HPAVC

home *** CD-ROM | disk | FTP | other *** search

/ HPAVC / HPAVC CD-ROM.iso / pc / CRYPT8.ZIP / CRPTLET.TR8 next >

Wrap

Text File | 1992-10-24 | 37.8 KB | 745 lines

▄▄▄ ▄▄▄▄▄▄▄▄ ▄▄▄ ▄▄▄▄▄▄ ▄▄ ▄▄ ▄▄▄ ▄▄▄▄▄ ▄▄▄▄▄▄▄ ▄▄▄▄▄ █▒▒█ █▒▒▒▒▒▒▒█ █▒▒█ █▒▒▒▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒▒▒█ █▒▒▒▒▒▒█ █▒▒▒▒█ █▒▒█ ▀▀▀▀▀▀▀▀ █▒▒█ ▀▀▀▀█▒▒█ █▒▒█ █▒▒█ █▒▒█ ▀▀▀█▒▒█ ▀▀▀█▒▒█ ▀▀▀▀▀ █▒▒█ █▒▒█ ▄▄▄▄█▒▒█ █▒▒█ █▒▒█ █▒▒█ ▄▄▄█▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒▒▒▒█ ▀▀ █▒▒█ █▒▒█ █▒▒▒▒█ █▒▒█ █▒▒█ █▒▒█ ▀▀▀▀█▒▒█ █▒▒█ █▒▒█ ▀▀▀▀▀ █▒▒█ █▒▒█ ▄▄▄▄▄▄▄▄ █▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒▒▒▒▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒█ ▀▀▀ ▀▀▀▀▀▀▀▀ ▀▀▀ ▀▀ ▀▀ ▀▀▀ ▀▀ NEWSLETTER NUMBER 8 ********************************************************************** Another festive, info-glutted, tongue-in-cheek training manual provided solely for the entertainment of the virus programmer, casual bystander or PC hobbyist interested in the particulars of cybernetic data replication and/or destruction. EDITED BY URNST KOUCH, late October 1992 ********************************************************************** TOP QUOTE: We're in the process of creating a true idiot culture. And not just a bubbling subculture that every society has, but a true dominant idiot culture." --Watergate star journalist CARL BERNSTEIN at the 12th annual Jewish Book Fair on a Thursday in late October 1992. IN THIS ISSUE: Crypt newsletter declares war on CENTRAL POINT ANTIVIRUS . . . Crypt newsletter helps YOU declare war on local "WAREZ" slaves . . . the PEACH virus . . . sneak preview of the [NuKe] Encryption Device . . . in the Reading Room with Mark Ludwig's "Computer Virus Developments Quarterly" . . . viruses in Burbank, Walt Disney rises from grave . . . NESW, er, NEWS . . . other stuff, too. URNST went to the City of Angels in mid-October and guess what he found? Viruses at Disney Studios in Burbank! Disney suffered a telecommunications failure linked to virus infection in the backup computers controlling the studio's commo lines. According to anomyous employees, the virus infection was planted in retaliation for about 300 layoffs at the company. Disney flack Terri Press dismissed them as no big deal although others apparently thought differently. Loyal Crypt readers will remember a piece on viruses as tools of "empowerment" in the hands of disgruntled workers a few issues back. Life imitates art. The Dark Avenger has supplied U.S. virus exchanges with a "fixed" version of a Mutation Engine equipped virus. This version creates MtE infections which no longer scan. Here at the Crypt newsletter, we weren't even aware that the MtE was "broke." ***************************************************************************** ETHICS AND THE VIRUS PROGRAMMER: THE DEBATE RAGES ON! ***************************************************************************** The following essay reprinted from a FidoNet transmission. Cosmeticized by some anonymous soul whom we thank deeply. File points await you at Dark Coffin. Come and get 'em. ESTABLISHING ETHICS IN THE COMPUTER VIRUS ARENA Paul W. Ferguson, Jr. September, 1992 ABSTRACT The introduction of the computer into our already complex arsenal of tools has opened a door to a world in which the limits are seemingly boundless. The possibilities of electronic information and data exchange alone are enough to boggle the mind. However, with the computer's acceptance and its growing implementation, a debate has arisen concerning the manner in which it is being utilized. Today, we have a virtual stone wall separating two basic trains of thought. On one hand, there are those who wish to make all computer information and resources publicly available, regardless of impact or damage afforded to unwitting users. On the other hand, we have computer professionals, advocates and users who think potentially damaging information should be more effectively managed and controlled, disallowing damaging code to escape into the public domain. THE GRASSROOTS MOVEMENT OF COMPUTER ETHICS Perhaps the birthplace of computer ethics was the at Massachusetts Institute of Technology. The addition of