God@rky's Virus Heaven Newsletter #2
God@rky's Virus Heaven Newsletter #2
Written by God@rky
(C)Circle-A Computers 1996 All Rights Reserved...
-------------
**Warning** This magazine deals with Viruses, their production, and their distribution, and frankly anything else that is virus related that we wish to publish here. The ethics of this magazine's very existance my upset you.
The intent of this magazine is to keep those interested in collecting or authoring viruses up to date as well as we can with some of the information that can be found here and abroad.
If you have any questions, comments, ideas or article submissions, by all means send them via E-mail at: godarky@ilf.net
CONTENTS
- Section One - Site News & Corrections
- Section Two - In The Wild List
- Section Three - Beginners Guide For Newbie Collectors
- Section Four - *NEW* Virus Related Newsgroup
- Section Five - Vx Related Books
- Section Six - Vx Site Guide (FTP/WWW) - Revised
- Section Seven - Assembly Language Help For Beginners
- Section Eight - Out With The Old/In With The New - E'zines
- Section Nine - Integrety of Virus Collections - Questioned
- Section Ten - A Call For Help With GVHN
Section One - Site News & Corrections
I suppose top of the list should be regarding Virus Bits & Bytes magazine. I have recently contacted Dark Night of VBB. He advised he has been real busy as of late with Life's necessities (Work) and hasn't had time to do anything lately. But that VBB is still around, and waiting for new articles and so forth. So in the future we can expect to see more from VBB.
Also in the last issue, in the Disappearing Sites area, I posted of the absense of ChibaCity. Promptly after the release of Issue #1, I received several letters with the new URL for ChibaCity. You can now once again enjoy accessing ChibaCity at; http://www.chibacity.com/chiba/vrc.html.
One more site that disappeared during the month of November, was was actually that of one of the Virus Bits & Bytes members "RickDogg" the author of the LordNatas v666 bug that came out last August. Anyhow his old site was located on PSInet's "Pipeline USA" service. It actually lasted quite awhile till somebody either reported it, or Pipeline actually found out about this little gem amongst their homepages. So Rickdogg's entire account disappeared, not just the website. He has picked up residencey at ILF with some of the rest of us. His site can be found at: http://www.ilf.net/rickdogg As well as his two new virus releases which will also be at Virus Heaven.
Cicatrix, they guy keeping track of all the viruses around the scene, and putting them in NIFTY collections to keep us all a little more organized, has finally put up a Web site. It is small right now, with very few links to files. Currently though, there is a good portion of his collections available at http://www.ilf.net/god@rky/virii.htm in the "Virus Collections" section of the site. Also there, you will be able to get ahold of VDAT170.ZIP. VDAT is a dos-based virus hypertext (Windows version is currently under development) which is an excellent tool for those in the Vx and Av worlds alike. All kinds of Info is available in it, and is a must see, if you are interested in computer viruses. Keep an eye on this site, it should become a hot site as Cicatrix gets more time to work on it. Anyhow to get to this site, point your favorite browser to http://www.cyberstation.net/~cicatrix and bookmark this bad boy.
PhreeX's Site Guide there was a link to TASM 4.0 which led to a TASM v2.0 (1989).
Section Two - In The Wild Lists
In The Wild Lists are kinda a strange animal. As you will see in the newest one available which I am pasting into this issue of GVHN, there are some requirements for which your virus must go, before it reaches acknowledgment by an AV company for inclusion in thier scanner.
While it is most author's objective to keep thier virus from being detectable by a mainstream scanner. If the virus has anykind of effect on other people's systems, such as a decent infection ratio, it is almost inevitable that it will end up on the ITW lists, as well as on some AV scanner's list of detectable and cleanable virus list.
So, as I covered in the last issue, CARO gives the virus it's industry name. Usually, if CARO knows what the AUTHOR named the virus, it will be labeled in the ALIAS field of the ITW list. But CARO's name of the virus is the one that the listing will use as the viruses primary name. A good example of this is the HARE inclusion in this list. There is no alias listed for this virus. Yet many of us know that at least one of the strains was called "HDEUTHANASIA". You will see alot of blanks in the Alias field.
What follows is the most recent ITW list I could find. The one at the Dr. Solomon's AV site was from July 1996. That was a little old. The One I have here, came from the archive and was the newest one available there as of November 18th, and it is from October. I have included it almost entirely in it's original state, so you could read what their basis is for adding viruses to thier list, and so forth.
================================================
PC Viruses in the Wild - October 22, 1996
================================================
This is a cooperative listing of viruses reported as being in the wild by 44 virus information professionals. The basis for these reports are virus incidents where a sample was received, and positively identified by the participant. Rumors and unverified reports have been excluded.
This report is cumulative. That is, this is not just a report of which were seen last month. Monthly data is received from most participants, but the new data is added to the old. Participants are expected to let me know when I should remove their name from a virus that they haven't seen in a year and a half or so.
The list should not be considered a list of "the most common viruses", however, since no specific provision is made for a commonness factor.
This data indicates only "which" viruses are in the wild, but viruses reported by many (or most) participants are obviously widespread.
The WildList is current being used as the basis for in-the-wild virus testing of antivirus products by Virus Bulletin and the NCSA (National Computer Security Association). Additionally, a virus collection based upon the WildList is being used in an effort to standardize the naming of common viruses.
The WildList - (c)1993-1996 by Joe Wells - wildlist@vcnet.com
==========
The section below gives the names of participants, along with their geographic region, organization, and antivirus product (if any). The locations with an asterisk (*) note that the reports are regional, all others being multinational or global.
Key Participant *Region Organization Product
============================================================================
Ac Alan Candy *New Zealand Applied Insight F-Prot Pro
Ad Allan Dyer *Hong Kong Yui Kee Co. Ltd. F-Prot
Ae Amir Elbaz Israel EliaShim ViruSafe
Bn Barnabas Nagy *Slovokia NaBaware Dr. Solomon's
Bq Blend Qapiti *Albania Poly U Tirana None
Cb Carl Bretteville Norway Norman Data NVC
Cj Craig Jackson USA Datawatch VirexPC
Cs Christian Schmid *Austria DataPROT Linz F-Prot
Dc Dave Chess USA IBM IBM AntiVirus
Dg Dmitry Gryaznov UK S&S Int'l Dr. Solomon's
Ek Eugene Kaspersky *Russia KAMI AVP
Ev Eduardo Velasquez *Colombia/Vene. SOFTEAM Ltda VirusCOP
Ew Eddy Willems *Belgium/Lux. De Vaderlandsche None
Fl Ferenc Leitold *Hungary Hunix Ltd. Virus Buster
Fs Fridrik Skulason Iceland Frisk Int'l F-Prot
Gm Gerard Mannig *France RECIF None
Gp Gabriel Pislaru *Romania SoftWin AVX
Iw Ian Whalley UK Virus Bulletin None
Jd Joost de Raeymaeker *Portugal RSVP Dr. Solomon's
Jk Jimmy Kuo USA McAfee ViruScan
Jm Jose Martinez *Peru HackSoft S.R.Ltda TH AV
Kd K. T. Davies *India Pioneer Micro Vaxine
Ks Klas Scholdstrom *Sweden QA Informatik Dr. Solomon's
Ls Luca Sambucci *Italy I.C.A.R.O. None
Mh Mikko Hypponen *Finland Data Fellows F-Prot Pro
Ms Marek Sell *Poland APEXIM MkS_vir
Nb Neville Bulsara *India N&N Systems Dr. Solomon's
Oh Omar Herrera *Mexico Escuadron AV Aguila AV
Pb Pavel Baudis *Czech Republic Alwil Software Avast!
