Interview with Lord Julus by PetiK for PetiKVX Ezine #2 Date : 18/06/2002 Q: Where do you live ? How is the situation of the virus scene in your land ? I was born and raised in the sunny fields of Romania... :-) The virus scene in my country is more or less non-existent, even though there were a few really nice pieces of code produced around there but mostly duringthe good old DOS times. Now the scene is more turned towards worms and exploits as far as I know... Q: Where you get your handle ? It's not a long story. It was a dark night in 1991... My old 286 was on and I was attempting to connect for the very first time to the Internet... There was no browser for me back then, I had a thingie called Lynx that would allow me to browse in text mode and do all kinds of things. Anyhow, I winded up in this chat room... And everybody there had a nick name, like Queen this, Duke that, Count this, and so on. So I quickly typed "Lord Julus"... and that's what remained ever since :-) Q: How did you start out in computers ? I started in 1988 when I first got in touch with a Sinclair ZX Spectrum system. Hehehe... cool machine... It had this type of Basic installed in it's ROM so that's when I started writing my first programs. Then I had a monochrome XT, actually a Hecrules Graphics Card, green and black. On that little baby I learned Turbo Pascal. And that was it... Q: When do you hear the first time about computer virus ? I think I was in school and we had the Michallangelo virus. Then I got infected at home with DirII-Fat. Those were nice pieces of code I'm telling you! Q: What was your first virus ? My very first virus was a DOS virus called Whiplash. It had a sequel too, called Whiplash II in which I was usign all possible know memory allocation methods at the time in an attempt to make it unremovable from memory. It was never released as I moved to windows programming... Q: How did you start out in the VX scene ? In 1997 I sent my very first article on Polymorphism to MrSandman, the leader of 29A at the time. He liked it and published it in 29A#2... Q: What (virus-)groups are you/have been a member of ? How long time ? So, I started in SLAM for about a year, then 29A for a year too. Now I am currently in a new group I formed together with my friends called TKT (The Knight Templars). See the contact info below... Q: Which programming language are you using ? What is your favourite ? Let's see: assembler, C/C++, Turbo Pascal, Visual Basic and web programming thingies. My favorite is still Pascal, but for windows application I use assembler... Q: How many and wich virus (or worm) did you write ? Which do you like best and why ? Ring0.Manowar Ring0.SignOfTheHammer Win32.Julus Win32.Thunderpick Win32.Cargo Win32.Hatred Win32.Rammstein - this one is definetely the best for now... Q: How do you name your virus (or worm) ? Most of the names come from heavy metal bands names or songs... Well, I am a rocker, dude! :-) Q: Do you prefer virii or worm ? I don't like worms. I don't know why, but I just don't. I'll stick to win32 viruses. Q: What sort of VX technics is the most interesting ? That would be metamorphism combined with polymorphism. I see an overall improvement in both of these techniques as years go by and I am sure we will see some more in the future... Q: Do you spread your works ? No... My works are always open source and I just dump them on my site (when I have one ;-)) or I send it too archivers.. Q: What operating system(s) are you using to test your works ? Windows2k and WindowsME. Q: Which ezine do you read ? All of them :-) An informed person is a better person. I like to read new stuff even if it doesn't contain too much new stuff... It's like a hobby! :-) Q: What do you think about dangerous payload ? It's not good. I hate that and I always did... Viruses should be fun and help you learn programming, not destroy other people's life... Q: What do you think about virus/worm generator ? Actually they are quite good for beginners. They can dynamicaly understand what is required in order to change the virus to do different things. Q: What do you think about script (HTML,VBS,VBA) ? I am sure this part of programming will continue to envolve, but the way scripting is done it doesn't pose a real challange and I do not consider it particulary value adding. It's more like a game... Q: Which coder do you respect ? Vecna, Z0mbie, Quantum, Jacky Querty Q: What are your favourite virus/worm and why ? I guess my favorites are all Vecna's and Z0mbie's viruses. I have never ever seen such complex and yet fully functional viruses as these two guys released... Q: What is your favourite AV and why ? It's AVP. I guess that nowadays all win32 avs are more or less the same and none of them really jumps in the front line with any particularities. However, AVP still remains for me the best since the good old DOS days. I used to love TBAV also because it was a very good tool... remember: viruses were declaring in the description the number of triggered flags. Q: How do you see the virus and the worm in the future ? I see a period of decline for Windows viruses with the implementation of the Win64 platform and the new PE file. I see an increase in worms as much more is doable thru scripting. In the further future I see a new wave of strong viruses once people get used to the Win64 platform and again a decrease in script worms... Q: What piece of advice would you give to the newbies ? Don't copy. Use ideas, use information, but try to think everything by yourself. This will help you learn quicker! Q: Where can we see your works and how can we contact you ? You will probably see my newest and olders things on the new site: http://www.templars.org http://tkt.planetsecurity.net/ [mirror] http://www.coderz.net/tkt/ [mirror] My current email address will be listed there... Very Thanx.