a discarded Lincoln Labs TX-0 in 1958 created a more personal and casual brotherhood in the computing environment at MIT. It was soon after this machine was introduced that many of the more inquiring minds attending the university became enthralled with it's presence [1]. "There was no one moment when it started to dawn on the TX-0 hackers that by devoting their technical abilities to computing with a devotion rarely seen outside of monasteries they were the vanguard of a daring symbiosis between man and machine", wrote Steven Levy, in his landmark book, "Hackers: Heroes of the Computer Revolution". This devotion to the computer led to their version of what they dubbed "The Hacker Ethic". This "ethic" had became an honor code that outlined ground rules for the usage of the computer resources and has survived to this day as the foundation of what is honorable in the computer community. Although it has been twisted and mired in its journey into the 1990's, its inception was sincere and beneficial to those who created it during the early days. Levy outlined five platform values that comprised the Hacker Ethic: "Access to computers - and anything which might teach you something about the way the world works -- should be unlimited and total. Always yield to the Hands-On Imperative!" As Steven Levy outlines in his book, this was the primary basis for computer hacker values in the early days of computerdom. Hackers, as defined in the above statement, have always felt that whatever environment exists, they should be afforded the freedom to optimize it. Whether it is reprogramming an existing operating system or establishing their own set of behavioral protocols, it is the freedom that they seek to define their own desirable environment. "All information should be free." The principle idea is that if you do not know how to obtain the information, how could you benefit or pose a threat to others who may utilize the same resources? The primary ideal that all information should be free has landed many of its advocates in unprecedented litigation. Is it appropriate that anyone has the right to examine your credit report? Or your E-Mail? Or your medical history? These ultimately fall into the category of "information", by this definition. "Mistrust Authority -- Promote Decentralization." This is an ethical factor that is still adhered to rather strictly by hacker purists. In its beginnings, authority figures in the computer community were inept or simply did not exist. Most could not afford them the computing freedom they demanded. This problem still exists and unfortunately the boundary between what constitutes an acceptable computer ethic and activities that pose a threat to the computer community is more complex than ever. We have as many or more inept system administrators in the present day computer network world. "Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race or position." An ethic that is perhaps one of the least threatening to other computer enthusiasts. It is also one of the most respectable values, considering what the true sense of hacking really is. "You can create art and beauty on a computer." The early hackers spent substantial resources and time developing fractals and other display-specific tricks that were indicative of that era. Development and extensive enhancements of the SPACE WAR program on the early PDPs at MIT is legendary. In the simplest sense, the early computer pioneers were rebels in their own right -- they wanted no one to restrict their ability to get computer time or make necessary enhancements or adjustments to the system as they saw fit. Such is our computer world today, to many who take it very seriously. However, one key factor has been added -- to avoid inflicting damage. In the strictest interpretation, it correlates to never intentionally damaging any information that you access. Or propagating damaging programs into an unsuspecting public domain. A true hacker is someone who thirsts for knowledge and wishes to make the information available to others who may not have the good fortune or skill to acquire it otherwise. Without getting too in-depth into the development and progress of computers in our environment, we should address what we have experienced in the past few years with computer viruses and how they have affected our domain. The decision that remains concerns our code of ethical and moral computer conduct. COMPUTER ETHICS AND COMPUTER VIRUSES What impact did computer viruses have on ethics in the computer community? With the explosion of the number of computer viruses, this remains an unanswered question. In the years since viruses first appeared in the MS/PC-DOS computing environment, they have grown in both numbers and complexity at an alarming rate. They have become not only commonplace, but also extremely difficult to defend against. The virus creators have designed, compiled and released encrypting viruses, multipartite viruses, stealth viruses and viruses employing encryption techniques so bizarre that it warrants immediate concern. The scope of the problem has grown to the point where computer users are desperate for answers to their questions and solutions to the computer virus dilemma. The computer ethics situation at present is as distorted and convoluted as it could have ever been imagined. Some of the more disturbing activities in the virus information channels recently, have been irresponsible postings of source code, DEBUG scripts of live viruses and overall disregard of computer ethics and morals [Note well! -URNST]. To complicate matters, virus exchange BBSs have cropped up where viruses and virus source code are freely exchanged. The people who engage in these activities have successfully shown their disregard for the remainder of the computing public. Perhaps these individuals have not given ample thought to the consequences of their actions. By allowing live computer viruses to freely filter into the public domain, they are ultimately responsible for any damage inflicted, either directly or indirectly, due to their negligence or disregard. Perhaps they do not care. In any event, it is time for us to reclaim control of our computing environment and establish a set of guidelines that define what is unacceptable behavior. We should be able to gate the damaging material that is passed amongst those who effectively abuse the privilege. A privilege, mind you, not a right. INHERENT RIGHTS vs. ACQUIRED PRIVILEGES There has evolved the question of where do we draw the line between the free exchange of ideals and information and disallowing damaging code to be freely exchanged to all requesters? Although the line has not been defined, several important factors should be considered. When considering each alternative, the "greater good" syndrome consistently comes into play. And a myriad of questions surface with its contemplation. Who makes these "greater good" decisions, anyway? Is this a case of 1st Amendment rights versus control of damaging or potentially damaging information or code? Can legislation be enacted to absolve system administrators and forum moderators of the burden of making ethical and morality decisions and being inundated with charges of inhibiting someone else's rights? These questions are only the tip of the proverbial iceberg. Each question has it's validity and weaknesses. To use particular examples, unfortunate instances of computer virus source code, and even more damaging -- DEBUG scripts, readily able to be reassembled by even the most neophyte computer user, have been posted in the FidoNet public virus conference forums, and even more questionable practices have been witnessed on other publicly accessible networks. To those who posted them, it may have been an innocent act on their part to make the information available to others in a public forum. For whatever reason, posting of code that has the ability to replicate (or even destroy) on an unsuspecting user's system is, in my opinion, inherently wrong. And the assistance in propagating it is equally guilty. Many of the virus authors and couriers hold the belief that what they dabble and propagate is completely legal and beneficial. Actually, they are only half right. There are currently no laws that specifically target computer virus distribution. The legislation that does