Pd Paul Ducklin UK Sophos Plc. Sweep
Ra Ruben Arias *Argentina RALP Integ Master
Re Ralph Tee *Malaysia R.E.Solutions Armour AV
Rf Richard Foley *Ireland Reflex Magnetics TBAV
Rk Richard Ku Taiwan Trend Micro PC-cillin
Rr Roger Riordan Australia CYBEC VET
Rt Roger Thompson USA Thompson Network Doctor
Rv Robert Vibert *Canada Sensible Security Dr. Solomon's
Rz Righard Zwienenberg Netherlands ESaSS BV ThunderBYTE
Sc Shane Coursen USA Symantec NAV
Sg Sarah Gordon USA Command Software F-Prot Pro Net
Sm Seiji Murakami *Japan Jade Corp Scan Vakzin
Td Toralv Dirro *Germany U of Hamburg None
Ws Wolfgang Stiller USA Stiller Research Integ Master
Yp Ywain Penberthy *So Africa CSIR Virus Lab VPS
============================================================================
The WildList
This main list includes viruses reported by multiple participants, which appear to be non-regional in nature. Technically, this first list is "the" WildList according to my original specification, which required viruses to be verified in the wild by a minimum of two participants. A supplemental list follows that contains viruses reported by single participants.
If a virus listed has minor variants, but no specific variant letter is attached, the virus meant is the .A variant.
Please note that all the MS Word macro viruses are grouped under WM.name.
+ Viruses marked with a plus sign (+) are new to the main list this month.
CARO Name of Virus [ Alias(es) ] Reported by:
============================================================================
15_Years................[Espejo, Esto te] AeDcDgEvJkJmRtScSgSm
Aircop.Standard.........[...............] OhRk
Alfons.1344.............[Iutt99.........] AeFsGpJkJmKsMsPbRrSg
Anticad.4096.Mozart.....[Invader........] DgSg
AntiCMOS.A..............[Lenart.........] AcAdCbCjDcDgEvEwFlFsGmIwJdJkJmKd
KsMhMsPdReRtRvScSgSmWsYp
AntiCMOS.B..............[LiXi...........] AcAdCbDcIwKsMsReRzScSmTd
AntiEXE.A...............[D3, Newbug.....] AcAdBqCbCjDcDgEvEwFlFsGmGpIwJkJm
KdKsMhMsNbPdRfRkRtRvRzScSgSmTdWsYp
Arianna.3375............[...............] DcDgLs
Avispa.D................[...............] AeDgJkRaRtSc
BackFormat.2000.A.......[Backform.......] BnDgFlFsGpJkMs
Bad_Sectors.3428........[...............] FlGp
Barrotes.1310.A.........[Barrotos.......] DgEvGmJdJkJmPdScYp
Boot-437................[...............] AcBqCbCjDcDgFlFsGmGpJkKdKsMsOhPb
PdRkRtRzScSgSmWs
BootEXE.451.............[BFD, BE-451....] FlFsIwJkMhMsNbRzSg
Brasil..................[...............] CjSc
Burglar.1150.A..........[GranGrave.1150.] AcAdCbDgFsJkKsMhMsRkRzScWsYp
Bye.....................[ByeBye.........] CbDcIwKsMsPdRzTd
Byway.A.................[Dir2.Byway.....] DcDgEvFlFsGmIwJdJkJmScSg
Byway.B.................[Dir2.Byway.....] DcDgEvJkJm
Cascade.1701.A..........[1701...........] CbCjCsDgFlFsGmGpKsMhMsPdRtRzSgSm
Ws
Cascade.1704.A..........[1704...........] CsDgEkFsGpKsRtScSg
Cawber..................[NTU.T4, BacLab.] RtSc
Chance.B................[Lennon.........] DcFsJkSc
Changsha.A..............[Centry, Changes] MsRrRt
Chaos.1241..............[Faust..........] RrSg
Chill...................[Chill Touch....] RtSc
Chinese_Fish............[Fish Boot......] CjDgRkRrRt
Civil_Defence.6672......[CDV 3.3........] DcMsPbSg
Cordobes.3334...........[...............] FsJkSc
CPW.1527................[Mediera, Mierda] DgEvFsJkJmSc
Crazy_Boot..............[...............] DcDgEwFlJkScSgTd
+Cruel...................[...............] GmGpMhTd
DA_Boys.................[...............] CjDcEwFsIwJkRtScSgWs
Dark_Avenger.1800.A.....[Eddie..........] CjDgFsGpRrSgWs
Dark_Avenger.2100.SI.A..[V2100..........] DgIwRf
DelCMOS.B...............[Int7F-E9, Feint] DgFsIwJmPdRz
Delta.1163..............[...............] FsSc
DelWin.1759.............[Goblin.1759....] CbDcDgGpJkKsMsPdTd
Den_Zuko.2.A............[Den Zuk........] DgRtSg
Desperado.1403.C........[...............] JkKs
Diablo_Boot.............[...............] DcEvFsJmMhPdRaSc
Die_Hard................[DH2, Wix.......] AcAdCbCjDcDgFlFsJkJmKdKsMsNbReRk
RtRvRzScSgSmTdWsYp
Digi.3547...............[Deliver.Stealth] FsMsPb
Dir_II.A................[Creeping Death.] BnCsDgEkFlFsGmJkKsNbOhRkRrScSgWs
Yp
Disk_Killer.1_00........[Ogre...........] DgEk
DR&ET.1710..............[Dret...........] JkMs
+Ear.Leonardo.1207.......[...............] DgMs
+Edwin...................[...............] DgGmKsSc
Empire.Int_10.B.........[...............] RtScSg
Empire.Monkey.A.........[Monkey.........] DcGmJkJmKsOhPdRrRtScSg
Empire.Monkey.B.........[Monkey 2.......] AcCbCjDcDgEvEwFsGmIwJdJkJmKdKsMh
MsNbOhPdRkRrRtRvRzScSgSmTdWsYp
EXE_Bug.A...............[CMOS Killer....] DgEwFlFsGmIwJkKsOhPdRfRtScTdWsYp
EXE_Bug.C...............[...............] RtYp
EXE_Bug.Hooker..........[...............] MhRtYp
Fairz...................[Khobar.........] JkKdMsRf
Fat_Avenger.............[...............] DcKdRrSm
Fichv.2_1...............[905, CHV 2.1...] DgGmRz
Filler.A................[DiskFiller.....] CbCjFlKs
Finnish_Sprayer.........[Aija...........] FsKsMhSc
Flame...................[Stamford.......] FlJkRrSc
Flip.2153.A.............[Omicron........] DcDgFsGmKsRv
Flip.2343...............[Omicron 2......] DgFsJd
Form.A..................[Form 18........] AcAdCbCjCsDcDgEvEwFlFsGmGpIwJdJk
JmKdKsLsMhMsNbPbPdRfRtRzScSgSmTd
WsYp
Form.C..................[...............] CsMs
Form.D..................[Form May.......] CsDcEvFlFsGmIwKdMsPdRtScYp
Frankenstein............[Frank, Sblank..] DcDgJkKdMs
Freddy_Krueger..........[Freddy 2.......] FsJkScWs
Frodo.Frodo.A...........[4096, 100 Year.] DcDgEwFsGpKsRr
Galicia.................[Telecom........] GpJkRtSc
Ginger.2774.............[Gingerbread....] JkRrSc
GoldBug.................[...............] DgFlJkMh
Green_Caterpillar.1575..[Find, 1575.....] CjDgFlFsGmGpIwJkKdKsOhRrRtScSmWs
Hare.7610...............[...............] AcDgFsIwMhRzScYp
Hare.7750...............[...............] MhMs
Hare.7786...............[...............] FsKsMhMsRz
Helloween.1376.A........[1376...........] DcDgFlIwJkJmPbRrScWs
Hi.460..................[Hi.............] GpMs
Hidenowt................[...............] AeDgGmIwJkJmKdPdScSm
HLLC.Even_Beeper.B......[...............] DgMsRz
Ibex....................[Bones..........] CbJkMhSc
Int40...................[...............] PbPd
Istanbul.1349...........[...............] DgMs
J&M.....................[Jimi, Hasita...] AdBnCbCjDcFlFsGpIwJkKsMhMsPbPdSm
Jerusalem.1244..........[1244...........] DgLsSg
Jerusalem.1500..........[Xug.1500.......] JkSc
Jerusalem.1808.Standard.[1808, Israeli..] CbCjCsDcDgFlFsJmKsNbRkRtRzSgSmWs
Yp
Jerusalem.Mummy.1364.A..[Mummy 2.1......] DgRtYp
Jerusalem.Sunday.A......[Sunday.........] RkRtSgYp
Jerusalem.Zero_Time.Aust[Slow...........] DgJdRrRtSm
Jos.1000................[Jabberwocky....] GpMs
Joshi.A.................[...............] CjDcDgFsJkJmRkRrRtScSgSmWs
