💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › GVN › gvhn_1.tx… captured on 2021-12-03 at 14:04:38.
View Raw
More Information
-=-=-=-=-=-=-
God@rky's Virus Heaven Newsletter #1
Written by God@rky
(C)Circle-A Computers 1996 All Rights Reserved...
-----------------------------------------------------------------------------
CONTENTS
Section One - The First Edition
Section Two - Virus Heaven's Mission
Section Three - Disappearance Of Vx Magazines & Authors
Section Four - Virus Heaven Vx Site Guide
Section Five - Uncanny Virus Ideas
Section Six - Naming Viruses - How it is done
Section Seven - Government Sites & Viruses & The Laws
Section Eight - South Africa Wants Correspondance With
The World's Authors & Collectors
=============================================================================
Section One - First Edition
This is the inaugural issue of the Virus Heaven Newsletter. In the
future (Starting W/ Issue #2) this will be available on this WWW Site as well
as VIA FTP at ftp.defiant.ilf.net and will be sent out VIA email to those who
email me back and request to be put on the mailing list. To subscribe - do
the following:
Send e-mail to godarky@ilf.net. In the title of that letter put:
SUBSCRIBE: Virus Heaven Newsletter
This will only be sent out to the e-mail addresses which I recieve the above
emails from. So make sure your REAL e-mail address is what shows up in the
letter, or you wont get it, as I don't have time to fuck around hunting down
people's real e-mail addresses.
==============================================
Section Two - The Virus Heaven Newsletter Mission
This newsletter has little purpose other than to keep you all aware
of what is going on, and to give you someplace else to turn as the presense
of Vx magazines continues to dwindle.
It is no mystery that Mainstream magazines and sites have been
dropping like flies. From what one can tell, the only reason for the
disappearances are lack of interest in continuing on. I may get that way
one day soon too, but for now I am going strong, and will continue to
keep others up-to-date as long as I feel I am not talking to myself. I have
yet to hear of any confirmed cases that anyone has been busted recently.
As many of you know, my site was one of a few key distribution points
for Virus Bits & Bytes Magazine. It has been about 2 months since I have
been able to contact Dark Night, so I don't know if another issue will be
coming out anytime soon. His site is still available via FTP (see the list in
section 4) and via WWW. The VBB message board is broken. I have spoken with
Chaos of ILF and he advised he might take a whack at fixing it whenever. He
has not heard from Dark Night either.
The mission of this Newsletter is simmilair to that of Virus Bits &
Bytes magazine, but won't include executables. It has been said by many of
the AV folks that distribution of viruses is unethical. If you wanna test out
just how strongly they believe this, try posting a uuencoded virus to
alt.comp.virus, and see how quickly your ISP (Internet Service Provider) is
made aware of your activities. If your ISP is nice, they will either warn
you, or they will ignore the complaints. If they share the same view, you
could be hunting for a new ISP soon. So in all reality, I don't recommend
doing this unless you know your ISP's rules well, and you know they wont
mind. There is a newsgroup where you can get away with posting viruses, and
that would be alt.comp.virus.source.code... Just last week the much wanted
HARE virus aka HDeuthanasia was posted there, as well as some others. The
traffic of Virus postings there is pretty low, in fact, out of 100 messages,
70-80 of those will probably multi-level marketing scams or other various
forms of spams.
So really, this is just another medium for you to recieve info on
what is going on in the Vx world, and maybe learn something if I decide to
type something worth reading. Enjoy the issue, and I welcome your feedback.
You can contact me at godarky@ilf.net.
==============================================
Section Three - The Disappearance Of Virus Related E-magazines
As many of you old-timers may have noticed, Virus Related magazines
just don't seem to last like they used to. A couple of the older, possibly
legendary ones have disappeared, and even some of the newer ones have lived
a very short life. Luckily enough they have a shelf life which exceeds that
of any of Hostess' products and are still readily available for your reading
pleasure if you don't mind hunting around. If you do mind hunting around,
just check out the Vx Site list at the bottom, and you are sure to find what
you are looking for there, if not, let me know where you find it and what it
is, so I can check the site out.
Yes, months ago the 40hex as well as the VLAD Homepages disappeared.
It was kind of a sad thing to see go, but we all know that new talent will
squirm it's way out of the woodwork eventually, and we will have something
else to read about, new tricks to learn and so on.
