💾 Archived View for gemini.spam.works › mirrors › textfiles › magazines › 40HEX › 40hex013 captured on 2022-06-12 at 10:05:41.
View Raw
More Information
-=-=-=-=-=-=-
40Hex Number 13 Volume 4 Issue 1 File 000
No, we are not dead. We are however insanely busy. This upcoming
year will be a legendary year for P/S with regards to various programming
projects. Can I tell you about them? Yes, but I won't. I will say that
we will be contributing immensely to the virus community. Notice, I did
not say Vx. Whenever I refer to the virus community, I am not refering
specifically to virus writers, virus collectors or Vx BBS sysops. I am
refering to everyone who has an interest in viruses. Whether its stopping
them or making them. It may be a split community, but I still percieve it
as ONE community.
I am not going to ramble, I am not going to ramble... Anyway, enjoy
the issue. If you like this magazine, please let us know.
Email: fortyhex@phantom.com
Snail Mail:
----------
40Hex
P.O. Box 252
New City, NY 10956
Table Of Contents
-----------------
40hex-13.000.............You're soaking in it!
40hex-13.001.............Letters To The Editor/Virus News
40hex-13.002.............Self Dis-Infecting .EXEs
40hex-13.003.............Removing Scan Strings From F-Prot
40hex-13.004.............Paul Fergusons Response to 40H12
40hex-13.005.............Mirror Virus Courtesy of TridenT
40hex-13.006.............Shifting Objective 3 Virus
40hex-13.007.............TiC's 40hex Index #1
40hex-13.008.............New Feature: This Old Virus.
Greets going out to: Omega and all the TridenT guys, Nowhere Man and the
[NuKE] people, The Attitude Adjuster, Spyder, GhostRider, Anyone and everyone
who sent us mail, articles or viruses, and to all programmers around the world.
Most important greets going out to all P/S members, keep up the great work.
�40Hex Number 13 Volume 4 Issue 1 File 001
Welcome to the News and letters area. This file contains all the
interesting tidbits of news and whatnot that readers have sent our way.
Thanks a lot to everyone who contributed.
------------
I recently ftp'd all 12 of your issues and was browsing through them looking
to see what you were about. I ran into a survey that was done on virus writing
and it caused me to be a bit concerned. I've commented on the summary to
that article attached below.
[stuff deleted]
>Firearms are restricted because they can be used to cause serious or fatal
>injuries. No computer virus can be used to kill another person. However, no
>gun actually KILLS another person. People kill people, the gun is simply an
>instrument used. Maybe a knife would be a better comparison. Just becuase
To my knowledge, no one has to date been killed by a virus. However, it is
possible, and your presumption that no virus can be used to kill another
person is invalid. As more and more computers are integrated into hospital
settings, people's lives _depend_ on functional computers. A virus can
easily cripple a vital computer system, causing severe problems in hospital
operations and patient care which could ultimately lead to someone's death.
Viruses in other critical machines could prove just as fateful. Imagine a
virus in the computers of the space shuttle, or any of the machines on Earth
used to make it go? More and more, people are putting there _lives_ in the
hands of computers that they are trusting to work properly, by supporting
virus writers you are directly encouraging people to make it so these vital
computers don't function properly.
The only reason I am on my soapbox about this is because I have currently
come upon the situation where I am writing software that will be used in a
hospital environment in such a way that if I were to do a poor job and have
buggy code, peoples lives would be in jeopardy. For example, the paging
system for the all of the ORs will be tied to the system I am working on.
If someone has an OR emergency, they tell a computer in the OR, and an
emergency page goes out. If the system goes down for _any_ reason, serious
problems could arise.
>murders are committed with knives, should we restrict them? OR ban them
>outright? No, of course not. Same with viruses. Although they have the
Knives serve a useful purpose....what useful purpose do viruses serve?
>We in Phalcon/Skism all believe in the freedom of information, and the right
>that each and every American has to his own opinions. Yes, we've written
>viruses, and yes, we have no qualms about distributing virus code. (This
>magazine is one good example) No one will be injured through our actions,
>because we simply cranked out this 100% ascii text magazine. We don't spread
>our creations intentionally. We do distribute them to those who want them,
>and sometimes people do spread them. We cannot control the actions of >others.
>Breaking the law is wrong. We don't break the law by programming. We don't
>break the law by sharing code. Don't hold us responsible for those who use
>our creations to break the law. After all, you wouldn't hold Smith and >Wesson
>responsible for a crime committed using one of their firearms, would you? >No.
>Nor would you hold GMC, Inc. responsible for a death caused by a drunk >driving
I'd like to insert here that Einstein felt guilty about pioneering the science
that led to the atomic bomb and ultimately killed thousands of Japanese. Why?
Because something that _he_ did contributed to harming someone else. If _he_
had never taken certain actions, much harm would not have been inflicted on many
people. Just because you don't distribute to _victims_ the viruses you write,
you are partly responsible. The sole purpose of a virus is to do something
to someone that they do not welcome.
>one of their vehicles. They were not at fault for creating the vehicle. The
>drunk was at fault for acting the way he did. Same goes for viruses, and virus
>authors. Don't place the blame on the wrong party. There is a strong
>difference between creation and abuse.
>Next time you ponder the legality of virus writing, think about this. You
>wouldn't want cars banned just because a few people don't handle them
>responsibly. Attack the criminal, not the creator. And NEVER take away a
>person's right to create.
Since you seem to like analogies, what about the one from which viruses
got there name? If a group of scientist were sitting in a lab creating
new diseases and telling everyone how to do it easily, knowing that the
disease would likely be created and cause many people to become ill.....
Would they be responsible?
> --DecimatoR
> Phalcon/Skism
Anyway, I'd be interested in hearing your comments. Whether you give a damn
about other people or just don't feel at all responsible for your actions
as long as you don't pull the trigger on the gun......
Regards,
Chris Menegay
cmenegay@cs.tamu.edu
------------
Editor's Response:
I am going to keep this response pretty simple. Do you think that people
who manufacture and distribute guns feel responsible for people who are
murdered by their guns? I take full responsibility for my actions. If I
sold flowers and someone bought one from me, and then crammed it down
someone's throat and that person died, am I responsible? My intention wasn't
to hurt anyone, but someone got hurt. Viruses are essentially my flowers.
