In the News by Horny Toad This is the fifth edition of the "In the News" that I have included in this great mag. For those of you who are not familiar with this article from past issues of the may (heaven forbid), I basically try to address some of the major events in the virus world and also anything that might be affecting us in the future. I might also be known to put a slight slant on some of the news topics. This is because I have not been able to get my own virus talk show syndicated yet...so for now, this will be my forum. Many major events have taken place in the virus world, including many virus firsts. And which group always seems to be involved or related to these major events? Yes, you're correct, the Codebreakers! I want to take a minute and say thanks to all the people that have written me about the Codebreakers mag. Thank you for your interest in the mag and we will continue to provide you with up to date techniques and code. Due to circumstances beyond my control, this is the only article that I was able to contribute to the mag this issue. Not to worry... The Toad is back. I will make it up to you in the next issue. Hmm, what should we start with first? How about the good ole CIH virus. Which, I must add was first published in the 4th edition of the Codebreakers mag! From Taiwan, with love ----------------------- Well, the author of the CIH virus, including the newest variant, Chernobyl, is currently being questioned by police in Taiwan. Chen Ing-hau, a 24 year old graduate of Taipei's Tatung Institute of Technolgy (I wonder what type of technology they're teaching there?), warned his friends not to download the virus to their computers. Chen named the virus after himself, using his initials. As usual, Chen has testified that he had not intended the virus to cause much damage. Let's face it Chen, you're elite baby, don't be modest, you're creation not only did some damage, it has created world wide destruction, and if it hadn't been for Melissa all over the news, CIH would still be the lead story. I just love it when I hear these masters write revolutionary code that is destructive as a mother-fucker and say that it wasn't intended to damage anything. It's kind of like one of those atomic bomb scientists saying, "I didn't intend the bomb to be overly destructive." Well, destructive it has been. To date, the Chernobyl virus has struck more than 600,000 computers! The most significant damage being noted in the poor ass asian and middle eastern countries. Many of these backward countries had no clue that the virus was due to hit on the 26th of April, the 13th anniversary of the Ukranian nuclear disaster in 1986. Many of these silly countries are also unaware that you need to update the signature files of your AV programs periodically. Well, they're paying for it now. I have read reports that major portions of some country's stock exchanges, such as Singapore, have been effected. South Korea was slammed - 300,000 computers hit. That is 15% of all the computers in their country, an estimated $250 million dollars of damage. Before I keep doggin' on these third world nations... let's take a look at IBM. I nearly laughed my ass off when I heard this one! IBM has confirmed that they shipped somewhere in the "low thousands" of Aptiva PC's between Mar 5 and Mar 17 infected with the CIH virus! LOL! Vic, we won't have to worry about better virus distribution, the bastards are doing it for us! A spokeswoman for IBM said that their company had infected thousands of computers during the manufacturing process. If you are sitting there with an Aptiva with a MFG Date AM909, AM910 or AM911, you might want to run an up-to-date virus scan, just don't download a virus sig package from South Korea, they appear to still be living in the dark ages. The list of damage throughout the world appears to be endless. Here's the hoot... guess how much time Chen is looking at, if he is prosecuted? 3 fucking years! And that's if they decide to prosecute him. Last year his university caught him infecting some of their computers with CIH, and only gave him a "demotion." Boy, I guess David Smith wishes that he was Taiwanese right now, himself faced with a possible 40 years in jail. Here is that document you asked for...don't show anyone else ;-) ---------------------------------------------------------------- Hmm, what virus do you think that we are going to talk about now? How about David Smith's little beauty, Melissa. God, how do you start to talk about something as large as this. It has been a long time since the virus community has received so much attention. Of course, I must add, not some of the best attention some times. I think that the first CERT pertaining to Melissa was issued on Saturday March 27, a day after the release of the virus. No other virus in history has