Interview with Stormbringer
by Cicatrix
[November 1997]
How did you start out in computers?
My parents had a computer in the house for about as long as I can remember - the first one we had around was an old TRS-80 machine. I programmed in Basic on that, although it was primarly a text-based (or 4 color graphics) game machine to me.
How and when did you start out in the virus scene?
I got into the virus scene at the start of the 90's - I had been infected by Stoned, and kept a copy of it. I analysed it, picking up a bit of assembler as I went. Viruses were extremely interesting to me, and I wanted more - I caught the # of a VX BBS on the old FidoNet antivirus echoes and called it, downloaded a few, and disassembled them. It became quite a hobby - eventually I decided to try my hand at writing one. Most of my early disassemblies and code was written under Black Wolf - I changed my handle to "Stormbringer" for Ludwig's contest, intending it to be a one shot deal. Anyway, I won it, and decided to keep it for the reputation.
Have you written viruses? If so which would you like to take credit for?
I've written a pretty good handful of 'em, I guess some of the more noteable would be GoodVirus 1, Shifting Objective, Crucifixion, KeyKapture, CorpLife, and Jump.466.
How did you name your viruses?
I didn't really have a set technique for the naming, I just named them whatever came to mind at the time.
Which programming languages do you know?
80x86 Assembler, C, C++, Java, Perl, Visual Basic, Delphi, some embedded/proprietary languages, and probably something I'm forgetting but try to avoid coding in anyway....
What programming language do you like using the most?
These days I program mainly in C, C++, and assembler, depending on the project.
Are/were you a member of a VX group?
I was a member of Phalcon/SKISM, and one of the founders of the Trinity. However - apparently there was another Trinity as well - we were the ones who did the Revelations magazine (all 1 of them).
Which AV software do you like/respect the most? Which the least?
Most of the good ones have their strengths and weaknesses. Thunderbyte's always been pretty cool, but it also detects 110% of my viruses..... F-Prot is generally the "old reliable" that I use, although Dr. Solomon's and some of the others like AVP and Sophos Sweep are pretty good. Even NAV is working its way up there. I don't like Invircible, and I laughed at how few known viruses that ActiveX thing by Trend detected, although I guess it's purposefully "scaled down".
What are/were your goals (VX wise)?
Now? To convince people that I'm not VX anymore ;) Back then, I guess my primary goal was to come up with new and different techniques and ideas.
What is your view on the continuous 'war' between VX and AV.
I used to view it as a chess game really, where each one was trying to outsmart the other. I guess I still feel that way to some degree. I've never liked seeing viruses in the wild though, and really wish people would stop releasing the damned things on the public. For the most part, I've always talked to some people on both sides on an eye-to-eye level. I probably respect as many virus writers as I do AV, and hold a strong distaste for about the same number on each side as well.
Where did you get you handle? What does it mean?
Stormbringer is the name of Elric's demonic sword from Michael Moorcock's series. Basically I picked the first cool name I thought of at the time ;) Black Wolf I thought was much more suitable, but it pretty much got left in the dust after I joined Phalcon/SKISM.
What is your view on Virus Creation software (eg. VCL, PS-MPC etc.)?
At first I thought they could possibly be a learning tool, but even while I was still writing viruses I viewed them as a major annoyance. First of all, I don't think people that can't code should possess viruses, and secondly, they've created a huge bulk of pathetic viruses and pathetic "virus writers".
What is your view on macro viruses vs. assembly or HLL viruses?
At first, I pretty much viewed any macro viruses and their authors after Concept in contempt for their lack of skills and imagination. I've seen a few macro viruses more recently that showed some programming skill though. Mainly I just wish Microsoft would revamp their macros and make them less dangerous - rather than more dangerous as they just did in Office '97.
Have you ever confirmed one of your viruses 'in-the-wild'?
Yep - that's why I retired. There's a copy of the retirement letter in your update package which resulted from this. I've also heard of other incidents, although I have not confirmed them. There are also some variants of my viruses I've seen on VX BBS's and in scanner listings, but I don't know if those came from "the wild" or were distributed through the VX.
Which VX E-zine do you like to most? Which the least?
Hard to say - I've seen a lot of really good ones and even more really lousy ones.I guess I'd have to say I like 40hex and Revelations the most ;) As far as the least? Hard call....
Which individual or what group do you like/respect in the VX world?
My "idols" when I entered the scene were Dark Angel and Musad Khafir - both wrote good original code and were "non-destructive". I've made a lot of friends in the VX world since then, so it's hard to say.
In the AV world?
Hrmm.... Lot of good people here. While I was still into viruses, a few of the more sensible people that I corresponded with were Mikko, Sarah, and Nick. Recently at the VB conference, I had the opportunity to meet a lot of other cool people in the AV as well. Fortunately, I made a lot fewer enemies than friends ;)
Which individual or what group do you like/respect outside the VX or the AV world?
I guess the most applicable group would be Future Crew - those guys were awesome coders.
What is your view on destructive payloads in viruses?
I am very much against them. It's bad enough to be infecting other people's computers, but trashing random people's stuff as well? Besides, most of the people who code them can't get them right.
Do you think there is such a thing as a 'good' virus?
Depends ;) I think there are applicable uses for my GV1 program if it had been written more carefully, but then it only spreads on request so whether it is a virus or not is argueable. For the most part, the "virus" part of any useful program can be removed and the usefulness would be enhanced.
What do you do in 'real' life?
I'm a professional software engineer. Recently I've been primarly involved in semiconductor robotics.
Did people outside the VX scene know what you did (parents, girlfriend etc.)?
Yep. I made no real secret of it then, and definitely don't now.
Did you do other computer stuff outside VX (Hacking, phreaking, warez etc.)?
I did a little bit of hacking and a lot of reverse-engineering, but I was primarly just a coder.
Should viruses be illegal? Is there a difference between creation and spreading?
I don't like governmental controls on information, so I don't feel viruses should be illegal per se. However, I think people should take more responsibility when they decide who to distribute viruses to (distribute meaning - give to a knowing recipient). Owning a virus or creating one does no harm. Distributing one to knowing recipients without validating their ethics and knowledge is irresponsible, but I don't really feel it should be controlled by the government. Spreading viruses into the wild is and should remain illegal and should be prosecuted. There is nothing cool about releasing a virus onto the public - anyone that doesn't agree should go clean up a few large site infections without pay.
Describe the perfect virus.
One that remains just an idea ;)
What is your view on Windows (95)
Well, I'm pretty much forced to use it these days, so I can stomache it. As far as viruses, it's slowed things down a bit, but not much. NT does the same. However, more and more people are becoming proficient enough to code PE infectors and the like, so pretty soon we'll be back to the same game.
What is your advice for people just starting out?
Find a more beneficial pursuit. I'd recommend demo coding - there's more 32-bit assembler, it's cool, and you can even use your real name if you want to ;) It's hard to show a virus to a non-technical person and have them be impressed, and most technical people will simply be annoyed. Demos anyone can appreciate, and it might even help with job hunting later on....
Where can you be reached if at all?
mike@tek.net is my email address, I also monitor alt.comp.virus when I have time.
Any greets?
Greets to all the guys from Phalcon/SKISM and the Trinity, along with the rest of the guys I've worked with. A special YO MUTHA FUKA to h_spirit, Antigen, and DA.
Any other comments?
I'm AV these days, and there's a reason for it - viruses cause considerable damage when they hit the wild. I've been through several major cleanups + uncounted individual cleanups, and the worst thing is that it almost doesn't matter what the virus itself does - it's presence is going to cause most users to panic and trash their stuff. Even without the fear reaction, viruses keep people from working - whether it's research, a thesis, or an accounting department, everything comes to a standstill while people go through and clean up everything. I never introduced my viruses into the wild, but simply because they were published and distributed they have ended up there at least once - people need to think about this and take responsibility for their actions. Once a virus has been sent into the VX, you've lost control of it completely.
Short responses to the following names or words:
- Dark Avenger
- Arsehole, but a good coder and one of the pioneers. Too many people keep trying to imitate him. - Dark Angel - Old Phart, but an awesome guy. BEWARE of PLuRG! - Sarah Gordon - One of the most misunderstood people she's taken shit from both sides. She's cool. - Fridrik Skulason - Good coder, a bit self-righteous at times, but he means well and does well. - Alan Solomon - Witty guy, started an excellent company. I'm not sure about the whole ARCV incident, but then I've heard 5 different versions of it just like with any other incident in the scene. - WordBasic/VBA - Pain in the arse, and a cop-out for real coding in many cases. Why does Microsoft do this to us? - VDAT - The only database I've seen that keeps track of virus writers, 'cept for Ferguson's old black list..... Interesting reading, definitely. - VSUM - Some electrons were meant to be recycled. I still get a kick out of the RAM virus, but her Jump.466 virus description was, like all the others, disappointingly showing of a lack of expertise. - Assembler - The language of real coders, and useful for a lot outside of viruses, too! - NuKE - Some talent, but a lot more baggage.... - Phalcon Skism - BEWARE of PLuRG! - VLAD - Aside from the whole Intended.VLAD series of viruses, these guys were cool ;) Fun people to talk to, regardless of what they do to kangaroos. - Immortal Riot - Improved considerably. But there aren't any kangaroos over there. - Trident - One of the best groups around back then, second only to us of course ;) Neat people, and some damn find coders. - Polymorphic - Is getting boring...... and easier to detect ;) - Stealth - Is very rarely properly implemented to avoid conflicts.... and is even easier to detect than poly ;) - I hate...... - Sorting through !@#!@#@! dirty virus collections.... - I love...... - Stoli & tonic, with a twist of lime. - Internet - Used to be so much more peaceful.... back then it even had a good signal/noise ratio, instead of just a noise level..... - IRC - Best way to blow a few hours for those that like tendonitis of the hands. - Sex - Yeah, I remember that.... been awhile..... - World War 3 - Why bother when we can just wage lots of little ones?
Why did you quit writing viruses?
One of my viruses (KeyKap) got into the wild. I felt responsible for it out of my negligence, although I did not put it there - I walked the guy through cleaning up his system, worked my way from the first stage of being drunk (when I got his email and called him) through to total oblivion, and retired. I never intended for my viruses to end up in the wild. Honestly - why would anyone put one there? If they wanted revenge, wouldn't they use something destructive? Why else release a virus? *sigh* of course I was wrong, eventually some moron was going to stick one of them in the wild simply because they could. I didn't want it to happen again, and since I couldn't prevent that, at least I wouldn't create any more.
Did you quit cold-turkey or did you find it hard to stop?
I quit cold turkey. There were a couple of times where I almost came back early on, but I've kept my word.
Any regrets?
I don't regret. What I did made me what I am today, and I'm quite happy with that. There are a lot of things that I won't do again, of course, and some things that I'm still in debt to society for.
Do you still keep in touch with the VX world?
Some - I've lost track of some of the old crew, but I keep poking my nose back in to see what's going on and chat with some old friends.
Were you able to use your VX knowledge in the non-VX world?
Yep - I've cleaned up a lot of infections by hand and written several cures for viruses. Currently I'm also developing some AV software independantly.
What do you do now?
I'm a software engineer - mainly C++ under Win32. In my spare time, I code AV.
Have you been in touch with the AV world?
Definitely ;) I gave a speech at Virus Bulletin '97, and have been talking and/or debating with people I met there since.
What was the most common reaction when you quit?
- VX
VX was kinda split at the time, some people understood, while a lot of other people thought I was a loon. These days I primarly hear "why don't you come back?" Which is complementary I guess, but I won't.
- AV
The reaction to me quitting was very positive, although some of them were and even still are suspicious of me. The reaction for me going public and pursuing AV, of course, was another thing altogether......
Cheers,
Stormbringer