Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Interview with hh86

SPTH
DarK CodeZ #5
July 2013

[Back to index] [Comments]

hh86 is one of the best and most active virus writers in recent years, and she is also the editor of the valhalla-ezines.

The first inteview with her I did in december 2010 (released in DC#3), about 2.5 years ago. Since then, many things happened, and its interesting to talk to hh86 again!

You can reach her via [email protected] or https://twitter.com/hh86_

The interview was done via several e-mail sessions in june 2013.

Have fun! :)

Hey hh86! First, could you please introduce yourself - such as how do you spend your 24h per day usually? Do you have hobbies other than virus-related stuff?

I wake up approximately at 6 A.M. and go to work until evening. So I work most of the time. Then I comeback home to spend the rest of the time on coding.

I don't consider virus writing as one of my hobbies, actually. I do have a real hobby-- I like to play FPS games, complete them on a single night. I'm very good at it.

Can you tell us when you were born, where you are from and where do you spend your time at the moment?

I was born in 1992. I live in Argentina. At the moment, I am spending my time in the room where I have my computers. In spite of the heat generated by the CPUs, this room has its own Winter. But it is somehow pleasing right now.

What was the best movie that you have seen since December 2010? What is your favorite movie in general and why?

"Dustbin Baby" is the best film I have seen since December 2010.

My favourite film is "The End of Evangelion", because I can identify myself with two of the main female characters. I am a rare combination between Asuka Langley Soryu and Rei Ayanami. They are both opposed, but so am I with myself.

Do you like to read? What's your favorite genre? I see from time to time allusions to some science fiction novels; which are your favorite ones?

I like reading books very much. I don't have a favourite literary genre. Books on my shelf are science-fiction, crime, horror, mystery, thriller novels, science books, compilations of short works from different authors, and some computer programming books.

My favourite books are: Contact by Carl Sagan; Carrie by Stephen King; and Sprawl trilogy by William Gibson.

I like poetry as well. In my most recent codes, I included a fragment of a poem written in 1916 by Marina Tsvetaeva. You can see it in the source code, but it is encoded as hexadecimal data. Only those who went so far as compiling the source have probably read it.

You mentioned in the last interview, that you were interested in viruses since you were 14. When did you had the first contact with viruswriters, and who were they?

I can't really remember when it happened. I began researching about the topic on several forums and other places for quite some time before I found myself in VX Heavens and then 29A, where I learned for real. I talked to some people who may or may not have been virus writers, I never saw anything from them in the scene.

Imagine some clever youngster reads this text and - fascinated by your answeres - decided that (s)he wants to program some self-replicating programs. What would be your suggestion? Whats the best way to start? What needs to be learned?

Where there is a will there is a way.

I would suggest to learn general programming in C or C++. Having a good base of knowledge and programming skills is the best before learning the concepts and techniques of virus writing. Then you might want to try to learn ASM.

ASM is not difficult to learn. It requires patience, and creativity, just like any work of art. When you learn ASM, you are getting closer to the truth. So, you will spend most of your time understanding how things work.

We have talked about 2.5years ago. Much has happened since then. What where your personal highlights since then regarding viruses? What has been the nicest developement, what was the worst?

Lots of good things have happened.

LIP project by SPTH. Upcoming DC5. DC is an ezine which began much before Valhalla, so Valhalla itself has been growing next to it, which is very, very good. DC is now going for their fifth issue, and I'm very honored that they invited me to contribute.

The worst that happened was VX Heavens going down, my alma mater. Others thing too, but they are not worth mentioning.

Since the last interview, you have been very active writing a punch of kick-ass viruses. Eigth of your codes have been analysed by Peter Ferrie and described in VirusBulletin. Thats very impressive! Can you please tell us about your creations from that time. What were your favorite projects? What have been the most difficult? For which are you most proud? What would you do differently with the knowlegde from today?

Thank you.

Since the last interview I wrote many new viruses. Here is a description of them.

The most difficult to code was UNIT00. I never thought it would work. Until it worked, of course. ;)

For the co-operation of W32.Wave, which has been released in valhalla#3, the code was signed by the name "(o)". Can you tell us who this is? Do you know of some specific meaning of that name?

(o) is a very good friend of mine, computer science student. I think it was inspired by the logo of the band "A Perfect Circle".

What do you think in general about the quality and correctness of Peter's analysis? He mentioned in a few of his texts the opportunity for better optimization, and also explained some "bugs" - some of those bug-explanations sound rediculous. What do you think about them?

Ha. I think you can say a lot about a person by what you see on their codes, I have seen some of his analysis where he does not mentions anything regarding the optimisation of the code. He knows that I put some effort on it. He likes to critic my code, he likes to critic me when he finds that I missed something I shouldn't have, or I could have done better. It's fine with me.

It's the same thing with the bugs. Sometimes I make mistakes that I didn't in the past, sometimes I make mistakes that given my knowledge, I shouldn't. Means that I haven't learned my lessons well. Bugs can cause damage to the host, so it is quite important to describe them. So, it's fine with me.

But sometimes he prefers to describe my mistakes rather than describe some of the features of the code that are more important. For example, in his analysis of my W32.Sigrun.C virus, instead of describing that the virus was capable of transforming its encryption algorithm into a decryptor, he wrote that I could have used another instructions to save some bytes, while obviously if you use self-modfying code to avoid having two separate algorithms it's a more important optimisation feature. Then that's what I consider ridiculous from him.

What is your opinion on optimization of the code? What would you say against somebody who claims that optimization is wasting of time as the todays HDs have 100s of GB space and network speed is 10s of MB/sec usually.

I only care about the size of the code, and not about the speed of the code. When I started learning assembly, I was studying a paper about bitwise instructions, the author wrote that the coolest tricks are about optimisation. That was enlighitening for me, I think, I never forgot about it.

There are standards for quality code in all levels of development. We write POC code that does not obeys to the stardards of companies, but they do obey to our own standards. I think that the quality of the code is there, in how well you can design an algorithm, its intrincated details, there is a certain elegance there. It's hard to explain.

How do you get new ideas about your next projects? How much time do you spend on researching, coding, bug-fixing, optimizing usually? What was your most complex code so far, and why?

It is a funny, sometimes messy process. I am always researching but I'm not the kind of person who likes to take notes. Sometimes I remember my plans when I dream about them. Dreams are good incentives for me because when I wake up I feel an urge to try it.

When I research and decide to try it right away on code, if it works, I research more about it to improve the code. It might take just a few days days (I work on other projects at the same time, too), when I consider I have enough knowledge, I write the virus code to implement it.

I don't spend much time coding for my ideas, I write them little by little. I don't spend much time fixing bugs, either. I make mistakes while editing the template code I use, but I don't notice the effects most of the time.

I don't think I have any complex code yet.

What are your most favorite technique? What are the techniques that you like to research most?

Not sure whether I have a favouritism for some techniques, or I just like to research on those fields because I feel comfortable working there.

I would say I am generally just attracted by techniques for file infection, decryption of code, tricks with processor instructions, cross-platform code. These are the fields on which I have been working, and continue working on.

I know that you like to read old zines, and feel the nostalgia aswell :) So what are your favorite viruses/worms from the early days until today? Maybe in 5years-steps, like pre-90s, early 90s, late 90s, early 2000s, late 2000s and 2010s? And which coders do you consider as the all-time legends?

Here is a list of some of my favourite viruses:

I'm probably missing some but those are some I can remember right now. All time legend coders:

Benny, Dark Avenger, herm1t, roy g biv, SPTH, The Mental Driller, Vecna, Z0mbie

Which ideas or techniques since the start of viruswriting in the late 80s have been most influencing and important?

I think that polymorphism was one of them, obfuscation, per-process residency, stealth (now we have other names for it).

What is the best and most awesome self-replicator that you can think of? What might happen in the future with respect to computerviruses? What will be in 3-5 years? What might be possible in 2050? Be creative ;)

A metamorphic version of my cross-platform virus. Naturally, someone with greater skills would be its author, not me. ;)

In the future, computers viruses and virus writers will eventually disappear.

If we were writing viruses with spreading capabilities, modular designs, complex networking, and on top of that, new techniques. Not necessarily spreading, AV companies would still mildly be onto us.

Virus writing community understood that what they were doing was illegal in many countries. Some people left, some people stayed and became POC virus writers. I believe this transition contributed to the disappearance of the virus writer generation itself. There is no money there for AV if hobbyist do not spread. But some of them became malware writers. Malware goes where the money is, so do the AV companies, and they attract the media, which is good for business.

Now some say the PC is dying, being replaced by mobile equipment like tablets, smartphones. Where there is trend, there is money, and there is malware. Malware has already moved on to those platforms while viruses and virus writers have not yet. There is also the security researcher, the malware researcher, who is paid to infect those platforms, or they do it but present it on conferences or important events where the average virus writer does not access, and those people don't feel like publishing their research in ezines with little design efforts, no advertisers, no media attention.

So, as I see it, the future looks grim. However, I think people will continue to try interesting tricks on Windows, Linux, OSX. Those platform will never be abandoned at all, but in many, many years from now, just for the sake of remembering the past.

In 2050 maybe biopunks try self-replicators. And a few decades later a bored woman will create the first self-replicator in Autoverse. ;)

You mention mobile environments, like "smart"-phones and tablets. Do you plan to do research with those platforms some day? Some nice polymorphic EPO Android binary infector? :)

I have tried Android. Now for sure I can tell it's not going to be easy, but who knows. ;)

What might be the coolest device to infect? Lord Yup pioneered in infecting the TI calculators, vallez and Ratter hit on mobile devices, VirusBuster in his intro to 29a#8 speculated about an infector for a coffee pot. What do you think (realistic and futuristic :) )?

Satellite.

