Interview with Jacky
Qwerty
by Lord Julus
[August 1999]
This is an interview with one of the best win32 coders out there, Jacky Qwerty. Good luck at University, man!!
It is not everyday that people decide to go into VX writing. What made you go on this path?
I've been in contact with computers all my life, partly because my family had been running a computer store for years. So my first steps into the computer world went almost naturally. But it wasn't until I had my first contact with a computer virus that I became completely curious, excited and crazy about them. It was named "Tabulero", the very first file infector written in my former country Venezuela. Shortly after, there appeared others as well like Quiver and the infamous Dir2.Byway. But I was too young then and the "show" wouldn't really start for me until some years later ;-).
When and how did you appear in the VX scene?
My first appearance in the VX scene occured shortly after the Concept virus was big news. At that time I had already gotten some average knowledge in programming languages like Qbasic, Pascal and C/C++, but my assembly skills were not that good. So in a hurry I decided to take my chance in the macro stuff world which seemed a very promising choice at that time. So I downloaded everything I could find on the subject, and a few weeks later, I started to write my own macro virus, WM.CAP, which I coded during a whole restless weekend in December 1996. Shortly after, I met 29A, became one of its members, and the rest you know it well ;-).
How did you choose your nickname? Did you use other nicks before?
Well I came up with my nick in a quite unusual but funny way. I remember I made a short list borrowing them from game packs, cartoons from TV, etc, but it didn't help much ;). One day, after one of my biggest yawns ever in front of my blurred screen, my sleepy eyes quietly stood still looking at the keyboard, and read the first words that had always been there without noticing: "QWERTY". It didn't sound that bad, I thought, but it lacked something else, so I simply added "Jacky", since my real first nam e begins in "J", and it finally became "Jacky Qwerty", or "jqwerty" for short. I have never used other nicks in the past, though.
Which are the main programming languages you use?
My favorite languages are C/C++ and ASM since I can have a lot of control over a known environment with them, and I like that! However, I program some other high level languages like Pascal, QBasic, Delphi, and also M$ visual shitty stuff like VBasic, VC ++, etc. Recently however, I've been experimenting with JAVA and Perl for internet based applications. But when it comes to interact directly with the computer, I code much more fluently and faster in C/C++ than in any other language including ASM. For optimal speed and size though, ASM is the way to go. That's why most viruses are written in this language. Not even the best High-Level Language optimizer can ever circumvent this ;-).
Where do you live and how is the situation of the virus scene in your land ?
I currently live in Peru since almost two years ago. My family and I had to run away from Venezuela due to problems with justice - in short, we used to sell pirated software, they caught us and took away most of our HW/SW equipment. Regarding the virus situation in my former country, what can I say, it really sucked. There seemed to be nobody there interested in viruses besides me, or at least that's what I thought at first.
However it wasn't until WM.CAP was big news that I knew I was somewhat wrong. I started to receive emails from many virus writers all over the world, including Venezuela - a big surprise for me indeed. None of them apparently knew about each other's existence - a thing not so common in Venezuela, and a sketch from the political situation there as well. Where TF had this people been all this time !? I keep wondering ;-).
In Peru however, the scene is a lot more active. There are plenty of youngsters interested in different H/P/C/V topics, including of course virus programming. Some notorious virus writers and very good friends of mine like Darkside (now retired) and Kid Chaos/SLAM are from Peru.
Tell us something about your last projects, if any.
Sure, I have some projects going on right now, but unfortunately (for some enthusiasts) none of them are virus related. Some days ago I officially resigned from 29A and retired from virus scene as well. A well-known ex-virus writer once told me that all of us eventually get tired, bored and exhausted of virus programming, so we finally retire looking for new interesting areas in which to explore and research. And once we do, he said, it's very unlikely to ever write a single line of virus code again. I think he can't be closer from the truth. That's exactly what happened to me indeed.
No, this doesn't mean I won't ever write a computer program again. Lately, even though I have found myself greatly interested in other non-computer related stuff, my computer related interests have also evolved and now comprise other cool programming top ics as well, some more profitable - like JAVA and Perl programming, and others posing quite different opportunities - like compression and cryptography, for instance. As to what future holds, well I don't know 100%. It would be really boresome if we knew it all, don't you think? ;-).
You are a member of a VX group. Other groups you've worked in/with? Are there particular goals you and your group want to achieve?
I have never belonged to any other group besides 29A in the past. Before 29A, I was just a new independant virus writer, just born from the media and the hype created by the CAP virus, now in imminent extinction. Perhaps a bit of luck had something to do with it being a widespread threat and also with my entrance in 29A. I remember I sent a quick email congratulating the whole 29A crew after their very first zine, and then I received replies back mostly from Mrsandman and Tcp. We exchanged lots of ideas , mine having to do basically with my independant research on Win32 (SEH, per-process residency, memory-mapping, last section trick, etc.). Shortly after I was invited by Mrsandman to join the 29A crew, I said why not, and so it was.