spread so fast. Some companies were reporting 20,000-40,000 Melissa infected messages being sent out an hour. It didn't take the experts long to figure out the potential of a virus that could spread so fast, so the FBI, or Fucking Bastards of Incompetence, were brought in. I don't want to trace the entire chain of events, which we have seen appear in every form of news medium in the world. The hunt to catch the creator of the Melissa virus, David L. Smith of New Jersey, was the largest scale AV operation that has ever been conducted. A witchhunt ensued, one of a scale that none of us ever imagined. Initially, the first suspect was good ole VicodinES. The FBI was hunting Vic with a axe and the axe fell on our site www.codebreakers.org. The other site that was axed was www.sourceofkaos.com. A third site, www.coderz.net, was slated to be axed, but took itself down to avoid the server being seized. Dennis Halsey, the vice president and CEO of Global Connection Internet Inc., says that the FBI did not contact them about the site. Dennis (cocksuker) said that our site was removed because they received two emails complaining about the Codebreakers spreading viruses. We wouldn't do such a thing, would we guys? I guess this is a perfect example of how much muscle the FBI has and how limp dick some of these companies do anything the gov tells them to. More on that subject later. Anyway, in record time, David Smith was arrested by New Jersey State police and later released on $100,000 bail. As I am writing this article, David plans to plead not guilty to the states charges. He is facing a maximum penalty of 40 years in prison and a $480,000 fine. The most inspiring thing about this whole mess is David's mug shot. When I saw the police pictures of David, I almost died. He is laughing. He is the man. My hat goes off to David. (makes me think of the words from one of Michael Schenker's songs "...laughing in the face of destruction.." Anyone that is faced with the kinda shit that he is in for, and laughs about it...damn he is THE man. Well, I wish him all the best. Unfortunately, I think the court is going to want his balls. 007 -> 00-Opic? --------------- During the beginning of this year "espionage-enabled" viruses have begun to take the stage. These are viruses which are designed to enter a system and retrieve information. Our own master programmer, Opic, wrote the now infamous Caligula macro virus, designed to enter a computer and steal a user's PGP secret key ring. Although the director of Network Associates added that the secret pass phrase would have to be compromised in order for Caligula to be a serious threat to security, Opic has affirmed that Caligula was a proof of concept virus, designed to enter a system and retrieve a person's PGP secret key ring. It does just that. Many computer systems have fallen prey to two of the espionage viruses from the Codebreakers, Caligula and various forms of the Marker virus. The Marker virus, written by SPo0ky is designed to retrieve information about the user and send it back to the Codebreakers site. The concept of espionage-enabled viruses has many governments and corporations scared. These relatively small, less than 100 lines of code, viruses are spread easily from sysyem to system due mostly to the ignorance of the average computer user. Let me give you a hint. If you recieve an email from someone and there is an attachment with the extension ".doc", or ".xls"... exercise caution in opening it. Actually, screw that, be daring and open it up and make sure that at the warning window you choose "Enable macro". See what happens. Hehe. Another noted macro viruses known to fall into this new category is Ethan (source available in this issue). The Codebreakers are hostile ---------------------------- Boy, I guess you're wondering what this piece of news is going to be about. I have always maintained that Fred Cohen sucks cock. If you've ever been to one of his seminars or read one of his books, you'd quicky come to the conclusion that this dude is certifiable. This time i think that he is out of control. He is advising people to "...regard the Codebreakers as hostile." Further more he is suggesting that people: 1) Have thousands of users ftp phony files to the Codebreakers IP address, 209.201.88.110, on a regular basis, thus making it impossible to get any use out of the PGP keys that Caligula is extracting. He further says to send valid-looking PGP keys so they have to waste a lot of time cracking them. 2) Cut off all service for ftp with 209.201.88.110 (codebreakers.org) - either at the ISP, at your gateway, or at the borders of your country. 