,, MMP""MM""YMM `7MM P' MM `7 MM MM MMpMMMb. .gP"Ya MM MM MM ,M' Yb MM MM MM 8M"""""" MM MM MM YM. , .JMML. .JMML JMML.`Mbmmd' `7MMF' `7MF' `7MMF' `7MMF' `MA ,V MM MM VM: ,V `7M' `MF' MM MM .gP"Ya ,6"Yb.`7M' `MF'.gP"Ya `7MMpMMMb. MM. M' `VA ,V' MMmmmmmmMM ,M' Yb 8) MM VA ,V ,M' Yb MM MM `MM A' XMX MM MM 8M"""""" ,pm9MM VA ,V 8M"""""" MM MM :MM; ,V' VA. MM MM YM. , 8M MM VVV YM. , MM MM VF .AM. .MA..JMML. .JMML.`Mbmmd' `Moo9^Yo. W `Mbmmd'.JMML JMML. ,, ,, ,, .g8"""bgd `7MM `7MM mm db .dP' `M MM MM MM dM' ` ,pW"Wq. MM MM .gP"Ya ,p6"bo mmMMmm `7MM ,pW"Wq.`7MMpMMMb. MM 6W' `Wb MM MM ,M' Yb 6M' OO MM MM 6W' `Wb MM MM MM. 8M M8 MM MM 8M"""""" 8M MM MM 8M M8 MM MM `Mb. ,'YA. ,A9 MM MM YM. , YM. , MM MM YA. ,A9 MM MM `"bmmmd' `Ybmd9'.JMML..JMML.`Mbmmd' YMbmd' `Mbmo.JMML.`Ybmd9'.JMML JMML. -- Contact -- https://twitter.com/vxunderground email@example.com
Welcome to the interview, herm1t. It's a big pleasure for us, that you have agreed to take an interview from you - thanks! Let's begin from the introduction.
Thank you for the opportunity to share a few words. :-) Hello, people, I'm herm1t, 29, from Ukraine, the webmaster of vx.netlux.org, sometimes I write the viruses too, and the rest are mostly irrelevant.
How, and since when you have become interested in computer-viruses?
It was a bleak december almost ten years ago. I was in terrible mood and after some time of being idle and depressed, I realized that I really need to do something to overcome the weakness. Programming was a natural way to express myself, so I look through my src directory and found that I won't finish the old projects, nor I wish to write, say, a simple game or a text editor. To the contrary, the viruses have a nice properties: they are small, no matter how complex the virus is, you can finish it in a several weeks. Viruses do not interact with the user, only with a system, their input and output derived and targeted to/from system itself and system programs. The shortest way from the idea to the working code. Just what I wanted.
It would be interesting to know a story of your handle, herm1t, why you have chosen it?
The first time I needed to use a handle, was when I got instant access to the network (it was the local FidoNet node), because the SysOp forbid to use the real names and nicknames were mandatory for newly registered users (it's boring to explain why) and I choose the russian word wich can be translated as "hermit", just to emphasize my attitude to the people in the local area.
Some time after, I registered a mailbox at free mail service and being unable to think something better tried this, but it was already taken and I changed one letter to the digit, though I don't like the l33t speech. Time passed, and when sr. admin at work start to create unix accounts for me, he typed "adduser herm1t", even before I be able to pronounce "stop, there should be 'i' in 'hermit'". Just a chain of semi-random and hardly linked events.
Do you have another hobbies besides virus writing?
I had some in the past, like LARPG or ham radio and amateur global networks, but my interests has changed over time and now I cannot call some of my present activities besides virus writing a hobby, but I'm not bound to viruses only, and most likely will take interest in some other things too.
Tell us about your first steps, herm1t. What was your first virus? Who, and what helped you at the beginning? What feeling was, when you started to write viruses?
As I already had some programming experince, but was new to the low-level and system, I started from encrypted resident com infector for MS-DOS. Nothing special, with the aid of Infected Voice magazine downloaded from BBS's around, it took a day to write and test it and several weeks to study out such features as basics of polymorphism, stealth, anti-emulation tricks, different memory allocation strategies etc etc.
That feeling is still with me, it's reviving when I'm starting the next project. It is the joy to create something that didn't existed before, the strange feeling that I'm the part of the program's control flow. The assurance that all parts are on their places. And that me and my program don't need any audience, sales people, boxes, users, bug reports, we will talk softly and quietly with the kernel and executable files. It has no practical purposes. The poetry of the digits. Simple and mindbending as night and snow, waves and wind.
Could you tell the story about "VX Heavens"? How, and when appeared an idea to create it? What are future plans of the project?
Since it was hard to find the information about viruses I started to collect it and also made it available on my BBS. In the mid '99 I saw how one of my friends making a sites and decided that HTML is much better than files.bbs, shortly after, I met Itlai (he was CTO at ISP, guess what is the ISP' name?) and he offered me a web-space. It was cool at that time to get hundred megs of disk space and gigabytes of transfer for free. :-)
There is no special plans for the future. I will keep updating it. Some things could be improved or rewritten, but that is ordinary for any web project.
Mainly of your works are dedicated to Linux and BSD, why you have chosen exactly these systems?
The same reasoning the windows coder could use. These are the systems I use every day, both at work and at home. I have neither time, nor much interest in Windows, nay, I have no Windows here at all. Every time I occasionally log in to Windows box I feel myself like I'm faltering on the thin ice.
It would be great if you could list all of your works (viruses, researches, etc.) here, with the descriptions and some stories if possible. :)
Most of my viruses are available at my page and if there was a feedback to them there are comments also. Generally, I do no research, but merely practical things that could be described as a study. Research here is a bit controversial topic - most of it is just a confirmation of some well known ideas written in aesopian language of mathematics and in the same time it might be usefull to read some before reinventing the wheel.
