,, MMP""MM""YMM `7MM P' MM `7 MM MM MMpMMMb. .gP"Ya MM MM MM ,M' Yb MM MM MM 8M"""""" MM MM MM YM. , .JMML. .JMML JMML.`Mbmmd' `7MMF' `7MF' `7MMF' `7MMF' `MA ,V MM MM VM: ,V `7M' `MF' MM MM .gP"Ya ,6"Yb.`7M' `MF'.gP"Ya `7MMpMMMb. MM. M' `VA ,V' MMmmmmmmMM ,M' Yb 8) MM VA ,V ,M' Yb MM MM `MM A' XMX MM MM 8M"""""" ,pm9MM VA ,V 8M"""""" MM MM :MM; ,V' VA. MM MM YM. , 8M MM VVV YM. , MM MM VF .AM. .MA..JMML. .JMML.`Mbmmd' `Moo9^Yo. W `Mbmmd'.JMML JMML. ,, ,, ,, .g8"""bgd `7MM `7MM mm db .dP' `M MM MM MM dM' ` ,pW"Wq. MM MM .gP"Ya ,p6"bo mmMMmm `7MM ,pW"Wq.`7MMpMMMb. MM 6W' `Wb MM MM ,M' Yb 6M' OO MM MM 6W' `Wb MM MM MM. 8M M8 MM MM 8M"""""" 8M MM MM 8M M8 MM MM `Mb. ,'YA. ,A9 MM MM YM. , YM. , MM MM YA. ,A9 MM MM `"bmmmd' `Ybmd9'.JMML..JMML.`Mbmmd' YMbmd' `Mbmo.JMML.`Ybmd9'.JMML JMML. -- Contact -- https://twitter.com/vxunderground vxug@null.net

Give me a short description of who you are!

I am Masud Khafir, virus writer.

Age: twenty-something.

Country: The Netherlands

That's about all that I want to reveal about my identity.

From where did you get your handle, Masud Khafir?

'Masud' is a common name in the middle east. I chose that name in the spring of 1991, when the kurdish rebellion in iraq was active. Their leader was Masud Barzani. There are more rebel leaders with that name: Masud Rajavi, leader of the Iranian Mujahedin e Khalq and Ahmad Shah Masud, one of the Afghan rebel leaders. 'Khafir' is a word I once found in the dictionary. It's arab and is a rude word for non-muslims. In the south-african language it's 'kaffir' and means 'nigger'. In Holland it is 'kaffer' and is used for calling someone an idiot. I found it a funny word, because of its strange history.

When did you discovered the world of computers?

A long time ago. My first computer was a C-64. That was about 10 years ago. But I have even programmed before that time.

How long have you been active in the scene?

Like I said, I started in the spring of 1991. That's allmost 3 years now.

How did you came into the virus business?

It started when I got a virus from a friend. I dissasembled that virus and after that I was wondering if I could write one myself. In the same time I started reading the virus areas on fidonet and there I read about Todor Todorov's Virus eXchange BBS. I was very curious about that and so I called it a few times. That's how I got into the scene.

Positive/negative aspects of the scene?

I think that the attitude towards the AV community is sometimes a bit too hostile. I see it more like a chessgame, they are our opponents, but we don't have to be enemies. Many of them are just nice people. But of course the same is true for the other side. Some of them just hate us. What I also don't like is the negative image of the scene, that adolescent rebellious attitude and creating an image of oneself as evil and dangerous. But that's just my personal opinion. This also means that I don't like destructive viruses.

Have you been involved in any other group than Trident?


Who started/created Trident?

It was started by John Tardy.

What's the groups goal?

I think the main goal is to keep in touch with each other. There's not a big cooperation on writing viruses. Everybody does its own things.

How many people are you?

About between 5 and 10.

Do all of them program, if not, what's the others job?

It's mainly a programmers group. But there are some non-writers affiliated with the group.

How is Trident (currently) organzied?

There is no real organisation. It's mainly a group of friends.

Have you got any contacts with other virus-groups/programmers?

Some of us have contacts with others. At this moment we can have access to Nuke-net.

Can anyone ask for membership, or are you a "private" group?

I guess we are more or less a private group. There have been new members in the past. In that case we just all agreed. At this moment we don't feel to expand.

You've programmed a lot of polymorphic things, and one of them is the Trident Polymorphic Engine, what comments have you recieved about it?

Well, various. I have not had that many personal responses, as I am not too easy to reach. But it has got quite some attention in the virus/antivirus world. It's also one of the things that made the name Trident known in the scene.

Will you continue to "upgrade" it, or is it a finished project?

TPE is now finished. The first versions all had some bugs. I thought that version 1.3 would be the last one, but that one still had a small bug. Version 1.4 seems to be okay, as far as I know now. Besides, I don't think I would want to put out a new version again, anymore.

How many strains/mutations can it produce?

I have no idea. Enough, I think. The most important thing is that the decryptors can not be found with wildcard scanstrings. That's the main idea behind polymorphism. In version 1.4 I also enhanced the way in which it encrypts, because this was a weak point.

Even thought polymorphic engine's are a great thing, not many people seems to use them? You have any theorie why they don't?

I think most people just want to make their own things, rather than use someone else's products. And maybe because antivirus writers have been quite succesful in finding ways to detect them.

Which is the best polymorphic engine around today?