Jumper.A................[French Boot, 2k] CbCjDcDgEwFsGmGpJmMsPdRtScSg
Jumper.B................[SillyBop, 2kb..] CbDgFsJkKsMhMsSgSm
+June_12th.2660..........[Mabuhay........] AdMs
Junkie..................[...............] AcAdBnCbCsDcDgEwFlFsGmGpIwJkJmKs
LsMhMsPbPdRfRrRtRvRzScSmTdWs
Kampana.A...............[AntiTel........] CbCjDcDgEwFsGmIwJdJkKsMhMsPbPdRf
RtScSgSmTd
Kaos4.697...............[...............] JkMsScSgYp
Karnivali.1971..........[...............] DgJk
Keypress.1232.A.........[Turku, Twins...] DcDgFlGpJkJmRrRtRzSg
Laroux..................[XM.............] DgJkSg
Leandro.................[TimeWarp.......] AeCbDcEvFsIwJkJmMhMsPdRtRzScWs
Lemming.2160............[...............] RrSc
Liberty.2857.A..........[Mystic, Magic..] DcEvRt
Little_Red.1465.........[Red Book, Mao..] CjDcDgFsKdMsRtSmTdWsYp
MacGyver.2803...........[Shoo...........] GmJkMsRkYp
Major.1644..............[Major BBS......] AeCbDgFsJkKsMhMsRzScSg
Maltese_Amoeba..........[Amoeba.2367....] CbDgFsGmKsMsRtSgWsYp
Mange_Tout.1099.........[1099...........] DgGmJkMsPbSc
Manzon.1414.............[...............] CbDcEwFsIwJkKsMhMsPdRrTd
Markt.1533..............[Werbe, Media...] DgFs
Michelangelo.A..........[...............] AdBnCjCsDcDgEkFlFsGmGpOhPbPdRkRr
RtScSgSmWsYp
MIREA.1788..............[Lyceum.1788....] AeEkJm
Moloch..................[...............] FsSc
Mongolian_Boot..........[Mongol.........] DgScSm
Music_Bug...............[...............] CjWs
Natas.4744..............[Satan, Sat_Bug.] AdCbDcDgEvEwFlFsGpJdJkJmKdKsMhMs
NbOhPbPdRkRtRvScSgSmTdYp
Necros.1164.............[Gnose, Irish3..] DgRf
Neuroquila..............[Havoc, Wedding.] DgJkWs
Nightfall.4518.B........[N8Fall.........] CbDgJkPbTd
No_Frills.Dudley........[Oi Dudley......] DgJkRrRt
No_Frills.No_Frills.843.[...............] JkRrSc
Nomenklatura.A..........[Nomen..........] DgMh
November_17th.800.A.....[Jan1, Int83.800] DcFlLsSc
November_17th.855.A.....[Int83.855......] DcDgFsGmLsMsRtSc
NPox.963.A..............[Evil Genius....] FsSc
NYB.....................[B1.............] CjDcDgEkEwFlFsIwJkJmKdKsLsMhMsPd
RtRvRzScSgSmTdWsYp
One_Half.3544...........[Dis, Free Love.] AcAdAeBnCbCsDcDgEkEvEwFlFsGmGpJk
JmKdKsLsMhMsNbPbRfRkRtRzScSgSmTd
WsYp
One_Half.3570...........[...............] FsJk
Ontario.1024............[SBC, 1024......] DcRr
Parity_Boot.A...........[...............] CbGpIwMhMsTd
Parity_Boot.B...........[Generic 1......] CbCjCsDcDgEvEwFlFsGmGpIwJdJkKdKs
MhPdRfRtRzScSgSmTdYp
Pasta...................[Boot-446.......] DgJkSc
Pathogen:SMEG.0_1.......[SMEG...........] DgScWsYp
+Paula_Boot..............[...............] FsRa
Peter...................[Peter II.......] CbDcFsJdJkMhSmYp
Ph33R.1332..............[...............] EwFsJkMh
Phx.965.................[PUX.965........] DgJmMsRa
Pieck.4444..............[Kaczor.4444....] CbMsRvYp
Ping_Pong.B.............[Bouncing-Ball..] DcDgFsGmYp
+Plagiarist.2051.........[...............] DgSc
Predator.2448...........[2448...........] FsJkKsRvSc
QRry....................[Query, Essex...] DcEvJkSc
Quandary................[Parity_Boot.Enc] AcDgFsIwJkKsMhMsPdRvSmTd
Quicky.1376.............[Quicksilver....] AcCbDgFlFsGmJkPdScTd
Quiver..................[Qvr............] EvMh
Quox.A..................[Stealth 2......] CbDcFlFsJkRtScSgSm
Reverse.948.............[Red Spider.....] MsYp
Ripper..................[Jack Ripper....] AcAdCjCsDcDgEwFlFsGmGpIwJkKsMhMs
PbPdRfRkRtRvRzScSgSmTdWsYp
Russian_Flag............[Slydell, Ekater] DcDgIwJkRzScSmYp
Sampo...................[Turbo, Wllop...] AcAdCjDcDgEwFlFsGmIwJkKdKsMhMsNb
PbPdRtScSgSmWsYp
Sarampo.1371............[...............] DgJdJk
Sat_Bug.Sat_Bug.........[Satan Bug......] EvSc
Satria.A................[July 4th.......] JkTd
Sayha...................[...............] JkSc
Screaming_Fist.II.696...[Fist 2, Scream.] CjDgJkRtSg
She_Has.................[Breasts........] CbDgIwPdRzTd
Sibylle.................[...............] DcDgFl
Sleep_Walker.1266.......[Swalker........] RrSc
Stealth_Boot.B..........[AMSE, NopB.....] CbCjDcDgEvFsJkMsPdRtScSgSm
Stealth_Boot.C..........[AMSE, NopB2....] CbCjEvFsGmJdJkJmPdRtScSgSmYp
Stoned.16.A.............[Brunswick......] DcDgSc
Stoned.Angelina.A.......[...............] BqCbCsDcDgEvFlGmIwJdJkJmKdMhMsPb
PdRkRvScSgSmTdYp
Stoned.Azusa.A..........[Hong Kong......] CjCsDgJkKsRrRtScYp
Stoned.Bravo............[...............] DgMsYp
Stoned.Bunny.A..........[...............] ScSgWsYp
Stoned.Daniela..........[...............] MsScSg
Stoned.Dinamo...........[...............] DcIwMsRtSc
Stoned.June_4th.A.......[Bloody!........] CbCjCsDgJkRkRrScSmWs
Stoned.Kiev.............[Epbr...........] CjDcEkMsPdRt
Stoned.Lzr..............[Lisa2, Whit....] AdCjDcEvFsRtSc
Stoned.Manitoba.........[Stonehenge.....] DcDgFsKsPdRtRvScSm
Stoned.No_INT.A.........[Stoned.........] AcCbCjCsDcDgEwFlFsGmIwJkMhOhPbPd
RrRtScSgWsYp
Stoned.NOP..............[NOP............] DgJkWs
Stoned.Spirit...........[...............] AeDgFsGmJkMhMsPbRz
Stoned.Standard.A.......[New Zealand....] CjDcDgEkEvFsGmGpJkPdRkRrRtScSmWs
Yp
Stoned.Swedish_Disaster.[...............] CjDgIw
Stoned.W-Boot...........[Stoned.P, Wonka] AdDcEvJkMsPdRrScWs
SVC.3103.A..............[SVC 5.0........] DgEkEvSc
Swiss_Boot..............[Swiss Army.....] DcFlFsJkKsNbSm
Tai-Pan.438.............[Whisper........] CbDcDgFlFsGmJkJmKdKsMhMsPbPdRtSg
TdWsYp
Tai-Pan.666.............[D2D, Doom2Death] AcBnCbDcDgEkEwJkMhMsRtScSgSmWsYp
Tanpro.524..............[...............] AdJkSc
Tentacle.10634..........[Tentacle II....] DgJkKsMhRvSc
Tentacle.1996...........[...............] DgEwFsJkKsMhRzSc
Tequila.A...............[...............] CsDcDgEwFsGmIwJkPdRfRkRtScSgSmTd
WsYp
Teraz.2717..............[...............] DgIw
Three_Tunes.1784........[Flip, PCBB.1784] AeCjDcDgEvJkJmSc
Trakia.653..............[...............] RrSc
Tremor.4000.A...........[...............] CbCsDgFlFsJkKsMhMsPbRtSgWsYp
Trojector.1463..........[Athens.........] DcDgJkKdNbSgSm
Trojector.1561..........[...............] GpKsRzSc
+TVPO.3873...............[...............] GpRz
Unashamed...............[...............] IwJdJkJmLsMhMsPdScYp
Unsnared.814............[ V.814.........] AeGpRz
Urkel...................[Nwait..........] CjDcFsJkRzScSgWs
V-Sign..................[Cansu, Sigalit.] BnCjDcDgFsGmIwJkKdMhMsPbPdRrRtSc
SgSmWs
Vacsina.TP-05.A.........[RCE-1206.......] CjDgFsRtSc
Vacsina.TP-16.A.........[RCE-1339.......] DgFs
Vampiro.................[...............] DgRaWs
Vienna.648.Reboot.A.....[DOS-62.........] AeDgEkGpRkSg
Vinchuca................[...............] DgRaWs
VLamiX..................[Die Lamer......] DgFlJkMsRt
WelcomB.................[Bupt.9146......] AdCjCsDcDgEvFlGmGpIwJkJmKsMhMsPb
PdRtScYp
Werewolf.1500.B.........[...............] DgEwFsGmJkMhMsRzScSgSmYp
+WM.Buero................[...............] DgJkMhScTd
+WM.Colors.A.............[...............] JdJkYp
WM.Concept..............[Concept, Prank ] AcAdBqCbCjCsDgEwFlFsIwJdJkJmKdKs
MhMsNbPbPdReRfRkRrRvRzScSgSmTdWs
Yp
WM.Date.................[AntiDMV........] DgPbSc
+WM.Divina...............[Divina.........] FsSc
WM.Hot..................[Hot............] RvSc
WM.Imposter.............[Imposter.......] AcDgIwMhSc
+WM.Irish................[Irish..........] JkSc
WM.MDMA.................[MDMADMV........] JkMhSc
WM.NOP.A................[Nop............] FsMhRzSc
+WM.Npad.................[Bandung........] DgJkJmMhRzScTd
WM.Nuclear.B............[Nuclear.B......] FlFsYp
WM.Wazzu................[Wazzu..........] AdAeCbDgFsJdJkJmKsRkRvSc
WXYC....................[...............] CjJmMsOhScSmWs
Xeram.1664..............[N-Xeram.1664...] JkPd
Xuxa.1984...............[...............] DgFs
Yankee Doodle.TP-39.....[RCE-2772.......] DgFs
Yankee Doodle.TP-44.A...[RCE-2885.......] DgEkEwFlFsGmGpKsMhMsNbPdRtSgSmTd
Yankee Doodle.XPEH.4928.[Micropox.......] CbFlFs
============================================================================
Total for the WildList: 223
Supplemental List
As was noted at the start of the main list, this list is not, technically, part of "The WildList" as I have defined it. By design, the WildList is a list of viruses verified as being in the wild by a minimum of two WildList participants. The viruses listed below do not currently meet that criteria.
This additional list includes viruses reported by a single participant and are often either moving onto the main list, or dropping off of it.
Please note especially that this list also tends to be more of a regional reporting mechanism. For example, a virus is often reported as very common by one regional participant, but is found nowhere else in the world.
Viruses marked with a minus sign (-) dropped off the main list this month.
CARO Name of Virus [Alias(es) ] Reported by:
============================================================================
15_Years.B..............[Espejo.B.......] Jk
A&A.....................[...............] Dg
Accept.3773.............[...............] Ra
Acid....................[...............] Ew
Alphabetic.A............[...............] Mh
Anticad.4096.A..........[Plastique 5.12.] Sg
AntiCMOS.D..............[AntiCMOS.G.....] Jk
Arusiek.817.............[...............] Cb
Avalon..................[...............] Fs
Baby.962................[_962...........] Ad
BackFormat.B............[BackForm.B.....] Ms
Barrotes.1303...........[Sta Tecla......] Ev
Barrotes.1463...........[...............] Rz
Beer.2473...............[...............] Fl
Cavaco..................[...............] Jk
Chameleon...............[...............] Iw
Cosenza.................[...............] Fs
Coup.2052...............[...............] Dg
Dalian..................[...............] Ad
Danish_Boot.............[...............] Sc
Datalock.920.A..........[...............] Dg
Defo....................[PeterII.Runtime] Fs
Deliver.1771............[Blue Shark.....] Ms
Diciembre_30_Boot.......[...............] Jm
Dual_Gtm.1643...........[BewareBug.1643.] Jk
DullBoy.................[...............] Jk
DuPoem..................[...............] Jk
Error_Vir...............[...............] Mh
Face....................[...............] Jk
Fighter.5871.APE........[Stealth_Fighter] Ek
Finnish.357.............[...............] Ks
Finnpoly................[...............] Mh
FITW....................[...............] Pd
Flag3.1901..............[Furtive.1901...] Jk
Form.B..................[...............] Iw
Glupak.857..............[...............] Rz
Gripe.2040..............[...............] Jk
H-Andromeda.1024........[Axe............] Fl
Ha!.1224................[Info,Zmaina....] Ms
Hack_Master.............[...............] Ae
Halt....................[BM_Birthday....] Jk
Hi.833..................[Hi.............] Gp
Hiroshima.830...........[...............] Jk
HLLO.Novademo...........[Nova...........] Ms
Horror.1173.............[...............] Td
Immortal.2190...........[...............] Ms
Indonga.2197............[...............] Dg
Infector.1022...........[Alia.1023......] Sc
Invisible_Man.2926......[...............] Kd
ITV.457.................[...............] Oh
IVP.264.B...............[...............] Rz
IVP.674.B...............[...............] Ks
IVP.Flipper.872.........[...............] Rr
Japanese_Xmas...........[Xmas in Japan..] Sm
Jerusalem.AntiScan......[...............] Dg
Jerusalem.June_13.......[...............] Gp
Johana_Boot.............[...............] Jm
K-Hate..................[...............] Iw
Kmee....................[...............] Fs
Kysia.1536..............[Kyokushinkai...] Ms
Kysia.3072..............[Kyokushinkai...] Ms
Legozz..................[...............] Fl
Little_Brother.307......[...............] Jk
LTS.....................[...............] Fs
Lucho...................[...............] Jm
Lutil.591...............[...............] Jk
MacGyver.4112...........[...............] Jk
Magda...................[Magdzie........] Ms
Mannequin...............[...............] Gp
Mario.745...............[...............] Ms
Matthew.3044............[...............] Ad
Menem_Tocoto............[...............] Ra
Mirage..................[...............] Dg
MISiS...................[Zharinov,NIKA..] Ev
Natas.4738..............[...............] Dg
Nightfall.*.............[N8Fall.........] Td
NJH2LBC.A...............[Korea Boot.....] Dg
November_17th.800.B.....[...............] Dc
NoWin.2576..............[Zielona........] Ms
Oktubre.1784............[...............] Dg
Ornate..................[...............] Dg
Patras.196..............[...............] Gm
PC_Ogre.................[...............] Jk
Peligro.1213............[...............] Jm
Phx.1295................[...............] Ra
Print_Screen_Boot.A.....[India,PrnSn....] Dg
PS-MPC.475..............[...............] Sc
Pysk.2464...............[...............] Dg
Rhubarb.................[RP.............] Ms
Scitzo..................[...............] Fl
Scroll.1532.............[Kato...........] Ms
Sierra..................[...............] Jk
SillyCR.409.............[...............] Jk
Spectre.513.............[...............] Ks
Stealth_Boot.Alfredo....[...............] Dc
Stoned.Michelangelo.D...[...............] Fl
Stoned.Scale............[BootM1.........] Ae
Suriv_1.Argentina.......[...............] Ra
Tai-Pan.512.............[...............] Mh
Teraz.4004..............[Flaga..........] Ms
Turner..................[...............] Ek
Ulate...................[...............] Dg
Ultra_Violent...........[...............] Jk
Unkempt.1350............[...............] Jm
Uvjan.2246..............[...............] Ev
Uvjan.2262..............[...............] Ev
V-160...................[SillyRC.160....] Jk
Valentine.2332..........[...............] Jk
VCL.541.................[...............] Ks