exist, dates back to the Computer Fraud and Abuse Act (1976) and is rather outdated. The CFAA does not address certain topics that have become an issue in recent years. Several bills have been introduced into legislation that would, indeed, have made it a criminal offense to propagate computer viruses in a fashion that would endanger the public. In a recent attempt to enhance the existing law, Senator Patrick Leahy (D-Ver.) spearheaded an effort to enact an addendum to the existing CFAA [2]. Language contained within the bill (S 1322) specifically addressed computer abusers; those which intentionally introduce computer viruses or damaging code to systems. The proposed law would have provided an avenue to prosecute those who never gained access to a remote system, in the conventional sense. Misdemeanors would have been punishable by up to one year in prison and a $5,000 fine. Felonies would carry a maximum fine of $250,000 and a prison term of up to five years. The bill was killed and never made it into law. Are there any measures in place to effectively deal with the distribution of potentially damaging information? Yes and no. Computer professionals around the world have independently established casual associations of virus researchers when it became apparent that the virus problem was something that would not resolve itself. More recently, formal and professional organizations have been formed that deal specifically with computer virus research, user education and antivirus product development. This cannot resolve the overall problem. MAKING THE TOUGH DECISIONS Many view virus creators as angst-ridden computer users with an axe to grind. Many see them as rebellious teenagers wishing to leave their graffiti on whatever computer resources they can access. Whatever the reason, a set of moral and ethical standards need to be created that dictate what is unacceptable behavior in the computer community. Underground computer virus creation groups have avowed to continue writing and distributing viruses with disregard. Is this a protected activity under the First Amendment? Or is it just reckless endangerment to the computer community at large? The "greater good" rationale dictates making every effort on our part to protect unsuspecting computer users and formulate a logical method for stemming the flow of damaging code into the public domain. If we sit idly by, the problem will only worsen. We may eventually find ourselves the victims of our own procrastination. __________________________________________________________________________ [1] HACKERS - Heroes of the Computer Revolution; Steven Levy; Anchor Press/Doubleday, 1984, ISBN 0-385-19195-2 [2] Proposed addendum to the Computer Fraud and Abuse Act (CFAA); Margaret M. Seaborn; Government Computer News, August 5, 1991 ****************************************************************************** CRYPT NEWSLETTER DECLARES WAR! | CRYPT NEWSLETTER DECLARES WAR! | CRYPT NEWSLETTER DECLARES WAR! | On CENTRAL POINT ANTIVIRUS: killing CRYPT NEWSLETTER DECLARES WAR! | the brain-fogged retail dragon! ****************************************************************************** Everyone at the Crypt Newsletter agrees that Central Point Antivirus is lousy software at a wallet sterilizing price. Time for it to go! You'll be well-equipped to tackle Central Point software with any homebrew virus if you "note bene" what follows! The PEACH virus was the first program (to our knowledge) which struck CPAV in an educated manner. Included as a DEBUG script with this issue, the reader will find that PEACH is a memory resident program derived from the KeyPress virus. ON execution PEACH hooks interrupt 21 and infects most .COM and .EXE programs on execution. Before infecting, PEACH searches the target directory and erases any CHKLIST.CPS file. The CHKLIST.CPS file is the heart of Central Point Antivirus's checksum/program integrity evaluator. It is here that integrity data on every program in the directory is stored. The Central Point master program, CPAV.EXE, and its resident sentry, VSAFE.COM, refer to these files when searching the system for unknown (or new) virus infections. Any