It's hard to say. I've seen several of them but I haven't done a real close study on any of them. Each of them has its strong and weak points, I think. Of course there are not only the engines, but also a lot of other polymorphic viruses, like V2P*, Maltese Amoeba, Uruguay, etc. TPE started this way too. Some of these viruses are just as advanced as the engines. But none of those engines and viruses is perfect. For every one of them the AV people have found a solution.

Have you ever thought of/are you currently releasing some sort of electronic magazine (text/executable/hard-copy)

Yes, we have been thinking about that. But we didn't have enough good ideas (and are too lazy) to write enough articles. We rather write code than text. We couldn't even agree on the title...

Are you into other things such as hacking and phreaking as well, or just viruses?

I once was interrested in things like hacking etc. But I'm not involved in that scene now.

Can you name a few viruses/engines you in person have written?

The most known are: Gotcha, 7th son, Little Brother, Pogue, CoffeeShop, WinVir, TPE, Cruncher, PlayGame, etc..

Which one was the hardest to write?

Probably the first one: Gotcha. WinVir and Cruncher were quite hard too.

Do you have any sort of company or law-enforcement who are trying to hunt Trident down?

Perhaps. This could be possible. Anyway, we keep cautious, because you never know...

If so, are they a real threat or just "childish"?

There is a new law against various computer crimes since 1 march 1993. Writing a virus is not illegal. Distributing viruses in any way can be illegal. The law is not very clear about this. If we as writers exchange viruses amongst each others, that could perhaps be interpreted as something illegal. Last year another guy in Holland was arrested for hacking, and although he hasn't been convicted for anything yet, the law enforcement has been quite tough on him. So they certainly can make your life hard if they want to.

Have you ever had any trouble in the group with the result of kicked members?


How good are Trident comparing to other groups?

Well, I leave that to others to decide.

Do you have any couriers that spread your products around?

We don't spread our viruses in the wild. But we do exchange them with other people in the virus scene.

What do you think about the laws against h/p/v that has arrived lately?

They were inevitable. I don't know much about the laws in other countries, but I think here they are too tough. The penalties are too high. OK, these things we do might be naughty, but they not crimes.

What do you think about various news-papers thinking us as nerds?

They have used the same cliche's before for computer freaks in general. I don't know, maybe it is true for some. At least I think most of us are young, male, IQ>100, interested in technical stuff, etc. But that doesn't mean that we're nerds. The people that I know aren't.

Has the scene in any way influented on your real life?

No, not really.

Would you feel guilty if one of your viruses made damage to a hospital?

Yes, I would. For that reason I don't write viruses that destroy data. I usualy don't spread them in the wild at all. I only did that once, when I was in a bad mood. I don't wanna cause other people trouble. For me creating them is the most important thing. But of course I also like it if they get some worldwide attention. That's human nature, I guess. That's why I don't mind if AV people get them. But I don't see a problem in giving them to VX people either, because my experience is that viruses in the VX scene very rarely leak out in the wild.

Do you see any differences between the scene now and a couple of years ago (concerning the underground part ofcause)?

The scene is growing and there are more contacts between each other. A few years ago it was much harder to get in contact with other virus writers.

Which virus-magazine do you think is the best avalible now-a-days?

I think my favorite is 40hex.

Which virus-group/programmer do you admire/like?

Of course Dark Avenger was one of the best, maybe the best. He often introduced new techniques. I also people like Dark Angel from P/S. But to be honest, I don't often take a deep look at other viruses anymore these days.

Which country is the best virus-writing today (Before it was Bulgaria, maybe changed)?

I haven't heard anything from Bulgaria for a long time. Sometimes I have some nostalgia for the times when Bulgaria was the virus centre of the world. :-) Today it's probably the USA, because they're the biggest country in the west. I think it's strange we don't hear that much about Russia.

What do you think about these virus generators, such as VCL and PS-MPC?

They are funny things. I like them for what they can do, for the technical side of it.

What do you think about the people using them?

It's nice to experiment a bit with them, but creating a virus this way is defenitly not something to be proud of.

What do you think about people bragging over (almost) nothing and ragging with other groups aswell?

I think they're giving the virus scene a bad name.

What do you think about such individes as board-crashers?

I don't know any of them, but I think it's rather lame.

Describe the perfect virus:

One that is totally bug-free. One that is 100% compatible with all programs and doesn't for example crash the computer is you start Windows.

Describe the perfect viruscoder:

One that invents new techniques. One that can defeat the anti-virus programs.

Describe the AV-community with a few lines:

We need them. I think every virus writer uses AV programs. It is nice when a virus can be smarter than the current AV software, but it would be scary if they wouldn't be able to find a solution for it. But it's a shame that some AV people hate us.

Which AV-program do think is the best, and why?

I like TBscan a lot, mainly for its heuristic features. And it's fast. F-prot is best in identifying viruses and it's very user friendly. I also like AVP from russia. Sometimes it's a bit slow, but it is very powerful. It also has a very nice info section.

What do you think about the underground's future?

I think it will continue to grow, but perhaps it will get less exciting. Viruses are not as special and mysterious anymore as they were before.

Do you know/heard of any new technics coming in the near future?

No, I wish I knew...

Any advice to people who want's to learn the basic of virus-writing?

Take a good look at other viruses and sources. Try to understand their weak and their strong points. Test your stuff before you give it away, because it's a shame to have dozens of bug-fix updates for the same virus. Do it for the fun of it, and not to cause other people trouble. And try to be original.