Cicatrix is well known on virus scene as maintainer of VDAT, a kind of virus knowledge database about viruses, groups, zines, etc. Now you can read what is behind...
You are one of the best known collectors on the net. Try to
introduce yourselves...
Well like most of us I think I'm just your regular
run-of-the-millaverage guy who happens to 'dig' computer viruses.
Everyone in the H/P/A/V scene has some nick. Where did you get
yours, it sounds so stange for most of the people ...
In my normal day-to-day job I happen to sometimes use a handle as
well. Cicatrix is the Latin translation/equivalent.
On your site is always anouncement like you are "in process of
moving your a** back home". Can you specify where in Europe is
your home?
Some people know exactly were I belong but lets say I'm from
Western Europe.
When did you start with computer stuff ?
See below.
Tell us about your very beginning, like what was yer 1st comp
etc...
My first experience must have been around 1983 when I saw some
10-12 year old kid do magic with a computer keyboard. I decided
that what a 10-12 year old kid could do I could better so
I bought my first computer (Acorn Electron with a cassette player
for storage) and started fooling around programming simple stuff
in BASIC.
Many of the readers of *-Zine would like to know, when and why
did you start to be interesting in computer viruses.
It must have been the late '80's. I'd often heard about this
magical thing called a computer virus but I had never encountered
one. Having moved to an IBM compatible computer (8088) I was
using quite a lot of pirated software and I used McAfee as
a virus scanner. Then one day when I decided to scan a diskette
which I did not expect to have a virus (it came from a reputable
source) I found the Cascade virus.
Did you ever write some virus? If so what was the virus like ?
Nope, I've looked at a lot of them but I've never created one
myself.
Do you have any programming skills? If so, what's you
preffered programming language and why?
I'm not really a programmer. I know Basic, VB and I have
a limited knowledge of assembler.
One of your main activities seems to be the maintenance of
your webpage. Its design is of good standard. Do you design the
page on your own or do you get some help from other person?
I do 99% myself (if I can find the time). I think my site is
pretty basic compared to what is possible with HTML nowadays. But
since I have a full time job and a lot of other hobbies and
don't really have the time to make the site too fancy. Also it is
easier to update a site that is not too complicated.
Your webpage is one of best watched on the net. How many hits
you have a day?
In the beginning of my site I used to have a counter and I was
amazed at how many people were visiting. One day I reorganized my
site and I forgot to put the counter back up. Now I don't really
care anymore, I know by my e-mail that a lot people like the site
and visit a lot.
Your page at www.xs4all.nl/~cicatrix is best viewed
with Nescape Navigator and "weird things may happened to
Internet Exploder". Maybe we are of the same blood group and we
both dislike Micro$oft. If so, why do you dislike M$ and its CEO
big guru Gate$$$?
I have no reason to dislike them (yet). At least I like Windows
95 better that I liked Windows 3.1 (which was a horrible piece of
software).I happened to start with Netscape and I disliked MSIE
because initially it couldn't compete with Netscape's features.
Recently they have grown closer and closer but still like
Netscape more and I noticed that MSIE doesn't like pages build
with Netscape.
There are also other virus related site on the net. WCIVR has
shitloads of viruses online, Virus Emporium the same. Why do you
think (I hope you think) is your site better than that of the
others?
This question assumes I think my site is better that the other
sites. Of the two I only know WCIVR which hasn't been updated in
ages. It has loads of viruses and I still sometimes visit.
I think my site has a nice cross section of stuff available in
the VX scene and I think VDAT is getting to be a popular
database.
I would like to ask you somethink about VSUM and that Patty
which is responsible for this piece of (des)information. But
surely AVPVE is better source of virus information.
In the beginning I used to D/L every release of VSUM but the more
I got to know about viruses the more I was amazed about the
program's (well known) inaccuracies. The last couple of releases
were not really worth getting, especially with only a small part
of all available viruses being covered.
I liked the generic idea of a hypertext database on viruses
though and it was sort of the thing that got me started on VDAT.
I really like AVPVE. The initial DOS-version was pretty good,
especially with the visual effect database that was included. The
online version of AVPVE is getting better and better and I'm
really looking forward to the stand alone (HLP and HTML)
versions.
As for VSUM qualities, let's take old good One_Half virus.
Every virus kid knows what is does, but Patty Hoffman obviously
not. What would you say on VSUM's classic sentence "... it is
unknown what this virus does besides replicate... " if you'd have
the opportunity to meet Patty in person?
I'd give her the URL to AVPVE and teach her how to Cut & Paste.
You are that one dude who created VDAT. What was the reason
for creating VDAT?
When I started out collecting viruses I downloaded everything
I could get that had anything to do with computer viruses.