VCL.Genocide.839........[...............] Ms
Vienna.Bua..............[Big Caibua.....] Dg
Voyage.1134.............[...............] Ws
Werewolf.684............[Claws..........] Jk
Werewolf.693............[Fangs..........] Jk
WM.Boom.................[...............] Sc
WM.Concept.B:Fr.........[...............] Jk
WM.Concept.C............[...............] Dg
WM.Concept.F............[...............] Fs
WM.Parasite.............[...............] Sc
WM.Taiwan1..............[...............] Rk
WM.Wazzu.E..............[...............] Jk
Xtc.2153................[...............] Jk
Yesmile.................[...............] Fs
Zimboot.................[...............] Yp
============================================================================
Total for both lists: 347
Release notes for the October 15 list:
Neville Busara of India and Ralph Tee have been added to the list. Since Rt is already used Ralph Tee is represented by Re. (His company is R.E.S.)
Please note that all the MS Word macro viruses are grouped under WM.name. So Concept is now under WM.Concept. This follows the precedent set by some antivirus companies and makes isolating the macro viruses easier for some who use the list just to track macro viruses. E.g. Mac user groups.
I am continuously seeking WildList participants, especially for regional reporting in the following countries:
Bulgaria, Chile, China, Denmark, Greece, Indonesia, Phillipines, Saudi Arabia, Singapore, South Korea, Spain, Thailand, Turkey, and Ukraine.
Such new participants will need to be in a position where they can monitor and verify virus incidents. People who develop av products are best suited. People who represent one or more av products (agents) and provide localized support may also be qualified if they actually verify the viruses or forward samples to developers. If you thus qualify, please send your name, location, organization, product name, favorite brand of beer, and references (preferably CARO members who know you). Send the information to wildlist@vcnet.com. Thanks.
==========
The collation of this list is done by Joe Wells, Editor of the IBM web site for virus information, www.av.ibm.com, who is solely responsible for its contents.
The latest WildList is always posted directly by me to the NCSA Security forum on Compuserve, in the Virus Info/Tools library. The official archive location for the WildList is ftp.ncsa.com in pub/virus/wildlist.
A complete archive of WildLists is available at the Virus Bulletin web site (http://www.virusbtn.com/WildLists/index.html).
The WildList is copyright material, but may be freely quoted or cited in part or in whole. No permission is needed to reprint the list.
All mail in regard to the WildList should be sent to wildlist@vcnet.com.
============================================================================
WildList Vol.610 - (c)1993-1996 Joe Wells - 75511,635 - wildlist@vcnet.com
============================================================================
Section Three - Beginners Guide For Newbie Collectors
Due to frequent posts on the Usenet, as well as frequent E-mails asking me some of the basic questions when it comes to collecting, I felt it would probably save everyone some time, to sit back and write a few basics on aquiring and storing viruses.
We will start with aquisition. For those who have not learned yet, the Usenet is not a Virus Collector friendly medium. Very few viruses are exchanged via Usenet newsgroups. The only newsgroup which I have seen any sort of exchange going on, has been in alt.comp.virus.source.code. There are a few people who have been exchanging here and there. And there is a virus posted maybe once a week there.
Posting to a newsgroup messages like "Please send me a Virus", is not a good way to get viruses. All it will probably get you is some hate mail, maybe some cheezy flames in the newsgroup itself. Other than that it will be your time wasted.
I would say the best way, is use your favorite WWW or FTP search engine and search for some keywords (EG virii, virus). In these searches you will pull up an enormous amount of garbage, but you should find something interesting in your travels.
Once you have a few sites, it is best to explore the links from those sites to others. And last but not least, download everything you can.
Something I don't run into very often, but do every now and again, is someone e-mailing me asking me if I want to trade viruses VIA e-mail. It dosn't sound stupid to them, and maybe to most it dosn't. But I have my entire collection archived and available via FTP and WWW, with the exception of the few files I may have recieved in the last couple of days. What would I possibly have laying around that they don't already have access to? I am not running some ELITE service. I have no ratios no nothing. I provide all of my resources to anyone who wished to aquire them. If you want to send me something I don't have in e-mail, then send it. But virtually everything I have is available on the site.
Collection is very easy, and pretty safe as well. There are many different methods of making sure viruses dont get loose on your system. The ultimate safeguard is to not store viruses on a system you value. But since not everyone has multiple computers laying around, there are other ways that are just as safe.
How safe is safe? Well the entire Virii Heaven Archive is on one of my hard drives. I use this system every day, and it is the primary system in my household. I have never once had this system infected as the result of these viruses being present on the system.
One of the most popular ways people store viruses is with the use of a compression program, such as PKZIP. A standard ZIP file is completely safe to store everything in, as the files inside the ZIP cannot be executed on accident. Some people store thier entire collection in one big zip file, others store each virus individually.
Another way which people store the viruses, which I am not a big fan of just because of disk space reasons, is to rename the virus file. The virus named VIRUS.EXE for example could be renamed to VIRUS.EX_ thus making so it wont run. This works, but it lacks the compression which PKZIP or a simmilair compression program might apply, thus wasting disk space. But alas is another option.
These are probably the most common ways of storing files. Sure there are many other ways with the technology boom in optical drives and removable hard drives. I keep mine on tape backup as well. But I am sure if you already have these other options, chances are you have already thought to use them for your collection right?
For more on Collecting Viruses, there is a little more advice in the beginning of the WWW/FTP Site guide in section 6 of this Newsletter in PhreeX's Site guide.