And also within' the last month or so, the newer mag Virus Bits &
Bytes magazine seemed to have screeched to a halt as well. With Dark Night
nowhere to be seen or heard from, and a WWW message board that is in ruins,
what remains is an in-tact VBB Headquarters/Homepage on the Information
Liberation Front server. The VBB site seems to be working basically on
Autopilot, and no new issue looks to be in the works at this time, however
there is whispering going on that some of the other defuct members have
been busy working on a Macro Virus construction kit.
Other individual sites have also disappeared as well. Rhy's has
dropped out of the Alliance as President (or Chairman or whatever...) in
addition to dropping his site at ILF. It is sad to see it go, as it was
around for quite some time. I think his leaving is comparable to Materva
shutting down his hacking site. And of course we cannot forget the
ChibaCity site as well. Although I did hear rumors that it is coming back
in a different location.
I am sorry to see all of these go, but with thier absence, there will
be some new kids to move into our block and hold loud parties, throw beer
cans in your lawn, harrass your wife, beat up your son, and probably even
date your daughter... But foremostly, there will be some new zines to arise,
and of course, there will be new viruses as well. It is estimated that there
is still upwards of 200-300 new quality viruses a month being made, so
there are still some people writing em out there.
==============================================
Section Four - The Vx FTP/WWW Site Guide
The concept of this section was created by PhreeX (phreex@ao.net).
He compiled most of this information, and has authorized it's use here. It is
A basic run-down of some of the better, more complete sites, and covers some
other various tid-bits of information as well.
It isn't complete by any means, but at this time, life's necessities
don't permit me the time to fully update it, so what you see here, is
PhreeX's original file minus a few corrections or mini-updates. There wasn't
time to visit every Vx site on the map, and Fly-By-Night sites will not
appear in this section at this time, since they would probably not be there
by the time you got this. Enjoy it
The *offical*
.o88b. .d88b. .88b d88. d8888b. db db d888888b d88888b d8888b.
d8P Y8 .8P Y8. 88'YbdP`88 88 `8D 88 88 `~~88~~' 88' 88 `8D
8P 88 88 88 88 88 88oodD' 88 88 88 88ooooo 88oobY'
8b 88 88 88 88 88 88~~~ 88 88 88 88~~~~~ 88`8b
Y8b d8 `8b d8' 88 88 88 88 88b d88 88 88. 88 `88.
`Y88P' `Y88P' YP YP YP 88 ~Y8888P' YP Y88888P 88 YD
db db d888888b d8888b. db db .d8888.
88 88 `88' 88 `8D 88 88 88' YP
Y8 8P 88 88oobY' 88 88 `8bo.
`8b d8' 88 88`8b 88 88 `Y8b.
`8bd8' .88. 88 `88. 88b d88 db 8D
YP Y888888P 88 YD ~Y8888P' `8888Y'
--==[\|/]==-- World Wide Web Site/FTP Site list --==[\|/]==--
[] Version 1.03 Beta 1 []
Compiled by Dr. PhreeX Merian Edited by God@rky
Brought to you by FoRcE, "Taking on the web with full FoRcE"
HUGE thanks to God@rky, this would have not been possiable without you!!
-INDEX-
Disclaimer
A word on safe virus storage
-LINKS-
Part 1: Virus Genrators/engines
Part 2: Some popular viruses
Part 3: Mac viruses
Part 4: Needed tools (Assemblers)
Part 5: Virus related FAQ's/Tutorials
Part 6: Virus INFORMATION Links
Part 7: Computer Virus links
Part 8: Conclusion (By Dr. PhreeX Merin himself!!)
Part 9: Version Information, whats to come
Any comments, questions, or additions can be sent to me: phreex@ao.net or you
can call me directly 24 hours a day at: 1-809-404-5468
Disclaimer:
I (Dr. PhreeX Merian) Can -NOT- nor will I be held responsible for your
stupidity, viruses can destroy your/others computers (that is, the data
within them,) if you execute a virus you just might get fucked. Collect 'em,
study 'em, trade 'em but for god sake do **NOT** execute them.
Note: As of 10/13/96 at 19:38:03 PM EST every one of these links was valid,
however they may die, if so please take it up with the site owner, not me!
A word on safe virus storage:
As your collection of viruses (virii) grows so does the risk of
self-infection, believe it or not you -CAN- safely store viruses on your hard
drive, I have over 3,000 and have NEVER been infected! Here are just a few
things you can do to protect yourself.
1) ALWAYS keep viruses zipped up, I can not stress this enough, keep each
virus in its own .zip with a text describing it (if possible) you can get a
free copy of Pkzip from;
http://www.pkware.com
remember, if its zipped up it can **NOT** be executed!!!
