Interview with Mr. Sandman


In this issue we are bringing you an interview i, b0z0, done some time ago to Mister Sandman, the boss of the quite new spanish group 29A. Thanx again to Sandy and enjoy reading!

Who you are and what do you do all the day long?

Well, i'm a student who gets up in the morning, at 7:45am more or less, has some classes and later returns home and then eats, and spends all his afternoon on different activities: studying, reading, computing, watching TV, listening to music, playing basketball... and, of course, meeting his girlfriend, and 'so on' ;)

Weekends are completely different. I get up, have breakfast, and then start computing. After the meal i often have to play a basketball match (i play in a team), and when i return i restart computing till i get tired (at 4:00am more or less).

Why "Mister Sandman"?

Hehe... well, i'm sure that the rest of 29Aers will laugh when they read this question :) I had a lot of nicks, i never had anything clear on this... i remember that the first nick i used was KRazy KReator, with which i used to call WCIVR when only universities had access to the net in Spain. Later i used other nicks, such as Doctor Mengele, Dracula, etc. and i finally decided to choose Mister Sandman after hearing the song in a 60s music CD i bought some time ago.

Why? well... first, because when i was young i used to read the comics about Mister Sandman (by Neil Gaiman); second, because he was one of the enemies of Spiderman i liked most... and cause Spiderman is putts :) And third, of course, because of the song... i like it a lot, and i also pretend to give dreams when releasing 29A issues :)

And NO, please... Metallica fans who use to do a query shouting 'Enter Sandman!' or 'Metallica rulessss!!!'... i *hate* Metallica :)

Give our readers a little description of yourself!

Errhmm... ok. I'm about 170cm high, normal weight, i was blonde when i was young but my hair has been getting darker for many years, green eyes, and sometimes a 3-day-long beard or goattee beard; no glasses (except when i'm computing and my eyes start becoming red) :) or anything else.

I don't believe myself handsome at all, but i reckon that girls usually find me attractive; they especially like my eyes, my mouth and some more thingies they use to look at :) Who can understand'em...

About clothing, i like dark colors, and i use to wear Levi's pants, and, depending on the weather, a single t-shirt or a t-shirt under a shirt, but always out of my pants :)

That's the physical side... about the psychical one, i'm just a very good student, especially at languages; i'm extrovert, and i like a lot to joke with other people. Sometimes i may look serious, but i'm actually thinking; it's something that happens to me a lot of times :)

What music/books/films/girls/stuff do you like best?

Probably the most difficult question, i'll try to answer it tho :) Ok, first, about music... i can't say i like a specific kind of music; i like many songs, and of many different kinds and authors. Anyway, i don't like anything on heavy metal or punk 'music' :) Some groups/singers i like... for instance... Velvet Underground, Deep Purple, James Brown, Kraftwerk, The mamas and the papas, Lynyrd Skynyrd... dunno, there are a lot. But something i can say is that Quentin Tarantino and i like exactly the same kind of music. I bought the original soundtrack of all his films, and i can't say there's a song in any of them i don't like.

About books, i like a lot the spanish literature, especially the medieval (well, and not so medieval :) one. My favourite books are, with no special order, Novelas ejemplares (Exemplary novels) and Don Quijote (Don Quixote) by Miguel de Cervantes.

Now films... my favourite ones are those whose director or scriptwriter is Quentin Tarantino, the MASTER :) The actors i like most are Thomas Howell, Harvey Keitel, Robert de Niro, Tim Roth, Andy Garc¡a, Robert Dowdney Jr, Samuel L.Jackson, Bruce Willis, George Clooney... even Tarantino himself, i love his psycopath face :) About actreesses, i like Geena Davis, Uma Thurman and Rebecca de Mornay. And finally, my favourite films are those made by Tarantino (Pulp Fiction, Reservoir Dogs, From dusk till dawn, Four rooms, Natural born killers, True romance...), and other golden oldies, such as Blade Runner, Her alibi, and some of them whose title i can't translate to english :)

And finally, girls... i'd personally like to puke in the face of those who say 'i like the ones blonde with blue eyes', or 'with black hair and green eyes', and all that kinda stupidities. There are no general rules, there are only nice girls and ugly girls, and sometimes ugly girls are more attractive, because the physical aspect of somebody ain't just the most important thing in my opinion. I like intelligent, sweet, very feminine girls... the rest are just interesting addings :)

Do your family/friends know about your virus activities? What do they think about it? Do you care of their opinion?