I don't intend for ANYONE to get hurt because of 40hex. I intend to share
my hobby with others. No more, no less.
------------
I really appreciate your articles. I find the articles on non-debugable code
very interesting. I developed some of my own. I used the lock command.
17F1:0100 B90601 MOV CX,0106 ; setup for the jmp cx command
17F1:0103 0C00 OR AL,00 ; bugus commands whose values are
; used for adding to cx. this is
; added if no debugger.
17F1:0105 1B00 SBB AX,[BX+SI] ; this bogus command is what is
; added to cx if a debugger is used
17F1:0107 F0 LOCK ; what makes it all happen
17F1:0108 89E5 MOV BP,SP ; get the stack
17F1:010A 8B7EFA MOV DI,[BP-06] ; look at offset of return ip value
; (di=010a if debugging else
; di=0108)
17F1:010D 034DFB ADD CX,[DI-05] ; add the appropriate bogus command
; to cx that is shown above
17F1:0110 FFE1 JMP CX ; go where no man has gone before
17F1:0112 E2EF LOOP 0103 ; this is the address of where the
; first jmp cx goes to if there
17F1:0114 90 NOP ; is no debugger. other
17F1:0115 90 NOP ; modifications to cx can be done
17F1:0116 90 NOP ; here but i just decremented cx
17F1:0117 90 NOP ; and jumped back to the start to do
17F1:0118 90 NOP ; it again
17F1:0119 90 NOP
17F1:011A 90 NOP
17F1:011B 90 NOP
17F1:011C 90 NOP
17F1:011D 75E4 JNZ 0103 ; this is where jmp cx goes to on
; the second go around without a
17F1:011F 90 NOP ; debugger. i thought i would send
17F1:0120 90 NOP ; it back for a third time.
17F1:0121 EBDD JMP 0100 ; this is where jmp cx goes to if
; there is a debugger running
17F1:0123 90 NOP ; captain kirk, scottie here, were
17F1:0124 90 NOP ; stuck in a continuous feedback
17F1:0125 90 NOP ; loop.
17F1:0126 90 NOP ; i don't think i can maintain this
17F1:0126 90 NOP ; much longer.
17F1:0127 90 NOP
17F1:0128 90 NOP
17F1:0129 B8070E MOV AX,0E07 ; this is where the jmp cx goes on
; the third time around
17F1:012C CD10 INT 10 ; lets do a beep for the folks back
; home
17F1:012E B8004C MOV AX,4C00 ; that's all folks.
17F1:0131 CD21 INT 21
the same sort of thing could be done to get the relative offset with the hlt
command. again debuggers will get it wrong
17F1:0100 EB04 JMP 0106 ; deja vu
17F1:0102 31C0 XOR AX,AX ; dummy program
17F1:0104 CD21 INT 21 ; bye
17F1:0106 F0 HLT ; halt that processor
17F1:0107 89E5 MOV BP,SP ; lookie at our stack data
17F1:0109 8B6EFA MOV BP,[BP-06] ; and suck off the returned ip
17F1:010C 83ED07 SUB BP,+07 ; for people who can't figure out
; how to adjust this value
; out of their displacement
Sincerely,
"Q" the misanthrope.
------------
As of today, another country has provisions against computer viruses in
its legislation: Italy. A "Computer Crime Act" has been approved by the
Italian Parliament last December 14th. These are its data:
LEGGE 23 dicembre 1993, n. 547
(Gazzetta Ufficiale 30-12-1993, n. 305)
(Law no. 547 passed Dec 23, 1993 - Published on the Official Journal
no. 305 of Dec 30, 1993)
The new act addresses various issues, including:
. Damages caused to computers and telecommunication systems;
. Unauthorized access;
. Possession and unauthorized diffusion of access codes;
. Spreading of malicious code;
. Computer fraud;
. Wiretapping of data communications;
. Etc.
I'm not a lawyer, so I can't translate the whole act - I can only
volounteer to e-mail a full copy in Italian to those interested
(it's around 22KB).
However, I have enclosed a tentative translation of the article
dealing with "Computer Viruses", as well as the original text.
If you find the translation inaccurate or plain wrong, feel free
to correct it.
Luca Parisi - Rome, Italy. <mc1980@mclink.it>
- *Unofficial translation of Penal Code, art. 615.5**
"Article 615-quinquies of the Penal Code (Spreading of programs aimed
at damaging or interrupting a computer system).
Anyone who spreads, transmits or delivers a computer program, whether
written by himself or by someone else, aimed at or having the effect of
damaging a computer or telecommunication system, the programs or data
contained in or pertaining to it, or interrupting in full or in part or
disrupting its operation is punished with the imprisonment for a term of
up to two years and a fine of up to It. L. 20,000,000."
- *Original Text, as in referenced act**
"Art. 615-quinquies. - (Diffusione di programmi diretti a danneggiare o
interrompere un sistema informatico). - Chiunque diffonde, comunica o
consegna un programma informatico da lui stesso o da altri redatto,
avente per scopo o per effetto il danneggiamento di un sistema
informatico o telematico, dei dati o dei programmi in esso contenuti o
ad esso pertinenti, ovvero l'interruzione, totale o parziale, o
l'alterazione del suo funzionamento, e' punito con la reclusione sino
a due anni e con la multa sino a lire venti milioni."
------ End of Forwarded Article
News article: Pamela Trexler aka Tiphoid Mary vs. Virnet
Summary: Allegedly, Tiphoid was removed from Virnet, when it was exposed
that she was a NuKE member, and the "virus underground" had access to top
secret elite information. Now, the removal is one thing, but Tiphoid and
others claim that someone in the Virnet Hierarchy allegedly did a full
background check on her, and supposedly even did a credit check.
Keywords: virnet tiphoid peoplewhohavetoomuchtimeontheirhands heroine
From : MICHAEL PARIS Number : 422
To : ALL Ref.# : 0
Subj. : Virnet 1 of 4 Conf : Virus-Info
Date : 04-30-94 Time : 17:46 [305/313]
V I R N E T U S A
T h e F a c t s
As I Know Them First Hand From A Virnet Hierarchy
By Michael Paris.
C.R.I.S (Computer Research & Information Service)
04/29/94
Part #1 Ethics
----------------
First I must say that it pains me to write this. I have had
nothing but respect for virnet and the people I have know in it.
