Copy Link
Add to Bookmark
Report
Xine - issue #3 - Phile 005
/-----------------------------\
| Xine - issue #3 - Phile 005 |
\-----------------------------/
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
The South American Virus-Scene
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
Written by Int13h [iKx]
-------------------------
INTRODUCTION
------------
B0z0 asked me to write an article about the virus scene in South America, I
did it and here you have it :)
Firstly, I must apologize for my poor english level, my native language
is spanish and in english I can't bring you literary files :)
To speak about this activity in a big part of this continent maybe looks
like a giant task, but it isn't really. In South America there are a lot
of countries, but the virus writing is almost null compared to the
old Europe and with others continents (at least I think there are more
coders than Antartida :)
All the things that you will read in this article are according to the infor-
mations I was able to compile; I consulted AVPVE, sometimes to my fragile
memory and sometimes to other sources less trustables like Patty's VSUM ;)
South America's countries are the following: Argentina, Bolivia, Brasil,
Chile, Colombia, Ecuador, Guyana, Paraguay, Per£, Surinan, Uruguay
and Venezuela. I hope I haven't forgot anyone.
VIRUSES BY COUNTRY
------------------
Surely this list is incomplete. Here are viruses from simple overwriting
level to multipartite and complex polymorphic ones. I must say thanks to
Vecna and Jacky Qwerty for the information provided about their countries.
ARGENTINA: Ada, Anti-D, AntiEnter, Androide, Anti-Win, Argentina102, Avispa
Avfuck, Bugs, Babas¢nicos, Bengal Tiger, Camouflage II, Camale¢n
Cancerbero, Chains, Caos, Chiche, Dad, Dan, Diablo, Dtm,DiskFull
Dumb, Error, EMMA, Ebola, Ejemplo, Flying-V, Guillon, Halka,
Killer, Jason, Jacinto, Lapidario, Lapiddan, Max, Mediocre
Mordor, Mutator (mutation engine), Mosca, Mr. X, MultiWMA
NRLG (virus generator), Oktubre, Patoruz£, Phx, Piazzola, Piojo
Rael, Rosario, Los Salieris de Charly, Sarmiento, SFT, Tigre,
Trebujena, Traka-Traka, Tigre, TVED (Trurl Variable Encription
Device), USA94, Vinchuca, Xuxa, 786, Fisu, Leproso, Gripe,
Flaco.Megadeth, Flaco.Ozzy, Tucum n, Jorgito, Kurt, Nightmare,
Visite, SanLorenzo, Smuggler, Treblinka.
BOLIVIA : Miky
BRAZIL : Brazilian Bug, Freddy Krueger, Leandro & Kelly, Vecna, Outsider,
OBJ overwriting, Orgasmatron, Nutmeg, Ultimate Evil, Banshee,
KissThis, Little Imp, Astronauta.
CHILE : Chile Mediera (CHM), CPW
PARAGUAY : Angra, AntiCPAV, AntiCachaca, Asterix, Asimov, Bar¢n Rojo,
Cobain, DictatorShit, DreamSpace, Eur¡pides, Fuxpro, Guaran¡,
Hermtica, Hernani, Heavy Metal, King Diamond, KureLuke,
Lancelot, Literatura, Luque¤o.666, Mandr gora, Mbore, Mercosur,
Morgana Le Fay, Nostradamus, Paraguay (three versions),
Parricide, Pombero, PostData, Soledad, Stratovarius, Sudamrica,
Tembolo, Xavirus Hacker, Xavier.
PERU : CAP, WM.Crema, Win32.Jacky, Win32.Cabanas, WM.Lithium, WM.Moss
URUGUAY : Uruguay#1, Uruguay#2,Uruguay#3,Uruguay#4...Uruguay#9, Uruguay#10.
VENEZUELA: Tabulero, ByWay.
I didn't found information about viruses written in Guyana, Surinan,
Ecuador and Colombia. Probably because they doesn't exist (I hope to be
wrong :) Virus coders that aren't present in this file, please!, let me
know about you: i13h@hotmail.com.
Just some of these viruses are spreaded in the wild. The Hardcore2 virus
written by Vecna (detected as BadBoot by SCAN) is travelling arround
Brazil and Argentina. Paraguay was visited by Pirate, Leandro&Kelly,
PHX and Freddy Krueger.
SOME DESCRIPTIONS
-----------------
These are just some viruses created in this part of the third planet:
Angra : this is a paraguayan virus, stealth multipartite. Infects floppy
boot sector, master boot record and COM files. Anti-tunneling.
ByWay : advanced virus from Venezuela using the cluster redirection
method for the quick infection of COM and EXE programs.
Is polymorphic and stealth. Is in the wild internationally.
Is a lot better than the ancient bulgarian DIR-2.
A jewel written by Wai-Chan.
