Interview Zulu

Interview with Zulu
by Slagehammer
[November 1999]

How did you start out in computers?

When I was 14 years old my father bought a 386 for home, since then I start using them, first for gaming then for other things.

How and when did you start out in the virus scene?

I started in the beginning of 1999, I was coding some things in VB when I saw 1nternal's VBScript viruses. I decided to write one (HTML/VBS.Zulu), it was going to be the only one, like an experiment. I didn't know anyone in the virus scene, but surfing the web I found many VX sites. I sent it to some of those people. Those people were Nightmare Joker, Evul and some more. Then the virus was posted on Evul's and Codebreakers' sites. :) I had more ideas for viruses, so I continued writing more and I also started collecting them.

Have you written viruses? If so which would you like to take credit for?

Yes, at this time I wrote 7. Most of them are worms, not viruses. The one I like more is VBS.Freelinks (like AV programs named it), is nice to be in IRC and see infected people trying to send you your own worm. :) It could be better using some ideas that I used in worms after it, but I stopped updating it.

How do you name your viruses?

Nothing special, some like Monopoly because of what the worm shows, in this case, an image of Bill Gates in the Monopoly game. Others like BubbleBoy and VanHouten because of TV shows (Seinfeld and The Simpsons), and in others like Chango I have no idea of the reason of the name, maybe because I use that word a lot even that is not common in my country. :)

Which programming languages do you know?

VB, Pascal, C++, VBScript, JavaScript, VBA and HTML. And yes, I know that the last four are not considered programming languages by many, maybe calling them pseudolanguages is better. In case of Pascal and C++, I'm not coding in them for a long time. Anyway, I plan to come back to them in the future, VirusBuster told me about a free Win32 Pascal compiler that gave me some ideas and I'm always wanting to do something in Visual C++ for learning.

What programming language do you like using the most?

This days VB and VBScript.

Are you a member of a VX group?

No. Anyway, thanks to the ones that invited me to join any group. :)

Which AV software do you like/respect the most? Which the least?

I like AVP and F-Prot. I use them for trading, so maybe I'm saying this because I got used to them, but I think they are also great products. If I have to choose one I will choose F-Prot, I like that exact detection of variants it has, and also their support was great with me when I needed it. With this I don't mean that F-prot is better, I'm just saying that I like it. :) I also like DataFellows' product, but that is really a mix of the other two. What I think they have better is their virus encyclopedia.

The least I don't know, I could say some, but that would be because of what I read about those AV products, not because I tested them.

What are your goals (VX wise)?

I don't have something like a VX goal, I write viruses as a hobby, not to reach some kind of goal.

In case of my viruses/worms, some of them have little goals. For example, BubbleBoy was written to be the first in it's kind, even that is uses a bug so it won't be a great thing. Others also have some little goals, we write them because of something, learning, having fun coding or others, so all viruses have some kind of goal for us.

What is your view on the continuous 'war' between VX and AV?

I know that some (in both sides) see that like a 'war', but is not my case. I'm interested in viruses and when sometimes I test how a virus works I'm doing in some way what AV people do, but as a hobby, not as a work. :) Anyway, I won't have any problem in writing a remover for a worm or things like that, like writing any other program.

Where did you get you handle? What does it mean?

I use to play with friends a computer game called Worms (little worms using guns like bazookas). My worms were using military units' names and one was called Zulu. Then, when I got Internet and I was going to use IRC I needed a handle, so I used that one.

What is your view on Virus Creation software (e.g. VCL, PS-MPC etc.)?

I never used them, I don't see the fun in creating viruses with them. The fun is in coding, having new ideas and those things, I don't have that if I create a virus with a virus creation software.

Also, they seem to be mostly used by those guys that come to #virus asking "How do I write a virus?" or "Give me a virus to destroy my school computers". :) Of course that writing that software is as difficult as a virus or even more, but I don't see what are they for. I think is better to write a virus instead of that.

What is your view on macro viruses vs. assembly or HLL viruses?

Just different platforms, each with advantages and disadvantages. Anyway, we already have viruses that use both. Also, for those assembly coders calling macro coders lame, stop being lame saying that. :)

Have you ever confirmed one of your viruses 'in-the-wild'?