Sure, everybody in my family does, and some friends do too, albeit i'm not very used to speak about computers with them. Their opinion about it is positive, cause they know that i ain't the classical motherfucker who modifies the text strings of a trojan and spreads it; they know that it's a good activity for my mind, and they know that i'm responsible enough to care about what i do with my creatures, so they don't mind at all. My friends have a different point of view... i don't speak with them so much about my occupation, so they sometimes get amazed and start asking me for infecting computers intentionally, you know :) And no, i don't care about their opinion at all :)

Do you have a girlfriend/wife?

Yes, we've going out for more than one year, and our relationship is ok. We even travelled to India last summer and we nowadays share a flat where we use to spend the whole week together.

What was your first experience with computers?

I think i was 6 or 7 when i started on this... one of my brothers started studying the career about computing and then bought a 8088. It was a technical marvel, as at that time there were still some people using punched cards instead of diskettes :) I remember that my brother taught me how to boot from a floppy (a 5¬ one) where there were some games. A very few time later, and as i didn't cause any damage, he decided to lend me a part of his HD, where he created a directory and copied all the games i used to play. That's when i started asking him about how to use that operating system... i suddenly understood all that stuff, and one or two months later he taught me something on Basic. I kept on coding stupid programs and games until he bought his first Macintosh.

At the start i just used to freak with its graphical enviroment, games, and drawing programs, such as Adobe Illustrator or Photoshop. Later i discovered an utility called ResEdit, with which i was able to change the application icons, the text strings... hehe :)

And the story continues on the next question... :)

What was your first h/p/a/v releated experience?

It was with the Mac. My brother brought some disks from the office he was working in and suddenly we realised that our Mac was infected, due to a beep which sounded when loading some applications which had a security dispositive. That's when i, by using ResEdit (the equivalent in Mac OS for the DOS debug.exe, more or less), found the differences between infected and clean files, and then disinfected the virus file by file. Some time later we got Virex (an AV for Mac) and i saw that the virus i disinfected was called WDEF... i'll never forget it :)

Anyway, that was stupid, Mac OS viruses are one of the simplest things i know... writing them, if you have the right knowledge on the Motorola 680x0 ASM, is very easy, and disinfecting them, both if you're a programmer or a lamer, is easier than switching the Mac on :)

I liked a lot that experience, and then i started investigating further on this world. My parents and i moved, so i hadn't a computer anymore... as we couldn't afford enough money to buy another Macintosh, i got a 286, and then lost the contact with viruses for a long time... besides, i did not have many interest on computing, while basketball was more important for me at that time... until i got infected with the Traceback.3066 virus. Then i got Scan and disinfected all the files, although i did a backup of some of them for browsing with PCTools. There were more differences than in the Mac... it wasn't so easy to find out how did PC viruses work. Anyway, i was so luck to realise that all the files had in their body the name of the file which infected them, so it was easy to find the path of the infection, and i knew who was the motherfucker who infected me :)

About hacking, phreaking and all that stuff, i don't have any experience, it's something that never seemed interesting to me.

When did you started writing viriis?

It was approximately two years ago, when i started having some contacts with virus boards in Spain. I got some viruses, virus creation tools and virus sources. At the start, i didn't understand anything at all; anyway, one or two months later, i got a text about cracking written by The Cyborg, where there was a crash course into the assembly language.

I started understanding how were viruses written, and one day i decided to write one myself. It wasn't too difficult, so i decided to improve my skills, and, once i got the whole collection of 40Hex, the infection routines on my viruses became much more enhanced :)

Later i got the whole VLAD collection (from #1 till #5), and that's when i started learning very interesting things and coding good stuff, because there was a lot of highlevel info on viral techniques and so on.

Why do you write viriis? Don't you have anything better to do? 8-)

Since writing viruses (i don't mean the lame ones) is art, i compare myself with a poet, a painter, or whoever doing any kind of intellectual activity... why do they compose poems or songs, or paint pictures? it's just something they like to do, it's the activity in which they lose their free time, that's called a hobby.

Writing viruses is exactly the same thing, but there's still a lot of stupidity and ignorance in this world, and everybody outta the scene seems to think that ALL the viruses are destructive; they just can't put in their little by-TV-and-Bill-Gates-sucked mind that not everybody acts in the way they'd do, cause they'd actually spread destructive code if they'd know how to write it. Fuqin sux0rs.

But aren't "viriis" just "viriis"? Don't you think that maybe we are giving too much attention to this programs?