change to a program will cause a discrepancy between the integrity info contained in CHKLIST.CPS and any on-the-fly checksum supplied when CPAV.EXE or VSAFE.COM scans files. Clearly, destroying this file unhinges that function and this is what PEACH does. By eliminating CHKLIST.CPS BEFORE infection, PEACH forces CPAV to create new integrity info thus incorporating the newly PEACH-infected file as a legal program. Unfortunately, CPAV now scans for PEACH quite nicely - completely mitigating this feature. You can play with PEACH and see how it works, it's quite a "safe" virus. PEACH doesn't like .COMfiles below 300 bytes in size, though, and will crash in a most excellent manner if you're running 4DOS, NDOS or the NCACHE. To experiment with it freely, the Crypt newsletter recommends executing PEACH on a system running plain vanilla DOS. The adventurous reader will notice that PEACH contains the name of "Roy Cuatro", who apparently reside(s/d) at "Peach" Lane. Use Vern Buerg's List program to view the naked PEACH file in hexadecimal format to see "Roy", or do it the hard way and search through RAM using DEBUG (ughhh!). With this in mind, you will enjoy the following release which comes from the CPAV - Fall 1992 - N*E*W*S, or the thinly disguised advert which is mailed to those who've ever registered ANY Central Point software product. Transcript: NEW TOOLS for VIRUS WRITERS ESCALATE VIRUS POPULATION EXPLOSION "A new disturbing trend is developing in the virus world. In addition to the dozens of new viruses released each month, virus developmemt tools are also beginning to appear. The first of these toolkits to achieve wide visibility is the Mutation Engine. The Mutation Engine is a programmer's toolkit that allows virus programmers to quickly and easily create polymorphic viruses (also known as self-modifying viruses {Christ, any virus which is self-encrypting is self-modifying!}). Viruses created with the MtE are especially difficult to detect as they change with every infection. Version 1.3 of CPAV can detect and clean infections caused by the MtE [Close, but no cigar.]. In addition to the MtE, there are several books that describe in detail how to write a virus. Some of these virus cookbooks even include source code {GASP!}. One recently published book {"The Little Black Book of Computer Viruses" by Mark Ludwig} includes a low-cost offer for four sample viruses on disk that can be used to create your own viruses. The wide-spread, easy and inexpensive availability of virus source code will no doubt greatly contribute to the virus threat. As CPAV becomes aware of viruses, or virus source code, published in books or toolkits, it will be updated to protect against them. In addition to protection from MtE-generated viruses, V. 1.4 includes protection against the four viruses offered for sale by the author of the recently published {Recent my butt, the book is almost a year old. Don't you feel even safer now?} virus cookbook described above. These viruses are TIMID 1, STEALTH, KILL ROY {sic - it's Kilroy as in 'Kilroy was here'} and INTRUDER." Yikes! After reading that, don't you feel your money was well spent on CPAV?? Well, get a load of the ENCROACHER viruses, specially engineered for that uppity Central Point Software snob on your block. ENCROACHER is a Mutation Engine-encrypted strain of virus which attacks CPAV's CHKLIST.CPS, main program - CPAV.EXE, and resident sentry, VSAFE.COM. The ENCROACHER viruses will destroy all these files BEFORE attempting to infect a CPAV protected system. The ENCROACH approach is determined, and multi-layered, but not foolproof - further technical details, drawbacks and considerations are outlined in the source listing for ENCROACHER included in this issue. However, ENCROACHER can and WILL defeat CPAV anti-virus integrity checking when it first appears on a system. ENCROACHER will also defy certain aspects of CPAV memory resident protection. And it will completely DISMEMBER CPAV in a default installation if it executes even ONCE on such a protected system. The listing should help the homebrew researcher to devise his own viral strains which can attack a CPAV protected system with a