Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Interview with Cicatrix

*-zine (Asterix) [2]
December 1999

[Back to index] [Comments]

Cicatrix is well known on virus scene as maintainer of VDAT, a kind of virus knowledge database about viruses, groups, zines, etc. Now you can read what is behind...

You are one of the best known collectors on the net. Try to introduce yourselves...

Well like most of us I think I'm just your regular run-of-the-millaverage guy who happens to 'dig' computer viruses.

Everyone in the H/P/A/V scene has some nick. Where did you get yours, it sounds so stange for most of the people ...

In my normal day-to-day job I happen to sometimes use a handle as well. Cicatrix is the Latin translation/equivalent.

On your site is always anouncement like you are "in process of moving your a** back home". Can you specify where in Europe is your home?

Some people know exactly were I belong but lets say I'm from Western Europe.

When did you start with computer stuff?

See below.

Tell us about your very beginning, like what was yer 1st comp etc...

My first experience must have been around 1983 when I saw some 10-12 year old kid do magic with a computer keyboard. I decided that what a 10-12 year old kid could do I could better so I bought my first computer (Acorn Electron with a cassette player for storage) and started fooling around programming simple stuff in BASIC.

Many of the readers of *-Zine would like to know, when and why did you start to be interesting in computer viruses.

It must have been the late '80's. I'd often heard about this magical thing called a computer virus but I had never encountered one. Having moved to an IBM compatible computer (8088) I was using quite a lot of pirated software and I used McAfee as a virus scanner. Then one day when I decided to scan a diskette which I did not expect to have a virus (it came from a reputable source) I found the Cascade virus.

Did you ever write some virus? If so what was the virus like ?

Nope, I've looked at a lot of them but I've never created one myself.

Do you have any programming skills? If so, what's you preffered programming language and why?

I'm not really a programmer. I know Basic, VB and I have a limited knowledge of assembler.

One of your main activities seems to be the maintenance of your webpage. Its design is of good standard. Do you design the page on your own or do you get some help from other person?

I do 99% myself (if I can find the time). I think my site is pretty basic compared to what is possible with HTML nowadays. But since I have a full time job and a lot of other hobbies and don't really have the time to make the site too fancy. Also it is easier to update a site that is not too complicated.

Your webpage is one of best watched on the net. How many hits you have a day?

In the beginning of my site I used to have a counter and I was amazed at how many people were visiting. One day I reorganized my site and I forgot to put the counter back up. Now I don't really care anymore, I know by my e-mail that a lot people like the site and visit a lot.

Your page at www.xs4all.nl/~cicatrix is best viewed with Nescape Navigator and "weird things may happened to Internet Exploder". Maybe we are of the same blood group and we both dislike Micro$oft. If so, why do you dislike M$ and its CEO big guru Gate$$$?

I have no reason to dislike them (yet). At least I like Windows 95 better that I liked Windows 3.1 (which was a horrible piece of software).I happened to start with Netscape and I disliked MSIE because initially it couldn't compete with Netscape's features. Recently they have grown closer and closer but still like Netscape more and I noticed that MSIE doesn't like pages build with Netscape.

There are also other virus related site on the net. WCIVR has shitloads of viruses online, Virus Emporium the same. Why do you think (I hope you think) is your site better than that of the others?

This question assumes I think my site is better that the other sites. Of the two I only know WCIVR which hasn't been updated in ages. It has loads of viruses and I still sometimes visit. I think my site has a nice cross section of stuff available in the VX scene and I think VDAT is getting to be a popular database.

I would like to ask you somethink about VSUM and that Patty which is responsible for this piece of (des)information. But surely AVPVE is better source of virus information.

In the beginning I used to D/L every release of VSUM but the more I got to know about viruses the more I was amazed about the program's (well known) inaccuracies. The last couple of releases were not really worth getting, especially with only a small part of all available viruses being covered.

I liked the generic idea of a hypertext database on viruses though and it was sort of the thing that got me started on VDAT.

I really like AVPVE. The initial DOS-version was pretty good, especially with the visual effect database that was included. The online version of AVPVE is getting better and better and I'm really looking forward to the stand alone (HLP and HTML) versions.

As for VSUM qualities, let's take old good One_Half virus. Every virus kid knows what is does, but Patty Hoffman obviously not. What would you say on VSUM's classic sentence "... it is unknown what this virus does besides replicate... " if you'd have the opportunity to meet Patty in person?

I'd give her the URL to AVPVE and teach her how to Cut & Paste.

You are that one dude who created VDAT. What was the reason for creating VDAT?