I stored all that material on diskettes but since I wasn't as
organized then as I am now I could't find anything when I wanted
to read it again so I ended up downloading the stuff again. After
a while I was sick and tired of this and I was at that time
browsing through VSUM to find something. The whole hypertext idea
sort of appealed to me and that is how it all started. It took
a while to find a suitable hypertext compiler but after a while
that was taken care of. The first couple of releases were, as
with most first tries, pretty lame and incomplete. But it got
better and better. The DOS version was pretty limited in graphics
and looks and it was a bitch to create hyperlinks so after
a while I started looking for a Windows version. Initially
I couldn't find a suitable compiler but with the rise of HTML
I found InfoCourier (http://www.smartcode.com). It allows the
use of regular HTML code, which should be good if I ever want to
put the whole thing online, and editing the stuff was a lot
easier. Keeping both versions up to date was impossible due to
time constraints so in the beginning of this year I chose to
discontinue the DOS version much to the sorrow of some Windows
haters.
As the amount of available information in VDAT reached
critical level, DOS version has been discontinued :(((((( Easy to
understand. Last two releases are Windoze only. What tools do you
use to maintain VDAT (language, enviroment etc...)?
See above, recently I've been looking at HTML2EXE which is
similar to InfoCourier. It knows frames which InfoCourier
doesn't although thelatter has better font control and I'm still
looking for a crack forHTML2EXE.
You get the virus samples mostly direct from their autors, in
order to include them in your monthly incremental updates. This
gives me the oportunity to ask you directly : "Do you have any
relationship to any AV company"?
No, none whatsoever. Some have e-mailed me but that is about it.
I'm pretty sure somehow my CCTX updates get to them though.
How many viruses do you have in your collection?
Like I say on my site, my collection is in need of a major
overhaul butit is hard to find the time. I don't have a recent
scan bu I'm sure I have more than 10000-11000 scanned viruses and
loads of unscans.
What do you think about perspectives of future virus
underground?
Like most things it has ups and downs. There have been periods in
the last couple of years I really thought that all virus writers
had quit. But then a couple a weeks later a new group would start
out and new 'solo' writers would join the scene. I think that as
long as there arecomputers there will be viruses and virus
writers.
What was the greatest break through in the history of virus
writing?
'Greatest' is a matter of opinion but I think that MtE and TPE
were the start of a major chapter in the history of computer
viruses. Another major event (though not especially
sophisticated) would be the macrovirus. The ease of programming
such a virus and the lack of knowledge about them with the
'regular' computer user has made it the biggest virus event in
the last couple of years.
The same as above, but as for AV
I still think that Frans Veldman's heuristic scanning (TBAV)
would be a break through fighting viruses. Although certainly not
perfect it is the goal of almost all virus writers to fool
TBAV's heuristic feature.
The numbers of new macro viruses hits the sky. What is the
reason for this new trend in virus writing in your opinion?
Like I say a couple of questions ago, it is easy to program and
pretty transparent. Also computer users still don't expect .DOC
files to be infected.
The need for solution of macro virus problem results to
creation of the handfull of macro specific scanners. Which 'll be
your choice, if you should pick up one or two of the bests?
F-Macrow sees the most. F/WIN uses heuristics. HMVS uses
heuristics and is able to disassemble most macro viruses (95 &
97).
Express your opinion on today's top AV programs (F-prot, TBAV,
Solomon, AVP, Web etc.)
Personally I use F-Prot (DOS), TBAV (W95), AVP (W95) and
sometimes Norton AV. I hear Dr. Solomon is pretty good.
Moral issues of virus writing and the AV bussines
No major moral issues. I don't like destructive payloads and
I think there is a difference between making viruses available
and actively spreading viruses for the sake of infection.
Something personal now. Favourite drink, movie, band ...
Sites you recommend to visit ...
http://www.avp.ch/avpve
http://www.pipo.com/darkweb/virus.html
http://www.wcivr.com
http://www.codebreakers.org
http://www.virusexchange.org/29a
Sites you recoment definitively to avoid ...
I wouldn't know. I don't bookmark site I want to avoid ;-)
One of the my last question. What's yer opinion on our zine :)
Like I say in VDAT: "The graphic user interface and layout are
very well done and user friendly. This zine sets a standard on
how things can be done with a some dedicated effort and know
how."
I really liked the GUI and all the VX stuff that was offered. It
looks very professional. One gripe would be that I could'n export
everything to a .TXT file.
My classic last question, plans for the future, and so on ...
For now VDAT and the monthly CCTX updates will eat a lot of time.
One thing I'm doing right now is cross referencing all VX
e-zines (hell of a lot of work). Then my collection needs a major
update. And for sure some new stuff is over the horizon.
^ ^ _
/ \ ^ _______ __ / \ / /
/ _\ _ /_\ ^ | | | \ _ \ \ / /
/ / | | // /_\ \-| |-/ | ^ \ | | \ \/ /
\ \ | | \\ / _ \ | | | / | | \ /
\ \ | | \\ // \\ | | | \\ | | / \
\ \ | | \\ / \ | | | \ | | / /\ \
\ \ // \ / // // // // / / \ \
\\ / \ / / / / // //
\\ // /
\ /
\ http://www.xs4all.nl/~cicatrix /