Interview with Evil
Avatar
by Cicatrix
[February 1999]
How did you start out in computers?
I had a TI-99 and an early PC when I was 6. I wanted to make my TI act like the PC. So I programmed a shell in BASIC. Looking back, the only thing I really got wrong was "A>" always came out like "A>?" :)
How and when did you start out in the virus scene?
I started doing virus research around 90 or 91. The best I could do was read the books in the local library to find virus descriptions. I met Priest on Prodigy in 92. Priest hooked me up with a government BBS which had viruses on-line. Around late 93, I took a stab at writing my own virus. After a week of programming, I had my first assembly language program: A cheesy virus named Big Bang.
Have you written viruses? If so which would you like to take credit for?
What's a virus? :) Hmm... Big Bang, Binary Acid, Narcosis, Dichotomy, k-rad, Positron, Serpent, Surivnukufesin, Demon Knight. There are others, I'm sure, but not everything needs to be released. I've also done disassemblies of a few tricky viruses, most namely, Exebug and Commander Bomber.
How do you name your viruses?
I don't really follow a convention. The virus itself is what I focus on. The name is really an afterthought.
Which programming languages do you know?
C, C++, x86 & MIPS Assembly, Java, Ada, BASIC and if you want to stretch it, I've done SR, ML, HTML, and SNOBOL work.
What programming language do you like using the most?
I prefer C over C++, and I prefer Java over both. Assembly is fun to do. It depends on the project. I tend to like Assembly when my project does not need to be portable or written by a particular deadline. I wouldn't use Assembly in a large program, however.
Are you a member of a VX group?
See. I was offered membership in NuKE many years ago, which I declined. I was recently offered membership in NOP, which I accepted. This was because I knew the members and felt comfortable with the maturity of the group.
Which AV software do you like/respect the most? Which the least?
I don't use AV software. Catching a virus is rare for most users, rarer for careful users. Assuming I caught one anyway, I'd be more comfortable restoring from backups than just cleaning a system, as some AV software can't restore a file to its original form. I also don't code viruses for the purpose of beating the latest scanners, so AV software is of little utility.
That said, if I had to pick a scanner, I'd choose one that is cost-effective and can _detect_ the most common viruses. This way I can scan my system after I restore to make sure I didn't screw up. These types of scanners are a commodity.
This isn't meant to be a hard-ass answer, or a deep answer. The reality is, businesses (the major virus center) will tend to search for cost effective solutions. This does not always mean technical quality.
What are your goals (VX wise)?
In short, I want to be the best programmer I can be by learning everything I can about a system. VX is a means to this end. For me, its not an end unto itself. But I found that I learned more about Windows by writing a virus than I ever did from Petzold's book.
What is your view on the continuous 'war' between VX and AV.
Its immaterial. Most people in the world are not aware that such a war exists. Companies that produce AV software see a market and will continue to provide software if there is a market.
Perhaps the paranoid person will think that some AVers write viruses on the side or that AV taunts VX into writing viruses.
The reality is that, regardless of the truth, the AV will continue to make products while there is a market, and VX will continue to write viruses while the media takes notice. This is a generalization, of course. But it tends to hold true.
Where did you get you handle? What does it mean?
The way I remember it, I was looking up something in the dictionary, and I came across Avatar. Avatar is a manifestation of a deity. Of course, Good Avatar sounded really dumb. :)
What is your view on Virus Creation software (eg. VCL, PS-MPC etc.)?
Interesting technology with absolutely no utility. A while back, Dark Angel and I were laughing about how he was indirectly responsible for like 25% of all viruses. :)
Viruses tend to be too specialized to create a worthwhile creation utility.
What is your view on macro viruses vs. assembly or HLL viruses?
Due to the distribution model of most software today, macro viruses are the only viruses which really have a chance of spreading. I prefer assembly viruses because they are more technically challenging. That's the key.
Have you ever confirmed one of your viruses 'in-the-wild'?
A couple times. I heard Narcosis was spread on pirate copies of DOOM II, and some databases list Dichotomy as being a Common virus. I'm not sure I really believe this. Dichotomy was a research virus, and had some wierd bugs. I'm not sure it was viable enough to spread. Binary Acid was widely published, but no real confirmation on whether it was actually spread. But I did meet a person recently that actually got Narcosis a few years back.
For the record, I've never spread a virus, my own or anothers.
Which VX E-zine do you like to most? Which the least?
40Hex still has the best info, even after all these years. VLAD was alright, but I've never seen more proof-of-concept viruses in my life. 29A's mag is looking good. IR and NuKE infojournal were useless, if not humourous to read.
Which individual or what group do you like/respect in the VX world?
See.
In the AV world?
See.
Which individual or what group do you like/respect outside the VX or the AV world?
I can't really answer 16 or 17 (last two questions [CCTX]). In my opinion (others may differ), there is no AV/VX world/community/whatever. People who program viruses constitute such a small group of people that whoever I name will not really stand out.
From a programming perspective, I have been influenced by Mike Abrash, Trug (from Future Crew), John Carmack, Dark Angel, and many, many more people.
What is your view on destructive payloads in viruses?
Since I have written destructive code, I'm hardly in a good position.
Destructive payloads made my viruses interesting. Destructive payloads are considered taboo by many, including pro-virus people. This causes controversy, which causes people to take attention to me.