I think the previous answer could justify this too... aren't pictures or songs just pictures or songs? :) The variety consolidates the art. Besides, this world ain't static at all. DOS has been known for ages, and there are still today viruses for it which impress we all (just remember Zhengxi, for instance). Lots of viruses are original, or include a newly discovered viral trick... and this just for DOS.

Nowadays we know Windows 3.x, Windows95, WindowsNT, OS/2, Linux, Mac OS, and sooooo many almost unexplored operating systems... just imagine the future: if there's only less than a quarter part of success in every of these operating systems than in DOS, we'd have over 15000 viruses still to write under six different platforms! :)

Which programming languages do you understand and which do you use?

The unique language i can use is ASM; i know the one for Motorola 680x0, for x86 (which is the one i use most), and for PowerPC (RISC technology). Apart from this, i can understand lame languages such as Basic or Cobol, and not so lame as Pascal and some C.

Other two languages i can code in are AppleScript and VBA, but my skills ain't that advanced as in the assembly language.

Which docs/material do you keep for most valuable for programming viriis?

Nah, i don't look at any code while coding my own viruses, that wouldn't help me at all... i just use QuickEdit in typeover mode, TASM 3.1 and AVPUtil or Soft-ICE, depending on the virus objective. Anyway, i reckon that my first steps in this world where guided by Blade Runner, who is the greatest debugaholic i've ever known, and sometimes that old experience influences me and i code and/or trace my viruses with debug.exe :)

As a code library, i must declare myself publically a fan of VLAD; sometimes i still have a look at their zines... :'-) I learnt a lot from their virus virus sources, and i respect them (the members) all a lot. They were gods, they were the best, they were kings... but they always kept cool and they never showed any elitist behavior, which is something you can't say about all the people in the scene.

How many and which viriis did you write? Which do you like best? Why?

I wrote many viruses, but almost 90% were just tests; i only released three of them: Torero and AntiCARO, in 29A#1, and Saturn!, which in eight months is travelling to Titan, one of the moons of that planet, written in a CD :) For those who don't know what am i speaking about, go and read the article 'Life in Saturn!' in 29A#1 :)

Right now i'm working in three new viruses, and one of them is gonna be my favourite one; anyway, i can't reveal more info, cause that's part of the contents of 29A#2, and i want it to be a surprise :)

Instead, i've coded over 10 viruses for Mac OS, which have a certain payload or peculiarity... they all are pretty original in my opinion, but i neither released them nor included/will include them in any 29A issue, cause i know they ain't interesting at all for the PC virus community. Anyway, i'm thinking on releasing a Casio digital diary infector i wrote over one year ago... dunno... maybe that'd look more fun for other people :)

How do you name your viriis?

That's something i never thought about... for instance, when i wrote Torero i didn't know how to name it until it was almost finished... instead, i wrote AntiCARO after knowing which was gonna be its name; dunno, it depends on each situation.

How do you spread your viriis?

I don't spread them, i just include them in 29A. I wouldn't like anybody getting infected with one of my viruses, i just code for fun.

Do you prefer a specific type of viriis? Which virus(es) do you like best?

My favourite viruses are those who have something really original, a technique never used before. Even if it's a fun payload. About my favourite ones... well, that's a difficult question. I think the one i like most is Zhengxi, it's the most complex virus i've ever seen in my life. Anyway, i can't say it's the model of my perfect virus, there are some thingies on it i didn't like.

Why do you waste your time on IRC instead of coding? 8-)

Because i'm a fucking lazy ass :(

Will Wordmacros spread and have success in the future?

Who knows, i don't hope so. They're interesting, no doubt about it. But they're becoming the ideal toy for those teenagers who find ASM very difficult to learn but wanna code viruses. They used to look for any solution by using Pascal or C, but now they discovered VBA, which is much easier to learn and much more flexible in order to write viruses.

Anyway, i can't negate that some of the macro viruses rule, they have good conditions, such as portability, options in order to use any kind of shell under different operating systems, etc.

Any plans for Win95/NT viriis?

Sure, but i can't reveal them by now :) I can just say there will be some surprises on this in 29A#2.

When did 29A start? Tell to our readers a little about the 29A story!