But with certain info I have become aware of I feel it is my duty
as a part of the human race to make these facts known.
I will separate this info into two parts, The first being the
morality of virnet hierarchies and the second in being facts on
their hidden background checks they have done on some of their
members.
To start with I have turned in my node address for virnet for the
reasons you will see in this open letter, I do not care to continue
to receive the virnet echo anymore and feel that there is some
things you should be made aware of.
1. A quick look through the virnet nodelist will tell you that
there are many people connected to this echo. Why? (Not sure to
tell you the truth). It seems that for the topic of viruses there
is not much said. I have wasted space on my drive and time polling
and sorting through the mail for a few announcements of files and
welcomes, no real info, just some meaningless messages on
percentages of echo feeds etc.
This has changed a bit here in the US when they added the "movies"
echo, but this is not what I was looking for, if I wanted to talk
about movies I would get it from fido or usenet mail.
2. The hierarchies of the net seem not to know much about viruses.
I will say that the people I have talked to do not even know what
a virus is! (no fun here) this is true. Log on to your favorite
virnet hub or node (even the hierarchies systems) ask them what
polymorphic, spawning, stealth, etc, is and they will not know.
(this of course is not all systems, but I will guarantee that it is
the most of them, and definitely the hierarchies in virnet).
3. Lies, deceit, and morals. It seems that from the people I have
talked to they are no different from the people they talk against.
Most people know about their friend John, This man was accused of
being vulgar to the extremes, he is shunned for speaking very
obscene about female members of virnet, as well as his aditude that
just shows he is unbalanced in the mind.
Well it seems I have found the same here in the virnet hierarchies,
talking to the people I have made me sick to my stomach and
reminded me of the talks I had with such unbalanced people as I did
before. It made me sick to see the hate expressed and the way it
came out. Talking compleatly about another topic would always
bring us back to the slander and foul language I did not want to
take part in. As for the lies and deceit we will get into that a
bit more in this letter. But as I have witnessed the hierarchies
would tell me one thing (I know was truth) and cover the facts to
the person it was about to avoid public embarrassment.
Below you will find an actual conversation between me and A person
in the virnet hierarchy. THIS IS -NOT- A NODE OR HUB speaking for
virnet, it is someone in the hierarchy of virnet in a decision
making level!
[Narrator]
The names were taken out to protect the guilty!
This starts where this virnet hierarchy is talking about tring to
totaly get rid of an ex-virnet member that was found out to be a
nuke member getting the virnet echos. It makes me think why all the
bull shit seeing there is nothing really in the net to protect in
the first place but here is goes.
[Virnet Hierarchy]
"and now all we need to do is get rid of ahh, [nukemember], or I
don't know I guess i'm gona have to get a few good minds together
and create some kind of document to finally put this to a final
statement ehhm"
[Cris Staff Member] "well the biggest thing she has right know but she
does not have any proof of,"
[Virnet Hierarchy]
"Uh hu"
[Cris Staff Member]
"is when you told here about the credit and legal check that was
done on her, She does not have any proof of it but"
[Narrator]
Cris Staff Member was interrupted
[Virnet Hierarchy]
"I told her my dick was twelve inches long she didn't talk about
that!"
[Cris Staff Member]
"I don't think that would matter much"
[Virnet Hierarchy]
"why wouldn't that, ya she's so fat it wouldn't even phase her, 320
lbs. this girl is, I'd have to have a dick that was like god damm
A baseball bat."
[Cris Staff Member] "ok we won't get into that"
[Narrator]
Continued ..
--- GEcho 1.01+
* Origin: Computer Virus Research/Info Service 708-863-5285 (1:115/863)
From : MICHAEL PARIS Number : 423
To : ALL Ref.# : 0
Subj. : Virnet 2 of 4 Conf : Virus-Info
Date : 04-30-94 Time : 17:47 [306/313]
So the Cris Staff Member does not want to hear this garbage, Mr.
Virnet hierarchy goes on to talk about a previous Virnet hierarchy
that he was told was just as bad as this nuke member, because he
was told that virnet messages or files were being passed to the
virus groups through that person. Then he admits here and many
other times in this talk that he would rather join Crisnet and
leave virnet.
It might seem like a great prize to get someone with this position
into Cris but, we take pride in having 'honest' and 'sincere' non
slandering people in Cris. Every person I have talked to on this
matter that knows him has got the same impression of him and it
would not help Cris in the long run. He offered to bring more then
half of virnet with him into Cris, but again it would not be worth
it in the long run. (one bad apple theory)
[Virnet Hierarchy]
"I heard that [old virnet hierarchy] was filtering virnet stuff to
nukenet."
[Cris Staff Member]
"ya,"
[Virnet Hierarchy]
"so now, you know, I mean, what's true, what's false, that's why I
would rather then there being such distinct lines I would rather go
in the middle with someone like you."
"what I would love to do is leave my wife, turn out to be just, a
bum, and so I can go, and knock some sense into all of these that
are sitting back causing heck, AND PUT A COUPLE BULLETS IN THEIR
BRAINS! MAKE THEM SUFFER FIRST THOUGH! Because this is just to much
bullshit! Did you read the initial letter I wrote to [NukeMember]?"
"I've just been praying for someone to come over here or call, I
put my number out there, I am praying for all of these TUFF, BAD,
LILY WHITE MOTHER FUCKERS TO COME OVER HERE!"
"I would LOVE, to see them come over here!"
[Narrator]
Some time passed by and they get on the topic of that nuke member
again, The Virnet Hierarchy thinks that the Cris staff member is
going to spill the beans and will not fully admit to him about a
certain matter. So he continues...
[Virnet Hierarchy]
"how do i tell you that this is a virnet policy situation among
hosts, consequently, it would be against policy for me to go taking
things any further with anyone but a host or higher, how does that
sound?"
[Cris Staff Member]
"ok, last time when we talked you had shared with me that you had
resources available and that you HAD done a background and legal
check on [nukemember]"
[Virnet Hierarchy]
"It really doesn't matt...ok number one it really does not effect
Cris Admin, ok, it really doesn't matter what we are doing! If I
was getting ready to get on a plane to fly out there and blow here
brains out does it matter?"
[Cris Staff Member]
"that would"
[Virnet Hierarchy]
"would you tell her?"