Again, the reality is, the payload will make no difference because:
a) viruses, whether intentional or not, will cause problems, and may cause data loss.
b) most viruses will never see a machine besides its author's, so a destructive payload is a moot point.
Do you think there is such a thing as a 'good' virus?
As an entity, a virus is neither good nor evil. How it's put to use gives it that characteristic. A virus, even if it contains no payload can disrupt a computer's activity. This can obviously happen with well tested commercial software as well. This raises ethics questions which I am not qualified, nor would I like to answer.
What do you do in 'real' life?
Learning has always been interesting to me. So I'm still finishing up computer science and math degrees. I do consulting on the side, from building WANs to security testing. I'd really like to break into graphics programming. But that's all business. For fun, I do all sorts of stuff: cryptography, music, art, martial arts, girlfriend, etc.
I tend to not limit my possibilities, and never say impossible.
Do people outside the VX scene know what you do (parents, girlfriend etc.)?
Sure. I don't consider what I do as evil.
Do you do other computer stuff outside VX (Hacking, phreaking, warez etc.)?
Heh, I really hate this question :) This stuff is given great publicity, and tends to separate people into different groups.
I can break into a Linux system. I own a red box. This stuff is so ridiculous.
As a programmer, and a computer enthusiast, I am endowed with certain knowledge and skills. I don't break into computers for fun. I built a red box to test the theory. And most people have a program that they didn't buy. But I don't go doing illegal activities for the sake of doing illegal activities.
So I guess, while the short answer to the above question is NO, I do possess the skills.
Should viruses be illegal? Is there a difference between creation and spreading?
What I choose to do on my computer is my own business as long as I don't affect anyone else. Spreading viruses is wrong.
I have no opinion on whether viruses should be "distributed" on VX sites or elsewhere. AV obviously ought to have this knowledge. But again, this is an ethics question that I can't answer.
Describe the perfect virus.
The perfect virus is undetectable. I'm not talking about stealth. A virus that is so perfectly written that it will not disrupt the system activities. Viruses that are detectable by scanners do not impress me because it shows they were caught. What impresses me are the viruses that are out there that haven't been caught yet.
What is your view on Windows (95/98)
Heh. Its the ultimate hack. Its Xanadu released every 2 years. Its buggy. Its in need of a complete rewrite. That's called NT.
That said, I do use Win95 when NT won't do. Some programs require 95/98.
What is your advice for people just starting out?
Program what you want. Don't go searching for fame, because the real fame does not exist. Don't focus on viruses, but keep on open mind. Learning is the primary goal, and if viruses is the technique, great. If not, don't be afraid to try something else.
Why did you quit making viruses?
Lots of reasons. I'm not sure it was any one thing. Loss of interest. Maybe ethical reasons. I grew up. I got other programming interests.
What made you come back to the "scene"?
Curiosity. Pure and simple. Perhaps of "nostalgia" for the old days, because my life has changed much in these last few years.
Why did you join NOP in particular?
NOP is a mature group with mature membership. I'm comfortable with the members. We could code stuff that would blow you away. But we aren't out to prove ourselves to anyone. Groups like 29A make some really cool viruses, but I'd be interested in what they can do outside that field.
You were well known for your Mass Destruction Library. How do think about your earlier work now?
That was me!? In all seriousness, I think that was a kid looking for attention. Looking back, it was kinda funny, and I thought so at the time. I wouldn't write such a toolkit now. But its interesting to watch my attitude change.
To be quite honest, I really didn't know that anyone actually saw the product, so its nice to hear about it after all these years.
Any info on more recent material you have released/produced? Anything we can expect in the near future?
I release when I feel like releasing, so I'm not sure what anyone will definately see.
I've written my first Win32 virus. I'm just finishing a Win32 AV heuristic program which will detect many Win32 viruses. I write lots of non-virus related stuff.
I've just finished a commemorative "Gold" edition of Binary Acid, celebrating its 5th anniversary. Why did I do that? Because I can. :) In 15 mins I found 6 bugs. Its really cool how I see how my skills have improved.
That said... Don't expect me to declare a "release a day" of killer shit. I don't have that ego anymore :) , nor do I have the time. I'd rather not commit to anything solid, but instead, focus on quality, rather than scheduled releases.
Where can you be reached if at all?
I debated for a while, but people who need to reach me for whatever reason can email me at eavatar@sinnfree.org.
I'm generally friendly, but if you email me about something stupid, you will get a stupid reply.
Any greets?
Umm...someone will feel bad if I miss them, so I'll just greet everyone who's taking the time to read this. This one's for you.
Any other comments (take all the space you need)?
NOP roqs. :)
I have a general comment. After leaving for a while, its an interesting perspective coming back. I think that many VX have the misconception that of the impact they have on anything, and I think the general attitude is that of isolation from the rest of the world.
This is retarded. We don't do anything wrong. And there is a world outside of VX. Check it out. Its pretty neat.
People don't mind if you were doing dumb stuff in your youth (I'm assuming most virus writers are teens). But you eventually grow out of it.
I don't mean to sound like an ass. And I have heard plenty of commentaries on how the underground is so fucked up. I'm tired of hearing that. Just remember that reality may be different than what you actually percieve it to be.
Numero Uno should be your personal growth. That may sound deep, but then again, this is not the same Evil Avatar as 5 years ago. Perhaps a good idea would be to take some time off for a while. VX will still be here when you come back.
Thanks for the opportunity to share this dialog.