,, MMP""MM""YMM `7MM P' MM `7 MM MM MMpMMMb. .gP"Ya MM MM MM ,M' Yb MM MM MM 8M"""""" MM MM MM YM. , .JMML. .JMML JMML.`Mbmmd' `7MMF' `7MF' `7MMF' `7MMF' `MA ,V MM MM VM: ,V `7M' `MF' MM MM .gP"Ya ,6"Yb.`7M' `MF'.gP"Ya `7MMpMMMb. MM. M' `VA ,V' MMmmmmmmMM ,M' Yb 8) MM VA ,V ,M' Yb MM MM `MM A' XMX MM MM 8M"""""" ,pm9MM VA ,V 8M"""""" MM MM :MM; ,V' VA. MM MM YM. , 8M MM VVV YM. , MM MM VF .AM. .MA..JMML. .JMML.`Mbmmd' `Moo9^Yo. W `Mbmmd'.JMML JMML. ,, ,, ,, .g8"""bgd `7MM `7MM mm db .dP' `M MM MM MM dM' ` ,pW"Wq. MM MM .gP"Ya ,p6"bo mmMMmm `7MM ,pW"Wq.`7MMpMMMb. MM 6W' `Wb MM MM ,M' Yb 6M' OO MM MM 6W' `Wb MM MM MM. 8M M8 MM MM 8M"""""" 8M MM MM 8M M8 MM MM `Mb. ,'YA. ,A9 MM MM YM. , YM. , MM MM YA. ,A9 MM MM `"bmmmd' `Ybmd9'.JMML..JMML.`Mbmmd' YMbmd' `Mbmo.JMML.`Ybmd9'.JMML JMML. -- Contact -- https://twitter.com/vxunderground vxug@null.net

1) As always, the first question asks for your description! So, please do your best and give us a view of you! ;)

I always hate this question :) I am a lazy computer science student, trying to avoid work.

2) How and when did you came into virus writing?

Must have been around 1999 when i discovered the web

3) Now the question, where I can not figure out any answere: Why the hell did you (as viruswriter) release your full real-life addresse at your homepage (just one click away from one of the most dangerous tools arround)? ;) Aren't you scared of problems with police?

Naah, in germany writing viruses is legal (ianal), and since I do nothing illegal, why should I fear the police? =)

Since I never released a virus, there is no interest in getting me into jail. Until now, only two people have called me who got my number from the webpage. Both called when i was completely drunk...

4) And now about that dangerous tool: What inspired you to write such a big tool as NGVCK (New Generation Virus Construction Kit) is it? And why did you finally stopp releasing new versions of it?

The idea of generating and undetectable vck got me started in writing NGVCK. When I realised that it works quite fine there was no point in continuing. And debugging tool generated obfuscated code is quite ugly :) In addition to this there where only a few features left which I wanted to add, like better and faster worming, polyengines, just stuff that should not be given into the hands of kiddies.

5) I've just tested the tool again, and I found out that, beside of BitDefender's Behaviour Scanner's heuristic (BehavesLike:Win32.FileInfector) and sometimes NOD32 PE heuristic, the NGVCK output is still totally undetect by AVs (after 3 years). Please explain, which techniques you have used to fool AVs! :)

Normally a vck is just a tool that concatenates several blocks of code in an order the user defines. I divided the virus in a lot of such blocks, and made sure for every part there are several ways to do them. Like finding apis via different crcs or string comparison, starting from a given offset or scanning with an SEH. Then I made sure that for each instruction, there are replacement instructions ( mov eax, 0; xor eax, eax; sub eax, eax;... ) and the used instruction gets chosen randomly.

6) Why did you not released the source code of NGVCK? Ugly code??? ;) And will you release it once?

Thats mostly it. Its ugly code :) I would write nearly everything different by now :) In addition to this I dont want anyone doing shit with the code, like spamming the net with autogenerated worms every hour a new one... *eek* I dont think I will ever release it.

I am also still waiting for the cyberwar to break out, in hope the dubai secret service will make me a generous offer for the code ;)

7) What would you consider as THE perfect virus or worm?

Some of the stuff Zombie or vecna did was pretty perfect, those guys own!

8) What do you think will be the future of viruswriting? First near term: In 2 years? And long term: What, in your oppinion, will be in 10 years?

Viruses are dead... *rip* Just look at the "Virus Top 10" lists, you barely can find viruses in there. There will be more boring worms, and once in a while maybe one which might be interesting.

9) Which viruses or worms have you written so far? Please explain them! Which is your favorite one and why?

W32/DDoS is a virus starting a icmp DoS attack, and W32/Roussarc a virus which also has worm features since i wanted to try to combine this stuff. Then I did some bash and perl stuff for fun as well as some dos crap while learning. I also did some irc worms, since not every scriptable irc client was being targeted by worms back then.

10) Are you currently working on any vx-related project or do you have some great ideas about your future projects in your head? If so, please tell us, we are curious! ;)

At the moment i am doing nothing besides university and work and an occasional game of warcraft :)

11) What is your favorite malware out there and why? And which viruswriter(s) do you respect most and why?

See question 7 :)

12) What comes to your mind, when you hear/read these words:

- Eric Sesterhenn +fg+:

I know this guy, but always forget where he lives

- Eugene Kaspersky:

cool scanner

- Metamorphism:

always liked poly better

- Artificial life/intelligence:

gives the me the creeps

- George Bush:

dumb puppet

- church/religion:

i am not religious, but dont care if ppl are, as long as they dont wanna brainwash me

- 29a:

survivors :)

- rRlf ;)

no more batch viruses plz :)

- Anarchism:

nice idea

- Drugs:


- Death:

shit happens, why should i care

- Mobile Phone ringtone's advertisment:

anger, pain, fear

13) Let's say, you can choose one thing to do or to see befor you die. What would it be? ;)

Change the world :)