[Cris Staff Member]
"ya"
[Virnet Hierarchy]
"so with that in mind, why should I say anything? your showing
partiality to her!"
[Cris Staff Member]
"A persons life is a whole other story, for someone to fly out to
blow someone's brains out, that person would be short in the head
or something, so that is a whole different scenario"
[Virnet Hierarchy]
"Well she needs somebody to, [pause] she needs to sit in jail and
have some BIG BLACK WOMAN, [pause] STICK A BROOM HANDLE UP HER
CUNT!" [pause] "and hopefully the broom handle will have slivers,
maybe it will excite her! BIG FAT GREASY BITCH!"
[Narrator]
This is all going to far at this point, the slander against someone
he hardly knows and his vulgar tongue is working overtime, now he
goes on to defend the issue of looking into peoples personal
background. (meaning credit and legal checks)
[Virnet Hierarchy]
"Does it matter if I said I was going to hire an investigator to do
checks on every person in virnet?"
[Cris Staff Member]
"well, you should not have told her though, you should have never
said anything to her"
[Virnet Hierarchy]
"it's right in the papers, that four people, BEFORE SHE JOINED,
THAT DIRTY UGLY SLUT SHOULD LEARN HOW TO READ! its right in the
papers that four people will have access to your information, the
REC, the applications coordinator, Mr. Michael Larson, and she put
up such a bitch about him having information on her, and if need
be, and INVESTIGATOR! [pause] IT SAY'S THAT IN THE PAPER WORK!"
[Cris Staff Member]
"hum"
[Virnet Hierarchy]
"what ever she does in life, if she gets stopped for a traffic
violation, the whores going to get stopped and checked for
everything that she's ever done!"
Continued ...
--- GEcho 1.01+
* Origin: Computer Virus Research/Info Service 708-863-5285 (1:115/863)
From : MICHAEL PARIS Number : 424
To : ALL Ref.# : 0
Subj. : Virnet 3 of 4 Conf : Virus-Info
Date : 04-30-94 Time : 17:47 [307/313]
[Narrator]
This goes on, and there is much more slander about named virus
writers, virus writers in general, groups, etc. But this is here
so you can understand why I feel that virnet has it's problems and
I want no part in it.
Part #2 Virnet Background Checks
---------------------------------
Next lets touch the area of background checks. Did you know that
this [Virnet Hierarchy] believes that they (if they feel the need)
believe they can check you out in ANY WAY they want?
This includes LEGAL, CREDIT, PERSONAL, ETC... this virnet hierarchy
told me that it has always been done this way. People did not know
it, but the previous hierarchies did this as well. THIS WAS TOLD ME
BY THIS VIRNET HIERARCHY!
They feel that the words in the application that you fill out where
it says about your info on the application, that "if need be, and
investigator" will see it, means that they can find a private
investigator or friend of their's to look into your LEGAL and
PERSONAL background and DIG UP any info they can find on you!
This hierarchy feels that there is no forgiveness or excuses for
mistakes, if you have a bad credit background it shows you are
"unstable" and not fit for the net! If you were an X-Convict and
paid your debt to society, you will do it again and could be a bad
egg in the net, so you should not be allowed in the net!
[Narrator]
So what we will see here is where the common fact of him telling me
that he had someone do these checks on this virnet node is not
disputed, but rather EVERY TIME I bring it up he changes the
subject until it comes to the point where after hours I confront
him and corner him on the issue and he spills the beans.
[Cris Staff Member]
"I guess the main thing she was talking about was the virnet checks,
you know that they checked into her credit"
[Narrator] ---> Interrupted by Virnet Hierarchy and changes the
topic.
[Virnet Hierarchy]
"I will not divulge information on my life, whether I am getting
along with my wife or not, or whether my penis is shriveled up or
not.."
[Narrator]
So he goes on and on to keep away from the issue.
[Cris staff Member]
"Well you did do a check on her right? "
[Virnet Hierarchy]
"huh?"
[Cris Staff Member]
"I remember you telling me about this"
[Narrator] ----> Interrupted again and changes the topic.
[Virnet Hierarchy]
"Hold on a minute I am reading a letter"
[Narrator] ----> after a few minutes of reading he never comes back
to answer.
[Cris Staff Member]
"well the biggest thing she has right know but she does not have any
proof of,"
[Virnet Hierarchy]
"Uh hu"
[Cris Staff Member]
"is when you told here about the credit and legal check that was
done on her, She does not have any proof of it but"
[Narrator]
Cris Staff Member interrupted
[Virnet Hierarchy]
"I told her my dick was twelve inches long she didn't talk about
that!"
[Cris Staff Member]
"I don't think that would matter much"
[Virnet Hierarchy]
"why wouldn't that, ya she's so fat it wouldn't even phase her, 320
lbs. this girl is, I'd have to have a dick that was like god damm
A baseball bat."
[Narrator]
So we see once again he changes the topic!
[Cris staff Member]
"Well the main thing she's got is the fact of the legal and
background checks, but she does not have any proof at all, there is
nothing in writing that she can pull up, just that one instance of
you informing her that it was done on her."
[Narrator]
Again this goes on, no comment on what was said, just A change of
topic. This goes on many times, at least 12 other times where he
evades the issue until he is cornered on it!
[Virnet Hierarchy]
"Does it matter if I said I was going to hire an investigator to do
checks on every person in virnet?"
[Cris Staff Member]
"well, you should not have told here though, you should have never
said anything to her"
[Virnet Hierarchy]
"it's right in the papers, that four people, BEFORE SHE JOINED,
THAT DIRTY UGLY SLUT SHOULD LEARN HOW TO READ! its right in the
papers that four people will have access to your information, the
REC, the applications coordinator, Mr. Michael Larson, and she put
up such a bitch about him having information on her, and if need be,
and INVESTIGATOR! [pause] IT SAY'S THAT IN THE PAPER WORK!"
[Cris Staff Member]
"hum"
Continued ...
--- GEcho 1.01+
* Origin: Computer Virus Research/Info Service 708-863-5285 (1:115/863)
From : MICHAEL PARIS Number : 425
To : ALL Ref.# : 0
Subj. : Virnet 4 of 4 Conf : Virus-Info
Date : 04-30-94 Time : 17:48 [308/313]
[Virnet Hierarchy]
"what ever she does in life, if she gets stopped for a traffic
violation, the whores going to get stopped and checked for
everything that she's ever done!
[Cris Staff Member]
"I have to be honest with you here ... I see mail nets as a hobby,
I would not want a net to be looking into my legal and credit
information. I am sure you feel the same way!"
[Virnet Hierarchy]
"Your ABSOLUTELY wrong!"
[Cris Staff Member]
"Tell me why I am wrong"
[Virnet Hierarchy]
"Everything we do in life, everything we do we get checked! When you
go for a job, you get checked, you sign a paper, maybe you haven't
but I have signed many of papers that said [changes idea] No matter
what you do, if you drive, no matter what you do in life, driving
can be a hobby, but your going to get checked! "
"Let me give you a beautiful example, she better not ever go to LA.
california, they send police officers on the street, and they just
stop people at will, and they run a check on them!"
[Cris Staff Member]
"But we are talking about a net here, ok you feel this way because
it's an anti-virus net or if it was any net?"
[Virnet Hierarchy]
"ANY NET! A N Y N E T!, when you join an organization they have
every right to check up on you because you are becoming part of a
team. and maybe there is someone that don't want as part of that
team."
[Cris Staff Member]
"Well I know there is allot of people that may have claimed a
bankruptcy in their past, or maybe they are an x-convict, they
spent time for a certain crime, but they paid their dept to
society. So if that shows up they are going to be kicked out of the
net? What virnet does it it's own business, I don't want to argue,
but" [interrupted]
[Virnet Hierarchy]
"She was offered to resign! did she resign? she makes it look like
she quit the virnet! in fact all hells going to break loose when I
resign, I'm going to resign. Everybody's going down!"
[Narrator]
This still goes on quite a bit, talking about many different topics
such as law, how you should not make mistakes and if you do you
should go to jail for them, how viruses should be against the law
and people that write them should be locked up, many virus writers
are mentioned and slandered, but then on the topic of prostitutes,
they are ok! and other law breakers are not as bad as virus
writers. I told him that I resign my node number for virnet, and
he asked me to please wait until this all blows over, but I could
not wait for this all to come out in the open, so I just left my
node number with him.
Also I have a number of hole cards ready to come out on Mr. Virnet
Hierarchy in case the same kind of slander comes this way.
Here is A post that also shows support in this issue:
- Original Area:NETMAIL
- Original From: David Schepper (1:114/150)
- Original To : Pam Trexler (1:15/20)
> I would be interested to know how this turns out for
> you and Steve. Virnet
> is a great disappointment to me all the way round.
Well, I got a call from Mr. Nuemann (spelling?) last night, and we spent about
two hours on the phone, during which time he told me things about you (the
same things that you had already told me), and we got into a discussion about
having virus writers in the net. I told him that, yes, there should be SOME
screening, but that the net would be better served if they had at least SOME
opposing information allowed access, but he disagreed. I might have been
willing to stay in the net, had he not basically confirmed your statements
about background checks. He said that they DO hire Private Investigators to
look into the backgrounds of "questionable" people. At that point, I told him
that I believed that they had overstepped the bounds of ANY network, and that
what they are doing may indeed be illegal. I also told him that my privacy and
integrity were MUCH more important to me than ANY net, and could no longer
afford to be associated with their net.
Anyway, to make a long story short, I am no longer associated with VirNet, and
their communistic approach to what is STILL basically a hobby.
Dave
C.R.I.S (Computer Research & Information Service)
--- GEcho 1.01+
* Origin: Computer Virus Research/Info Service 708-863-5285 (1:115/863)
From : MATT MILLER Number : 426
To : BILL DIRKS Ref.# : 0
Subj. : Virnet 1/3 Conf : Virus-Info
Date : 04-30-94 Time : 19:16 [309/313]
This is gonna be a long post folks... I suggest you get a
pepsi/beer/glass of your favorite beverage, and a sandwich or
something before you continue. If you don't like long posts I
suggest you move to the next thread.
BD>Pam Trexler wrote a misleading article and here's a sort of rebutal.
BD> Remember, Virnet is a fairly selective and secure network. Untampered
>untainted files (hatched files are received directly from the authors) are
>standard along with membership exclusively for those with antivirus interes
>(not those trying to help the virus writing community). Naturally, virus
>writers and those that help them are excluded. Also, Virnet policy states
>Virnet information will not be given or passed to non-Virnet nodes. Further
>in joining Virnet, you agree to the above.
----------------------------------------------------------------------------
> Individual regions can further put
>additional restrictions on membership (which is the case in North America).
Bill, Does this include the signing of any form(s) allowing
Virnet personnel the right to access one's personal records?
I think not. I also know that in most states it is illegal
to obtain such information without explicit written consent.
Do you or Mr. Neuman have Ms. Trexlers signature on any form(s)
authorizing this type of invasion of privacy? I thought not...
>Virnet also prides itself on the fact that most of their information doesn'
>make it to the virus writing community for their use. If someone is found
>doing this, they are dismissed as was your case since you were in violation
>virtually all policies in place..
OK, so you have someone in your network that you want out. Is it
really necessary to obtain personal information on them?
Couldn't you just politely inform them of their removal from the
net?
BD> PT> Do you know that when you join Virnet that the
> PT> coordinators of that network are performing personal
> PT> background checks on their members?
BD> Untrue. Nothing except a cursury check is done. e.g. are you known to
>part of a virus writing group or are you known for writing or spreading
>viruses, etc.
-------------------------------------------------------------------------
>Here in the US at present, this is determined by the
>applications coordinator from information he has on hand, NOT from a
>background check.
Hmmm... seems to me that you contradict yourself in the next
sentance.
____________________________________________________________________
>Unfortunately, you forced yourself to become the one and
>only exception to the rule to date (>3 years).
____________________________________________________________________
**** In the above sentance Bill admits that Virnet did the
**** background/credit check. Remember this when you read his other
**** posts saying they didn't.
Bill, kindly explain to me how someone can force Virnet to do a
background check on them. I really don't understand your angle
here. She didn't force Virnet / Mr. Neuman to do anything. He
chose to do it. That is irrefutable FACT. If you don't want
someone in your net you remove them, you do not go snooping into
their background. (unless you are the Virnet applications
co-ordinator looking for dirt on people you dislike...)