Cabanas : this complex autoreplicable program infects Win32 executables.
Is an extraordinaire sample of high code skills.
Coded by Jacky Qwerty/29A, who is currently one of the gurues
in the Win32 infection.
Cpw : parasitic chilean COM/EXE fast infector. Resident manipulating
MCB. Erases some antiviruses when they are executed. Redirects
INT 24h. A guy from IRC told me that the author was in jail
for his authory of this virus :-(
Flying-V : resident companion encrypted. It was coded by WMA [DAN]
Literatura: the second version of this virus made in Paraguay is polymorphic,
has size-stealth and is memory resident. Is a fast infector of
COM files, it builds a polymorphic header that brings control
to the virus code (polymorphically encrypted) which is in an
aleatory offset in the hoste (mid-file infection).
Miky : made in Bolivia. It hits COM/EXE files, is resident, has
a graphic payload and lost a cluster with every execution
of an infected file. Is a great virus, considering the
date when it was created (year 1991)
Outsider : the second version of this viurs infects COM/EXE/BOOT SECTOR.
Is full stealth in files and boot sectors, is polymorphic,
it has routine that dificults it disassembly and emulation.
In the directory entry the initial cluster of .EXE and .COM
programs is reapointed to the file 0ffh hidden in the root
dir, and has the virus code. This virus can use all antiviruses
as a vector. Magnific Vecna's creation.
Uruguay#8 : this virus rules. Programmed in Montevideo by F3161, is a
resident infector of COM/EXE, it tunnels to find the original
handlers of interruptions, hooks INT 9 and when it detects
CTRL+ALT+DEL prints the copyright. Is partially encrypted in
memory. Its mutation engine ocuppies more than 3KB, is super
flexible and eficient. It introduced the table-driven poly-
morphic engine, where the virus works like a compiler, this
is one the the most polymorphic virus of the planet and the
decryptors it generates utilizes almost all the processor's
opcodes. F3161 db 'Assembler God'
Vampiro : Drako's [DAN] and Zarathustra's [DAN] work. Is a tsr COM/EXE
infector with size-stealth, it can infect to COMMAND.COM
placing itself to the unused space at the end of file.
It turns off VSAFE's flags before infection and turn them
on after. Erases some checksum files of antiviruses.
Encrypted. Doesn't infect certain antiviruses.
VIRUS CODERS
------------
Evidently the following list is terribly incomplete, there are more coders
that create life. I don't know the handle of the Miky's coder, I don't
know also the nick of a lot of brazilian virus creators.
ARGENTINA: Ramthes Jones, Elijah Baley, Hugo Pe¤a, Azrael, Drako, Trurl,
Satan Klaus, Lapidario, WMA, Zarathustra, Somnium, Anubis, Vixer,
Armaged¢n, Bugs Bunny, Cancerbero, Jason, TruchoSoftware, D.M.,
Demeth Knox, JPG, El Flaco, Mr.Bithead, Jorgito, Mantis King.
BRASIL : Vecna
PARAGUAY : Xavirus Hacker, Int13h
CHILE : Cpw
PERU : Jacky Qwerty, DarkSide1
URUGUAY : F3161
VENEZUELA: Wai-Chan
VIRUS GROUPS
------------
Once again, my information is limited.
The most active group is DAN (Digital Anarchy) from Argentina, with a lot
of members, they has (had?) an e-zine called Minotauro written in spanish,
which reached the issue #10 far as I know. The firsts three issues of their
magazine were translated to english, thanks to the patience of Anathema :)
DIABOLICAL KREATIONS, this was a pseudo-group that I started with
Xavirus Hacker. We were the only two members. Xavirus Hacker leaves
virus-scene in order to orient his keyboard to demoscene. The group
is dead (always was:)
COEAC, Creatures of Electronical AntiChrist, another argentinan group,
also they has an electronic magazine. SENTINEL ANARCHIST and RESIDUO
were other argentinian vx-zines.
South America is sleeping yet. There are just a few groups. Almost zero.
Then, is easier the joining to external virus groups instead of creating
the own. That is what some guys thought :)
Azrael was member of the dissapeared NuKe. Vecna and Jacky Qwerty are
part of the spanish group 29A, Darkside1 is SLAM member and the crazy
who is writing this is battling in iKx's rows ;)
Before the membership in 29A, Vecna was joined to the ukrainians SGWW.
FINAL BYTES
-----------
And that is all what I know about this topic. I would like to take
contact with other south american virus creators in order to update
this file. As I said, in South America the activity isn't very
popular like in other parts of the Earth, but there are some, a
little number but something is something :) There are great virus
coders like F3161, Jacky Qwerty and Vecna.
I hope to see growing the number of life creators. The important
thing is to take the decision and time will bring the rest.
CD13
<*** End of File ***>