Yes, VBS.Freelinks is in the wild list at this time.

Which VX E-zine do you like to most? Which the least?

I like the E-zines that are mostly HLL or macro, this is because I don't code in assembler, even YAM's overwriting viruses are much for me now. :)

Which individual or what group do you like/respect in the VX world?

A lot of people, not only coders, traders too. I know that it will be great to have names in this answer, but I don't like to forget any, so it's better this way, anyway, they known who they are, if you receive emails or IRC queries from me often you are one of those. :)

In the AV world?

I know the AV products only, I don't know enough of the people behind them, I can't answer the question with such little information of them. Anyway, by reading alt.comp.virus I can dislike many individuals, but that wasn't the question. :)

Which individual or what group do you like/respect outside the VX or the AV world?

None that I remember now, but I think that they could be many. :)

What is your view on destructive payloads in viruses?

I don't like them and I don't write them, I don't want my viruses/worms deleting things and destroying people's information. Also, is bad for the virus since it will destroy his way of spreading.

Do you think there is such a thing as a 'good' virus?

Depends of 'good' for who. :)

What do you do in 'real' life?

I'm 20 years old, I study computer systems at the university, I'm webmaster of a little company (very little work, not many updates) and this days I may start a future project with some coders I met, I hope it has a good end. Also, I have friends and a nice girlfriend that I knew in IRC that is always telling me not to get in troubles. :)

Do people outside the VX scene know what you do (parents, girlfriend, etc.)?

Yes, parents, girlfriend and friends know that. None of them have any problem, some even like that.

Do you do other computer stuff outside VX (hacking, phreaking, warez, etc.)?

Outside VX I use the computer for normal stuff, university homework, writing not VX programs, gaming, doing websites, listen to music, burning CDs (warez sometimes), IRC, etc.

Should viruses be illegal? Is there a difference between creation and spreading?

Of course the creation of viruses should not be illegal, we must be free of coding what we want and send it to other people interested in what we are coding (this includes posting the viruses in sites without cheating saying that it is a normal program). In case of spreading, I think that the action of spreading a virus should not be illegal. But the things that viruses do are some illegal, so, they should be punished. Most viruses/worms do things that are not right, modify data in case of viruses and in case of most worms send themselves saying that they were sent by someone, something that is not true. Anyway, of course it won't be the same a 'harmless' worm than a virus with a payload that formats a hard drive. So, the punishment should depend of what the virus has done in the infected computer. Also, that punishment should be for the person that spreaded it, not the author. I'm not totally sure what should happen in the case of a virus that formatted 500 computers for example. Should the person that spreaded it be punished for formatting 500 computers?, that would be too much I think, what he done could format 1 or 1000 computers, he didn't know what would happen. I think that that is not the same as a guy that deliberately formatted 500 computers knowing that he was formatting that amount. Anyway, like I said, I'm not sure of this last part.

Describe the perfect virus.

This answer will be like most answers to this question, I'm not going to be original. :) Maybe a virus that is not known by anyone (even AV programs) until it does some kind of payload on the infected users. So it would not be known if it hasn't a payload.

What is your view on Windows (95/98)?

Not a great piece of software, but well, I still have not enough space for having more than one OS in this machine. :( I know that I could delete it and install other OS, but I need it, not because it is great, it isn't, only because it is what most people have. Anyway, when I buy a new computer I will install Linux in it, of course I will still have Windows in the other.

What is your advice for people just starting out?

People in the VX scene will help you if you need something, just ask. Anyway, before asking for help, read the documentation of what you are looking for help. :)

Where can you be reached if at all?