2) Its a good idea to re-name the file extension to something other than .com
or .exe, I use .co_ or .ex_, this way you can NOT accidentily execute the
virus.
3) Put all your viruses in 1 (one) directory, I use c:\VIRUS, you can use
whatever the hell you want.
4) Get a -GOOD- AV scanner! Because everyone thinks theres is the best you
can get reviews and sites at;
http://www.virusbtn.com
I think FProt is the best, you can download a shareware copy (gag) but thats
no fun, I suggest you check the alt.binaries.warez.* groups for a -REAL- copy
(its always posted somewhere).
5) Once you get a AV scanner USE IT!!!, remember, you put all your viruses in
one directory, most all virus scanners allow you to exclude
drives/directories/files when you scan, set your scanner to exclude whatever
directory your viruses are in. If you start to get reports of viruses outside
of that directory you might have a problem.
6) If you really paranoid you can keep all your viruses on floppy disk,
actually, this is a good idea, due to the small size of viruses you can store
TONS of 'em on only a few disk's. ZIP drives are also nice to have, so are
CDR's. If you put your viruses on disk LABEL the disk so others don't infect
you.
7) USE COMMON SENSE! This is really the best protection, don't be an idiot,
don't run anything that you don't know what it does, yadda yadda yadda...
On with the show......
Here is how this file is aranged;
File/Site name
http://www.this.is.the.site
Review of the site/file will go here...
Lets get started!!
Please note the following;
I would like to keep this file somewhat small, for that reason I will not go
into just what each virus/program does, if you wish to know just what one of
these does the go here:
http://www.Europe.DataFellows.com/vir-info/
I also have omited links directly to virus sims (emulators), theses are used
for testing AV scanners and are of little use to the VX community.
(God@rky: Actually according to many of the AV folks, virus sims are
useless. And that only a good test can be performed by an AV expert. As well
as the factoid that the only test they consider a good install test, is the
EICAR test.)
Part 1
[ Virus Generators ]
These are alright, however most of them do not work 100% of the time and the
viruses are easily picked up even the most half assed scanners.
All of the following are located at: http://www.kuai.se/~panik should these
URL's be dead please go directly to the site.
Instant Virus Production Kit v1.7
http://www.kuai.se/~panik/archive/ivp.zip
This is alright, however all of these are picked up.
Mutation Engine 1.00a
http://www.kuai.se/~panik/archive/mte.zip
Not very user friendly, still, its allright.
NuKE Randomic Life Generator v.66b
http://www.kuai.se/~panik/archive/nrlg.zip
This one is cool.
Phalcon/Skism's G2 v.70�
http://www.kuai.se/~panik/archive/g2.zip
I have yet to use this, word is, it sucks.
TridenT Polymorphic Engine v1.4
http://www.kuai.se/~panik/archive/tpe14.zip
A nice polymorphic engine.
Compact Polymorphic Engine
http://www.kuai.se/~panik/archive/cpe-ape.zip
A nice polymorphic engine.
Rajaat's Tiny Flexible Mutator
http://www.kuai.se/~panik/archive/rme11.zip
Not very good, however I believe these are not yet picked up by most
scanners.
NoMut v0.01
http://www.kuai.se/~panik/archive/nomut.txt
Decent polymorphic engine.
SDFE 2.0
http://www.kuai.se/~panik/archive/sdfe20.txt
Nice, however everyone of these is picked up.
The Rickety and Hardly Insidious yet New Chaos Engine v2.0
http://www.kuai.se/~panik/archive/rhince2.txt
The name says it all.
VLAD infinite polymorphic
http://www.kuai.se/~panik/archive/vip.txt
Ya gotta grab this one!!
Small Polymorphic Engine
http://www.kuai.se/~panik/archive/spe.txt
This is a nice polymorphic engine.
Biological Warfare Mutation Engine
http://www.kuai.se/~panik/archive/bwme.txt
This is the *REAL* one.
Mini Mutation Engine v1.0
http://www.kuai.se/~panik/archive/mime1294.zip
I have yet to use this.
Trojan Horse Construction Kit v2.0
http://www.kuai.se/~panik/archive/thck200.zip
My personal favorite when it comes to trojans
TSR Time Bomb
http://www.kuai.se/~panik/archive/tsr_tb.zip
Allright.
Virus Creation Laboratory v1.0
http://www.kuai.se/~panik/archive/vcl.zip
This one is WAY over hyped, only a few of the viruses work and there all
picked up by ANY virus scanner. Skip this one, your not missing a damn thing!
