't imply 'destruction' necessarily, so they can't understand that many people enjoy themselves writing viruses, just as other people do when they paint pictures or watch TV. They'd probably like to know how to write viruses without having to use VCL, but their morality forbids them to have any kind of relationship or contact with people in the virus scene.

Your plans 4 the future as coder and in general
Just to release a lot of highly succesful 29A issues and to have more time to spend on doing the thing i like most: writing viruses. Never mind if they work under DOS, Windows, Windows95 or GameBoy, it's just to feel again the sensation of having written something really original and interesting to the rest of the people.

Last but not least : can you point us to some interestin' online resources on the internet ?
Well, i'm not very used to navigate through the Internet, but anyway i have some interesting addresses in my bookmark...

http://www.wcivr.com
WCIVR (Falcon's and Poltergeist's, the largest virus collection on the web)

http://www.comp-craiova.ro/~mkm/virii.html
Greenline's homepage, full of pretty interesting links

http://www.cyberstation.net/~cicatrix
Cicatrix's homepage (check it out!)

http://www.onetinc.com/~roadkill
Roadkill's Caf=82 (by Jack the Ripper).

http://www.ilf.net/god@rky/virii.htm
God@rky's virus heaven (probably the most complete)

http://www.arrakis.es/~sandman

Btw, pay attention at the major changes and surprises which are gonna take place at the 29A's official website. ;)

So thanks, Mr.Sandman. Was very nice you spending some time with this interview.
It was nice to answer all your questions, best luck with your magazine! :)



.
Thanx a lot, dude...