Email: zulu_vx@ciudad.com.ar

PGP public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
mQGiBDg8FNARBAD8dhUgdvRrzCl6APu9aVOTgAmvDEVhh/F0yYolj6Flho/EHutm
ikNkTvPtij+wjSe1nfgz7Fm3N/IuQH7Yi+9HTF6WmgkEEtuGNd7sSmKgKPNFHkVP
HruBPPI8Jl2wKbCgHM+uNoo05sihOBp8CllZh7TjmrP406Om/pmGInMgjwCg/229
SL2zk3V6WExDIjCr9wOnwf8D/0W4+Uk1Dit9pRhnjhUHRQZvaEgxkQKplFep1iw+
hxpwIMct5xTX4Qs5rRD5LcwCATGxIkdSsTJkQGJwWOE40Xl+xN5TYrtOTu6p9A8x
9SWW3g5knFr358lCgECPb/z8rQZ1PPgn3f0ZkmZ2x6Q06WaWYKVDlXHXiyY/eAFK
6tp6BADshq53rMYMBM/kgDmEqQVMROiW9KQ4ytbLA5kdQ+LGC1/YlPhMejMxdVki
FElpz5PgAmIscFzLIbPcajNcbuX/hFTxO2qrEqew54gUhumIK62cmiyKTsqfaCMJ
C10ywLjxqFBRWM49hcEikxnPpMSFd0vRCTZSRkb1w9SWhm6Z/bQEWnVsdYkATgQQ
EQIADgUCODwU0AQLAwIBAhkBAAoJENptDqUSk8guDhQAoMf2/+xVPa8rwsBmQNw/
CKRMYiT0AKCOsOVYAVJdnbrb5RyPQYc0I5zklrkDDQQ4PBTREAwAzB13VyQ4SuLE
8OiOE2eXTpITYfbb6yUOF/32mPfIfHmwch04dfv2wXPEgxEmK0Ngw+Po1gr9oSgm
C66prrNlD6IAUwGgfNaroxIe+g8qzh90hE/K8xfzpEDp19J3tkItAjbBJstoXp18
mAkKjX4t7eRdefXUkk+bGI78KqdLfDL2Qle3CH8IF3KiutapQvMF6PlTETlPtvFu
uUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89
PY3bzpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa
8L9GAFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY
jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6
ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpTDJvAAICC/4+xZc4
7B1Y2Uet8STre/WoKnXWWWiYjIjka2M7uXEJ4Tl4a5BWXYxH7fd2thGut19a/+X2
m6g4tFcrf70tqj2oXbjGQl58niKJQv45YTNHd+kiiR3kx8cPJA0JIFSH1fMUQ0Lt
u3VlpB5/WaEtB3LM+nbizgRqQzrZxUtPrKKScyAbtk1po2M0VzReXIAZ8n9fWekl
fjTczwSixJeTuRQgktcqe+PJ8PVkOFkUMhdMi3OFJrUbsjBOWqKo/DWhURKaIqep
i5uC6Pq7bIv1QMdSNyEGlXw79TFDpHEO4/LdiQFGMek3S/tLiTTSv2oKA30Pfe3F
e2a1crT5723llWeBwOtIMHVKU/ZPolQH6WR2FEr6KMp435T1Ln3lvfU9HNLxPujV
zW8w9HWtLqgN1pCvieEAaStotNRGawCNG9kq6PctESDVgEzTjwjvK6+EnA6f01n7
yxgAoI4SfSwtKyAEYVRwiTMuK7hiWliAe0wXfueYYGvWxICgF2H8yR1X/36JAEYE
GBECAAYFAjg8FNEACgkQ2m0OpRKTyC4aSQCgsyTDP9QVqsJsVZnguwH3AwlnonoA
n3cULt2ysjJHHkr1RHG4+3T6QVYh
=EVcE
-----END PGP PUBLIC KEY BLOCK-----

Web: http://sok4ever.zone.ne.jp/zulu or http://coderz.net/Zulu

Those things can change, so better trying all if any of them doesn't work.

What part of the world are you from and how is the VX scene there?

I'm from Argentina. VX scene here this days is not like it used to be 5 years ago or so. In Int13h's article about VX scene in South America in Xine #3, Argentina is listed with lots of coders and even some groups like DAN, but now is different. We are only a few, anyway, this days on IRC I found some guys from here that seem interested in the VX scene, maybe in the future that could change.

De paso aprovecho para saludar todos los argentinos que esten leyendo esto. :)

Any info on new material you are about to release?

I have many ideas in my mind, but until finishing something I'm never sure, my ideas always mutate into different things. :)

Any greets?

Greets to all on #vir, #virus, #vxtrader and #vx-vtc. :)

Any other comments (take all the space you need)?

When reading interviews and wanting to know the date of them, I notice that most of them don't have it, so, the date of this one is November 1999. :)