Section four - *NEW* Virus Related Newsgroup
Some time ago, PhreeX and I launched a campaign on Virus Heaven to get some of the Vx scene to be more active in the newsgroup alt.comp.virus. As we feel the newsgroup should be open to the discussion of the creation of viruses. However there was quite an opposition from the AV folks in there, and to be all quite honest, there still is.
There wasn't a whole lot of Vx support in the matters, but there was other routes in which for all of us to communicate. VBB's web-based message board was pretty active about that time until it got corrupted, and Dark Night has been too busy to fix it. And there has always been alt.comp.virus.source.code, which did pick up some in the last few months. Well the number of spams is still the same, but at least now there are a couple of on-topic posts each day, as well as some source and an occasional dropper is posted there as well.
About a couple of weeks into this whole campaign, PhreeX saw the futility of fighting for alt.comp.virus. And noted that one of the biggest arguements the AV people had, was that it wasn't a binaries newsgroup, and while we had the right to discuss authoring in there, we had no right to post binaries or source code there.
At about this point, PhreeX applied to have a new newsgroup built. And a couple of months later, this newsgroup is a reality, and is now available for those who wish to pursue it. The new newsgroup is called "alt.binaries.comp.pro-virus". More than likely, your current ISP has not picked it up. You may wish to contact the appropriate person with your ISP and request that they make it available to you. I will be doing so when I switch ISP's here in a week or two, as I am doubtfull that Teleport.com will pick it up, since run-in's in the past I have had with them were handled ignorantly and with very little investigation.
Being that this is in the alt hierchy, it will be un-moderated. And since it is a binaries newsgroup, you will be able to send and recieve viruses in this newsgroup, both source code and executables, and well, anything that is PRO-VIRUS goes here.
I hope to be seeing many of you there. I will be there as soon as I change my primary ISP. (Note: Being that ILF is not my primary ISP, the site for Virus Heaven will remain the same, as well as my ILF e-mail address. When my other e-mail address changes, I will let you all know, either by e-mail, or by way of the Web site itself.
Section Five - Vx Related Books
This section is going to be somewhat small, as I do not have many books which will be of much use. More than likely, I will just move this section in the next issue, into the WWW/FTP site guide.
What you will find below is all the information I have on how to get ahold of some of these books. You will more than likely see Publisher contact information on a few of these as not all of them can be found in your local bookstore. But many bookstores will order for you if you can provide them with publisher information. Or you can just order them yourself by contacting the publisher.
CVRL CD-Rom Version 2
Cost= $89.00 (US)
This is a collection CD-Rom by Computer Virus Research Lab. You can download a listing of everything on the CD as of the current version available from the site listed below to place your order. This isn't really a book, but there are collections of E-zines on the CD as well. Ordering and info - http://www2.spidernet.net/web/%7Ecvrl/
A Pathology Of Computer Viruses
By David Ferbrache
This is said to be available at libraries and what not, so it is probably available in your local bookstores maybe as well.
Dr. Solomon's Virus Encyclopedia
A printed virus encyclopedia.
Ordering And Info - http://www.drsolomon.com
The Virus Creation Labs - A Journey Into The Underground
By Dr. George C. Smith
In catalog for $12.95
ISBN 0-929408-09-8
Published By-
American Eagle Pub.
PO Box 1507
Show Low, Arizona USA 85901
1-800-719-4957 or 1-520-367-1621
Giant Black Book Of Computer Viruses
Apparently a cult-classic in the Vx world
Sources tell me it is available from American Eagle Pub.
American Eagle Pub.
PO Box 1507
Show Low, Arizona USA 85901
1-800-719-4957 or 1-520-367-1621
Super Technology '96
Put together by the same author that made the "Giant Black Book Of Computer Viruses". From what was said in the most recent Crypt Newsletter, this is Selling for $399.00 (US) or so. I have recieved mail via the Usenet advising me that this book was offered for $99.00 (US) to those who had bought the "Giant Black Book Of Computer Viruses" in the past. Basically the book details heavily on everything you need to know about viruses and Windows 95.
That is pretty much it for now. I have not heard from the author, so I do not know for sure if there is anything available in Super Technology that cannot be found on the net, in regards to Win95 viruses. And anyone who owns this book, I would appreciate a short summary or review on this book, as well as any additional pertinent information I may have left out.
Section Six - Vx Site Guide (FTP/WWW) - Revised
The *offical*
.o88b. .d88b. .88b d88. d8888b. db db d888888b d88888b d8888b.
d8P Y8 .8P Y8. 88'YbdP`88 88 `8D 88 88 `~~88~~' 88' 88 `8D
8P 88 88 88 88 88 88oodD' 88 88 88 88ooooo 88oobY'
8b 88 88 88 88 88 88~~~ 88 88 88 88~~~~~ 88`8b
Y8b d8 `8b d8' 88 88 88 88 88b d88 88 88. 88 `88.
`Y88P' `Y88P' YP YP YP 88 ~Y8888P' YP Y88888P 88 YD
db db d888888b d8888b. db db .d8888.
88 88 `88' 88 `8D 88 88 88' YP
Y8 8P 88 88oobY' 88 88 `8bo.
`8b d8' 88 88`8b 88 88 `Y8b.
`8bd8' .88. 88 `88. 88b d88 db 8D
YP Y888888P 88 YD ~Y8888P' `8888Y'
--==[\|/]==-- World Wide Web Site/FTP Site list --==[\|/]==--
[] Version 1.04 []
Compiled by Dr. PhreeX Merian Edited by God@rky
Brought to you by FoRcE, "Taking on the web with full FoRcE"
HUGE thanks to God@rky, this would have not been possiable without you!!
-INDEX-
Disclaimer
A word on safe virus storage
LINKS
- Part 1: Virus Genrators/engines
- Part 2: Some popular viruses
- Part 3: Mac viruses
- Part 4: Needed tools (Assemblers)
- Part 5: Virus related FAQ's/Tutorials
- Part 6: Virus INFORMATION Links
- Part 7: Computer Virus links
- Part 8: Conclusion (By Dr. PhreeX Merin himself!!)
Any comments, questions, or additions can be sent to me: phreex@ao.net or you can call me directly 24 hours a day at: 1-809-404-5468
Disclaimer:
I (Dr. PhreeX Merian) Can -NOT- nor will I be held responsible for your stupidity, viruses can destroy your/others computers (that is, the data within them,) if you execute a virus you just might get fucked. Collect 'em, study 'em, trade 'em but for god sake do **NOT** execute them.
Note: As of 10/13/96 at 19:38:03 PM EST every one of these links was valid, however they may die, if so please take it up with the site owner, not me!
A word on safe virus storage: As your collection of viruses (virii) grows so does the risk of self-infection, believe it or not you -CAN- safely store viruses on your hard drive, I have over 3,000 and have NEVER been infected! Here are just a few things you can do to protect yourself.
- ALWAYS keep viruses zipped up, I can not stress this enough, keep each virus in its own .zip with a text describing it (if possible) you can get a free copy of Pkzip from; http://www.pkware.com remember, if its zipped up it can **NOT** be executed!!!
- Its a good idea to re-name the file extension to something other than .com or .exe, I use .co_ or .ex_, this way you can NOT accidentily execute the virus.
- Put all your viruses in 1 (one) directory, I use c:\VIRUS, you can use whatever the hell you want.
- Get a -GOOD- AV scanner! Because everyone thinks theres is the best you can get reviews and sites at; http://www.virusbtn.com I think FProt is the best, you can download a shareware copy (gag) but thats no fun, I suggest you check the alt.binaries.warez.* groups for a -REAL- copy (its always posted somewhere).