Well, it's a long story... two years ago, only universities had access to the Internet in Spain, so people interested on communications had to look for some other ways, such as BBSs and FidoNet mail. And that's how almost all of us started: writing in the spanish FidoNet echoarea about viruses; anyway, that was *full* of political bosses and censorship, so we weren't able to speak freely about our favourite topics. That's when VirusBuster decided to create a new BBS (Dark Node) together with Gordon Shumway... a new BBS, and a new net, which nowadays has a great success in Spain. When Dark Node started working (April 1995), VirusBuster scouted some specialists on viruses for supporting his BBS, and that's when most of the 29Aers got in contact. During the first months we started changing information, analyzing viruses and looking for bugs in AVs, and some day in december of that year i realised that we had enough info in order to compile it into articles and release it via a virus magazine.

Almost all of us agreed, and that's when 29A turned into a reality. We had to work hard, we spent a lot of time, we did many changes, we improved many things, and we finally released 29A#1 in december 13th of 1996, about one year later :) The story continues, but that's something that has to be explained in the editorial articles of 29A#2, so... keep on waiting until it's released!

Do you at 29A have usually meetings?

Sure, that's one of the best things of the group in my opinion. We all know each other... in person! We're *friends* since two years ago, and i think that's a very important thing. There are no problems because of our friendship, we all know how to make happy each other :) Besides, communication is very important, and everytime there's something to discuss or everytime any of us has a doubt, just phones another 29Aer or even meets him.

Anyway, we all don't live in the same city! in many cases there are very long distances between us. However, we always meet three times per year in Santiago de Compostela or in Madrid, and there's a very good... how could i say... a very good 'feeling' between we all.

Have you been in other groups before?

Nope, only 29A.

Any release in the near future?

Well, i actually don't know if it will be near, but i do know there will be releases of 29A in the future :) In fact we're nowadays working hard on 29A#2, and i think it'll be released this summer... dunno.

Try to describe the "tipical anti-virus-nigga"? 8-)

I have some friends who work in this side (Skeeve, ShadSeek, rilo...), so i prefer to not answer this question... i don't want them to get angry with me! :)))) Nah, anyway... i was joking. You can't compare them with dickheads such as Bontchy or Patty. Eugene Kaspersky seems to be cool, Fridrik Skulasson and Alan Solomon seem to be good persons, and Frans Veldman seems to be a stupid lazy ass... there's no a special pattern for describing how they are.

How do you consider the actual virus scene?

I think right now it's ok, in the right way in order to get a complete regeneration. Groups such as 29A, IR/G, iKx, Infected Russia, SVL and even VLAD (still alife!) 8) are working hard, and the result is becoming very positive.

How are your contacts with the components of other virus groups?

They're ok, as you can see :) I have very good friends in other groups, such as you, Rajaat, Methyl, mgl, LovinGOD, Darkman, CoKe, etc. I think it's very important to keep this 'enviroment' of friendship; we are in different groups, but overall we're friends and we help each other when needed.

Who is the greater virus writer in your eyes?

Probably Qark, albeit i also like Quantum and Stormbringer a lot. Qark because of his... dunno... 'viscerallity'. I like a lot his viruses, and he seems to me probably the most complete virus writer in the world. Quantum is the best at researching (he wrote the first PE infector, the first Linux infector, and the first Windows95 TSR virus), and Stormbringer is one of the most original virus writers... well, and i forget another very original writer, "Q" the Misanthrope, i like his viruses a lot as well. Anyway, i'd like to mention also several virus writers of 29A, but that's something i shall not do, so... :)

As usual: the perfect virus? :-) talk about your perfect virus!

Blah... that can't exist. The perfect virus would be undisinfectable, would be able even to infect its own author without him having realised it, it'd work under all the existing platforms, it'd be undetectable and it'd infect all the types of files. It should even work under unknown situations... too difficult, huh? ;)

Which AV-warez do you like best?

AVP is my favourite AV, albeit it seems that Eugene is not writing a full DOS version anymore :( It has very powerful tools such as AVPRO and AVPUtil, and it's, in my opinion, the most professional AV package.

F-Prot and DrSolly are pretty good, but they don't reach the rates of AVP. And about TBAV and Scan... that's fucking bullshit! i can't believe that many apparently intelligent people still use it (?).

WTF, AV-niggas get money for writing AVs... will you pretend in the future some money because you partially help them in their work? 8-)

Nope, i'm realist :)

What do you think about the future of viriis?

Since Bill Gates is the wealthiest man in the earth right now, we must assume that Windows (and i don't mean Windows95 or NT) is the future. Heh, anybody could make all the people think that a crock of shit is good, and even eat it... if he has the money Bill Gates does :)

Operating systems such as Linux, OS/2 and Mac OS are very good, but they will die soon as the number of dickheads increases every day. Of course, Windows95 won't be the definitive operating system... anyway, i think that it's a positive thing to spend our time trying to find out more stuff about PE infection under Windows95, as things won't change radically in a LOT of time.

