Threat Research & Response Blog (Back to herm1t's home)
It's when a VX group folds, and it has happened again. Twice, even. The day before the "much anticipated" ;-) EOF-DoomRiderz-rRlf group zine was released, rRlf announced that they were disbanding. This is something that we could have guessed anyway, based on the comment in Latin that was posted on their website a few days prior. While I didn't get a good translation for it, I understood it to mean something along the lines of "I must think about things".
These days, VX groups are little more than a distraction from our real work. Customers, for the most part, don't care if - or even that - they exist. With the more strict laws that have come into effect in several countries recently, the binaries have generally disappeared from the sites, leaving nothing for people to submit to us. Of course, there have been occasions when new techniques, developed by the authors within those groups, have been used outside. Consider exceptions as an anti-debugging method, and file mapping for fast infection. Pop quiz: can you name the first virus that used both of those techniques, and when it was written? Answer below.
So rRlf is gone, that was one group. The other? On the day of the zine's release (which was, incidentally, about the level that we expected from those who remain), DoomRiderz announced that they were disbanding, too. Technically speaking, it was WarGame, as the only remaining member, who made the announcement. However, he is not quitting, he's just moving back to EOF.
In effect, that leaves EOF as the only "active" group, along with a couple of freelancers like herm1t. With luck, they will run out of ideas to surprise us, and they will quit, too.
The answer to the quiz? Come on, it's a quiz. This whole entry fits on one screen, it would be even easier than looking in the back of the book. No answers for you.