- Once you get a AV scanner USE IT!!!, remember, you put all your viruses in one directory, most all virus scanners allow you to exclude drives/directories/files when you scan, set your scanner to exclude whatever directory your viruses are in. If you start to get reports of viruses outside of that directory you might have a problem.
- If you really paranoid you can keep all your viruses on floppy disk, actually, this is a good idea, due to the small size of viruses you can store TONS of 'em on only a few disk's. ZIP drives are also nice to have, so are CDR's. If you put your viruses on disk LABEL the disk so others don't infect you.
- USE COMMON SENSE! This is really the best protection, don't be an idiot, don't run anything that you don't know what it does, yadda yadda yadda...
On with the show......
Here is how this file is aranged;
File/Site name
http://www.this.is.the.site
Review of the site/file will go here...
Lets get started!!
Please note the following; I would like to keep this file somewhat small, for that reason I will not go into just what each virus/program does, if you wish to know just what one of these does the go here: http://www.Europe.DataFellows.com/vir-info/ I also have omited links directly to virus sims (emulators), theses are used for testing AV scanners and are of little use to the VX community.
(God@rky: Actually according to many of the AV folks, virus sims are useless. And that only a good test can be performed by an AV expert. As well as the factoid that the only test they consider a good install test, is the EICAR test.)
Part 1 [ Virus Generators ]
- These are alright, however most of them do not work 100% of the time and the viruses are easily picked up even the most half assed scanners.
- All of the following are located at: http://www.kuai.se/~panik should these URL's be dead please go directly to the site.
- Instant Virus Production Kit v1.7 http://www.kuai.se/~panik/archive/ivp.zip This is alright, however all of these are picked up.
- Mutation Engine 1.00a http://www.kuai.se/~panik/archive/mte.zip Not very user friendly, still, its allright.
- NuKE Randomic Life Generator v.66b http://www.kuai.se/~panik/archive/nrlg.zip This one is cool.
- Phalcon/Skism's G2 v.70á http://www.kuai.se/~panik/archive/g2.zip I have yet to use this, word is, it sucks.
- TridenT Polymorphic Engine v1.4 http://www.kuai.se/~panik/archive/tpe14.zip A nice polymorphic engine.
- Compact Polymorphic Engine http://www.kuai.se/~panik/archive/cpe-ape.zip A nice polymorphic engine.
- Rajaat's Tiny Flexible Mutator http://www.kuai.se/~panik/archive/rme11.zip Not very good, however I believe these are not yet picked up by most
- scanners.
- NoMut v0.01 http://www.kuai.se/~panik/archive/nomut.txt Decent polymorphic engine.
- SDFE 2.0 http://www.kuai.se/~panik/archive/sdfe20.txt Nice, however everyone of these is picked up.
- The Rickety and Hardly Insidious yet New Chaos Engine v2.0 http://www.kuai.se/~panik/archive/rhince2.txt The name says it all.
- VLAD infinite polymorphic http://www.kuai.se/~panik/archive/vip.txt Ya gotta grab this one!!
- Small Polymorphic Engine http://www.kuai.se/~panik/archive/spe.txt This is a nice polymorphic engine.
- Biological Warfare Mutation Engine http://www.kuai.se/~panik/archive/bwme.txt This is the *REAL* one.
- Mini Mutation Engine v1.0 http://www.kuai.se/~panik/archive/mime1294.zip I have yet to use this.
- Trojan Horse Construction Kit v2.0 http://www.kuai.se/~panik/archive/thck200.zip My personal favorite when it comes to trojans
- TSR Time Bomb http://www.kuai.se/~panik/archive/tsr_tb.zip Allright.
- Virus Creation Laboratory v1.0 http://www.kuai.se/~panik/archive/vcl.zip This one is WAY over hyped, only a few of the viruses work and there all picked up by ANY virus scanner. Skip this one, your not missing a damn thing! BTW, the password is "Chiba City" (without the " ")
- Virus Lab Creations v1.1 http://www.kuai.se/~panik/archive/vlc.zip A little better than the above.
- Virus Creation 2000 http://www.kuai.se/~panik/archive/vc2000.zip Lame!
- Virus Construction Set v1.0 http://www.kuai.se/~panik/archive/vcs10.zip Lame!
- Biological Warfare Virus Creation Kit http://www.kuai.se/~panik/archive/bw100.zip Good for a virus generator.
- The Nowhere Utilities 2.0 http://www.kuai.se/~panik/archive/nutils20.zip All of these are picked up
Part 2 [ Some Popular Viruses ]
- These are some of the most *POPULAR* viruses, they might not be the most powerfull however these are the ones you keep hearing about. Most of these come to us from God@rkys virus heaven located at; http://www.ilf.net/god@rky/virii.htm
- The Hellish Conspiracy Virus http://www.ilf.net/god@rky/virii/hellish.zip Sounds pretty cool, but sure wouldn't want it on my system. Does alot of peculier shit with your PC speaker too.
- The CriCri Virus http://www.ilf.net/god@rky/virii/cricri.zip Nifty, I have yet to run this.
- The HARE Virus http://www.ilf.net/god@rky/magazines/vbb-3.zip One of the hottest viruses EVER!! And its a nasty one to!! NOTE: This zip has several viruses, READ THE INCLUDED TEXT!
- The Tentacle Virus http://www.ilf.net/god@rky/magazines/vbb-3.zip Another virus that rocked the AV/VX community, does really neat stuff to your windows icons!! NOTE: This zip has several viruses, READ THE INCLUDED TEXT!
- The Rickdog666 Virus http://www.ilf.net/god@rky/magazines/vbb-3.zip This virus got a kid kicked out of school, don't miss this one! NOTE: This zip has several viruses, READ THE INCLUDED TEXT!
--MACRO VIRUSES--
- Macro viruses are .doc files that, when opened, will infect your machine. HINT: Do not try to open these to veiw them!
- The Alliance Word Macro Virus http://www.ilf.net/god@rky/virii/alliance.zip Nice virus, brought to you by the alliance.
- Colors Macro Virus http://www.ilf.net/god@rky/virii/colors95.zip *GREAT* Virus!!! this also comes with source code and a file on making your own Macro viruses!!! Do *NOT* miss this one!!!
- The Outlaw Macro Virus http://www.ilf.net/god@rky/virii/outlaw.zip This is pretty new, not sure exactly what it does.
- Word.Easyman Macro Virus http://www.ilf.net/god@rky/virii/wrdesymn.zip A newer Macro virus, I have yet to see the destruction.
- Word.Saver(SEX) Macro Virus http://www.ilf.net/god@rky/virii/wordsavr.zip Yet another Macro virus.
- Word.Spooky Macro Virus http://www.ilf.net/god@rky/virii/wrdspook.zip This is one you do *NOT* want to get infected with!
Part 3 [ MAC Viruses ]
- In this era of equality no one is left out, this includes those that fell for the media ploy and own a Macintosh (Apple). So far I know of only this file, taken from God@rkys (http://www.ilf.net/god@rky/virii.htm)
- Macintosh Viruses (huge file) http://www.ilf.net/god@rky/mac/macvirii.zip I know nothing about these, BTW, funny how they are for the mac yet there in a .zip file 'eh?
Part 4 [ Needed Tools ]
These are all used in compiling virus source code, I have been told that some of these are *NOT* freeware, IOW there pirated software.
- a86 Assembler (Shareware) http://www.ilf.net/god@rky/tools/a86v402.zip Shareware assembler, this is a good one for compiling all that .asm code.
- d86 Debugger (Shareware) http://www.ilf.net/god@rky/tools/d86v402.zip Shareware de-bugger, great to get the source of a compiled virus.
- SoftIce for Win95 http://www.kuai.se/~panik/archive/softice.zip SUPER de-bugger for windows '95 (also good for cracking software)
- SoftIce for Windows 3.11 http://www.kuai.se/~panik/archive/m_wice13.zip The same great program for windows 3.1.
