Interview with Spanska
How did you start out in computers?
Due to my great age, in the beginning 80's. My very first computer was a TI99/4A, then a C64. After, i used Mac and PC at school and university, but not for programming, just for the classic use of a computer by a student: word processing, calculations, etc... I had my own PC at home in the middle of the 90's, so very late.
How and when did you start out in the virus scene?
The first time i saw the word "virus" , maybe in 1985 or 1986, when Brain was released, i was fascinated. Really fascinated. That was not just curiosity. How could a computer program be "alive" and reproduce itself? I was a science-fiction fan, and of course I had read a lot of story about computers, robots, this kind of things. The fiction became reality. Like Dr Frankenstein, it was possible to feel the emotion of creating something looking like life, to feel like a little god. Writing a virus is a metaphysic experiment.
But i just knew BASIC, and i didn't have any serious computer at home because that was too expensive. So i had to wait a long time before experimenting my own viruses. In 1996, i found an old 386/16 in a trash, at my job. I stole it, bought a monitor, a little book about assembler, and i started to code. First, some little graphic VGA effects, like demos, because i remembered intros of cracked programs in the C64. And one day, i thought: "now, you know enough asm to code a virus". So i downloaded all technical information on the Net (e-zines, tutorials, etc...), and started on the virus scene. My first virus was released at the end of 1996.
Have you written viruses? If so which would you like to take credit for?
I wrote a lot of viruses at home, but i just released 4 viruses at this time (september 97): NoPasaran, Cosmos, MarsLand, and Elvira. All non-destructive, it's very important i think, and all with graphic effects. Something like auto-reproducing little demos. I sometimes spend more time to code the payload than the infection routines. Well, i really like the voxel effect in my MarsLand virus, and the more complex routines in my last bug, Elvira (4250 bytes).
How do you name your viruses?
I try to choose some poetic names, or names with a signification. That can be because of the payload, or because i dedicate a virus to someone. But AV do not like poetry, so they name it with some technical names, like Spanska.1120. NoPasaran was dedicated to young anti-fascists fighters in Spain, Cosmos to Carl Sagan, MarsLand to nobody, and Elvira to the girl that i love.
Which programming languages do you know?
The C64 BASIC, but not very useful nowadays... and the assembler.
What programming language do you like using the most?
The only that i know: assembler.
Are you a member of a VX group?
No. I sometimes think that would be cool to join a group, but i'm too free to accept a group's conditions, even if it's just to release an article at time for a zine. I code when i want to code, i cannot force myself. Sometimes i spend one month without coding. And computing is a lonely activity, especially underground computing. I like to talk about virus technics or philosophy with other coders, but that's all.
Which AV software do you like/respect the most? Which the least?
First, the least: McAfee. I think i don't have to explain why.
I use at home 5 AV softwares: AVP, F-Prot, FindVirus, TBAV and DrWeb. They all are good products, with powerful heuristics capacities. I respect the guys who code these softwares. I think a good heuristic algorithm is as interesting as a good infection routine. I like both virus and antivirus technology. A lot of virus writers hate AV guys. I do not.
The case of TBAV is special. It's a very good soft, but it's too a necessary tool for the virus writer who wants to avoid heuristic detection, because of the description of the flags, and its speed.
What are your goals (VX wise)?
My goals? I would like that an average user hit by one of my viruses begin to think: "Hey, the graphic effect is cool, and this bug did not destroy anything... Let's read the message... It's about what? NoPasaran? What does it mean? Spanish Civil War? What's that? Let's find some information about this! Finally, viruses can be sympathic...". Here's one of my goals. Maybe very naive, but i would like to show that viruses can be used as a a way to communicate something. Like graffitis on a city walls, a way of expression between message and art. I use computer monitors and assembler like others guys in the street use walls and painting sprays.
This is why i really appreciated when i saw in the F-Prot web database the explanation of the NoPasaran meaning.
What is your view on the continuous 'war' between VX and AV.
The term "war" is a little exagerated. I prefer "game". Like the cat and the mouse. Because the only thing that we can kill are bytes, not humans. It's a big difference.
