Interview with Bhunji
by EXE-Gency
[March 2000]

Im just a regular guy from Sweden. Ofcourse im smarter then everyone else, and more good looking and all that but I guess you wanted to hear new stuff ;). Right now i dont program anything, the funny thing is that i only have word and email left on my computer. Some problems with life, had to chose to have one or program virii all my life :)

My mother and father gave me the name Bhunji when i was born, so there wasnt much choise. No, I had a bad imagination day so i just looked at the keyboard, and there it was :)

Yea, sometimes I think im a infected lamer and enters #virus and says something with "buffy the vampires" and how there can be only one, and that she is the slayer. Then ppl start harassing me, that is cool.

Actually i have never been inside a computer, maybe i get a chanse when i start the university, they have big computers there. But i guess you mean when i started with programming. Well, i was 8 or so, had a book with basic for my c64, typed it all in, changed others basic programs, didnt understand shit what i was doing. And so it just went on, but now im doing asm in Windows, i still dont know shit what im doing, im relying on the little man inside my head to help me. His name is Bob and he is a rabbit.

I have here my remote controll OS, and my telefon OS and my radio Os, and then i have these cool things on my computer, it is called Windows, very hightech, not many that has it, it makes me feel like a Secret Service agent. Did you know, you can delete all fucking files on the whole system by just moving this plastic thing with a ball inside it and pushing some buttons, very hightech. I used to have that linux thingie before that is made by Linux Thorwalds from Sweden but it was just black and i couldnt destroy any files with the plastic thingie, very shitty OS.

One day i found that cool dude, E1iTe_HAX0r, on the IRC. He taught me everything. Now i know how to flame, mailbomb, writ3 c00l languag3, get ch1x0rs (Hi Gigabyte ;). Yay, that was kewl. Then one day i found those dangerous virus magasines, read them all, didnt learn a shit but hey, I was cool, I could say virii! So I joined #virus and everyone just loved me and started kissing me and asked where i came from and was so insterested about who I was. As you know, all ppl in the underground loves lamers, specially the ones they have never seen before.

I have been wanting to know how to code viruses since i was really small and my teacher unplugged his machentosh computer for 3 weeks because of a DOS virus was in the news. Then one day I found this cool texts by phalcom skism (sorry if misspelled). I made a shitty EXE and COM infector but i never liked DOS viruses as there was that nice Windows world there waiting to get my viruses. I never found any text though and started to crack and hack instead for over a year, then one day i found virusexchange and i was hooked.

As i said, i did crack for a time, and learned the basics in hacking (bufferoverflows, flood attacks). I am interrested in all you can do on a computer, sadly to interrested, that is why i wont use my computer for other things then school for some months. I probably never return to the underground though, to much waste of time when you can do real programs that is usefull for others and even get some money out of it.

Sure im a criminal, all ppl on earth are criminals. We have all shoplifted, been in a fight etc. But if I think writing virii is illegal? No i dont, but i think spreading working source is illegal because the purpose is to get a lamer to spread it for you. If you really wanted to share knowleage you wounldnt need to give out the whole virus, only the new and interesting parts.

Our country have the famous law. If you get famous, the law comes and visit you :)). But as i dont spread my viruses i have no problem. Maybe i will in the future, but i hope i wont. Maybe i get in problems real soon because i have found out by a stupid sales man (that wanted to sue me because i recieved a mail that asked me to hack a page) that a major company reads their customers mail.

My close friend know im did program viruses but didnt like it, so does my family. But i never coded to get famous, just to develop my skills and giving the scene some new techniques, so they didnt care about it that much.

It is strange that its mostly idiots and newbies that code payloads dont you think? Well, as im an idiot i think payloads are good. I was to dumb to add my own format command to my virii though, maybe some elite guy could help me :)

Yay, i was a member of ShadowVx once, but i hated to be in that group. I was asked to apply for 29a once too but i never bothered, i knew i wouldnt stay long in the scene anyhow. And as it looks now many of the best and active coders is independant or in some small group. Vecna, MrSandman and Dageshi to name a few.

No, i have always been interested in girls and all those geeks in TV always get the girls :)). No, it was when i was small and saw those cool c64 cracker dudes with cool demos that i wanted to learn how to program, and i have always been interested in technology.

I code in a lot of languages, but asm is the only one I program by heart. Right now im learning GUI programming in Windows with OWL, that is cool.

To be honest i think asm is a dead language. In the future with Internet aware viruses most parts will be made in C++ or similar, which is cool i think because its possible to make so much more cool stuff with that language. As the only purpose of a virus is to spread the language isnt very important. I dont think all VB coders are lame either, the pll doing new stuff are always cool ppl, no mather what language they code in. But I mostly disrespect VB coders and DOS virus makers because they dont evolve, just reading a zine and doing exactly the same.

I dont know, i have only written 3 working virii and i love all of them.

Fighter was my first virus as you can tell from the name, how original isnt that :)) Uses a cool polymorphic engine that creates the code using a linked list. I saw a text about it later but never think it has been used in a virus before. The other part is a shitty runtime virus. But i had only coded viruses for the Win32 platform for a week so i still think its cool :)

Invirsible. I am very proud of this virus. It used a whole new anti emulation technique (that you can read about in 29a#4) and a very neat polymorphic engine. I could send a string like:

db "mov eax,[edx]"

And like a metamorphic engine it would polymorph that int some code that did exactly the same. You can read more about this in 29a#4 too.