- SoftIce for Dos http://www.kuai.se/~panik/archive/s-ice280.zip The BEST DOS de-bugger!
- Disaster http://www.kuai.se/~panik/archive/disaster.zip Dos disassembler.
- IBM Assembly Code Generator http://www.kuai.se/~panik/archive/asmgen.zip A program that genrates source code from an executable.
- Bubble Chamber Disassembler http://www.kuai.se/~panik/archive/bubble.zip Really good diassembler (What I use)
- Intelligent Disassembler v1.2 http://www.kuai.se/~panik/archive/id12.zip Good disassembler.
Part 5 [ Virus related FAQ's/Tutorials ]
These are FAQ's all about viruses, both removal and infection. ALso included are some tutorials on making viruses.
- x86 Assembly Language FAQ - a86 & d86 http://www.cis.ohio-state.edu/hypertext/faq/usenet/assembly-language/x86/a86/faq.html Well, its not going to make you an assembly programer but its a good start
- alt.comp.virus FAQ (This is the FULL current version, very AV) http://www.ilf.net/god@rky/acv_faq.html This is the FULL version of the a.c.v FAQ, not the origonal yet its still very good!
- alt.virus FAQ (The origonal a.c.v FAQ, very VX) http://www.ilf.net/god@rky/acvx_faq.html This is the *ORIGONAL* a.c.v FAQ, as you can see a.c.v was made as a pro-virus newsgroup!
- VSUMx606 ftp://ftp.germany.eu.net/pub/comp/msdos/mirror.garbo/virus/vsumx606.zip This is an OK Hypertext. It is said to have lots of errors in it. You know stuff like dates when a virus first appeared and what not, and in some cases what the virus does. The AV people regard it as not a very good Hypertext. It will get the job done in many cases but it is always light years behind what you will find at any of the Vx sites.
- VDAT170 http://www.cyberstation.net/~cicatrix This is a very good up&coming hypertext. I am impressed with how far it has come in such little time, and think it has the potential to come along much further. Keep an eye on this little gem in the months to come, it could become a valuable asset to those wondering what items in thier collection or infecting thier system are doing.
- Anti-Debugging Tricks http://www.ilf.net/god@rky/tutorials/antdebug.txt Really good file on anti-debugging tricks, to bad most of its picked up by AV scanners.
- Black Wolf's Guide To Memory Resident Virii http://www.ilf.net/god@rky/tutorials/memres.txt Good file on MRV.
- Polymorphic Viruses - Part 1 http://www.ilf.net/god@rky/tutorials/polymorph.txt REALLY GOOD file on Polymorphic Viruses.
- Polymorphic Viruses - Part 2 http://www.ilf.net/god@rky/tutorials/polymrph2.txt Second part of the above file.
- Disinfecting Infected Files http://www.ilf.net/god@rky/tutorials/rstut001.txt This should appeal to the AV community, that is the portion of the AV community thats understands this stuff.
- TSR COM Infections http://www.ilf.net/god@rky/tutorials/rstut002.txt Good file, complete.
- Constructing Kit on Infecting COM's http://www.ilf.net/god@rky/tutorials/rstut003.txt Good file on COM infection.
- Infection On Closing http://www.ilf.net/god@rky/tutorials/rstut004.txt I haven't checked this out yet.
- EXE Infections Part 1 http://www.ilf.net/god@rky/tutorials/rstut005.txt This is something ALL virus coders have to read!
- EXE Infections Part 2 http://www.ilf.net/god@rky/tutorials/rstut006.txt part 2 to the above file.
- Directory Stealth http://www.ilf.net/god@rky/tutorials/rstut007.txt GREAT file on getting past MS DOS Checksum Checker!
- Directory Stealth (Method 2) http://www.ilf.net/god@rky/tutorials/rstut008.txt Second method if improving stealth viruses.
- Memory Stealth http://www.ilf.net/god@rky/tutorials/rstut009.txt Another GREAT file on TSR's
- The Dangers of ThunderByte's TBClean Emulation Techniques http://www.ilf.net/god@rky/tutorials/rstut010.txt Article on getting past TBClean's methods of dis-infection.
Part 6 [ Virus INFORMATION Links ]
These are all pages that provide information on viruses, not the actuall viruses.
- Dr Solomon's very own personal homepage http://www.pcug.co.uk/~drsolly/ ITs our very own Dr. Sollys homepage (dude, try a <CENTER> tag) He also offers the laws on computer viruses, ya gotta check that so you know just what laws your breaking!
- Data Fellows Virus Information Centre http://www.Europe.DataFellows.com/vir-info/ VERY VERY GOOD site, virus list and information!
- Dr Solomon's - Viruses In The Wild http://www.sands.com/vircen/wild.html Dr. Sollys virus list (not that complete however)
- CIAC Security Site http://ciac.llnl.gov/ciac See what the goverment has to say about viruses.
Part 7 [ Computer Virus WEB pages & FTP sites ]
The following are links to WWW pages and FTP sites that offer live viruses and source code for you to download. WARNING: Up until now all the viruses and programs have been safe-to-store however some of the viruses on some of the pages may be in live .exe or .com form, BE CAREFULL!!
- Information Liberation Front http://www.ilf.net/ VERY NICE site, pay these guys a visit!!
- The Alliance Virus group http://www.ilf.net/alliance/ Another nicely done site, these guys got it togther!!
- God@rkys Virus Heaven http://www.ilf.net/god@rky/virii.htm No list would be complete with out this site, hell, most of the stuff above come from his site, VXers or AVers CHECK HIS SITE OUT! Cicatrix's Virus Collection Updates are available here as well, be sure to visit at least once a month to make sure you have the updates.
- Cicatrix's Site http://www.cyberstation.net/~cycatrix Yes, thats right. The creater of all the virus collections, is making his way into the world wide web. This site in the near future will serve all your mutation engine, construction kit needs and satisfy that urge to collect your copy of VDAT170.ZIP, and excellent resource for AVers and VXers alike.
- Chiba City http://www.chibacity.com/chibavrc.html Excellent Site, back in action.
- AuRoDrEpH's Cattle http://www.ilf.net/AURODREPH/virus.htm A site brought to you from VBB's Macro Virus master! A collection of macro viruses are available here, as well as some excellent tutorials and faq's related to many aspects of macro viruses. Be sure to Bookmark this one, as it will be getting better!
- Paniks Page http://www.kuai.se/~panik/ TONS (TONS!) files!!
- RickDoggs Virus page http://pwp.usa.pipeline.com/~rickdogg96/index.htm A really good page (he is also the maker of the rickdogg666 virus)
- Virus Programing http://lila.uc.pt:8082/~pedro/virus.html Good place to start, RARE source and FAQ's
- Computer Virus Lab - Home Page http://www2.spidernet.net/web/%7Ecvrl/ This page is nothing more than a add for a CD ROM, they boast over 13,000 viruses, however I doubt that .. if anyone have this CD e-mail me!
- Virus And Other Fine Code Authors http://www.ntplx.com/~sniper/vofca/index.html A VERY nice web page!
- J & A Virus page http://www.bocklabs.wisc.edu/~janda/ TONS of stuff here.
- Infection Connection http://pegasus.cc.ucf.edu/~kes65601/ Cool name, wish I thought of that!
- virii http://wwwmbb.cs.colorado.edu/~mcbryan/bb/23/29/summary.html Well, its a start <g>
- Dante's inferno http://www2.dgsys.com/~dante/virii.html Only a few viruses.
- Virii http://www2.netdoor.com/~boomn69/virii/ Neat graphics! some good viruses.
- Gugi's Virus page http://www.geocities.com/Si