Since the very beginning, 29A has had pretty much the same goals that most other groups have had in the past: Programming the most technical top advanced viruses ever, writing the best technical VX-related articles ever, and finally spreading out all this knowledge farther. And even though we have come closer and closer to this goal, there's still much road to go over of course.
In addition, apart from these technical goals, one of the most full rewarding experiences I've had with 29A and with others from the virus scene as well, is perhaps those everlasting friendships that some of us developed during email exchanges, IRC chats , phone calls and even personal encounters during VX meetings. After all, what's really left when each of us eventually retires? Surely not this or that kickass ultra virus technique, or that super metapoly engine, it's perhaps all the friends you made w hat you will remember most in the future. Because in spite of AVers opinions about VXers, there are people in the VX scene with very high human quality that deserve to be remembered as such.
Do you think that win32 programming will decrease the number of virus authors out there? Will macro virii start to take over?
No, it's actually the opposite (imho). Win32 low level programming is increasing, you can tell by the number of viruses and worms recently written specifically for the Win32 platform. Win32.Cabanas started the Win9x-WinNT compatible virus sequel, but it was shortly followed by other Win32 viruses as well. There are also new emerging web pages about Win32 ASM programming, so Win32 is imminently increasing, no doubt about it.
As to whether it will outnumber Macro stuff or viceversa, that will be the issue for years to come. That will depend greatly on M$ troglodytes of course. However, independently of "virus" programming on either platform, I think the M$ macro development in general, which is basically application dependant, is much more fragile and can be interrupted easier than its Win32 counterpart, which has obviously stronger roots since it's OS dependant. And even this statement may be no longer true in the future as Micro$oft keeps adding scripting language and embedding macro functionality in their OS's. Whatever stays, virus writers will have plenty of platforms to choose from ;-).
Would you like to do something else with computers than viruses, like demos or hacking or anything like?
Of course, I had that in mind since the very beginning. Not only viruses have got my attention. I have also found particular interest in other H/P/C/V and compression/cryptography topics. It comes naturally: You only do one single thing, you end up getting used to it and finally disliking it. Virus writers shouldn't be virus writers only. They should be "programmers" long before being virus writers, in that strict order. There are slight and extreme exceptions to this rule of course.
For instance, lamers who come to ACV or IRC and say "I wanna write a virus and fuck up a HD real bad..", are nothing but childish kids who never manage to write a single virus ever, they will always be wannabes, with no evident intention to research, evolve or code something original throughout their miserable lives - tough but true. However it's also true that some virus writers never reach to be "true" programmers as well. And that happens if they dedicate solely to virus programming only.
Are there things or people you dislike within the VX ?
Yes, I really dislike certain god-alike attitudes that some virus writers show towards other "human beings". For instance, when they manage to write viruses that effectively escape into the wild. I have met virus writers that change dramatically their behavior once this happens, as if saying "Ok I'm no longer a newbie, and you're no longer my master". I just laugh and say to myself "Gee he has the god-psyndrome" ;-).
I also hate selfish, unfriendly, arrogant attitudes sometimes evidenced by persons, VX-related or not, I have never known or heard about, but who suddenly drop me unexpected emails or appear on IRC with such childish offensive attitude. At first, I explain my reasons to them, that I simply do it for fun, etc. But after a while you get used to it, you no longer give explanations, you simply ignore them - i.e. you kick/ban them ;-).
What makes you choose the names of your viruses? Give some examples...
I have no written rule for that. Sometimes I name a virus after a good friend of mine, as in the Win32.Cabanas virus. Other times I choose a name of a person I dislike, as in the WM.CAP virus. And at other times I simply name a virus according to some funny story or anecdote that makes me laugh, as in the DogPaw or Numbless virus, etc. At other times I don't even choose the name, AVers do, as in the Win95.Jacky virus ;-).
Does the VX have an influence on your life/friends ? Has it changed ?
I have tried to carry both virus programming and my personal life apart from each other. So far it has worked. Neither my relatives nor my closest friends would ever suspect about me, a guy who in real life never talks about his predilect H/P/C/V topics to anybody except him and his computer. Moreover, I obtained my bachelor's degree in a completely different area other than programming or computer science related stuff. Because of that, my life didn't really change dramatically at the time my nickname began to irritate users and AVers out there ;-).
I just took everything smoothly and naturally as it happened. Of course, I enjoyed a lot that secret virtual part of me, as much in the same way as in real life I still enjoy doing other sort of things normal people usually do - go to the movies, chat in a cafe, going to parties, etc. But regarding virus related issues, hey I'd better keep that to myself. The dark side of me, if you prefer.
What are your favorite stuffs in the VX field (virus, author, engine, etc...) Is there one virus you like most, due to its originality/complexity?
