29A is one of the todays most active groups and Benny/29A is one of their most active members, producing many W32-based viruses in a short periods. We offer you and interview with this czech programmer:
Who are you, where are you from and other personal stuff ...
Hmm, Ok, lets start. I'm Benny from Czech Republic (the middle of the Europe) and I'm member of 29A. Nowadays (summer 1999), I'm 17, I study computers on highschool and writin' viruses, engines and tutorials for/about Win32 platformz.
Benny, how did you get into computers?
I always wanted have a computer becoz many of my friends had their own computer. I became owner of my own PC, when I was 13. That was great time. I can remember, that all friends were playin' games, but only I was interested in programmin' and operatin' system itself.
Why did you start to be interested in viruses?
When I had my own PC, I heard about some weird things, such as PC viruses. But to hear wasn't enough for me and I wanted to know, how is it coded. I was fanatic to AVs descriptions and I wanted to code my own virus. I bought many boox, but nowhere was explained, how to code that. Then I found one perfect book, where I found source codes of PS/MPC viruses and Aragon boot virus. Great moment. I don't know, if I would be there, where I am without that book.
Was your PC infected by any virus (besides your own)?
Yeah, many times. My first computer was full of viruses. Then my friend borowed me one great antivirus. It was AVG 3.0. It had perfect heuristix, comparable with TBAV (maybe better). When u ran test of HD, it took program by program, lists all instructions it steped, list all triggled flags and everything. It could fake STEALTH viruses, it could read directly from disk, use XMS, trace INTs and much more. And that had very nice interface. U should see that. Wholy sci-fi! And it took me thinkin' about many things. Hehe, I can remember, I was runnin' that AV three times per day and I wanted from AV to find some virus, becoz I loved that feelin', when infected file was cleaned. Weird? Yeah, who said I'm not, hehe X-D?
What programming languages can you use?
What's your favourite programming language and why?
I l0ve assembler. I can do everything, that I can't do elsewhere. I hate objects, visuals, components and sh!tz such like. Who doesn't know any low-level language ain't coder, but developer. Everybody can click and so create program, what it ain't thing I wanna do. If I can't see all resources it takes, whole source, registers, opcodes and otherz, I don't like it. I like to optimize and fully optimize my code and have fully control of my programm I can only in assembler. I don't like ppl, which don't like assembler 8-).
How did you get into vx comunity?
When I was surfing on internet, I found link to WM.CAP. There was link to 29A page and there I downloaded 29A#2 magazine. That was nirvana. I haven't ever seen so kewl zine as 29A#2 (except of this, ofcoz X-D). There I found some link to IRC. I didn't know, what da hell that IRC is. After some friends advices, I downloaded some client for IRC and went to hispanola IRC. Huh, I had a BiG luck. There were many good coderz at the same time and everyone was on-line! Everyone wanted to show me his page, they wanted to chat with me and when I said "I'm interested in Win32", noone stood under the control. I won't ever forget for that moment, when Darkman said: "Hey guy, u r that coder, we r lookin' for. Join 29A!". I couldn't believe, that the best VX group ever wants lammer such me. They said they wants me in da 29A and I thought, it ain't possible, it's only a dream. Then, I decided I must do everything to join that group.
What can you tell us about your first virus?
Hehe, it's funny story. If I'll forget to my first lame PASCAL EXE append virus, my first virus was Win32.Eva. That time, I hadn't any motivation and I promised myself, I will code something really kewl. Then it happened. I fell in the love with some nice girl. And becoz she didn't know it and it happened on Friday, start of weekend, I didn't know, what I should that dead weekend do. I decided it would be better to code something. By those three days, I coded, commented and debugged my first (Win32) virus. (Un)fortunately, Eva knows sh!t about computers and maybe it's better. However, I must give her all my thanx, becoz that was perfect enter to VX scene. Darkman was dead, when I said him "I have a virus for u. It's Win32.Eva and it's coded by me".
And the sure followed next pieces from your workshop. Tell us more
Hmmm, there r many pieces from my workshop. And if u won't be bored of that, I will list here all I coded.
|Win32.Eva||- My first virus. Creates new PE header in a file.|
|Win32.Benny||- Second virus, coded from bore, appends to the last section. It has some special feature, and that's usage of my own 64-bit Checksum as flag in infected files.|
|Win32.Leviathan||- First multithreaded virus, which simulates neural-nets.|
|Win98.Milennium||- First Win98 multifiber virus, which simulates neural-nets.|
|Win98.BeGemot||- First virus with communication interface. My best virus sofar.|
|BPE32||- Benny's Polymorphic Engine for Win32, my first portable poly engine. Very kewl by its size and features (e.g. SEH trap).|
|BCE32||- Benny's Compression Engine for Win32, very kewl by its size and compression ratio.|
|Threads and Fibers under Win32|
Optimization of 32bit code
Fuckin' AVs in Win32 enviroment
What your best virus you have ever written and what features it has?