There are some neutral places, like alt.comp.virus, where both sides can speak together. And it's not always insults. Sometimes a little nervous, but it's normal. What people do not understand generally is that each side needs the other side. For us, a virus often really start to exist when its name appears in AV databases, when people know it and start talking about it. And AV would not exist without virus coders. In biology, it's called symbiosis. And it's interesting to see the co-evolution. One side invents a new technique, some monthes later the other side invent an original routine to avoid/detect this new technique. There are a lot of analogies with biological world.
Talking about war, a funny thing that you discover when you read each day alt.comp.virus, is that discussion between different AV guys is sometimes far more hard and full of insults than between AV and Vx guys. Look at a dialog between Zvi Netiv and Vesselin Bontchev or between McAfee and DrSolomon staffs, you will understand what i mean.
Where did you get you handle? What does it mean?
"Spanska" means "the spanish guy" in swedish. But i'm not from Spain, neither from Sweden.
What is your view on Virus Creation software (eg. VCL, PS-MPC etc.)?
Creators are ambiguous. They have, like everything, two opposite sides.
On one side, they are cool to put the chaos in the AV world, because these guys have to fight against thousands of different variants.Time and work they cannot use against our original creations.
On the other side, they are dangerous because they bring virus technology to everyone. All the guys i knew that used creators didn't know programmation, and just wanted to destroy. When you want to create something, a symphony, a house or a virus, first you have to learn. It's a long and hard time, but necessary, because during this time you can think about what you are doing, and see if you really want to go until the end. I don't know a single good song made by a guy that do not know music.
What is your view on macro viruses vs. assembly or HLL viruses?
I do not know macro languages. But it's interesting, because it's a new way. Operating systems are becoming more and more complex and protected, so we have to find new manners to create reproducing programs. Macro viruses are symbols of this evolution.
Have you ever confirmed one of your viruses 'in-the-wild'?
Two of my viruses are in the last Joe Well's Wild List (June 97).
Which VX E-zine do you like to most? Which the least?
I like the good oldies, like 40Hex or Vlad. But some new zines are quite good, like 29A mag, which contains a lot of new and original viruses/articles and which have a very high technical level (even the mag viewer is excellent), Source of Kaos which is very dense, technic and intelligent and do not contains habitual teen's point of view ("Kewl man! My virus is da best! I'm the King! Kill all lamerz computers!"). Xine is cool because all the articles are very pedagogic. And SLAM mag is becoming better and better.
The least? Well, i don't know. Maybe one zine called Virus World that contained articles stolen in others zines or in AV databases, with signatures changed. Or Asterix, not because of the articles, but because i never was able to install it.
Which individual or what group do you like/respect in the VX world?
I like Griyo, this guy is a great coder. I respect Rajaat too, because he always invents new original things, and his articles are very well written, very clear. I like people writing tutorials, because it's harder than to just write code. Mark Ludwig's books are cool for that. On the web, i love the job made by Poltergst at WCIVR and by you, Cicatrix. When you have VDAT, you have all. There are new french coders too, not known for the moment, who start to code good things (Unknm Mnemonic, Omy l'Architecte, Kawik).
In the AV world?
I don't know very well AV people. I respect their products, i read their posts in alt.comp.virus, but that's all. Pierre Vandevenne, a belgian guy working for DataRescue (they distribute F-Prot) is cool, very funny and quite open-minded.
Which individual or what group do you like/respect outside the VX or the AV world?
I like demo coders. They program things really incredible, often beautiful, and their motivation is not money. I like limited-size demos, sometimes really ass-kicking: a textured-mapped, phong-shaded rotating 3D object in 4 Ko, a voxel effect in 128 bytes...
What is your view on destructive payloads in viruses?
I really do not like that. Viruses are basically auto-reproducing programs. Destruction is something different. Users have to understand that both things are not always linked. There are two principal reasons why i will never put a destructive code inside one my viruses. First, i respect other people's work. A virus can perturb the launching of a program, well, it's not very important because you can reinstall it. But purposely and definitively destruct personal datas is a stupid and primary thing. This is my moral. Each one have his own. The second reason is that a destructive payload is too easy to code. Formatting a HD? Twenty lines of assembler, coded in one minute. Deleting a file? Five instructions. Written in one second. Easy things are not interesting for the coder. I prefer spend weeks to code a beautiful VGA effect. I prefer create than destruct. It's so important for me that i put this phrase in my MarsLand virus: "Coding a virus can be creative".