Some viruses come to mind: The "Byway" virus had a strong influence over me. I remember I disassembled it from top to bottom and learned a lot from it. It was a imminent threat in my former country and it spread wildly like most Dir-2 viruses did during their lifetime. "Natas" was also quite an advanced bug, with strong poly, full stealth, etc, but its author seemed to have no creativity at all for a good payload, same as "Hare" and all other destructive viruses.
I also liked "OneHalf" very much, as it was an exception to the rule. Its author had the idea of addicting the computer to the virus by encrypting the hard disk and decrypting it on the fly, which it's not destructive by itself. It also enhanced the "Com mander Bomber" infection which addicted infected files to the virus as well. In short, OneHalf was (imho) far more ingenious than Hare or Natas. It's quite curious how the so called "effective" AV programs were the real "destructors", while not being able to handle this and other viruses properly.
How would you consider the perfect virus? ;-)
There ain't such thing as a perfect virus, anyway such virus would have to be completely undetectable and untraceable by all means, with full stealth capabilities in both memory and files, slowly polymorphic, with fast infection features, multipartite, a ble to infect MBRs, boot sectors and multiple file formats as well: DOS/MZ files, Win16/NE files, Win32/PE files, OS/2/LX files, OLE2/DOC/XLS files, Linux/ELF files, OBJ/LIB OMF/COFF files, ZIP, ARJ, RAR, CAB, LZH compressed files etc, etc. It would also have to work on different platforms (Linux, MacOS, OS/2, Win3.1, Win9x, WinNT, etc.) This virus would have to be as small as possible and as bug-free as could be. A bit difficult for any virus with so much features like this one, but you asked, heh ;-).
What do you think about destructive viruses?
It was perhaps the fact that I had a very bad experience with "Natas" virus - we lost a whole hard disk at the comp store - that I got a bit paranoid about destructive code. I really don't like at all any kind of destructive rubbish in any form or means, including in a virus, trojan horse, worms, etc. I disagree with people who write destructive code (file deletion, disk formatting, etc.) for the simple reason that I know for myself how harmful such destructive code can be. However I wrote viruses since I have a different opinion on what a virus is ;-).
All along the virus history and the VX scene itself, which "original" viruses deserve to be reminded and why?
Well I think those viruses which proposed new infection ideas, new means of memory residency, new infectable file formats, etc. deserve to be reminded somewhat along the whole virus history. I could name a few: "Jerusalem" - said to be the first file infector, though I doubt it, "Brain" - said to be the first boot sector virus ever, the bulgarian viruses: "Number of the Beast" - for being the first "full stealth" infector, the "Dark Avenger" virus - the first fast infector and the "Dir-2" virus - for having developed a new original infection technique. "Commander Bomber" follows - for its kickass approach of inserting chunks of virus code all along the host, also "Concept" and "DMV" - for being the first macro viruses ever, etc. I know there are quite a lot more advanced bugs that deserve to be mentioned as well, but damnit, I'm far from being a rolling virus enciclopedia ;-).
Do you want to make an appeal to anyone? (beginners, ex-writers, whole scene)
Beginners: Please don't write intentionally destructive code.
Ex-writers: I'm coming aboard, erm my fingers just start to rust.. Whole scene: Hot than ever before.
Groups/Independants: make it worth!
What else do you do when you aren't coding a virus ?
I currently work for a big Telecoms company. I spend all morning, noon and part of the afternoon working for the project management team. Curiously I seldom sit in front of a computer ;-), except when I have to write down those bored reports for my boss, or those excel sheets, etc.
However, in spite of my stressful job, I find time most afternoons after work to go mountain biking in the Peruvian Andes with my friends from the old mountain bike team at Uni. I find this activity very pleasant and healthy for my brain and lungs, so I practice it at least twice a week.
I also find time most nights for my pretty girlfriend Carol, to help her with her undergrad studies in psychology, mostly with her statistical and maths related courses. Most weekends however, we go out with some friends to the movies, discos, or just chat in a cybercafe bar for a while.
Where can you be reached ?
I still can be contacted through my email address: jqwerty@cryogen.com. If I delay too much in replying it's perhaps because I am specially hurried those days, or maybe you asked a very stupid/obvious question that deserves no answer at all, or probably you asked a virus related question. Please remember I'm retired. That means no virus related questions. There are plenty of Win32 coders better than me nowadays. Visit the official Win32 ASM Programming homepage for some of them.
Any greetings ?
29A: Hey you have strong competition here: SLAM! Lord Julus: Perhaps in the next eclipse? ;-) SLAM: Keep up the good work buddies! VX scene: Keep the scene alive!
Any final word?
I want to thank the SLAM team specially Lord Julus for this great opportunity. I'm glad to see how the SLAM team has evolved from being solely a macro VX related zine to what it is today: a highly active and heterogeneous virus team with very talented virus coders. Keep it up!
Jacky Qwerty.-