Interview with Duke

December 1999

Russia is a big unexplored world of virus writers who do not often become known on public but produce a reasonable things. One of those you can meet on internet is Duke of SMF.

Who are you, where are you from and other personal stuff...

Huh... I'm russian boy. I love techno, rave and much more. I do not care what type of music it is - if i like the music i hear it. Not less than misic i like chicks. I do not have in my head some specific type of girl, no i prefer different and definately lot of chick ;-P Other time, i am sick of all the above things - then i sit to code viruses.

How did you get into computers?

About 2.5 years ago (fall 1997) i got computer. in the very beggining i cant handle with it, then i started to play computer games. It was fun but not very usefull. After a half year i told to myself - stop ! It's time to do more serious things - and so i started learn programming. And in fall 1998 myself and GorLuM (friend of mine) decided to found cracking group SMF

Why did you start be interested in viruses?

2 years ago friend's computer has been infected by One Half and there was shitload of serious informations on the hard disk. He asked me to help him with removing the virus cos DrWeb was not able to do it (but i did it). Since then i was keen on viruses. In the biginning with the cleaning and fighting with then, the i started to collect the virii. And in august 1998 (year ago!!!) i coded my first viruses (HLLP & BAT).

Was you PC infected by some virus (besides your own)?

Yup :) when i run it. I test some viruses (Nutcracker, for example) and infect my home PC with them.

What programming languages can you use?

Pascal/Batch/WordBasic/Visual Basic/Windows Interface Language/Delphi, few asm, and many scripts... I am also familiar with bunch of scripts but i don't remember all the names ;-))) LOL

What's your favourite programming language and why?

I like pascal, coz it's very easy language. Also i like Visual (Virusal ;-) Basic , coz many types of virii coded in VB (Word97, Excel97, VBS, HTML).

How did you get into vx comunity?

It was quit late. From the very beginning i knew there is a "virus scene:, but i have no clue where i can meet people with equal intereses. I didn't have access to the internet in dat time. And in the world-wide scene i join jumped in the end of 1998 ...

What can you tell us about your first virus?

My first virus.... Long time ago ... ;-) First virus was BAT-worm, very simple and lame. After that i wrote couple of parasitic HLLP virii, so begun it all :)

And the sure followed next pieces from your workshop. Tell us more about them.

New projects ? DVL #9 and couple of original viruses.

What your best virus you have ever written and what features it has?

I don't know ... I have a lot of ideas but i fail in some cases to realise them. What should be I proud of ? Well I wrote first-in-the-world poly engine in Pascal. Before me no one did try it. I succeeded in bringing the attention of russian virus scene to Pascal language. I am happy I have found people who will follow and extend my work. I 've also coded smalest viruses in the world (Parasitic, Companion, Overwrite) I like my demo-virii, demonstrating code optimisation (for example Companion.38 and source code infector HLLP.Duke).

What's the history of SMF (what the hell should SMF mean), who's was the original idea of founding SMF and who is member?

Group SMF has been found in fall 1998 by me and GorLuM`om to write cracks, demos and tools. After i started with viruses (after DVL #2) pissed GorLuM left the group. That dudes who were interested in virii did not left :) Now SMF members are Duke, SMT, Voodoo, CyberShadow. Also we have some candidates to join. And... SMF = Super Malware Force.

Has DVL and you something common?

Of course ;-))))))))))))) DVL it's Duke's Virus Labs. In the very begining SMF was cracking group and only I was interesting in viruses. I wrote couple of viruses and articles and i had to release in somekind of magazine (first number i finished long time ago and it was, let's say very primitive). And the name i selected was quit simple - Duke's Virus Labs. Later in SMF appeared another virus writing member and together we started issuing zine. Now the number of the autho the zine is more professional. But in genelar - DVL is part of SMF group.

Most important technological advances in virus writing in your opinion?

Multiparition and polymorphism

In the history of the virus writing community, there was thousands of viruses, some of them elite, other absolute crap. What's your personal TOP 5 of viruses and why?

  1. Win95.SK - many new ideas, techniques and futures!!!
  2. Nutcracker family - very intresting and hard virii
  3. Macro.Word97.Melissa - it's revolution in net-worms!
  4. MtE - first polyengine
  5. OneHalf - one of popular russian virii.

The same as for viruses can be applied to antivirus software (but they are here not thounsands but in some couple of dozens exmplares). Your personal TOP five of anvirus packages and reason(s) why:

  1. AVP - has big AV base, but there re poor in working with sigratures. Excellent heuristic for trivial virii ;)
  2. F-Prot - lot of virii in database, but uncorrect signatures.
  3. DrWeb - russian AV, very good heuristic analiser for macro/win32 virii easy to fool
  4. NOD - excellent heuristic for macro virii, but not good for DOS-virii
  5. As macro antivirus excellent HMVS AV.

What do you think about AV people?

They are simly doing they job - making some money for their families - and not too bad at all. It is big bussiness. But some of them are starting to take care of virus writers and they try to threat them. And this is not good anymore ...

It's posssible to meet you on IRC? What's your favourite channel?