And maybe part of the future of viruses is related with the your next question... Java and/or Internet.

What do you think about Java in virusing?

I don't know anything on Java, but it seems to be flexible enough in order to write/spread native viruses. Anyway, this is completely unexplored, but i think this could be absolutely *explosive*, it's just pure logic: Internet is the future -> viruses for Internet are the future :) Who knows, i can't bet my balls, but it seems so.

What do you think about artificial life and artificial intelligence? May a future virus study how new methods by itself?

Hehe... that's something like science fiction for me... however, i reckon i thought on that many times, but it seems to me *impossible* (by now). It'd be a revolution, it's something related on what i said before about the perfect virus. ph33r :)

What do you think about virus generators?

They are LAME! they shouldn't exist... the first idea was to write a high-level programming language in order to simplify the sometimes tedious task of writing a virus. But... man, leave that idea in the hands of lamers such as Nowhere Man and die. They're actually the perfect toy for those gimps who enjoy releasing viruses and destroying computers, but fortunately most of them don't know the VCL password or the first two bytes of an EXE file! muhahahahahaha :)

What do you think about poly engines? Which do you like best?

Poly engines are the most personal part to write when coding a virus, they're probably the best reflex of the knowledge of the writer who coded them, as there's nothing general about them. Just compare the dir-stealth routine of two different viruses, and later, their poly engines. Then you'll realise what i mean :)

Of course, the more complex and well written they are (poly engines), the more effective and difficult to bypass they result for AVers. About my favourite one... dunno, probably the one in the Uruguay virus, or the one in Zhengxi (ZME). Besides, there will be some new poly products written by 29Aers as soon as 29A#2 is released :)

How is the H/P/A/V/C scene in Spain?

The scene in Spain is 29A :) There are no other virus groups besides us. About H/P/A there are some, but they're usually shit, they don't do anything. They consider themselves hackers where they just spend all their time sending letters to magazines and discussing about the future of the Internet. Instead, there are good hacking groups, such as SHE (Sindicato de Hackers Espa¤oles), all of them friends of mine, which have got several interesting thingies on their curriculum :) And about cracking, nothing interesting, just some people at Dark Node, and especially VirusBusters, one of the best/fastest crackers in Spain.

What about legal problems concerning virus writing in your country? Do you care about them? Are you all the day long closed in a box to avoid feds? 8-)))

Nope, we don't have legal problems... the law just goes against those who destruct or modify data intentionally, but we just write viruses and put them into a magazine... it's not our fault if some unconscious dickhead loses his HD because of his stupidity. So there's no problem on writing/releasing viruses, unless you use them intentionally in order to destruct or modify data.

Imagine. The apocalipse. Just you, Patty Hoffman and Bonchev survived on the earth. You *MUST* select to go with Patty, that is telling you that "your effects are unknown", or Bonchev, that is calling you "Mr_Boza.1039.H". What do you do and why?


Hohoho... this ain't just a question, this is *the* question :) Well, let me think... hmmm... well, i guess i'd choose Patty. Bontchev is a... ehem... 'man', while Patty is a woman, and i think i couldn't stand neither Bontchev's monk-alike haircut nor his attitude. Patty is a woman -> that means i could demonstrate that i do MANY things besides replicating :) Yeh, definitely, i'd rather stay with her :)

You know that we all have sexual needs, and... oh, well, my stomach and other thing in my body shrink just thinking on having a sexual relationship with Bontchev '%-b

In which country would you like to live/stay_for_a_while?

Romania or India, or maybe any of the Maldives islands. Those are my favourite places in the world. I actually lived in Romania for one year, and it was a very good experience. India/Maldives are the places where my brother lives, and i've been also there, they'd be ok for spending the rest of my life.

What do you think about the iKx?

You're one of the best groups right now, i liked a lot the first issue of your zine... and i hope the second issue will be much better! 8)

Do you have any advice for us?

You're in the right way, so all i can say is... keep on walking and best luck for you guys! :)

And now just write anything you want :-)

Errrhmmm... well, just say that this is a novel as i promised :) And now, greetings for my friends: the whole 29A staff, all the 29A fans, of course special greetings for iKx, and to all my friends at EFnet #virus -> fuck, my telephone bills are becoming HUGE! :)

