VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Ripping Source

Vlad #1 (text)
October 1994

[Back to index] [Comments]

It has been 3 weeks since you started programming your new virus, you've included features never seen before in the virus world. It feels good to have the extra knowledge. Then you decided to release the source code out of the goodness of your heart for people that were once like you to learn and become competent virus writers.

Well that's about as far as it gets, because that's when you start to see copies of your virus with other peoples names in them. The same source, perhaps a piece of destructive code that wasn't there when you last looked but the same virus. The feeling of goodness goes away rather fast.

Nope, it's no fun to have your virus ripped to shit all of a sudden. Evading virus scanners by strategically inserting NOPs around the place is so easy! (except for those scanners which ignore NOPs heh) The scan strings used by most scanners can be found without too much difficulty. Releasing this as a new unscannable virus with your k-rad message "i WRoTe THiS11" is not the way to go. It levels people with rats.

We all have to learn from somewhere but is ripping a complete virus and making a few changes here and there the way to do things? Surely study of several codes together will allow you to learn how each module of virus code works and piece together your own. Still, when using whole routines from other peoples virii unless you acknowledge the original author, what you're doing is stealing!

When the people that wrote the virus find out who the little shit that modified their code is I don't think they'd be very happy. A nice phat trojan would be hopping their way I think. If you can't write a virus, don't release one! Simple isn't it. There are so many virii out there, so many that you may write a virus from scratch and McAfid Scan tells you it's the [XXX] XXX virus when it ain't! Scan strings are like the phone numbers in Australia, they're running out. A classic example was the No Frills virus when it was identified as the Feist virus. Sure, SCAN now has NF specific scan strings but it was a bit of a bitch.

Why do people do it? Perhaps because they can't write virii for shit and want to see their name get everywhere. Well it would be quite easy for most people to grab hold of VCL or a similar program to do that sort of thing. Why rip original work that took someone ages to write! VCL is made to produce virii which people can personalise. A text editor and someone elses source code can do the same thing, but you're stepping with the thieves of the world when this happens.

There are so many virii in the world, it's getting hard to come up with new ideas that haven't been done already. If you do manage to turn out something new it will gain you respect from others! So why rip now when you could learn and try for the top when you're ready? I don't know.. after all, assembler definately isn't one of my favourite topics right now.

This isn't directed at anyone, but it seems these virus mags are like magnets to lamers who want to get their school back for all those years of pain by ripping a virus and causing havoc. So for the serious virus authors out there, keep up the good work. For those that think they can rip away if they feel like it, get back in the kennel.

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka