informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/virus/mkinterv.iew

304 lines
12 KiB
Plaintext
Raw Blame History

--------------------------------------------------------------------------------
INTERVIEW WITH MASUD KHAFIR / TRIDENT / THE NETHERLANDS
--------------------------------------------------------------------------------
Give me a short description of who you are!
- I am Masud Khafir, virus writer.
Age: twenty-something.
Country: The Netherlands
That's about all that I want to reveal about my identity.
From where did you get your handle, Masud Khafir?
- 'Masud' is a common name in the middle east. I chose that name in the
spring of 1991, when the kurdish rebellion in iraq was active. Their
leader was Masud Barzani. There are more rebel leaders with that name:
Masud Rajavi, leader of the Iranian Mujahedin e Khalq and Ahmad Shah
Masud, one of the Afghan rebel leaders. 'Khafir' is a word I once
found in the dictionary. It's arab and is a rude word for non-muslims.
In the south-african language it's 'kaffir' and means 'nigger'. In
Holland it is 'kaffer' and is used for calling someone an idiot. I
found it a funny word, because of its strange history.
When did you discovered the world of computers?
- A long time ago. My first computer was a C-64. That was about 10
years ago. But I have even programmed before that time.
How long have you been active in the scene?
- Like I said, I started in the spring of 1991. That's allmost 3
years now.
How did you came into the virus business?
- It started when I got a virus from a friend. I dissasembled that
virus and after that I was wondering if I could write one myself.
In the same time I started reading the virus areas on fidonet and
there I read about Todor Todorov's Virus eXchange BBS. I was very
curious about that and so I called it a few times. That's how I got
into the scene.
Positive/negative aspects of the scene?
- I think that the attitude towards the AV community is sometimes a bit
too hostile. I see it more like a chessgame, they are our opponents,
but we don't have to be enemies. Many of them are just nice people.
But of course the same is true for the other side. Some of them just
hate us. What I also don't like is the negative image of the scene,
that adolescent rebellious attitude and creating an image of oneself
as evil and dangerous. But that's just my personal opinion. This
also means that I don't like destructive viruses.
Have you been involved in any other group than Trident?
- No.
Who started/created Trident?
- It was started by John Tardy.
What's the groups goal?
- I think the main goal is to keep in touch with each other. There's not
a big cooperation on writing viruses. Everybody does its own things.
How many people are you?
- About between 5 and 10.
Do all of them program, if not, what's the others job?
- It's mainly a programmers group. But there are some non-writers
affiliated with the group.
How is Trident (currently) organzied?
- There is no real organisation. It's mainly a group of friends.
Have you got any contacts with other virus-groups/programmers?
- Some of us have contacts with others. At this moment we can have
access to Nuke-net.
Can anyone ask for membership, or are you a "private" group?
- I guess we are more or less a private group. There have been new
members in the past. In that case we just all agreed. At this moment
we don't feel to expand.
You've programmed aloth of polymorphic things, and one of them is the
Trident Polymorphic Engine, what comments have you recieved about it?
- Well, various. I have not had that many personal responses, as I am
not too easy to reach. But it has got quite some attention in the
virus/antivirus world. It's also one of the things that made the
name Trident known in the scene.
Will you continue to "upgrade" it, or is it a finished project?
- TPE is now finished. The first versions all had some bugs. I thought
that version 1.3 would be the last one, but that one still had a small
bug. Version 1.4 seems to be okay, as far as I know now. Besides, I
don't think I would want to put out a new version again, anymore.
How many strains/mutations can it produce?
- I have no idea. Enough, I think. The most important thing is that the
decryptors can not be found with wildcard scanstrings. That's the main
idea behind polymorphism. In version 1.4 I also enhanced the way in
which it encrypts, because this was a weak point.
Even thought polymorphic engine's are a great thing, not many people
seems to use them? You have any theorie why they don't?
- I think most people just want to make their own things, rather than
use someone else's products. And maybe because antivirus writers have
been quite succesful in finding ways to detect them.
Which is the best polymorphic engine around today?
- It's hard to say. I've seen several of them but I haven't done a real
close study on any of them. Each of them has its strong and weak
points, I think. Of course there are not only the engines, but also
a lot of other polymorphic viruses, like V2P*, Maltese Amoeba,
Uruguay, etc. TPE started this way too. Some of these viruses are
just as advanced as the engines. But none of those engines and viruses
is perfect. For every one of them the AV people have found a solution.
Have you ever thought of/are you currently releasing some sort of
electronic magazine (text/executable/hard-copy)
- Yes, we have been thinking about that. But we didn't have enough good
ideas (and are too lazy) to write enough articles. We rather write
code than text. We couldn't even agree on the title...
Are you into other things such as hacking and phreaking aswell, or
just viruses?
- I once was interrested in things like hacking etc. But I'm not
involved in that scene now.
Can you name a few viruses/engines you in person have written?
- The most known are: Gotcha, 7th son, Little Brother, Pogue,
CoffeeShop, WinVir, TPE, Cruncher, PlayGame, etc..
Which one was the hardest to write?
- Probably the first one: Gotcha. WinVir and Cruncher were quite
hard too.
Do you have any sort of company or law-enforcement who are trying
to hunt Trident down?
- Perhaps. This could be possible. Anyway, we keep cautious, because
you never know...
If so, are they a real threat or just "childish"?
- There is a new law against various computer crimes since 1 march 1993.
Writing a virus is not illegal. Distributing viruses in any way can be
illegal. The law is not very clear about this. If we as writers
exchange viruses amongst each others, that could perhaps be
interpreted as something illegal. Last year another guy in Holland
was arrested for hacking, and although he hasn't been convicted for
anything yet, the law enforcement has been quite tough on him. So
they certainly can make your life hard if they want to.
Have you ever had any trouble in the group with the result of
kicked members?
- No.
How good are Trident comparing to other groups?
- Well, I leave that to others to decide.
Do you have any couriers that spread your products around?
- We don't spread our viruses in the wild. But we do exchange them
with other people in the virus scene.
What do you think about the laws against h/p/v that has arrived
lately?
- They were inevitable. I don't know much about the laws in other
countries, but I think here they are too tough. The penalties are
too high. OK, these things we do might be naughty, but they not
crimes.
What do you think about various news-papers thinking us as nerds?
- They have used the same cliche's before for computer freaks in
general. I don't know, maybe it is true for some. At least I think
most of us are young, male, IQ>100, interested in technical stuff,
etc. But that doesn't mean that we're nerds. The people that I know
aren't.
Has the scene in any way influented on your real life?
- No, not really.
Would you feel guilty if one of your viruses made damage to a
hospital?
- Yes, I would. For that reason I don't write viruses that destroy data.
I usualy don't spread them in the wild at all. I only did that once,
when I was in a bad mood. I don't wanna cause other people trouble.
For me creating them is the most important thing. But of course I
also like it if they get some worldwide attention. That's human
nature, I guess. That's why I don't mind if AV people get them.
But I don't see a problem in giving them to VX people either,
because my experience is that viruses in the VX scene very rarely
leak out in the wild.
Do you see any differences between the scene now and a couple of
years ago (concerning the underground part ofcause)?
- The scene is growing and there are more contacts between each other.
A few years ago it was much harder to get in contact with other virus
writers.
Which virus-magazine do you think is the best avalible now-a-days?
- I think my favorite is 40hex.
Which virus-group/programmer do you admire/like?
- Of course Dark Avenger was one of the best, maybe the best. He often
introduced new techniques. I also people like Dark Angel from P/S.
But to be honest, I don't often take a deep look at other viruses
anymore these days.
Which country is the best virus-writing today (Before it was
Bulgaria, maybe changed)?
- I haven't heard anything from Bulgaria for a long time. Sometimes I
have some nostalgia for the times when Bulgaria was the virus centre
of the world. :-) Today it's probably the USA, because they're the
biggest country in the west. I think it's strange we don't hear that
much about Russia.
What do you think about these virus generators, such as VCL and PS-MPC?
- They are funny things. I like them for what they can do, for the
technical side of it.
What do you think about the people using them?
- It's nice to experiment a bit with them, but creating a virus this
way is defenitly not something to be proud of.
What do you think about people bragging over (almost) nothing and
ragging with other groups aswell?
- I think they're giving the virus scene a bad name.
What do you think about such individes as board-crashers?
- I don't know any of them, but I think it's rather lame.
Describe the perfect virus :
- One that is totally bug-free. One that is 100% compatible with all
programs and doesn't for example crash the computer is you start
Windows.
Describe the perfect viruscoder :
- One that invents new techniques. One that can defeat the anti-virus
programs.
Describe the AV-community with a few lines :
- We need them. I think every virus writer uses AV programs.
It is nice when a virus can be smarter than the current AV software,
but it would be scary if they wouldn't be able to find a solution for
it. But it's a shame that some AV people hate us.
Which AV-program do think is the best, and why?
- I like TBscan a lot, mainly for its heuristic features. And it's
fast. F-prot is best in identifying viruses and it's very user
friendly. I also like AVP from russia. Sometimes it's a bit slow,
but it is very powerful. It also has a very nice info section.
What do you think about the underground's future?
- I think it will continue to grow, but perhaps it will get less
exciting. Viruses are not as special and mysterious anymore as
they were before.
Do you know/heard of any new technics coming in the near future?
- No, I wish I knew...
Any advice to people who want's to learn the basic of virus-writing?
- Take a good look at other viruses and sources. Try to understand
their weak and their strong points. Test your stuff before you give
it away, because it's a shame to have dozens of bug-fix updates for
the same virus. Do it for the fun of it, and not to cause other
people trouble. And try to be original.
Reference in New Issue View Git Blame Copy Permalink