Do you think there is such a thing as a 'good' virus?
It depends on what you mean by "good". I sometimes consider viruses as artistic creations. Is art "good" or "bad"? I don't know. If you mean "useful", why not? There are programs that use virus technology to crypt disks, like KOH, or viruses that compact programs, like Cruncher. Doren Rosenthal proposes a safe virus to test AV softs. It's easy to imagine viruses that can disinfect other viruses, or eliminate unnecessary files, or what you want.
What do you do in 'real' life?
Something very far from computing.
Do people outside the VX scene know what you do (parents, girlfriend, etc.)?
Yes. My family, my friends, my girlfriend all know.
Do you do other computer stuff outside VX (Hacking, phreaking, warez etc.)?
Some hacking, but at a very little level. I read a lot about all undergound computer activities, but i do not have the time to practice.
Should viruses be illegal? Is there a difference between creation and spreading?
Generally, coding viruses at home is not illegal, but spreading them is. I think it's normal. In a democracy, laws are made to protect citizens. Including against viruses. That just reflects the big difference between creation and spreading. But i like to spread a lot my viruses, using the internet. They do not destruct, so there's no ethic problem for me. It's illegal, sure, but doing illegal things with some risks is always funny, no?
Describe the perfect virus.
Perfection does not exist. But a cool virus could be multi-OS, multipartite, full-stealth, polymorphic, etc...
What is your view on Windows (95)?
I don't have W95. About Windows in general, the classical thing is to spit against all Microsoft creations, when you are in the computer underground. We just forget that there are millions of guys all over the world that use computers just for simple things like word processing, and do not even know the difference between a Mac and a PC. For these guys, ergonomic and easy-to-use systems like Windows or MacOs are perfect. It's so stupid to tell them "Use Linux, you lamer!". Well, that does not significate that i love Windows. But i use it.
What is your advice for people just starting out?
Do not destruct and be original!
Where can you be reached if at all?
Any other comments?
Computing is cool, internet is cool, but real life have a better taste than virtual and binary life.
Short responses to the following names or words:
- Dark Avenger
A bad genious.
- Dark Angel
I started with his tutorials.
- Sarah Gordon
Very interesting articles about us, the virus coders.
- Fridrik Skulason
F-Prot is a very good soft.
- Alan Solomon
Heuristic in FindVirus is not easy to beat.
Not my cup of tea for the moment, but that can change.
I do not say that because this is an interview for you, but when i first found it, that was like a dream. All the up-to-date virus information (and when i say all, it's really all), tutorials, groups presentation, in one database with an easy interface. A very great job, and the most important, very useful. I use it each day.
Not interesting. When i want up-to-date information about a particular virus, i go to the web site of F-Prot or AVP.
The unique language to dive into the guts of a computer.
Interesting to force AV guys to find a special algorithm to detect your virus. Do not subestimate them and think they will never detect it.
To slow down detection of a virus by an average user.
- I hate......
- I love......
... to learn, always. To talk, to travel. Paris in the morning.
Two sides for the virus world. Useful to spread viruses very quickly, but anti-virus info also spread at the same speed.
Not very interesting, or just to answer/ask some technical question. Ideal for wasting time.
Another world where viruses exist too. But if you don't play safe, that's not datas that you can loose. That's your life.
- World War 3
Fuck, Cicatrix, did you take cocain before writing all these questions? :)
From what part of the world are you?
Would you ever release a virus creator?
No, i don't think so. I prefer spend time coding my own viruses.
What is in your future virus wise?
I don't know. Maybe tomorrow i will stop coding viruses. Anyway, i will try in my future productions to create some incredible payloads (with music, 3D graphics, etc...), embedded inside globally good viruses (poly, TSR, stealth...). I want to create a boot virus, too, by curiosity.
Have you written or are you going to write any tutorials/
No, it's too difficult. Or maybe for beginners, but i already know good ones.
Any other ideas or thoughts that would help improving VDAT?
VDAT would be absolutely perfect if you realize the idea i saw in your site: an index of all articles publicated in all zines. A kind of research engine, by keywords. Because how many times i remembered a routine seen in a zine, but impossible to remember in which zine, which number, etc... If you do that, you are God.