Ok, my best virus is always that last one and everytime, I code something new, it's better than my previous work. Well, my best virus is for now Win98.BeGemot. It is first Win98 EXE/SCR/RAR/SFX/CPL/DAT/BAK resident, ring3, ring0, Pentium+, multithreaded, compressed, stealth, slow poly, fast infector, which contains communication interface that allows u to communicate with virus, if it's in memory. It uses SEH, undocumented opcode, and many more new features, by which is now undetectable by any AV. This is virus I'm the most proud of...
How did you get in 29A and what is the feeling 'to be in'?
Hehe, I don't know, how did I get in 29A. I wrote 3 viruses. And as I heard, my third one (Win32.Leviathan) was the thing, by which I am 29Aer. Thanx g0d X-D! When Reptile and Darkman said, I'm in 29A, I thought I will jump thru the window. It everything I wanted and when it came to me, I was 5 minutes in trans. That feelin' was great, really. Now what r my feelings? I won't lie u, I'm very proud on myself that I'm in 29A. It happens sometimes in your life only, that u r part of something great and that u r first human in the world, who did something. But becoz I promised to all 29A stuff I will do impossible for our group, I'm tryin' to do that. And also I won't forget my beginner ages so I try to help every beginner as much as I can. Everytime I do something, I ask myself, if that thing I did is right and if I'm lammer or if I'm not. Be selfcritic, that's very important thing. Think about u and about things, u did.
What are the most important technological advances in virus writing?
We r breakin' unbreakable. Still remember those old ages, when some guy XORed his virus and all AV world was absolutly mad of it? Now we use hi-technologies, such as poly, meta, stealth, anti-heur, anti-debug and things such like. We learn operating system and we know more, becoz we want it and becoz its our hobby. Without us, everybody would be developer or guy from microsoft. Without us, everybody would think on and on, that Windows is the best 32bit (huh) system in da world. We breakin' the law, we want know more and we know it.
In the history of the virus writing community, there was thousands
of viruses, some of them elite, other absolute crap. What's your
personal TOP 5 of viruses and why?
I have many favourite viruses and I don't wanna say, that that virus is better than that one. I will list them without any order...
|OneHalf||- still one of the best DOS viruses|
|Win32.Cabanas||- still one of the best Win32 viruses|
|WM.CAP||- still one of the best macro viruses|
|W32/WM.Cocaine||- one of the best Win32/Word viruses|
|Esperanto||- one of the most complex viruses|
The same as for viruses can be applied to antivirus software (but they
are here not thounsands but in some couple of dozens exmplares).
Your personal TOP five of anvirus packages and reason(s) why:
|DrWeb -||it has the best heuristix for Win32|
|NodICE32 -||also very good heuristix for Win32|
|AVP -||perfect scanner, perfect internet page|
What do you think about AV people?
They r very smart ppl. Noone, who don't understand system at least as good as VXerz, can't be AVer. What I don't like is that all AVerz thinx, that we VXerz r stupid kiddos and again all VXerz means same about AVerz. To code kewl virus u must know OS and to analyse kewl virus, u need it same. It's wrong to compare two uncomparable things, such as to code tiny COM infector and to analyse OneHalf.
It's often posssible to meet you on IRC. What's your favourite channel?
Yeah, I'm there very often, usualy 7 days in week. My favourite channels r #vir and #virus on Undernet.
Did you ever meet someone from the scene in person (e.g. on the scene
meet last summer) If so, how looks the meet like?
I didn't meat any VXer, but I will - this summer in Amsterdam.
What can you tell us about local Czech virus scene?
Hmm, not much. I think, there ain't any VX scene in czech republic. Many ppl may remember viruses such as Halloween, Raptor, Semtex, etc. That time, when there weren't any Windozes, czech was full of VX writers. Now, I don't know any ppl from Czech Republic, which is interested in Win viriis. That's a pity. Our ppl r full of potential and entusiasm...
Now the same question, but the Dark side of the force - Czech AV
producents - how are the products, are they worth of testing against
new viruses etc ...
I don't like czech AV products very much. I know, that czech AVAST! is the best scanner in the world. AVAST! reached 100% border in Virus Bulettin as the first scanner in the world. But AVAST!, over 100% virus detection hasn't any heuristix, so I don't like it very much. Same as czech AVG. AVG has heuristix for DOS files, but still not for Win32 files. That's baaaad. But let's wait... we will c...
