I got a pirate copy of Vista that won't accept updates--what's the best form of protection... - Page 3

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?


Quoted text here. Click to load it

Which evidence? :)
irok, toadie, krile...

you can google them. They aren't script kiddie...


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the way.
I ain't got much time. Young ones close behind. I can't wait in line.


Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?

On Tuesday, July 24, 2012 7:28:32 PM UTC-4, Dustin wrote:
=20
Quoted text here. Click to load it
  
OK I found them.  Apparently these were exploits from the days of "IRC" (an=
 open source message format that has a popular client named "Trillo" or som=
ething, and some early form of Outlook (I guess taking advantage of macros-=
-by default Outlook I think uses Visual Basic to run macros).

I'm not sure of a couple of things here Dustin, and if you are the author m=
aybe you can help me out:  when you "infect" an .exe file, say using Toadie=
 (but it does not have to be Toadie), does that mean the original file cann=
ot be run?  Or can you infect a .exe file and have it run successfully?  If=
 the former, you are crippling .exe files ever time your virus infects an .=
exe.  If the latter, then that would be very clever but I don't see how, un=
less Windows .exe binary executables have the ability to run even if infect=
ed?

Also, if the latter (just guessing here), if you infect a .NET file, I woul=
d imagine that it would be rendered inoperable because I think (not sure on=
 this however) that every time a .NET executable is compiled, the Windows O=
S makes some sort of hash signature of the file, and stored it somewhere, m=
aybe in the local directory or the file header itself, so modifying it (wit=
hout modifying its corresponding signature) will not allow it to be run by =
the .NET framework.  At least I though I read that once. Same for .NET ASP =
(server side) apps.  Which, if true, would defeat your infection (i.e., ren=
der the infected files inoperable).  Have you worked at creating a virus fo=
r .NET framework executable files?

Final question:  seems at least in the three viruses / worms etc that you w=
rote, or claim to have wrote, you were not trying to harm the infected user=
's system--just trying to spread the virus--is that right?  

I look forward to your reply.  There's a chance however that you're pretend=
ing to be this person "Slam" or whatever--anybody can spoof anybody else on=
 Usenet.

RL

from F-Secure:
When activated the virus searches for EXE files and infects them (50-100 at=
 a time for Toadie.7800 version). This might cause a considerable decrease =
of perfomance on DOS-based and slow Windows systems. The delay after an inf=
ected file is run and before the original file code gets control can be up =
to 20 seconds if no disk cache program is installed.

The virus infects DOS and Windows EXE files files the same way. The 7800 by=
tes (or other length depending on virus version) from original file beginni=
ng are relocated to the end of the file and encrypted by the virus. The vir=
us writes 7800 bytes of its code which is a DOS program (with EXE header) i=
tself to infected file beginning thus converting any Windows program to DOS=
 format. When any infected DOS or Windows program is run, virus code gets c=
ontrol first, infects more EXE files on hard disk(s) and then passes contro=
l to the original file code.

The virus has an ability to spread itself through IRC networks. On infected=
 system the virus modifies settings of IRC client (mIRC) and creates TOADIE=
.EXE file. This file is sent [DCC] by an infected user to anyone who is joi=
ning any IRC channel the user is on at the moment. The virus also can repla=
ce unsent message contents in Outbound folder of Pegasus Mail. In this case=
 the virus executable will be sent out instead of an original outgoing mess=
age.

The 1.1 version of this virus contains several internal text strings and rh=
ymes. They are output only once when the virus starts from a dropper (that =
is 1 byte longer than the virus body):

Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?

On Tuesday, July 24, 2012 9:59:00 PM UTC-4, RayLopez99 wrote:
[snip]
Quoted text here. Click to load it

wow. sometimes i forget that people in this group might not be all that fam=
iliar with viruses.

there are a variety of different types of file infecting viruses. most type=
s preserve the proper function of the original host program (barring progra=
mming errors). unless a virus description page lists the virus as an overwr=
iting infector (pretty rare) or explicitly states that it corrupts the orig=
inal program then the original program will still run.
=20
Quoted text here. Click to load it

dunno if dustin ever worked with .NET, but i seem to recall others did. i t=
hink it might have been gigabyte who wrote the first .NET file infector. i =
think it was called sharp (after c#).
=20
Quoted text here. Click to load it

that was the norm among virus writers back then.
=20
Quoted text here. Click to load it

slam was the name of a virus writing group, not a person. raid was a rather=
 vocal usenet poster back then (as now, i suppose) and many people put a fa=
ir bit of effort into discovering that his true identity was dustin cook.

Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?


Quoted text here. Click to load it

Many people? you brag too much. I emailed martin overton twice from my
ISP email account; that's what got me. Had I not done that, I could have
kept my identity a secret. I couldn't resist sharing my virus that 0wned
his shareware program and I fell for his trick. He claimed he never got
the first email. He did, he wanted to verify the email headers. [g]



--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?

On Wednesday, July 25, 2012 8:01:58 AM UTC-4, Dustin wrote:
Quoted text here. Click to load it
[snip]
Quoted text here. Click to load it

brag? i'm not sure how it's bragging when i'm talking about other people.

i wasn't one of the people trying to find out your real name. i didn't care=
 about your real name anymore than i cared about pax' real name or spanska'=
s real name, or rhape79's real name, etc... i did research you, but that wh=
ole name business was boring. there were other, more 'human' things to disc=
over than what's printed on your ID.

Quoted text here. Click to load it

that may well be, but even after the name dustin cook was revealed you deni=
ed it for quite some time. and whether you remember or were aware, there we=
re more than a few people making an effort to profile you even before the n=
ame came out. i personally know of one person (not martin) who was looking =
to get you arrested.

Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?


Quoted text here. Click to load it

I wasn't aware that many people were interested in me. I knew of 4
possibly 5 that were a semi-serious threat to me at that time....

Quoted text here. Click to load it

I'm humbled Kurt.
 
Quoted text here. Click to load it

Of course I denied it. Why wouldn't I? No real proof at the time, just
speculation. I saw no reason to become an example for some overzealous
lawyer/judge.

Well, some of the speculation was code comparison and coding writing
style... but, I think I could have still beat that part. [g]

I wouldn't have been able to convince a jury I was innocent tho...
 



--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?

On Wednesday, July 25, 2012 8:01:58 AM UTC-4, Dustin wrote:
Quoted text here. Click to load it
[snip]
Quoted text here. Click to load it

brag? i'm not sure how it's bragging when i'm talking about other people.

i wasn't one of the people trying to find out your real name. i didn't care
about your real name anymore than i cared about pax' real name or spanska's
real name, or rhape79's real name, etc... i did research you, but that whole
name business was boring. there were other, more 'human' things to discover
than what's printed on your ID.

Quoted text here. Click to load it

that may well be, but even after the name dustin cook was revealed you
denied it for quite some time. and whether you remember or were aware, there
were more than a few people making an effort to profile you even before the
name came out. i personally know of one person (not martin) who was looking
to get you arrested.

***
Art? :oD
***



Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?

On Wednesday, July 25, 2012 10:37:00 PM UTC-4, FromTheRafters wrote:
Quoted text here. Click to load it

as the person who contacted me did so privately, i'm really not at liberty to
discuss the identity. i know i did say one person it wasn't, but if i continue
that too long the process of elimination would yield the very info i'm not
supposed to reveal.

i'm curious why you would guess the person you did, though.

Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?


Quoted text here. Click to load it

Half-jokingly really, but Art was very emotional about virus writers and
viruses. I'm aware there were those whom disliked RAiD on a more personal
level and may actually be more likely to be the one wanting to out him.



Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?


Quoted text here. Click to load it

As I said, it's mostly because there were few Vxers willing to talk to
the general public. Most of the general public was and still is
willfully ignorant of viruses. They took alot of crap out on me because
of the side I represented. It's not like they had many people to bitch
and piss and moan to.


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?

On Friday, July 27, 2012 12:05:44 AM UTC-4, Dustin wrote:
[snip]
Quoted text here. Click to load it

while it's true there weren't many, there was more than one. but you seemed to
inspire a special kind of negative reaction so i don't think it was just because
you were VX.

Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?


Quoted text here. Click to load it

I was Vx and I didn't make excuses for it. I'm blunt and have a low
tolerance for stupidity. It could have been any of those things.