**** Note for those that made it this far:
Information to back up the above statement should reach you in
the same mail packet as this post. If not it will surely be in
the next.
BD> PT> Do you know they are pulling credit records and legal records on
> PT> their nodes?
BD> This was a one time incident limited to yourself, and forced by yourse
C'mon now Bill, she didn't force anyone to do any kind of
background/credit check. You are attempting to smooth over what
they did.
>. Because of the various lies and deceit on your part, it was virtally
>impossible without resorting to extraordinary means to determine what was f
>and what was fiction coming from you.
If Virnet knew of these alleged "lies and deceit" then again I
ask you "Why didn't they just remove her from the net?" Why go
through all the trouble of obtaining the aforementioned checks?
>This info was used as a tool to ferret
>out a leak in the network. It was used "after" you seemed to be the leak bu
>used for confirmation. This is obvious by the amount of time it took to
>confirm you were the originating US link of Virnet info to the virus writin
>community (> 1 yr).
(Continued to next message)
QMPro 1.50 03-4821 Blah..........
--- GEcho 1.01+
* Origin: Computer Virus Research/Info Service 708-863-5285 (1:115/863)
From : MATT MILLER Number : 427
To : BILL DIRKS Ref.# : 0
Subj. : Virnet 2/3 Conf : Virus-Info
Date : 04-30-94 Time : 19:16 [310/313]
(Continued from previous message)
Personal comment mode on:
Bill, I hate to be the bearer of bad news, but Virnet stinks,
the net is stale and boring and contains no information any
virus writer (or most any bipedal lifeform) would consider
valuable.
mode off.
>Three people have this info and you are aware of who they
>are (meets most the legal requirements for disclosure since you are the one
>who provided the information to enable verification of information you
>withheld). From my understanding, you are upset basically over the fact tha
>this info helped verify you were part of the virus writing community.
This is FUD (f-cked up drivel) dreamed up by Mr. Neuman to try
and cover their proverbial ass should litigation be forthcoming.
BD> PT> They didn't tell me they would pull my credit record.
> PT> They never informed me that they would check my legal
> PT> record. There is nothing
> PT> in those that I am ashamed of, but do they have the right to do this
> PT> WITHOUT THE KNOWLEDGE OF THE NODE? Why would Virnet need to know abou
> PT> my credit background? Why should Virnet need to know
> PT> if I have a speeding ticket or anything else?
BD> No, but then again, you are the one who forced them into a corner with
>your lies. You were in the net over a year before anything was done. You ar
>the one who cast doubt as to who you are or are not. This information was u
>for verification and informational purposes only. "NONE" of it has or will
>published unless you chose to do so.... e.g. no one has published your vari
>AKAs that you use among other things. e.g. you published your real name her
>instead of an AKA which is the norm of your friends.
Yet more FUD... Again I ask you to tell me how she "forced"
anyone to do anything? So what if you haven't published it
publicly... it is still illegal in most areas to obtain such
information without written consent.
> Let me put this in a better prospective for everyone! I am a computer
>consultant. I reserve the right to reject prospective clients depending upo
>many factors. I can make this determination based upon information they
>readily provide me. I "may" depending upon the circumstances use what they
>have provided to do credit checks, "rap-sheets", etc., to PROTECT myself. T
>is based upon something legally called "Implied Consent". I did not need th
>permission to perform these checks as you imply. It is 100% legal in most
>cases. The Virnet administration simply applied the "Implied Consent" rule
>protect themselves. Nothing more, nothing less. Please understand, you were
>the one that consented to Virnet's rules and broke them.
Trying to rationalize it away... The above is pure cr-p. You are
attempting to say that just by accepting a position in Virnet
she "implied consent" for checks into her personal and legal
records? B-S! ***** Potential Virnet sysops should reread the
above paragraph 15 times, after doing so if you still choose to
join Virnet, you should consider professional counselling.
BD> PT> Running a BBS is a hobby, not a business. My feeling
> PT> about this is that they do not have the right to invade
> PT> my privacy in order to run a network. Especially
> PT> without my knowledge.
BD> You ported Virnet info to the virus writing community without telling
>them which was against their rules. Granted, two wrongs don't make a right
>it seems you are upset about them doing the same thing you were, going behi
>your back. Doesn't feel to well does it when you break a trust.........
In the above para. Bill admits what they did was wrong. Very
strange indeed after all the FUD he spewed trying to rationalize
it away don't you think? Yet AGAIN I ask why she wasn't just
removed from the net?
BD> PT> How would you feel to learn that your legal records are being passed
> PT> overseas because you were interested in reading and participating in
> PT> an anti-virus network.
BD> They were passed overseas to the Virnet International Coordinator. I'm
>sure this and other info helped in verifying your excommunication from the
>net. It'll also help so you don't go and get an overseas feed into the net
>corrupt it. I do know that you have not appealed to the IC over this matter
>even though it was suggested to you. I know most normal people who are
>innocent of something wouldn't pass up a chance to prove their innocence to
>the "final" deciding authority. Why haven't you??
Excommunication? You make Virnet sound like some type of deviant
religion. If one is excommunicated from a religion no-one is
allowed to speak to them at all, yet here you are spewing more
and more FUD trying to smooth it over... Even if she did do all
the things you/Virnet accuse her of it still does not justify
the invasion of privacy perpetrated by Virnet / Mr. Neuman.
BD> PT> I don't want any part of Virnet and these personal investigations. I
> PT> am glad I am no longer a member.
(Continued to next message)
QMPro 1.50 03-4821 Blah..........
--- GEcho 1.01+
* Origin: Computer Virus Research/Info Service 708-863-5285 (1:115/863)
From : MATT MILLER Number : 428
To : BILL DIRKS Ref.# : 0
Subj. : Virnet 3/3 Conf : Virus-Info
Date : 04-30-94 Time : 19:17 [311/313]
(Continued from previous message)
BD> They are also glad you are now not a member to pass on Virnet
>information to the virus writing community 8-)). Remember, YOU are the one
>that forced the investigation!
There's that word "FORCED" again... This is a hobby people... if
people are not following the rules of your little group you ask
them to leave. You do not invade their privacy and then attempt
to say they "forced" you to do it. Anyone thinking of joining
Virnet in any capacity should continue to follow this thread as
I can assure you it will get much more entertaining here
shortly.
>Bill Dirks
BD>--- Maximus 2.01wb
> * Origin: Safe Hex Central (405)248-0528 Lawton,OK (1:385/17)
QMPro 1.50 03-4821 Blah..........
--- GEcho 1.01+
* Origin: Computer Virus Research/Info Service 708-863-5285 (1:115/863)
*************************************************************
Announcing
The
Second International Virus Writing Contest
Sponsored by
American Eagle Publications, Inc.
P.O. Box 41401
Tucson, AZ 85717 USA
and
The Crypt Infosystems BBS
+1 (818) 683-0854
*** The Goal ***
The purpose of this contest is to write a fully functional
computer virus that entertains people with political satire.
Viruses will be judged on the basis of originality,
creativity, functionality, and political incorrectness.
*** Eligibility ***
Anyone who can write a computer virus is eligible.
*** Contest Dates ***
The contest is underway from January 1, 1994 until June 30,
1994. Your submissions must be received by June 30 to
qualify. The winner of the contest will be announced at the
DEFCON conference in Las Vegas, July 22-24, 1994. If you can
be present, an official award will be bestowed on you at that
time.
*************************************************************
Details
*************************************************************
The philosopher Friedrik Nietzsche once said that if you want
to kill something, you must laugh at it--and laugh at it
deeply. So there should be little wonder that political
satire is as old as politics itself.
Is there something going on in the political arena that you
abhor, that makes you sick, that is just plain wrong? Well,
here's your chance to make a mockery of it. I've always had
this idea that if someone wrote a sufficiently witty virus
that really addressed the issues the way the people (not the
press, not the politicians) saw them, it might just get
passed around by people voluntarily.
Let's find out.
Write a virus that is itself a political satire. I don't mean
a virus that simply displays a message. I mean a living
entity whose every move--whose every action--is politically
motivated. If you need more than one virus to make your
point--perhaps two viruses working together, or something
like that, that is fine.
-----------------------------------------------------------
Let me give you a simple example: The Political Correctness
Virus
This virus is a spoof on the "political correctness"
movement--which is just a form of self-imposed censorship--
that is sweeping american intellectual circles, particularly
colleges and universities.
This virus is a memory resident boot sector virus which
maintains a list of politically incorrect words on your
computer system. It also hooks the keyboard interrupt and
monitors every keystroke you make. If you type a politically
incorrect word into the computer, the PCV springs into
action.
Politically incorrect words are ranked at three different
offense levels. When the PCV encounters such a word, it
determines what offense level that word is, and acts
accordingly.
The least offensive words merely register a beep. More
offensive words cause a beep to sound for 10 seconds. The
most offensive words cause a siren to sound for two minutes,
locking the system for that duration. If you turn the
computer off before the two minutes are up, the virus will
stop the boot process for five minutes, with sirens, when you
turn it back on. If you allow the siren to complete, then you
can proceed.
The virus has two different word lists, both stored in an
encrypted and compressed format. The list is selected
at random when the system is infected, after which it cannot
be changed. The first list is the "proper" list of
political correctness no-no's. For example, a word like
"sodomite" is among the worst possible offenses. The
second list is an inverted list of no-no's. This list trys
to force you to use "sodomite" by flagging words like "gay"
and "homosexual" as no-no's.
If you allow the PCV to live in your system for three months
without getting a single flag, you are given the supreme
honor of viewing the word list assigned to you and adding a
word to it. If you get more than 3000 flags in a lifetime,
the virus will force you to enter a politically correct word
before allowing you to start the computer, since you are
obviously unwilling to submit to its censorship.
The virus also uses powerful means to prevent disinfection,
so that, once you get it, you can't get rid of it without a
major effort.
------------------------------------------------------------
Now, I know you can get a lot more creative than this--so do
it! Design your virus carefully, so that everything it does
has meaning. Then send it in.
Here are the criteria we'll use:
1. Originality: Your virus must be an original work. Do not
send us anything that is not 100% yours. Your message should
be original too. Do not just ape what everybody else is
saying, especially the media. Also, a refined wit is much
to be preferred over vulgarity. Vulgarity is a substitute for
original wit. Foul language, porn, etc., are out. Destructive
features should be incorporated only if they are VERY
appropriate (perhaps if you are commenting on real live
genocide in your country, or something like that). In
general, though, destructive features will hurt you, not help
you. The one exception is modifying anti-virus programs. That
is considered to be CONstructive activity.
2. Creativity: Make us laugh, make us cry. Amaze us with how
bits and bytes can say something about politics and issues.
Think of it like this: displaying a message on the screen is
like reading a text file. What we want is the equivalent of a
multi-media extrvaganza. Use all the system's resources to
tell your message. Don't be afraid to write a virus that has
some wierd mode of infecting programs that tells a story, or
to write one that sends faxes to the White House, or sends an
automatic request for reams of free information to some
government agency.
3. Functionality: The virus has to work. If it only works on
some machines, or under some versions of DOS, or what-not,
then that will count against you. The better it is at
infecting systems and moving around, the better off you will
be. So, for example, if you write a file-infector, make sure
it can jump directories, and--if you're up to it--migrate
across a network.
4. Political incorrectness: Since computer viruses are
politically incorrect, their message should be too. If you
send us a pro-establishment virus, then you will not win this
contest. A word to the wise: think twice about what's correct
and what's not. Many positions are only superficially
incorrect, though they are really quite fasionable among the
establishment. Look at it this way: if you could get a well-
written letter expressing your view published in a big city
newspaper, then it's not sufficiently incorrect. There are a
LOT of ideas that are unofficially censored by society--
especially the media and academia. They tend to make
themselves out to be the rebels, but they are really the
establishment. If you can't think of anything creatively
incorrect and sufficiently obnoxious then you shouldn't be
writing viruses in the first place.
*************************************************************
How to Submit an Entry
You may mail your entry to American Eagle Publications at the
above address, or you may e-mail it to ameagle@mcimail.com.
Alternatively, you can submit it by dialing the Crypt
Infosystems BBS and uploading it there. To get on to the
system quickly, efficiently and anonymously, log on as VIRUS,
using the password CONTEST.
An entry consists of:
1. A complete copy of your virus, both source and executable
files.