better than 50-50 chance of success. Further, since many other retail antivirus software packages take their cue from CPAV and model themselves along similar lines, access to a product manual is all that is necessary to equip ENCROACHER for successful engagements with the NORTON ANTIVIRUS, Fifth Generation's UNTOUCHABLE or Leprechaun Virus-Buster. (Scan data: because ENCROACHER is MtE-loaded, McAfee's SCAN, F-PROT and Thunderbyte Scan all detect it. CPAV does not, NAV 2.1 does not. The reader might consider removing the Mutation Engine from ENCROACHER to make it more antivirus transparent.) And ENCROACHER is not a particularly advanced virus! It is only a direct-action .COM-infecting program. ENCROACHER is more effective than PEACH at this juncture, if only because it is still "in the wild." (Additional "note bene" for those readers using the Virus Creation Laboratory: The VCL is well-equipped to convert its custom viruses to programs which can attack anti-virus software. By enabling the "erase files" effect with an appropriate file name, almost any software can be efficiently and mercilessly counterattacked.) So take advantage of PEACH and ENCROACHER and hasten the withdrawal of lousy software like CPAV from the American marketplace. (Can you imagine luncheon with the CPAV development team? What corporate dullards they must be.) ***************************************************************************** DECLARE WAR ON THE LOCAL "WAREZ" SLAVE! [OPTIMIZING A TROJAN "WARE" FOR MAXIMUM IMPACT] ***************************************************************************** Nothing personal, but local "WAREZ" slaves make good exercises for boning up on your virus/trojan sociology/plantology. The most important fact to remember when devising corrupt programming for pirate BBS's is that "WAREZ" slaves are motivated primarily by GREED. This puts them at a major disadvantage. GREED blinds common sense. GREED makes the normally savvy quite stupid. GREED will get a trojan or virus into position EVERY time. And it's not hard. Use the INSTALL trojan included in this issue of the Crypt newsletter. We've included its PASCAL source code, courtesy of Chaotic Madman, for instructional purposes. Placed in an appropriate "pirate" archive, INSTALL will display an appropriate (see below) .DAT file as it royally nutses up the target disk. Use this image for your INSTALL .DATfile: ▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄ ▓███ ▓███ ▓███ ▓███ ▄▄▄▄▒▓██▄▄▄▄ ▒▓██ ▒▓██ ▒▓██▄▄▄▄▄▄▄▄ ┌────────────────────────────────────────────────────────────────────────────┐ │ INTERNATIONAL NETWORK OF CRACKERS Presents: │ └────────────────────────────────────────────────────────────────────────────┘ ┌─────────┬──────────────────────────┐ ┌────────────┬────────────────────────┐ │ Game │ Galactic Legacy 4 │ │ Supplier │ Xerox │ │ Company │ Sierra │ │ Cracker │ Grim Reaper │ │ Display │ 256 Color VGA │ │ Packager │ Kappa │ │ Sound │ Sound Blaster, etc │ │ Protection │ Doc Check │ │ Rating │ A GREAT Game! │ │ Date │ 10/03/92 │ └─────────┴──────────────────────────┘ └────────────┴────────────────────────┘ ┌────────────────────────────────────────────────────────────────────────────┐ │ RELEASE NOTES │ └────────────────────────────────────────────────────────────────────────────┘ I think everyone's pretty much heard of this game, so I won't keep you with boring details. I thought it was an excellent game, but you'll have to make the final decision. Thanks - Night Ranger, Sought After, The Cracksmith Greets - Patch, Sought After, Night Ranger, The Cracksmith Write To: -=I.N.C. U.S.=- -=INC Europe=- P.O. Box 170933 Postlagernd Arlington, Texas 8858 Neuburg/Donau 76003 West Germany Final Note: Support Software Companies! If you enjoy playing a game, and think it's worth the money (few are these days), then by all means - BUY IT! Someone's got to make it worth a programmer's effort to keep up the high standards! They DESERVE it! -=INC '92: Alone at the Top!