When I started out collecting viruses I downloaded everything I could get that had anything to do with computer viruses. I stored all that material on diskettes but since I wasn't as organized then as I am now I could't find anything when I wanted to read it again so I ended up downloading the stuff again. After a while I was sick and tired of this and I was at that time browsing through VSUM to find something. The whole hypertext idea sort of appealed to me and that is how it all started. It took a while to find a suitable hypertext compiler but after a while that was taken care of. The first couple of releases were, as with most first tries, pretty lame and incomplete. But it got better and better. The DOS version was pretty limited in graphics and looks and it was a bitch to create hyperlinks so after a while I started looking for a Windows version. Initially I couldn't find a suitable compiler but with the rise of HTML I found InfoCourier (http://www.smartcode.com). It allows the use of regular HTML code, which should be good if I ever want to put the whole thing online, and editing the stuff was a lot easier. Keeping both versions up to date was impossible due to time constraints so in the beginning of this year I chose to discontinue the DOS version much to the sorrow of some Windows haters.

As the amount of available information in VDAT reached critical level, DOS version has been discontinued :(((((( Easy to understand. Last two releases are Windoze only. What tools do you use to maintain VDAT (language, enviroment etc...)?

See above, recently I've been looking at HTML2EXE which is similar to InfoCourier. It knows frames which InfoCourier doesn't although thelatter has better font control and I'm still looking for a crack forHTML2EXE.

You get the virus samples mostly direct from their autors, in order to include them in your monthly incremental updates. This gives me the oportunity to ask you directly : "Do you have any relationship to any AV company"?

No, none whatsoever. Some have e-mailed me but that is about it. I'm pretty sure somehow my CCTX updates get to them though.

How many viruses do you have in your collection?

Like I say on my site, my collection is in need of a major overhaul butit is hard to find the time. I don't have a recent scan bu I'm sure I have more than 10000-11000 scanned viruses and loads of unscans.

What do you think about perspectives of future virus underground?

Like most things it has ups and downs. There have been periods in the last couple of years I really thought that all virus writers had quit. But then a couple a weeks later a new group would start out and new 'solo' writers would join the scene. I think that as long as there arecomputers there will be viruses and virus writers.

What was the greatest break through in the history of virus writing?

'Greatest' is a matter of opinion but I think that MtE and TPE were the start of a major chapter in the history of computer viruses. Another major event (though not especially sophisticated) would be the macrovirus. The ease of programming such a virus and the lack of knowledge about them with the 'regular' computer user has made it the biggest virus event in the last couple of years.

The same as above, but as for AV

I still think that Frans Veldman's heuristic scanning (TBAV) would be a break through fighting viruses. Although certainly not perfect it is the goal of almost all virus writers to fool TBAV's heuristic feature.

The numbers of new macro viruses hits the sky. What is the reason for this new trend in virus writing in your opinion?

Like I say a couple of questions ago, it is easy to program and pretty transparent. Also computer users still don't expect .DOC files to be infected.

The need for solution of macro virus problem results to creation of the handfull of macro specific scanners. Which 'll be your choice, if you should pick up one or two of the bests?

F-Macrow sees the most. F/WIN uses heuristics. HMVS uses heuristics and is able to disassemble most macro viruses (95 & 97).

Express your opinion on today's top AV programs (F-prot, TBAV, Solomon, AVP, Web etc.)

Personally I use F-Prot (DOS), TBAV (W95), AVP (W95) and sometimes Norton AV. I hear Dr. Solomon is pretty good.

Moral issues of virus writing and the AV bussines

No major moral issues. I don't like destructive payloads and I think there is a difference between making viruses available and actively spreading viruses for the sake of infection.

Something personal now. Favourite drink, movie, band ...

Sites you recommend to visit ...

Sites you recoment definitively to avoid ...

I wouldn't know. I don't bookmark site I want to avoid ;-)

One of the my last question. What's yer opinion on our zine :)

Like I say in VDAT: "The graphic user interface and layout are very well done and user friendly. This zine sets a standard on how things can be done with a some dedicated effort and know how."

I really liked the GUI and all the VX stuff that was offered. It looks very professional. One gripe would be that I could'n export everything to a .TXT file.

My classic last question, plans for the future, and so on ...

For now VDAT and the monthly CCTX updates will eat a lot of time. One thing I'm doing right now is cross referencing all VX e-zines (hell of a lot of work). Then my collection needs a major update. And for sure some new stuff is over the horizon.

    ^                                                 ^      _
   / \            ^           _______    __          / \    / /
  /  _\    _     /_\      ^  |       |  |   \    _    \ \  / /
 /  /     | |   //       /_\  \-| |-/   | ^  \  | |    \ \/ /
 \  \     | |   \\      / _ \   | |     |   /   | |     \  /
  \  \    | |    \\    //   \\  | |     | \\    | |     /  \
   \ \    | |     \\  /       \ | |     |  \    | |    / /\ \
    \ \   //       \          / //      // //   //    / /  \ \
     \\  /          \          /       /  /    /     //    //
      \\                                            //    /
       \                                           /
        \     http://www.xs4all.nl/~cicatrix      /
[Back to index] [Comments]
By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxheaven.org aka vx.netlux.org
deenesitfrplruua