Yeah, when I gave to one czech AV firm pattern of Win98.Milennium, they said, there ain't any viriis. When I asked them, on which OS they tested it, they said: "Win95". I said, it is Win98 specific virus and they replied: "hmmm, maybe." Ignorants!
Once, you told you know some AVG ppl, how is(are) the person(s) like?
Yeah, I know them, but I don't wanna explain here detaills, becoz they would have some problems with it. Some other AV firm could say, they have contact with VX ppl and that could be big pain for Grisoft. There ain't any contact, but however, ppl r jerx. Yeah, they have very nice secretaries (really! X-D) and those ppl r very, very smart. But similarly as other AVerz, they say we VXerz r only kids without any morals. But that is only their problem, rite? Nevertheless, I must say, that ppl from Grisoft r really very smart. No doubt!
Now, let's discuss some vx technologies, what do you think about use
and perspectives of stealth, polymorphism, viruses under "other"
operating systems ...
New operating systems, more holes, new/more places for viruses, new techs, etc. Viruses will stay with us. We will find new techniques for our babes, new ways for hidin' them, new targets to infect, etc. Now, it seems it will be metamorphism. What will be next? Who knows...
What do you think about payloads in viruses and especially the
Payload is the only thing, that should be visible to user. It's the way, how to show user virus presency. But destructive payloads, they r all lame. Many users will have problems with it and many AVs will rig money only becoz of some lammer. We will be more "persecuted" and we will have more and more problems. Destructivity ain't product of smart ppl.
Your opinion to the topic macroviruses and their perspectives:
When I tried to code macrovirus for WinWord97, I did it in a minute. Macrovirus can be beginnin', but codin' it is too much easy for ppl, which can do more than click and create. Normal viruses has more chances to be spreaded out than macroviruses. Computer can run without editor, but not without OS. However, I think macroviruses r still very perspective.
Are there some people from the vx & av scene you would like to meet in
I would like to meet every good VXer & AVer, whoever he is. I don't wanna say names here, becoz I would forget someone...
What do you think about the manics who want to prosecute virus writers?
They r rite. I know, that modifyin'/deletin' valueable data ain't rite way, how to show what is inside of me, but, but ...ehrm, ...but... I like taste of fame. Who not? X-D
Your relationship to beer, girls, inline skating and other important
Beer is da best thing in da world. Mmm, I can say, that I'm alcoholic, becoz I usualy drink 3, sometimes more litters per week. And, have I ever said u, that 50% of my work was written, when I was drunk? X-D No lie! Girls r something the most weird thing in da world. Who can understand them?
Favourite meal, drink, band, pub and the rest of the small joys of
I have many favourite meals, such as grill chix, pizza, hamburgers and so on. My favourite drink is beer and juice. Music, music is one of my most favourite things. And becoz I'm very weird human, I like both of light pop (e.g. ABBA) and hard rock (Lucie, Black Sabath, ...), sometimes I like also metal (Marilyn Manson). I like groups, which plays their own style. I like originality and I hate commerce. When there is group, which plays only for money, it ain't good band. And if there is group, which plays originaly and plays its own style, I can always find something great in it. What I like is oldies, becoz they played their own style, they had been originaly and they didn't play only for money.
My favourite pub? Hahaha, I would be very silly, if I would tell ya it. Sorry. But I can say, that I love every pub, where I can find any czech beer.
My last <drug>, which I use is nikotin. Yeah, I smoke cigs. I try to stop that money washin', but it's too hard for me X-D. Sometimes, I have a joint with my friends, but it's not very regulary.
Everyone today surfs the internet. Let's see someone of your
favourites places on the web:
Hmmm, it's hard and I know I will forget some URLs for sure, but here r some URLs, I use regulary and I like them...
http://www.29a.net/ - page of da best VX group
http://post.cz/ - post server I use
http://www.virusexchange.org/vtc/ - VB's site. Tons of materials for VXerz
http://www.virusexchange.org/nop/ - Virogen's site, everything u want is there
http://www.microsoft.com/ - when I wanna laugh
and my page, ofcoz X-D
Do you have webpage? If so, where is the page to find?
Sure I have. Informations there r usualy 2 months old and in internet, u can find tons of pages, which r absolutly better than mine. However, I like it and I'm proud for my Java: http://benny29a.cjb.net/
What about you plans for the future as coder and in general?
Hmm, I don't know, what will I do in the future. I know, that viriis r something, which I understand more as anything other. Maybe, I will be next AVer, in the future. I know, u will hate me, but what other I would like to do more than work with viriis. Other plans r very unbright. I would like to study university, but I know I'm not so smart. Well, I hope I will do something, I will really like.
Thanx for givin' me place for talkin' about myself and I hope u weren't bored. See ya sometimes, somewhere...