BTW, the password is "Chiba City" (without the " ")
Virus Lab Creations v1.1
http://www.kuai.se/~panik/archive/vlc.zip
A little better than the above.
Virus Creation 2000
http://www.kuai.se/~panik/archive/vc2000.zip
Lame!
Virus Construction Set v1.0
http://www.kuai.se/~panik/archive/vcs10.zip
Lame!
Biological Warfare Virus Creation Kit
http://www.kuai.se/~panik/archive/bw100.zip
Good for a virus generator.
The Nowhere Utilities 2.0
http://www.kuai.se/~panik/archive/nutils20.zip
All of these are picked up
Part 2
[ Some Popular Viruses ]
These are some of the most *POPULAR* viruses, they might not be the most
powerfull however these are the ones you keep hearing about.
Most of these come to us from God@rkys virus heaven located at;
http://www.ilf.net/god@rky/virii.htm
The Hellish Conspiracy Virus
http://www.ilf.net/god@rky/virii/hellish.zip
Sounds pretty cool, but sure wouldn't want it on my system. Does alot of
peculier shit with your PC speaker too.
The CriCri Virus
http://www.ilf.net/god@rky/virii/cricri.zip
Nifty, I have yet to run this.
The HARE Virus
http://www.ilf.net/god@rky/magazines/vbb-3.zip
One of the hottest viruses EVER!! And its a nasty one to!!
NOTE: This zip has several viruses, READ THE INCLUDED TEXT!
The Tentacle Virus
http://www.ilf.net/god@rky/magazines/vbb-3.zip
Another virus that rocked the AV/VX community, does really neat stuff to your
windows icons!!
NOTE: This zip has several viruses, READ THE INCLUDED TEXT!
The Rickdog666 Virus
http://www.ilf.net/god@rky/magazines/vbb-3.zip
This virus got a kid kicked out of school, don't miss this one!
NOTE: This zip has several viruses, READ THE INCLUDED TEXT!
--MACRO VIRUSES--
Macro viruses are .doc files that, when opened, will infect your machine.
HINT: Do not try to open these to veiw them!
The Alliance Word Macro Virus
http://www.ilf.net/god@rky/virii/alliance.zip
Nice virus, brought to you by the alliance.
Colors Macro Virus
http://www.ilf.net/god@rky/virii/colors95.zip
- GREAT* Virus!!! this also comes with source code and a file on making your
own Macro viruses!!! Do *NOT* miss this one!!!
The Outlaw Macro Virus
http://www.ilf.net/god@rky/virii/outlaw.zip
This is pretty new, not sure exactly what it does.
Word.Easyman Macro Virus
http://www.ilf.net/god@rky/virii/wrdesymn.zip
A newer Macro virus, I have yet to see the destruction.
Word.Saver(SEX) Macro Virus
http://www.ilf.net/god@rky/virii/wordsavr.zip
Yet another Macro virus.
Word.Spooky Macro Virus
http://www.ilf.net/god@rky/virii/wrdspook.zip
This is one you do *NOT* want to get infected with!
Part 3
[ MAC Viruses ]
In this era of equality no one is left out, this includes those that fell for
the media ploy and own a Macintosh (Apple). So far I know of only this file,
taken from God@rkys (http://www.ilf.net/god@rky/virii.htm)
Macintosh Viruses (huge file)
http://www.ilf.net/god@rky/mac/macvirii.zip
I know nothing about these, BTW, funny how they are for the mac yet there in
a .zip file 'eh?
Part 4
[ Needed Tools ]
These are all used in compiling virus source code, I have been told that some
of these are *NOT* freeware, IOW there pirated software.
a86 Assembler (Shareware)
http://www.ilf.net/god@rky/tools/a86v402.zip
Shareware assembler, this is a good one for compiling all that .asm code.
d86 Debugger (Shareware)
http://www.ilf.net/god@rky/tools/d86v402.zip
Shareware de-bugger, great to get the source of a compiled virus.
Turbo Assembler v4.0
http://www.netwalk.com/~silicon/progs/virus/tasm.zip
I have been told by a number of people this sells for about $100, either way
this is the *BEST* assembler out there!
Turbo Link
http://www.netwalk.com/~silicon/progs/virus/tlink.zip
You might need this also.
SoftIce for Win95
http://www.kuai.se/~panik/archive/softice.zip
SUPER de-bugger for windows '95 (also good for cracking software)
SoftIce for Windows 3.11
http://www.kuai.se/~panik/archive/m_wice13.zip
The same great program for windows 3.1.