=- ┌──────────────────────────────────────┐ │ World HQ - Star Frontiers │ │ Courier HQ - Crewel Lye │ │ European HQ - Nuclear Wastelandz │ ┌──────────────────┴──────────────────────────────────────┴──────────────────┐ │ INC Distribution Sites / Member Boards / Support Boards │ └────────────────────────────────────────────────────────────────────────────┘ 10 Downing Street Inn of the Last Home The Crusades Above the Law McClusky's Bar & Grill The Exorcist Animal House Midnite Oil The Forum B2 Bombers Midnite Oil IV The Generic Access Castle Perilous MotherBoard VII The Gallifrey Coffee Break Nuclear Wastelandz The Gallows Concealed Weapon O.K. Corrale The Krack House Crewel Lye Orgasm The Manhattan Project Crime Syndicate Out of Reach The Nevada Testing Grounds Dark Well People's Front of Judea The Vortex Digital Underground Psychiatric Ward Tower of High Scorcery Dumper's Den Splatter House Wizard's Palace EpiCenter Star Frontiers Wizard's Tower Heart of Gold The Colisivm ──────────────────────────────────────────────────────────────────────────── Imagine a mid-level "WAREZ" slave getting an eyeful of that. The INSTALL trojan is as good as in the door. INSTALL works very well with Nowhere Man's FAKEWARE utility, too. FAKEWARE generates a "WARE" archive including a .DATfile identical to the above, complete with a .ZIPcomment and a handful of convincing but COMPLETELY BOGUS "game" support files. Upload INSTALL in such an archive to those satellite "WAREZ" BBS's which always spring up around major "SEKRIT" pirating services. The sysops of these BBS's are invariably Republican in their ways and, therefore, desperate for anything seen as "leechate" from a bigger service. Their security is not tight. An appropriately framed poison archive will work. (The approach is very similar to the methods used to "poison" pornography BBS's. Refer to earlier Crypt issues for particulars.) Another inviting target is the "WAREZ" slave who has gotten so large he can no longer administer his collection adequately. Always keep in mind that GREED and human laziness will work in your favor. Patience is also a virtue. And you will have the satisfaction of knowing that you are fighting alongside large corporate software conglomerates when you begin ruining local pirate commerce. ***************************************************************************** IN THE READING ROOM: MARK LUDWIG's "COMPUTER VIRUS DEVELOPMENTS QUARTERLY" ***************************************************************************** Does the world need another virus newsletter? In the case of "Computer Virus Developments Quarterly," the answer is a resounding yes! Edited by Mark Ludwig, author of "The Little Black Book of Computer Viruses," CVDQ points out its reason-de-etre on the front page. In part, it reads: "Secrecy has become the cloak of irresponsibility, whereby amateur protection products are sold to an unknowledgeable public moved to fear to buy, and then conned into believing they're safe just because they paid money for something. "When secrecy becomes a serious hindrance to both the people who are trying to protect themselves from viruses and those developing protection products, then it is time to KISS IT GOODBYE. Our goal is not only to enlighten and inform the security specialist, but also the programmer who finds viruses interesting . . ." With that in mind, you can guess CVDQ is packed with code and lucid, deft discussion. In its premeier issue, Ludwig explores a "retaliating" virus designed to take strong action if threatened by anti-virus software. The RETALIATOR, in this case, uses Central Point Antivirus as an example. (It's where we got the idea to decalre war!) RETALIATOR, a direct-action .EXE infecting virus is designed to scan memory for signs of the software and inxpect susbsequent copies of itself for evidence of removal or tampering. If the virus finds such evidence, it mimics destruction of the hard drive demonstrating just how RETALIATOR can make virus removal a risky business. These are ideas worth discussing, ideas you won't find being talked about in public by a-v experts. Ludwig knows this and he also offers the reader access to diskette delivered dissassemblies of the Brain virus, Stoned and any programs in CVDQ. To get a look at his mail-order catalog or view a sample issue of CVDQ, address enquiries to: AMERICAN EAGLE