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the way.
I ain't got much time. Young ones close behind. I can't wait in line.


Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?


Quoted text here. Click to load it

Art had an issue with me at that time...

I was a better coder, I worked for the darkside. [g]
It's not like you could talk to any virus writer.. I provided some people
an outlet, they took their frustrations entirely out on me because of what
some felt I represented.



--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the way.
I ain't got much time. Young ones close behind. I can't wait in line.


Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?


Quoted text here. Click to load it

IRC=Internet relay chat. It's nothing to do with outlook. They're two
totally different technologies. Irok supported both.
 
Quoted text here. Click to load it

No. If the .exe can't run anymore because it's trashed, it would be an
overwriter. I never wrote any overwriters. The host isn't damaged when
infected if you don't try to be a bigshot. :) It's boobytrapped, but not
damaged.
 
Quoted text here. Click to load it

.net is PE based. My viruses as old as they are would infect them
successfully, yes. :)

Quoted text here. Click to load it

Stealth technology present in all of my viruses ensures I won't fail a
self check or hash code. [g]

Quoted text here. Click to load it

As I said...My viruses have stealth. your .net executable won't know
it's mine. :)
 
Quoted text here. Click to load it

That's correct.
 
Quoted text here. Click to load it

SLAM is the virus group I was a member of, Raid is my handle.
 


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?

On Wednesday, July 25, 2012 8:00:14 AM UTC-4, Dustin wrote:
Quoted text here. Click to load it

OK I need a lesson in virus writing or rather how an OS loads a program.  T=
his thread is getting too big for my browser via Google Groups to read so I=
 might open another thread.  What I need to know is how an OS like WIndows =
can load an .exe file and then load the virus (whatever you call it, malwar=
e etc) without the original .exe file being compromised.  How is that possi=
ble?=20
=20
Quoted text here. Click to load it

You like tweaking the tail of the dragon I see, if indeed you are this Dust=
in Cook person.  You also have company, see below.  Perhaps what will save =
you is to say that damages were not $80 million but very small.  Remember t=
he statute of limitations for computer crime is 5 years at the federal leve=
l but at the state level can be a very long time, especially if you are out=
-of-state.  

RL

http://www.pcreview.co.uk/forums/raid-slam-mbam-programmer-virus-writer-tur =
ns-tail-t4008294.html

Published: May 5, 2002 Monmouth County man convicted of unleashing the ''Me=
lissa'' virus, which disrupted computers worldwide in 1999, was sentenced l=
ast week to 20 months in federal prison. David L. Smith, 34, who was also f=
ined $5,000, had pleaded guilty to e-mailing the virus from his home comput=
er in Aberdeen, causing damage in excess of $80 million. Mr. Smith now face=
s sentencing on similar charges in a state superior court

Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?


OK I need a lesson in virus writing or rather how an OS loads a program.

***
You need some background before any explanation will be understood by you.
The loader does the last 'translation' - that of using the information in
the program's file to construct an executable image. The executable file is
not really executable (some need no further translation, but most do - the
loader knows what to do). it "represents" what is needed to create that
executable image.

A 'file infector virus' infects a 'program' by modifying the information in
the 'file' it is stored in so that the resulting image from the loader's
translation has the virus as part of the program it is using as a host
(infecting). So now when such an 'infected' legit program file gets
'invoked' the loader loads the virus because it is now part of that formerly
legitimate program.

At this point, the infected 'legit' program is 'like' a trojan - it appears
to be legit but has in addition to (or instead of in the case of
overwriters) what it used to do, some nefarious function. This special case
of trojan when executed will trojanize other programs again in the same
manner with a copy of its own replicative function and act as a
self-distibution method for whatever 'payload' it also copies from iteration
to iteration. This is an important enough consideration to warrant its
special name of "virus" rather than just a trojan which would need some
other method for its distribution. Viruses and worms are handy programs for
malware distribution but IMO are neutral otherwise.

 I know that you just want to troll Dustin, but let me say this - I know
enough about computers and malware to know that Dustin knows more than I do.
***

[...]



Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?


Quoted text here. Click to load it

David wrote the virus on his own. He didn't give anyone a heads up and
it spread better than he anticipated...
 