SoftIce for Dos
http://www.kuai.se/~panik/archive/s-ice280.zip
The BEST DOS de-bugger!
Disaster
http://www.kuai.se/~panik/archive/disaster.zip
Dos disassembler.
IBM Assembly Code Generator
http://www.kuai.se/~panik/archive/asmgen.zip
A program that genrates source code from an executable.
Bubble Chamber Disassembler
http://www.kuai.se/~panik/archive/bubble.zip
Really good diassembler (What I use)
Intelligent Disassembler v1.2
http://www.kuai.se/~panik/archive/id12.zip
Good disassembler.
Part 5
[ Virus related FAQ's/Tutorials ]
These are FAQ's all about viruses, both removal and infection. ALso included
are some tutorials on making viruses.
x86 Assembly Language FAQ - a86 & d86
http://www.cis.ohio-state.edu/hypertext/faq/usenet/assembly-language/x86/a86/
faq.html
Well, its not going to make you an assembly programer but its a good start
alt.comp.virus FAQ (This is the FULL current version, very AV)
http://www.ilf.net/god@rky/acv_faq.html
This is the FULL version of the a.c.v FAQ, not the origonal yet its still
very good!
alt.virus FAQ (The origonal a.c.v FAQ, very VX)
http://www.ilf.net/god@rky/acvx_faq.html
This is the *ORIGONAL* a.c.v FAQ, as you can see a.c.v was made as a
pro-virus newsgroup!
VSUMx606
ftp://ftp.germany.eu.net/pub/comp/msdos/mirror.garbo/virus/vsumx606.zip
This is an OK Hypertext. It is said to have lots of errors in it. You know
stuff like dates when a virus first appeared and what not, and in some cases
what the virus does. The AV people regard it as not a very good Hypertext.
It will get the job done in many cases but it is always light years behind
what you will find at any of the Vx sites.
VDAT170
<Working on making it available at Virii Heaven Contact;
cicatrix@cyberstation.com on sites that carry it>
This is a very good up&coming hypertext. I am impressed with how far it
has come in such little time, and think it has the potential to come along
much further. Keep an eye on this little gem in the months to come, it could
become a valuable asset to those wondering what items in thier collection or
infecting thier system are doing.
Anti-Debugging Tricks
http://www.ilf.net/god@rky/tutorials/antdebug.txt
Really good file on anti-debugging tricks, to bad most of its picked up by AV
scanners.
Black Wolf's Guide To Memory Resident Virii
http://www.ilf.net/god@rky/tutorials/memres.txt
Good file on MRV.
Polymorphic Viruses - Part 1
http://www.ilf.net/god@rky/tutorials/polymorph.txt
REALLY GOOD file on Polymorphic Viruses.
Polymorphic Viruses - Part 2
http://www.ilf.net/god@rky/tutorials/polymrph2.txt
Second part of the above file.
Disinfecting Infected Files
http://www.ilf.net/god@rky/tutorials/rstut001.txt
This should appeal to the AV community, that is the portion of the AV
community thats understands this stuff.
TSR COM Infections
http://www.ilf.net/god@rky/tutorials/rstut002.txt
Good file, complete.
Constructing Kit on Infecting COM's
http://www.ilf.net/god@rky/tutorials/rstut003.txt
Good file on COM infection.
Infection On Closing
http://www.ilf.net/god@rky/tutorials/rstut004.txt
I haven't checked this out yet.
EXE Infections Part 1
http://www.ilf.net/god@rky/tutorials/rstut005.txt
This is something ALL virus coders have to read!
EXE Infections Part 2
http://www.ilf.net/god@rky/tutorials/rstut006.txt
part 2 to the above file.
Directory Stealth
http://www.ilf.net/god@rky/tutorials/rstut007.txt
GREAT file on getting past MS DOS Checksum Checker!
Directory Stealth (Method 2)
http://www.ilf.net/god@rky/tutorials/rstut008.txt
Second method if improving stealth viruses.
Memory Stealth
http://www.ilf.net/god@rky/tutorials/rstut009.txt
Another GREAT file on TSR's
The Dangers of ThunderByte's TBClean Emulation Techniques
http://www.ilf.net/god@rky/tutorials/rstut010.txt
Article on getting past TBClean's methods of dis-infection.
Part 6
[ Virus INFORMATION Links ]
These are all pages that provide information on viruses, not the actuall
viruses.
Dr Solomon's very own personal homepage
http://www.pcug.co.uk/~drsolly/
ITs our very own Dr. Sollys homepage (dude, try a <CENTER> tag) He also
offers the laws on computer viruses, ya gotta check that so you know just
what laws your breaking!