2. If the political satire isn't perfectly obvious, send a
verbal description of how the virus works and why it does
what it does. This is especially important if you are not an
American and you are commenting on something that has
not received worldwide attention. I don't care if you're
Bulgarian and you're commenting on something we've never
heard of--just make sure you explain it, or we won't
understand and you'll lose.
3. If you want to be recognized for your work, include your
name (real or handle), and a way we can get in contact with
you.
By submitting an entry, you grant American Eagle
Publications, Inc. the right to publish your virus in any
form. You agree not to make your virus public prior to July
25, 1994. If you do, you are automatically disqualified from
the contest.
For the sake of privacy, you may encrypt your entry and
send it in with the following PGP key (which we highly
recommend if you have PGP):
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.1
mQCNAi09jVgAAAEEAN3M9LFQXeBprkZuKo5NtuMC+82qNd3/8saHLO6iuGe/eUai
8Vx7yqqpyLjZDGbAS7bvobrcY3IyFeu8PXG4T8sd+g81P0AY0PHUqxxPG3COvBfP
oRd+79wB66YCTjKSwd3KVaC7WG/CyXDIX5W6KwCaGL/SFXqRChWdf2BGDUCRAAUR
tApDT05URVNUXzk0
=Z20c
-----END PGP PUBLIC KEY BLOCK-----
Good luck!
****************************************************************
P R I Z E S
In addition to instant worldwide fame and recognition, you'll
get:
1. A cash prize of $100 US.
2. A year's subscription to Computer Virus Developments
Quarterly.
3. Your virus will be published in Computer Virus
Developments Quarterly, and other fine journals.
4. A handsome engraved plaque recognizing your contribution
to the betterment of mankind.
5. A free secret surprise that we cannot tell you about
right now, valued at $100.
Two runner-ups will receive the secret surprise.
*****************************************************************
!! GO FOR IT !!
*****************************************************************
* Beware of [PLURG] *
[EoF]�40Hex Number 13 Volume 4 Issue 1 File 002
EXE Self-Disinfection
By Dark Angel of Phalcon/Skism
In the last issue of 40Hex, Demogorgon presented an article on self-
disinfecting COM files. COM file disinfection is simplistic and very
straightforward. In this article, we shall deal with the somewhat more
complex topic of EXE file self-disinfection.
You should already be familiar with the EXE file header and how each of the
fields work. A brief summary follows (a fuller treatment may be found in
40Hex-8.007):
Offset Description
00 'MZ' or 'ZM' EXE signature word
02 Bytes in last page of the image
04 Number of pages in the file
06 Number of relocation items
08 Size of the header in paragraphs
0A Minimum memory required in paragraphs
0C Maximum memory requested in paragraphs
0E Initial SS, offset from header in paragraphs
10 Initial SP
12 Negative checksum (ignored)
14 Initial IP
16 Initial CS, offset from header in paragraphs
18 Offset of relocation table from start of file
1A Overlay number (ignored)
There are several methods which allow a virus to infect an EXE file. The
most common method involves the virus twiddling with the entry point of the
program to point to the virus. Another involves the virus altering the code
at the original entry point to jmp to its own code. A further method
involves the virus simply overwriting the code at the entry point and
storing the original code somewhere else, possibly at the end of the file.
A final method involves altering the structure of the EXE file so it is
instead recognised as a COM file. The ideal self-check routine should be
able to handle all these cases.
Part 1 - Detection
~~~~~~~~~~~~~~~~~~
The strategy for detection is simple; one simply needs to store a copy of
the original header and the first few bytes located at the entry code. When
the program executes, simply check these bytes to those found in the copy
of the program located on the disk. If they differ, then there is clearly
something amiss. This is essentially the same as the process for COM self-
checking, but an extra layer of complexity is added since the header is not
loaded into memory at startup. This minor difficulty may be readily
overcome by simply physically storing the header at some point in the
program.
Since the header is not known before assembling the file, it is necessary
to patch the header into the file after assembly. This may be done rather
easily with a simple utility called 40patch. It will insert the header and
the first 20h (32d) bytes at the entry point of an EXE file at the first
occurence of the string 'Dark Angel eats goat cheese.' in the program. This
string is exactly the length of the header, so be sure to allocate an
additional 20h bytes after the string for the entry point code.
A sample self-checking program follows:
----EXE Self-Check Program 1 begin----
.model small
.radix 16
.code
; Self-Checking EXE 1
; Written by Dark Angel of Phalcon/Skism
; For 40Hex #13
; To assemble: (tested with TASM 2.0)
; tasm <filename>
; tlink <filename>
entry_point: mov ah,51 ; Get current PSP to BX
int 21
mov ds,bx
mov bx,ds:2c ; Search the environment for
mov es,bx ; our own filename. Note that
mov di,1 ; this only works in DOS 3+.
xor ax,ax
dec di ; It also won't work if the
scasw ; environment has been
jnz $ - 2 ; released.
xchg dx,di
inc dx
inc dx
push es ; filename to ds:dx
pop ds
mov ax,3d02 ; unless this handler is
int 21 ; tunneled, a virus may
xchg ax,bx ; infect it
mov ax,_DATA
mov ds,ax ; restore DS and ES
mov es,ax
jc error
mov cx,1c ; check the header for
mov si,offset header ; corruption
call read_buffer
jc close_error
mov ax,4200 ; go to the entry point
xor cx,cx
mov dx,word ptr [header+8]
add dx,word ptr [header+16]
rept 4
shl dx,1
adc cx,0
endm
add dx,word ptr [header+14] ; add this to the entry point
adc cx,0 ; offset from header
int 21
jc close_error
mov cx,20 ; now check the first 32 bytes
mov si,offset first20 ; for corruption
call read_buffer
jc close_error
close_error: pushf
mov ah,3e ; close the file
int 21
popf
jc error
mov dx,offset good ; In an actual program, replace
; this line with a JMP to the
jmp short $+5 ; program entry point
error: mov dx,offset bad
mov ah,9
int 21
mov ax,4c00
int 21
read_buffer: mov ah,3f
mov dx,offset readbuffer
int 21
jc error_read
clc
cmp ax,cx
jnz error_read
xchg dx,di
rep cmpsb
clc
jz $+3
error_read: stc
ret
.data
good db 'Self-check passed with flying colours.',0Dh,0A,'