PUBLISHING, INC. POB 41401 Tucson, AZ 85717 The Crypt newsletter gives "Computer Virus Developments Quarterly" a solid thumbs up! **************************************************************************** NOWHERE MAN's [NUKE] ENCRYPTION DEVICE: A SNEAK PREVIEW **************************************************************************** The beta version of the [NuKe] Encryption Device (or N.E.D.) has arrived at the editorial offices of the Crypt newsletter. Designed to confer advanced polymorphic capability on any stock virus, the N.E.D. seems to live up to it advanced billing. Unlike its predecessor, the Mutation Engine, the N.E.D. does not require a pseudo-random numbers generator as a separate add-on. Like the Mutation Engine, it is designed to write the virus to a target file in a variably encrypted state with an evolving decryption loop supplied for every subsequent infection. The N.E.D. adds approximately 1400 bytes to any virus using it. In preliminary test runs, N.E.D.-encrypted viruses were not detected by McAFee's SCAN. F-PROT 2.05 flagged N.E.D.-encrypted files only in "heuristic" mode and then weakly. TBScan also proved unreliable. The N.E.D. also allows the virus programmer to fine tune the degree of garbling/garbage instructions it adds when assembling its decryption key. When it arrives in final form, the N.E.D. looks to be another mighty interesting offering from the mind of Nowhere Man. ***************************************************************************** PHEW! ANOTHER ISSUE FINISHED! READ THE FINAL CREDITS: ***************************************************************************** Credits: Chaotic Madman for the fine INSTALL trojan. Nowhere Man for N.E.D. news. And the Mutation Engine remains the intellectual property of the Dark Avenger. This issue of the Crypt newsletter must contain the following files: CRPTLET.TR8 - this document PEACH.SCR - DEBUG scriptfile for the memory resident PEACH virus ENCROAC1.ASM - source listing for ENCROACHER 1 virus. ENCROAC1.SCR - DEBUG scriptfile for ENCROACHER 1 ENCROAC2.SCR - DEBUG scriptfile for ENCROACHER 2, a more destructive version of ENCROACHER. MAKE.BAT - makefile for all scriptfiles. Take the MS-DOS program DEBUG.EXE, all scriptfiles and throw the lot into one directory. Then type MAKE and hit "ENTER." The software will be assembled in the directory. When done, rename the file INSTALL.COM to INSTALL.EXE. INSTALL.PAS -PASCAL source listing for Chaotic Madman's INSTALL trojan. INSTALL.SCR -DEBUG scriptfile for INSTALL trojan. Rename INSTALL.EXE when assembled. INSTALL.DOC - additional documentation for INSTALL. If any of these files are not present, grab a fresh copy of THE ▄▄▄ ▄▄▄▄▄▄▄▄ ▄▄▄ ▄▄▄▄▄▄ ▄▄ ▄▄ ▄▄▄ ▄▄▄▄▄ ▄▄▄▄▄▄▄ ▄▄▄▄▄ █▒▒█ █▒▒▒▒▒▒▒█ █▒▒█ █▒▒▒▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒▒▒█ █▒▒▒▒▒▒█ █▒▒▒▒█ █▒▒█ ▀▀▀▀▀▀▀▀ █▒▒█ ▀▀▀▀█▒▒█ █▒▒█ █▒▒█ █▒▒█ ▀▀▀█▒▒█ ▀▀▀█▒▒█ ▀▀▀▀▀ █▒▒█ █▒▒█ ▄▄▄▄█▒▒█ █▒▒█ █▒▒█ █▒▒█ ▄▄▄█▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒▒▒▒█ ▀▀ █▒▒█ █▒▒█ █▒▒▒▒█ █▒▒█ █▒▒█ █▒▒█ ▀▀▀▀█▒▒█ █▒▒█ █▒▒█ ▀▀▀▀▀ █▒▒█ █▒▒█ ▄▄▄▄▄▄▄▄ █▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒▒▒▒▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒█ ▀▀▀ ▀▀▀▀▀▀▀▀ ▀▀▀ ▀▀ ▀▀ ▀▀▀ ▀▀ ∙∙∙∙∙∙∙∙∙ NEWSLETTER ∙∙∙∙∙∙∙∙∙∙ at the following sites: CryPt HQ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ Dark Coffin VX ∙∙∙∙∙∙∙∙ 215.966.3576 Member Support ∙∙∙∙∙∙∙∙∙∙∙∙∙∙ VIRUS_MAN BBS ∙∙∙∙∙∙∙∙∙ ITS.PRI.VATE Southwest Distribution ∙∙∙∙∙∙ Virus Exchange/CC ∙∙∙∙∙ 602.569.2420 And the last detail: rank commercial pandering! How do you like the new CRYPT newsletter logo? Pretty swank, eh? Well, maybe you'd like to look swank, too, with it emblazoned across your chest in bold yellow as part of the fine black all-cotton CRYPT official T-shirt! You'll be CRYPT-ic to your admiring friends who won't know what the Hell it means unless you choose to tell them! The official CRYPT T-shirt looks great with your new pair of mirror shades, too! And don't forget the back, festooned with the CRYPT slogan: CONFUSION TO YOUR ENEMIES! You'll be CRYPT-ic, coming AND going! Place your T-shirt requests at the Dark Coffin. Ask or leave mail for URNST!