Data Fellows Virus Information Centre
http://www.Europe.DataFellows.com/vir-info/
VERY VERY GOOD site, virus list and information!
Dr Solomon's - Viruses In The Wild
http://www.sands.com/vircen/wild.html
Dr. Sollys virus list (not that complete however)
CIAC Security Site
http://ciac.llnl.gov/ciac
See what the goverment has to say about viruses.
Part 7
[ Computer Virus WEB pages & FTP sites ]
The following are links to WWW pages and FTP sites that offer live viruses
and source code for you to download. WARNING: Up until now all the viruses
and programs have been safe-to-store however some of the viruses on some of
the pages may be in live .exe or .com form, BE CAREFULL!!
Information Liberation Front
http://www.ilf.net/
VERY NICE site, pay these guys a visit!!
The Alliance Virus group
http://www.ilf.net/alliance/
Another nicely done site, these guys got it togther!!
God@rkys Virus Heaven
http://www.ilf.net/god@rky/virii.htm
No list would be complete with out this site, hell, most of the stuff above
come from his site, VXers or AVers CHECK HIS SITE OUT! Cicatrix's Virus
Collection Updates are available here as well, be sure to visit at least
once a month to make sure you have the updates.
Paniks Page
http://www.kuai.se/~panik/
TONS (TONS!) files!!
RickDoggs Virus page
http://pwp.usa.pipeline.com/~rickdogg96/index.htm
A really good page (he is also the maker of the rickdogg666 virus)
Virus Programing
http://lila.uc.pt:8082/~pedro/virus.html
Good place to start, RARE source and FAQ's
Computer Virus Lab - Home Page
http://www2.spidernet.net/web/%7Ecvrl/
This page is nothing more than a add for a CD ROM, they boast over 13,000
viruses, however I doubt that .. if anyone have this CD e-mail me!
Virus And Other Fine Code Authors
http://www.ntplx.com/~sniper/vofca/index.html
A VERY nice web page!
J & A Virus page
http://www.bocklabs.wisc.edu/~janda/
TONS of stuff here.
Infection Connection
http://pegasus.cc.ucf.edu/~kes65601/
Cool name, wish I thought of that!
virii
http://wwwmbb.cs.colorado.edu/~mcbryan/bb/23/29/summary.html
Well, its a start <g>
Dante's inferno
http://www2.dgsys.com/~dante/virii.html
Only a few viruses.
Virii
http://www2.netdoor.com/~boomn69/virii/
Neat graphics! some good viruses.
Gugi's Virus page
http://www.geocities.com/SiliconValley/Park/4650/
Good page.
The virus and hacking homepage
http://www.cris.com/~Bstock/
Really good site, he gives a description of -EVERY- virus he offers (even has
a Coolio midi)
Virus Authors Information Site
http://members.visi.net/~muja/virus.html
Nice, frams use could be better however you get the viruses so it dosen't
matter. (I like what he says)
Cyber hazzard's
http://www.lafayette.edu/~warendaj/virii.html
mostly source.
Digital hacker alliance homepage
http://www.lochnet.com/client/dha/index.html
You gotta check this out, tons of stuff.
Seths virus page
http://home.webserve.net/~eldritch/virii.html
Not a whole lot here.
virii stuph
http://www.angelfire.com/pages0/goodie/virus.html
Some good stuff
A virus page with no title
http://www.geocities.com/SunsetStrip/3192/breaker.html
Nice layout, need an update on some of the links.
DarkChasms Virus page
http://www.geocities.com/SiliconValley/Heights/1789/
Lots of stuff, to many damn midis!
Virus/Warez/Hack
http://www.agate.net/~krees/virii.html
masses of links, no actuall viruses but there are LINKS!
Dr. PhreeX Homepage
http://www.ao.net/~phreex
Its my page, over 1,000 live viruses and tons of source! (you do need the
password, ask nicely!)
If you have any links to good (or even crappy) virus pages send 'em my way, I
will add to this list later..
Part 8
[ Conclusion (By Dr. PhreeX Merin himself!!) ]
Well, after a few hours of surfing around andtesting ALL THESE links I give
you the "Computer Virus Site List 1.02", this is still a beta, it will be
until I can no longer come accross a new virus page, if you know of anything
VX related please e-mail me (phreex@ao.net).
You might object to this list, many people do, they believe viruses should be
illegal and no one should access to them however if you dislike this then
fine, don't read it or download from the above sites. The problem is lamer
newbie fucks think the internet is like the real world, where there is a
organized legal system to stop anyone that does wrong, well .. welcome to
cyberspace, people like me will always be here!!
