Interview with MrSandman of 29A
... known as Tarantino's film lover.
As i wanted to gain some interviews for this issue i started with Sep. But due
some problem with my mailer daemon, actually the first interview was this one.
Lem'me introduce dude from Spain, who stayed some time in Romania. I guess,
that the Romania episode was the reason why Mr. Sandman started to write viruses.
Just for explanation. Romania borders on Bulgaria.... And Bulgaria.....
||Can you introduce yourselves ?
||Well, we're just a group of friends who knew themselves in a BBS,
started changing ideas and decided (me) to found a virus writing
group and release a virus magazine. Most of us are studying
a career at the university, other are in the military service,
and the rest are studying at the school, very near to start
||Your relationship to girl, beer and another lovely subjects
|| Hehe... well, my relationship with my girlfriend is ok, we even
travelled to India and live (sometimes) together in a flat of
mine... we've been going out for more than a year :)
About beer, i'm sorry, but i don't like it :) I don't like
drinking, i only do it in very special circumstances. Other
lovely subjects could be music, cinema, and, of course, computing
and writing viruses. Anyway, i don't have many free time, as
i have a lot of exams and a lot of unreplied BBS and Internet
mail... i guess you know this situation :)
||When and why did you start to be interested in computers ?
|| I had my first experience with a 8088 bought by my brother, when
i was only 6 or 7. I didn't have any adaption process or shit
like that, i just liked computers since the first time i knew
them. Anyway, i must say that my first love was my first
||Your first contact with virus ...
|| It was some time after buying my first Mac, with a virus called
WDEF with which there were some infected applications my brother
brought from his work. Anyway, it was also an AV contact, as
i did a disinfection work with an application called ResEdit (the
equivalent in Mac OS for the debug.exe of DOS) :)
Two years later, more or less, my PC got infected with the
Traceback.3066 virus, and that's when i really got interested on
viruses, albeit i could not do any 'serious' work until i got
a modem and downloaded more virus stuff (especially virus
magazines) from spanish underground boards.
||What about your first virus ?
|| Heh... well, there were some projects. The first virus i coded
was a 30-byte-more-or-less overwriting infector :) Later i wrote
an appending non-resident COM infector, later i tried the EXE
infection, SYS files, etc. And that's when i started combinating
different kinds of infections and inventing some new original
The boot/MBR thing came later, but that's something i never
liked, dunno why... this is... i can write a boot/MBR infector in
two minutes, but i don't like them at all; don't ask me the
||How did u land in 29A staff ?
|| Well, actually i never landed... it was the rest of the people
who did it :) We all used to interchange ideas and material via
a spanish BBS called Dark Node; one day i realised that we had
enough stuff to release a zine, and then i proposed it. Many
people accepted, so we founded 29A and we started to work in
order to release our first zine asap.
Anyway, in 29A there's no staff, there's just a boss who takes
decissions according to the opinion of the rest of the members,
but there are no 'range' differences between us.
||Perspectives of polymorphism
|| Polymorphism has some advantadges if we compare it with other
viral techniques such as stealth, for instance. There's no any
unique routine which mutates viruses, it's something very
personal, more personal even than a virus itself. So it depends
on the imagination of a virus author to write
a powerful-supercomplex poly engine... anyway, right now we must
focus the slow poly stuff, as it's the unique way to fuck AVers
and make them worth of the money they earn.
And this last thing depends on the point of view of each virus
author; some of us bet for originality, other writers prefer to
release their viruses and see how long do they stay in the
wild... so there's no any unique answer.
||Perspectives of stealth
|| Stealth is almost dead, it's the opposite thing to polymorphism.
There are very few stealth techniques, as everybody uses the ones
which already exist... they only vary a little if you mean full
stealth, as it's something which takes a bit more of time.
They work, so everybody uses them; they're very simple, so it's
very difficult to write something really original and special on
them. Anyway, Super (new 29A member!) has something to say about
||New systems (W95, NT OS/2 ) and viruses ...
|| Since Bill Gates is the wealthiest man in the earth right now, we
must assume that Windows (and i don't mean Windows95 or NT) is
the future. Heh, anybody could make all the people think that
a crock of shit is good, and even eat it... if he has the money
Bill Gates has :)
Operating systems such as Linux, OS/2 and Mac OS are very good,
but they will die soon as the number of dickheads increases every
day. Of course, Windows95 won't be the definitive operating
system... anyway, i think that it's a positive thing to spend our
time trying to find out more stuff about PE infection under
Windows95, as things won't change radically in a LOT of time.
||Today I got a message about first virus under Linux. What do
you think about it
|| Good news for the virus community, of course :) That's the second
part of the future... 50% will be Windows-dickheaded users, and
50% will be Internet applications developers who will work under
Linux/Unix with programming languages such as Java.