Yes :) Almost daily i am on IRC at channels #vir, #virus and #SMF. SMF group have official channel #SMF and... it's my favourite channel ;)

Did you ever meet someone from the scene in person (e.g. on the scene meet last summer) If so, how looks the meet like?

I met only some of the members;) But i would like to meet lot of virus writers - if they invite me to be their guest ;-)))

What can you tell us about russian virus scene? We would like to see here quit detailed description (groups, peoples etc)...

Russian scene is not only about viruses. I'd rather call it ex-USSR scene because we keep the relationships with former parts of the union. The oldest and most known group of russian scene is Stealth Group (ex-SGWW). Stealth Group seem to be chimera for many beginning virus writers. In the last time its activity has been reduced, they do not have site and for long time another issue of IV-offline has not been released. Zine Moon Bug, released by RedArc (ex-TAVC group) maybe will end its existence due the fact RedArc is very bussy man. Now is work on #11 progress (already released now) Group SPS releases LMD (Lamerz Must Die) zine. They are group of professionals from Belorussia, but the zine is released on very irregular base and it is difficult to find (at least for me). Group HAZARD Team from Ukraina is one of the most progressive. Its member Deviator is author of very interesting viruses. I am very happy he cooperates with DVL. Recently founded group Misdirected Youth from Moscow prepares release of the first issue of their mag. Their work has been started by couple of articles in Moon Bug #10. This group can be new pn the scene, but the members are old warriors of the virus scene. Russian virus scene includes groups like CiD, SOS and such a famous vx personalities as SSR, Z0MBiE, ULTRAS, Crkv, 2b and bunch of others. Russian scene is very very large and russians are writing tons of viruses every month.

In the Russia, there are several companies writing AV programs. What programs they produce and what are the features of them.

Kaspersky Lab produces whole pack of antiviruses AVP (for DOS, Win32, OS/2, Linux, Novell; scanners, revisor, monitor). They differs, but in general they put there everithing which cames. Very bad macro heuristic. Dialogue Science produces DrWeb (scanners for DOS, DOS32, Win32; monitor) revisor ADINF (DOS, Win32), ADINF Cure Module. Version for Linux and OS/2 they do not have :(( Heuristic is excellent, which causes many fixes in virii during coding; but heuristic 4 Win32 and macro virii can be fooled, under DOS - very easy to fool

What's your favorite AV program and why ? And what Av programs do you use to test your newest virii?

I'm use AVP, coz i am virii collector. I test my new virii with AVp, DrWeb, HMVS.

Now, let's discuss some vx technologies, what do you think about use and perspectives of stealth, polymorphism, viruses under "other" operating systems ...

Good Stealth in Win9x - it's RING0 ;-P However I think it is important not to create hardly-detectable viruses but hardly-removable instead. (like Win95.SK) I would like to point that poly for Win32 has to be widely developed. And last but not least - all the oses have to be defeated :))))

What do you think about payloads in viruses and especially the destructive ones?

Payloads manifests the viruses. If i write virus there is no place for payload in the code. If you want to demonstate what do you want, it's better to write another virus (e.g. my Smoller) - in order the payload wouldn't put shadow on some brilliant virus idea. As for destructive payloads i accept it but do not have the need to misuse/implement them. Better is to set its activation to certain date and not to rely on random numbers.

Your opinion to the topic macroviruses and their perspectives:

I forecast macroviruses for new platforms. Office macroviruses spread very fast and they re responsible for a great proportion of infections. Therefore future belongs to macroviruses. They mutate very easy, can carry various files (viruses for DOS and Win), they easily spread accross the internet (still remember Melissa?).

Are there some people from the vx & av scene you would like to meet in person?

AV : D. Lozinsky, Lubos Vrtik, Ralph Roth

VX : Darkman, Knowdeth, LovinGOD, RedArc, Deviator

What do you think about the manics who want to prosecute virus writers?

It's stupid mans ! Author aren't guilty - people who run viruses are. Kalashnikov is not guilty of his AK-47 daily kills tens of peoples - it 'd be so absurd...!!!

Your relationship to beer, girls, inline skating and other important things:

Yea! Without lot of words - these are veryy serious things ! As for beer i am "bezrazlichen", as for girls.... well, you already know :))))

Favourite meal, drink, band, pub and the rest of the small joys of life:

meal - sandwich drink - Coca-Cola ;-P~~~ band - ohh... too many ! E-Rotic and Bad Boys Blue for example. pub - "MustDie" ;-))))

Everyone today surfs the internet. Let's see someone of your favourites places on the web:

Do you have webpage ? If so, where is the page to find? official page of DVL e-zine (virii, VX tools, virus trading and VX news) official page of SMF group (cracks, demos, tools)

What about you plans for the future as coder and in general?

I prepare contributions for DVL #9 and couple of other zines. And i am going to take half year holliday - without viruses - i wanna to pick up some chicks :-) And i want to say some greetz! To: mgl - for this interview :) all my collegue from DVL - keep in touch ! all SMF members and all ppl on virus scene !!!