Part 9
[ Past version history, and whats to come ]
Version 1.0 Beta 1
Listed a few sites, lots of Virus Gens.
Version 1.01
Added more URL's, added section on safe virus storage.
Version 1.02
Current.
For a current copy of this list send a request to phreex@ao.net or looking in
the usenet newsgroup alt.comp.virus
Regards,
Dr. PhreeX Merin, PhD in the cyber underground
==============================================
Section Five - Uncanny Virus Ideas
Well at this point, I guess this section would otherwise be empty
being this is the first issue. But we cannot have that, so I will improvise
and do my best to get us started. This area will mostly consist of Ideas
for the Authors with virus writer's block. Or maybe somewhat of a humor
section as well. We will see how it goes... If you have ideas you would
like to contribute, feel free to e-mail me at godarky@ilf.net and I will
put the best of em in the next issue. :)
1. The Eicar Virus. For those of you who don't know what the EICAR file is,
I will explain. It is a file which you can append to just about any kind of
file and will cause the file to be reported as infected when scanned with
an AV product that supports the EICAR test file. It is a big political
pissing contest for a standardized Installation test for AV products really.
Anyhow, an interesting Idea for a virus might be one that incorporates the
EICAR test file as camoflage. Sounds stupid? Think about it. Most of the
popular AV products (F-Protect, McAfee's, Norton's (I think) and
Dr. Solomon's) all detect it for what it is. It is said that AV companies
get the viruses that you write within days (usually) of the first time they
are distributed from a site like mine. Usually from someone who has become
infected with the virus and sends them an infected file. Well more than
likely what are the guys in the virus lab gonna think when they first scan
the file and it shows up as the EICAR file? Well one of 2 things, and I
think the latter of the 2 is more than likely what will occur until they
learn otherwise. The first being that they might do a disassembly of the
file and see what they can find in the code. Or they might let the file
loose on a hospitol computer and see if they can replicate it. While this
could happen, I tend to think that they probably see alot of EICAR
infections which would bring me to the second scenario, which they would
more than likely write it off at the fact that the person attached the
EICAR file to the file in question without even testing it for replication.
If this were the case, you could hide all kinds of heinous code behind this,
and it would prolong an AV program from detecting your new creation possibly.
So now you have an Idea as to how this section will be filled in the
future. Send in your revolutionary ideas and they will appear just like this
one did.
==============================================
Section Six - Naming Viruses
So, you author viruses. Do you name them before you write them or
after? Well many name them before and many name them after. But in all
reality, it dosn't really matter what you name them, as that name probably
isn't going to stick. In other words, you, the author of the virus, don't
get to choose the name of your own creation. Picture your wife carrying a
baby in her womb for 9 months. With a little medical help at the hospitol,
the baby is delivered, and the Birthing papers are finished and all that,
and now comes the time you get to use that name that you perhaps spent months
deciding/arguing on. Imagine if some baby naming organization came in and
decided they didn't like that name and stamped some generic name on your
child. Pretty crazy huh? Well that is how viruses get thier names, for the
most part.
I know it is a great misnomer that the Author names the viruses.
But I will explain how viruses get thier names when it is thier time. It
was explained to me by Dr. Alan Solomon himself, and it is really sort of a
strange process when you think about it.
You author a virus, we will call it "Satan's Dumpster". You spread
Satan's Dumpster to numerous Vx sites and via alt.comp.virus.source.code and
so on. Well your virus gets spread enough, and enough infections are reported
that it makes the "In The Wild List", well now that it is ready for
recognition by the AV community, it is time for Satan's Dumpster to get it's
REAL name. Dr. Solomon described this process as a group of beer swilling
people who get together in a pub to talk about Viruses. This group is known
as CARO. They are the people who come up with the name of your virus. They
will decide Satan's Dumpster will be called "Billy Goat". Thus whenever
the AV companies decide it is time and the need is there to detect your
creation, it will detect it as the Billy Goat virus. Nifty huh?
You don't believe me? Remember the HARE virus? The original author
named it HDeuthanasia, by the time CARO got ahold of it, it became the HARE
virus. It was said it was named after a rabbit. But it is apparent that it
was named after the chant which prints on your screen when the virus is
activated on your computer in relation to the Hari Krishna religion. If
that is not enough for you, howabout the Bizatch virus. It is now detected
as the BOZA virus. So before you spend hours and hours thinking of some
clever new name for your virus, remember that in the end, that probably wont
be the name of the virus.