Back to the viruses, personally, I like the Dawn (Unix.Small) and Linux.Beads it was funny: I tried to mystify the AV vendors with the Dawn, and their replies that was really something! the Beads is present as an object in the real world and this amusing me, though sometimes I think that I have a wry sense of humor. And, finally, my latest creation Lacrimae (code integration for ET_DYN executables) which I'm going to use as a start point for future projects.
Whence you take names for your viruses usually?
They are mostly random. One was even suggested by AVers. Surely, I can trace the origins of each name and each name has a little relation to the virus features, but it's weary to do it here.
Which types of viruses you personally like? Do you have some favorite viruses written by another authors?
The ones that I could learn something from it. I rarely read the sources, but once in a while it helped a lot to understood some concepts. The deficient and valuable thing is a good ideas not viruses itselves, I think that's why, say, the Danilov's virus list was so popular one day. Surely, there are several viruses that changed the world. They are well known and the complete list could be extracted from any interview which has the same question.
Which methods of infections do you prefer, and which techniques do you like more? How you think, what we can expect in the future?
Complex enough to heat the imagination, but simple enough to be able to handle them. :-) For me, now, it is automatic code dissection and transformation. There are many interesting topics there. I'm not good with predictions, I don't even try to keep a close watch on the trends in the field (and those who tried often failed), but I think, that as an implication from the fact that virus could be written for nearly every universal computing system, and widespreading of different "smart" devices, we'll seen more and more creatures filling the gaps on the platforms there they were never seen before. As more and more techniques will be available, we'll see a cross breeding of them, a hodge podge liveware which is a bit of everything. And I want to belive and I hope that it is possible to create a program that can change not only a form, but its functionality, something that might be called polyessentialism (vs polymorphism).
Whether something has changed since you are on the scene?
First of all, I won't be part of such nasty thing as virus scene. More than that this term is confusing. If the way you think of the scene is like "the virus information and all that stuff", then call me a scene shifter. If you mean the "community", then even the "scene shifter" is close enough to this shit to be warried and try to stay away from this mess.
Is it the same? The same theme sounds from the very beginning of the scene: the scene is dying bla-bla-bla... This tune remains the same. I do not trust the thing that bleeds for fifteen years and doesn't die. People come and people go. Now it fall to pieces, somebody trying to continue in a usual way - ircing, releasing zines etc, somebody make the "private" releases, somebody trying to make a bucks. This split is a direct offshot from the fact that people won't be associated with the scene. So, I think that the scene is not dying, it was never born.
What do you expecting when you join some community? That there are people you may talk with, there are knowledge you can earn, there is a way to contribute to. What you receiving instead? You may come to IRC, and after you'll be roasted (the police would be more polite during interrogation) you have an unbelivable opportunity to listen what kind of pizza the coder X is now chewing. A waste of time. A lot of paranoia and naive attempts of conspiration, while practice shows that virus author is like an "ellusive Joe" from the joke.
Yes, there are groups, but did you see a project signed by even two members? Two thirds of them? There is a teamwork? To onlooker it appears that the only thing the group members can do together is to hang on on IRC and boost and promote the label (to let the pale reflections of label's fame to return to them). Would musician write the music to be recorded on major label? Does the fifteen seconds of fame (since Warhol, this became also a subject to a runaway inflation) worth the trouble?
The current "scene" sometimes shows a proper spirit, but taken as a whole it's ugly.
How you think, when and who invented the first self-replicating code?
Evolution did a nice specimens (herm1t coughs) in archean eon (as some sources suggesting), but it hardly be addressed as "who". The idea can be traced to von Neuman (the usual thing with the good books that they are often cited, but there is no much people who actually read it, indeed the book edited by Burks worth it). The real code might be attributed to Vyssotsky, Morris and McIlroy from Bell Labs in 1961, but it's quite possible that such programs appeared even earlier. The idea was independently invented and reinvented several times, so I don't think that it really matters who did it first.
What is your point of view about commercial malware?
It is sad, but it was also inevitable that biz will acquire this technology. Some AV vendors claim that virus authors became more organized, criminalized and start to make a profit from "malware". I think that the relation of cause and effect are inverse - the criminals and men without scruples just hire anyone who can write the malware. I see a lot of screams in the press about the growth of cyber crimes. But look, is there something new? If someone stealing money, is it essential that thief used a computer for it? It just a small peculiarity. Thief is always a thief, rogue is rogue and they should be treated as such. I can accept much of what are usually labeled as "inherently bad", such as spreading of worms and viruses or destructive payloads, if you have the reason for that. The profit is not the reason. If it's only thing that counts - go and rob the bank, that's the straight way to the goal. I despise the authors of such programs, no matter how good they are with technicalities.
What is your opinion about Anti-Virus researchers?
There are too many of them. And they cannot be ranged into classes easily. (Though it's hard to withstand the temptation to make a taxonomy of AVers as a parody to some "psychologists"). I met several good people there, gentle, inquisitive and fascinated with the reverse side of the technology, and there are also such sons of a bitches that can impress by their lack of principles even a journalists. Even researchers from academic circles complaining that AVers throw a monkey-wrench into their work. And AVers who appeal to so called "ethics" are the most disgustful.
What are your future plans as a virus writer and collector?
To write and to collect. :-)
This is your free space, herm1t. Here you can leave everything you want: greets or wishes for friends or someone else eg.
Let it remain free. I just want to say that I hope for better things.
We are at the end of our interview, herm1t, thanks a lot for the great time. Wish you all the best from the whole EOF team, see you! ;-)
Thank you. :-)