Anyway, Linux is still a very 'rough' operating system which
evolves with very slow but firm steps into a definitive
||Virus as weapon ( bunch of paranoid geeks like NSA,CIA,DIA,SIS
're asked to skip this question and answer)
|| It'd be very difficult to write such a virus (if you're expecting
a good success ratio), cause it'd have to be a slow infector...
but not so slow, cause it'd then leave more time for people to
discover it. It'd a good idea to copy itself into unusual places,
either using the cavity infection method or the Pascal/C trick
used by Zhengxi and Lucretia.
There would be much more doubts about this, such as, for
instance, wether to be small (the virus) but with a stupid
encryption, or to be around 10k long, but encrypted with five
highly polymorphic complex engines.
||As an Spanish dude, can you describe local virus scene ?
|| There's no scene besides 29A in Spain... there are many
underground boards, but almost all of them without any special
relevance. The two most important underground BBSs in Spain are
Dark Node and Edison's Temple. In both of them you can find a lot
of virus writers, but most of them are members of 29A, or just
write a common virus from time to time.
It seems that hacking/phreacking is more popular here. In fact,
Edison's Temple is a hacking-oriented BBS, just ask Mr. White or
Wintermute, two of the most important persons there.
||The same stuff as previous but AV
|| Some time ago there was an antivirus called Skudo, written by
a dood from Barcelona called Jordi M=A0s. Anyway, it was designed
for preventing against viruses, not for detecting/disinfecting
them. As its author left Barcelona and now lives in France, we
didn't know anything else about Skudo.
There are some other 'pure' AV packages, such as Artemis, Panda,
Oyster, XScan, PC-Cillin, and so on, but they're just commercial
shit (the typical ignorant dickheads who claim that their
antivirus detects over 9000 viruses , you know...).
||Your favourite virus and why
|| Errrhmm... never had anything clear on this. I think i'd choose
Zhengxi as my favourite virus, as it's the most complex i've ever
seen in my life, and there are still lots of unexplored
(commented tho) things on it which can be used in other viruses.
It's original, it uses a very insidious infection way, it's the
most difficult virus to detect/disassemble, and its poly engine
||Your favourite antivirus programm and why
|| AVP, of course. It's the most professional (well, i'd even say
it's the unique professional AV), very reliable, easy to use for
lamers and very flexible for gurus, it's the one which
detects/disinfects more viruses, and the unique AV which includes
so necessary (and easy!) techniques such as disinfecting known
viruses in memory. Its code analyzer is the best, and it's
probably the most difficult AV to fool. Besides, i love AVPUtil
and AVPRO, two utilities of its registered version :)
||Vx coder you would like to meet personally and why
|| Dunno, this is probably the most difficult question. I think
Qark, he's very funny, he's the virus writer i admire most, and
i have a very good relationship with him; of course, i'd like to
meet other people i admire a lot, such as Quantum, Stormbringer,
Rajaat, Q the Misanthrope... who knows, there are a lot.
All the 29Aers usually meet in Spain two or three times a year,
and we ave a lot of fun, we even bring computers to our meetings,
so we can execute/write viruses, and so on :) Of course, it would
be very nice to do an european VX meeting, that would be da
||AV people you would like to meet
|| I'd like to meet Kaspersky in order to discuss technical stuff...
in other to do other things, i'd rather choose Patty Hoffman, for
masturbating in her tits, Vesselin Bontchev, in order to suggest
him a new haircut, and Frans Veldman, for waking him up.
||Are there in Spain some laws against viruses and their author?
|| There's just a law which forbids to modify/destruct any data, but
there's nothing against writing self-reproducting code and/or
releasing it, you're guilty only if you're the one who executes
||What do you think 'bout maniacs who want to bust and prosecute
us, the vx coders and would like to erase the vx scene ?
|| I call that envy. They can't just understand that the word
'virus' doesn't imply 'destruction' necessarily, so they can't
understand that many people enjoy themselves writing viruses,
just as other people do when they paint pictures or watch TV.
They'd probably like to know how to write viruses without having
to use VCL, but their morality forbids them to have any kind of
relationship or contact with people in the virus scene.
||Your plans 4 the future as coder and in general
|| Just to release a lot of highly succesful 29A issues and to have
more time to spend on doing the thing i like most: writing
viruses. Never mind if they work under DOS, Windows, Windows95 or
GameBoy, it's just to feel again the sensation of having written
something really original and interesting to the rest of the
||Last but not least : can you point us to some interestin'
online resources on the internet ?
|| Well, i'm not very used to navigate through the Internet, but
anyway i have some interesting addresses in my bookmark...
WCIVR (Falcon's and Poltergeist's, the largest virus collection
on the web)
Greenline's homepage, full of pretty interesting links
Cicatrix's homepage (check it out!)
Roadkill's Caf=82 (by Jack the Ripper).
God@rky's virus heaven (probably the most complete)
Btw, pay attention at the major changes and surprises which are
gonna take place at the 29A's official website. ;)
||So thanks, Mr.Sandman. Was very nice you spending some time
with this interview.
|| It was nice to answer all your questions, best luck with your