3) Prosecute the creator of the Caligula virus, Opic, for possession of access devices - with international cooperation between authorities. As is this wasn't enough, Cohen adds, "These people are not your friends. If everyone screams at them and says "you are SCUM", they'll stop." Hehe. Fred, Fred, Fred... Boy, you have no idea what you are saying. If you back a cobra into a corner, he's going to strike. Being the devil's advocate for a moment. The last thing you want to do is piss us off and make us go underground. Once we are in stealth mode...there's no stopping us. Right now, we are relatively harmless. The source for our viruses are openly distributed and we are now publishing them as proof-of-concept viruses. You can therefore intercept them and you AV'ers continue to make the big bucks designing protection against them. On the other hand, if you break us up, for example, ifluence some fucked up organization to take our web site down, we might not be so willing to share all this information with you all. You all saw the scare that Melissa brought, from a lone individual... Do you actually want to see us out there creating things like Melissa and distributing them with no warning? This is a warning to all of you out there. Be content that we are doing are thing and sharing our discoveries with you. It could be a LOT worse! Cudos for Steve White --------------------- Usually when I read an interview from of an AV'er, all I usually here is crap. Insults to the virus writers and paranoia spread to the average computer user. For once, I nodded my head and actually enjoyed reading an interview about the virus community. The interview was of IBM's AV'er Steve White. I won't give it all to you, but just a sample. What do you know about the virus writers? "We have conducted research interviews over the Net. We only have their fake names. But the profile seems to have changed over the years. There is no stereotype. They vary in age, education, motivation. It's a broad spectrum of people. But there are not that many virus writers in the world, only a couple hundred at any given time. That's fewer than the number of graffiti writers in a major city. But finding them is like finding a needle in a haystack." Is time becoming the major issue in combating viruses? "The virus problem has changed in the past 12 years. It used to be that PC viruses traveled on diskettes in people's pockets, and the viruses were programs on te boot sector. It might take a year or so for a virus to get out. Macro viruses are different. They travel more rapidly and spread more quickly. Now, in the time it takes to find a new virus and get the cure is about the time the virus takes to spread around the world. Finding a cure in an hour instead of days will be an enormous advantage." Can technology manage this problem? "Viruses will be a problem as long as computing exists. We can turn them into nuisances instead of big problems. The job of the anti-virus industry is to see they stay small. It's possible, but it's hard." At least we have an AV'er finally admitting that a virus writer can be anybody, not just a punk in a dirty room. We are becoming much more sophisticated. In fact that person that is working next to you in the office, in that suit and tie, just might be a virus writer. Viruses will never go away. Thanks to InfoWorld ------------------- I would like to extend thanks to InfoWorld for using the Codebreakers web site (http://www.codebreakers.org) as a collection point for virus code. In developing their own virus test suite, they came to the community's finest, the Codebreakers. Although, I must say to the corporation and to others out there that our site was temporarily taken down by the FBI. We are sorry for any inconveniences that this may bring you. Please use any influence you have to show the FBI and other law enforcement groups that the Codebreakers are there to spread information and to be helpful to everyone, not to cause destruction and be hostile like certain people are trying to say. Microsoft, give it up --------------------- I just had to laugh when I read about the Triplicate virus. This virus is able to not only infect Word and Excel documents, but Powerpoint as well. You know, sometimes I pity those poor bastards at Microsoft. They haven't even officially released Office 2000 and the virus community has already released Office 2000 specific viruses. I can't wait to see what we are going to do with Windows 2000. Virii web site owner in the big house ------------------------------------- Just thought I'd mention this. Sean Trifero, 21, of Middleton, Rhode Island, will be spending the next 12 months in a federal pen for hacking. Trifero was the webmaster foe a hacking group that has a web site named Virii. Sean, sucks to be you. Just remember not to bend over for the bar of soap in the showers. Well, that's all folks. I hope that you have enjoyed this issue of the "In the News" and the rest of the mag. Keep pluggin away and having fun. Horny Toad