Quoted text here. Click to load it

It sure is. An admission. Yep.
 
Quoted text here. Click to load it

I didn't flee the scene of any crime. I wasn't charged with any crime. I
was unavailable. :)
 
Quoted text here. Click to load it

Ray, you'd make for a lousy lawyer. The statute of limitations for my
activities is long expired. I retired almost 13 years ago now.
 


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?


 
Quoted text here. Click to load it

Hmm... July 2017, I won't be 70.. [g]

You're a few decades or so off on my age Ray. I do enjoy reading your
speculations tho. Hilarious. Have you considered a stand up comedy
routine?
 
Btw Ray, I'd be in a federal prison; not some little state run joint...

I don't have to worry about that tho, as well, my last virus is nearly
13 years old now. Limitations Ray. It's why BugHunter is under my real
name, it's why I don't mind telling you who I am or share some of the
things I've done.

I'm not gloating when I do this, I'm just providing the proof you seem
to need so badly. See Ray, money doesn't get you everything. All the
money you have, you can't buy the knowledge I have. [g]



--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?


Quoted text here. Click to load it

This is alt.comp.anti-virus. If you want to learn how to write a virus,
read that book or google for instructions. This isn't the newsgroup to
learn to write them.

Quoted text here. Click to load it

It's magic, Ray. Might as well be in so far as your understanding goes.

Please do continue to share your vast expertise of computers. It
fascinates me.
  


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the way.
I ain't got much time. Young ones close behind. I can't wait in line.


Re: I got a pirate copy of Vista that won't accept updates--what's the best form of protection?

On Tuesday, July 24, 2012 7:28:32 PM UTC-4, Dustin wrote:

Quoted text here. Click to load it

OK I found them.  Apparently these were exploits from the days of "IRC" (an
open source message format that has a popular client named "Trillo" or
something, and some early form of Outlook (I guess taking advantage of
macros--by default Outlook I think uses Visual Basic to run macros).

I'm not sure of a couple of things here Dustin, and if you are the author
maybe you can help me out:  when you "infect" an .exe file, say using Toadie
(but it does not have to be Toadie), does that mean the original file cannot
be run?

***
Some few viruses overwrite pre-existing code when they infect and will cause
the original host code to fail. Many more don't (they are said to "mimic"
the original functions and viruses with the mimic property are termed
"parasitic viruses")
***

  Or can you infect a .exe file and have it run successfully?  If the
former, you are crippling .exe files ever time your virus infects an .exe.
If the latter, then that would be very clever but I don't see how, unless
Windows .exe binary executables have the ability to run even if infected?

***
The host is *patched* with the viral code - the viral code becomes a new
function for the host thus making it itself a virus. Overwriters merely do
what the name suggests and don't mimic the original functions the host had
prior to infection.
***

Also, if the latter (just guessing here), if you infect a .NET file, I would
imagine that it would be rendered inoperable because I think (not sure on
this however) that every time a .NET executable is compiled, the Windows OS
makes some sort of hash signature of the file, and stored it somewhere,
maybe in the local directory or the file header itself, so modifying it
(without modifying its corresponding signature) will not allow it to be run
by the .NET framework.  At least I though I read that once. Same for .NET
ASP (server side) apps.  Which, if true, would defeat your infection (i.e.,
render the infected files inoperable).  Have you worked at creating a virus
for .NET framework executable files?

***
Kurt mentioned "Sharp" by Gigabyte (Sharpei) - the first C# coded *virus*
IIRC
http://www.f-secure.com/v-descs/blunt.shtml
http://www.symantec.com/security_response/writeup.jsp?docid=2002-022617-0242-99
***

Final question:  seems at least in the three viruses / worms etc that you
wrote, or claim to have wrote, you were not trying to harm the infected
user's system--just trying to spread the virus--is that right?

***
As I recall, many of Dustin's viruses had malicious payloads but the damage
was more reversible than it seemed.
***

I look forward to your reply.  There's a chance however that you're
pretending to be this person "Slam" or whatever--anybody can spoof anybody
else on Usenet.

***
He not lying about this, he was a member of the Slam virus writing team and
those are his viruses and worms.
***



Site Timeline