==============================================
Section Seven - Government Sites & Viruses & The Law
Dr. Solomon's Virus & Computer Crime related law page is interesting
as well as a good resource for you that care about what laws, if any you are
breaking. The page has The federal laws for the United States of America, as
well as the various state laws (which are more harsh and relate to those of
you who reside in a particular state more), as well as laws in the UK and a
few other countries. If your country isn't listed and you know the laws,
you might visit his site and drop him a line so he can get them posted.
The Federal law(s) in the United States are pretty straightforward,
and don't really effect you unless you are targeting the government. They
state that you are not breaking a federal law, unless you harm a computer of
thiers, or one they have interest in.
Well that is fine and dandy, but most of the state laws are much
harsher, but still are only a slap on the wrist. In my state (Oregon)
for example, I believe spreading viruses to a big business, such as say
Intel for example, is only a Class B Felony. A Class B felony is a small hit
for someone without a prior record. But then you have to remember that this
is only 1/2 of the trouble you would get into. This would be the criminal
trial. After that is said and done, I am sure Intel would take me to court
on a Civil trial and make me poor for hundreds of years if were to live that
long. Provided they could prove thier case in a court of law.
So if you are not sure what laws, if any, you are breaking, you
may want to visit Dr. Solomon's and find out. The reason I recommend his
site is because you don't need a degree in criminal law or a latin translator
to understand the laws on his page. You also don't have to wade through an
entire Law Library to find what you are looking for, like some of the other
law sites on the net. There is a direct link on my site which will take you
there, or you can look above in Phreex's Site list in the previous section
and get the URL for the site.
So what does the AV industry think of our sites? Well in the Usenet,
they would have you believe that our sites are the tool of Satan (or insert
your social/religious equivilant of the Antichrist here) and Virus Authors
are not relevant to the existance of the AV industry as it is today.
I personally think this is bullshit, but who am I, right? What does the
government think of our sites. Well I guess that depends on where you live.
The federal government of the U.S. dosn't really give a shit personally. And
A branch of them, the CIAC, has actually written me, after visiting my site,
and requested that I put a link to thier site on my page. I have done so,
because there is information there which some might find useful, *AND*
because they were civil in thier e-mail and recognized that sites like mine
will exist whether they want then to or not, and that they can actually give
them a jump on disinfecting viruses as they come out.
The AV companies tend to say they will not use our sites, but I still
read every now and then in alt.comp.virus, that there are many informants
between the AV world and the Vx world. Which tends to make me think that
our sites are used.
If I were to send them a Vx dropper file, they would probably
incorporate it in thier next version of AV software. They keep telling me
that Viruses that make the ITW (In the Wild) list are ones that are spread
widely. Well alot of viruses that are spread widely never make that list
that appear on my site, The Alliance's site, or any other heavy traffic
sites. So this theory has proved inaccurate, or that whoever keeps the ITW
list is lazy or waiting for a media frenzy before adding to the list. A site
like mine will get anywhere from 200-1000 hits a day, maybe more. And the
downloads are unreal. In a week I think a virus can be pretty well wide-
spread, at least to fit thier definition of "widespread". But they never
appear. But then, what was the virus renamed to huh?
==============================================
Section Eight - South African Virus Authors/Collectors would like to
Exchange information and Techniques with you.
Well about 2 weeks ago, I recieved the following letter in E-mail.
It was from South Africa, and they wanted me to spread the word. Well I
forwarded the message to a few people, but I didn't feel that did the letter
or the cause justice, so I am going to print it up here, and let others have
access to the letter as well. Feel free to correspond with them, they
Welcome it. :)
-----------------------------E-mail Start Here-------------------------------
Hi ,
I'm Rudy from South Africa .
I have just started to gather a group of interested Virii "Collectors"
and "intelligence gatherers" in South Africa.
I (we) would like to communicate with you guys on interesting
subjects like "cookbooks" and "recipes".
Some of your groups have been established for many years and hold
a treasure of knowledge when combined.
My real e-mail : Rudy@lexicon.co.za
Waiting for your reply
------------------------------E-Mail End Here--------------------------------
==============================================
Well that is it for this issue, I am looking at providing this on a
monthly basis. And welcome your feedback. Things to come in the next issue
planned are:
1. Beginners Guide for Newbie Collectors
2. Beginners Guide for Newbie Authors
And I am sure other ideas will pop-up as well. I welcome your feedback,
flames, or other tidbits of info as well. You can mail me at godarky@ilf.net
for correspondance.