Those criminals who earn money by spreading viruses - do you follow their latest projects? Do you think they could learn something by reading our articles and codes, or could we learn something by looking deeper into their creations?

I like to read about APT attacks. Malware writers know a few good tricks of their own-- it would be silly to understimate their skills. Still, I think they could learn a few things from us as well. :)

Do you follow the projects of scientific researchers such as Eric Filiol or Mark Stamp? Do you read articles in "Journal in computer virology"?

I have seen some of their research, but most of it is not of my interest.

In the last 2.5 years, you initiated the valhalla-magazine, a kickass ezine with four (valhalla0,1,2,3) issues. Could you describe the story behind it, and what is your intention to valhallas future? How can people contribute?

I have very vague memories of how it began. But here is how I remember it happened: I had the idea of a new ezine, but somehow not a continuation of the VirusWriting Bulletin. Back to the old-school roots, high-quality. I told roy g biv and asked him to contribute, I asked SPTH as well. I thought roy g biv unlike SPTH, never had himself involved much in the creation of an ezine before, so I asked him to think of a name for it. Some time later roy g biv had a name and contributions and so Valhalla was born.

I am positive that in the future we will make an historic release, maybe not in the near future, we need to continue researching and explore new fields.

People can contribute by sending me an email with their material: agonisthh86[at]gmail.com

The deadline for Valhalla #4 is 1st of November.

Ohh, "an historic release" - that sounds great. What are you thinking about? Why not in near future? What should we do? :)

The craziest creation you can imagine. :) We need time, patience and hard work to bring things to existence.

Last time you said you dont have much contact to other viruswriters. Now due to the valhalla magazine and your great codes, i guess that changed. Do you have alot of contact to other viruswriters now?

No. This fact causes me great dismay.

What was the nicest comments you got about your codes or magazines? What was the dumbest message? :)

Honestly, I don't remember that I have received any nice comment regarding my codes. Yes, I have received some nice comments about the ezine.

The dumbest was from some guy who thought he was quite intelligent for pointing me out that my W32.Sigrun.C's decryptor had the key in its body. Obviously, I know that, I wrote it. The virus was not about security, you idiot. :)

What about people from anti virus companies or other security researchers - do you have contact with many of them?

Yes, but not much lately.

OK, thats it with the virus-related questions. Let's think about something totally different: To which future events are you looking forward?

I'm looking forward to see humans landing on Mars for the first time. New scientific discoveries (and some by myself). :) Also I'm looking forward to see the president of Argentina go to jail.

Very cool, good luck with science! +crossingfingers+ :) Could you give us a short explanation about what Cristina Kirchner (president of argentina) did?

Thank you.

Her husband ex-president Nestor Kirchner, some members of her political party, entrepreneurs, and herself, have been conducting a money laundering operation. Read more about it here: http://en.wikipedia.org/wiki/The_road_of_the_money_K

Some of her most prominent functionaries in the government are linked to human trafficking and illegal gambling. Her son commands militant party of adepts to the goverment, known as "La Campora", they make politics in schools, high-school and universities of all the country, brainwashing the youth to make them believe that their saviors are the Kirchners. La Campora moves across the country to control and report to the president. They remind us a lot to the Hitler Youth. An example: http://www.infanciahoy.com/imgnoticias/infanciahoy.com_10602_1382012_campora.JPG

Since they control most of the organism and institutions, they have a majority in the congress, and they own most the judges in the country, their crimes are not punished. But they do punish the people who critics them and publicly opposes them, people get fired, persecuted, investigated. Many people have suffered this kind of persecution, people from the media, judges, members of the opposition, people who is not affiliated to political parties, etc.

They subdue the poor to vote for them threatening to take away the help plans given by the goverment. There is an on going genocide against native "Qom" people, police attacks them and threat them. The Qom people has been camping near the house of government for many weeks now trying to contact the president, and does not receive them to treat their problems. That is of course because it's the governorns affiliated to her party who command those actions.

We have seen also cases of persecution against the media who reports the cases against the government, they try to take over those TV station to censor them as has happened already with the TV show who revealed the case of money laundering. They change the name of public places. And recently the president ordered an artist to change the name of her work because she didn't liked it.

This not even the tip of the iceberg, it would take months to describe our complete current situation in the country. We are living in a dictatorship. La Campora has an enormous harrasing presence on internet, so I guess I'm next now. :)

Something different: Imagine a good ghost visits you and offers you three wishes. What would it be? :)

Cool, traveling thru the whole spacetime :) OK - its obvious that you like astronomy, now maybe as a final question: What are your three single most favorite objects in the sky? :)

The constellation of Orion has always fascinated me since I was a child. Those visible stars, for what they mean to life in planets. And the planet Neptune.

Thanks alot hh86 for this very nice interview, was very exciting :) Any final thoughts?! The rest of the file is yours!

Thank you for this opportunity to talk about my codes and myself.

No final thoughts. Just send greetings to those people who help me in so many ways.

[Back to index] [Comments]
By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxheaven.org aka vx.netlux.org
deenesitfrplruua