Teddybear was my last and biggest virus. It is very dangerous and extremly cool but not very difficult to make. It consist of a regular virus, a super fast file finder and a irc bot all made in assembler. When a infected system connects to the internet im able to control the infected host, send files, recieve files, run files, update virus and more. The super fast file finder is able to find almost all exe files on a win98 system in less then a second which is cool too :) Look at it in 29a#4 if your interested, but do not use the viewer as you will miss a lot of fun then, blame Darkman, not me :))

What groups do you value most highly?

None, i value ppl.

Which individual programmers (both past and present) do you value most highly?

I respect all programmers that has comed up with a new virus technology, be it good or bad. All the rest tha only steals those technologies and does nothing new themself i think of as lamers (or newbies if they have been less then four months in the scene).

What zines do you read regularly?

I only read a zine once, if i find a text interesting i memorise it, but usually i just trash a zine. The good zines are the ones which explains new techniques, all others I have no use for. I still think its those zines are useful and it would be very boring if there was only like 2 zines every year to read.

What do you think of the virus scene? (Both in general and in your own country.)

Im very lucky im not longer a part of the scene, that makes me able to say what i really think :) I think the scene is very very interesting right now because the all mighty 29a is really sucking right now. Benny and Lord Julus are cool guys though, but the others are either to old or to similar to everyone else. There is no magic left, all interesting technologies latly has comed from somewhere else but 29a.

But other then that i think the scene is normal. I wasnt there very long though so im not the perfect man to say what is normal though. One very interesting thing is all portal sites going down. I wonder what would happen if the same happened to coderz.net, where is rapture? ;)

Im hoping that more swedish programmers will enther the virus scene now. I have written a 50 paper long tutorial in Swedish that i hope being able to publish at some site, probably only my own. Maybe it will make a difference, maybe it wont. As it looks now it sure doesnt look much of a scene.

How has the underground scene changed since you first entered?

The underground scene sure liked me a lot better at the end then when I first entered it :))))

What do you think the future of virus writing holds?

If i knew that i wouldnt be here, i would be threatening the AV's showing some kewl undetectable techniques :). Na, i think viruses will continue as slow as it does now as there is so few good coders making virii. Maybe some more internet stuff, maybe someone realices what i have realiced about the PE format and makes a very hard to find virus, maybe all coders stop coding and opens up a pr0n palace, i have heard some rumors from Spyda about that.

You recently chose to leave the virus scene. Why did you decide on this?

My biggest reason was personal problems. I was to addicted to programming that i didnt get a personal life, my only chanse getting a real life was to chose, computers or no computers. So i deleted all my stuff, and it actually feels pretty good just to have Word and exploiter. Now im the victim of viruses just like normal ppl :)

An other reason was that virus programming is truly lame. You spend hundreds of hours just to code a virus that nobody but 20 ppl will read and probably no one will understand. Instead i could have made a real program that ppl could gain from, maybe i could even make some money and get my 15 minutes of fame. But it was also sad to leave the scene because i have many friends there, and even if it hasnt sounded like it, some brilliant programmers. And ofcourse Gigabyte, my biggest love in life.

Do you believe in a 'perfect virus'? And if so describe it.

Of course i do, a virus that you can make money from is perfect. Of course its impossible but who cares :))

What advice would you give to newbies entering the virus scene?

If your stupid. Dont enter the scene. If your intelligent. Read everything, create a simple virus, think of a new technique, if you cant come ut with one, dont enter the scene.

What language should a newbie learn if he wants to start writing viruses?

A virus newbie should already know his language before even thinking of creating viruses i think. Which language isnt very important, but asm is the best at the moment. And there is no need to learn english, i cant talk it and my spelling is worse, but i manage to survive anyhow :)))

Anything you would like to add?

Yea, i would like to add Bill Gates money to my wallet, can i please? And again i want to kiss all cool ppl developing or writing about new techniques. I could explain my PE techinque too, im not 100% sure it will work, but i hope so. So here it goes.

Take a look at two sections in memory.

(Sec 1) (zeros and end of section) (zeros because of file aligment is different from memory aligment) (Sec 2)

What if we turn this into one section, then we get.

(Sec 1) (lot of Zero space) (Sec 1)

By creating a small virus its possible to add the whole body inside this zero space.

(Sec 1) (virus) (Sec 1)

Then we add EPO to this so that the entrypoint wont point to this free space. If not using any flags at all to recognice infeted files (Lets say you infect all files using the super infection routine in my Teddybear virus and then stop infecting the system) the AV wil have to scan through the whole sections to find the virus. As you understand this is hardly possible :)).

Maybe some cool dude will try this technique and get famous :))

Any greets?

I would like to great you EXE-Gency for giving me these bits and bytes. I would also like to great Masmodeus :)) the only virus coder in sweden right now :( and Gigabyte, the greatest girl in the world. And Spylove will always be a part of me so i need to greet him to. I could make a long list of ppl that i like as everyone else but i dont want to bore you there reader to much.

Any plugs? (Homepage, email address etc.)

If you are able to read swedish you will very soon be able to read my virus zine at http://home.swipnet.se/bhunji/ There you can also find a good asm tutor, some linux asm stuff, linux hacking shit, cracking text and a game tutor, all in swedish ofcourse.

If you want to flame me for being such a jerk you can reach me at bhunji@swipnet.se If you want to sexor me just call me at 065 5446 43 87.

Have a great life to you all.