In the News Brought to you by Horny Toad This is the fourth edition of the Codebreaker's "In the News". I think it is important for us to know what is going on around the world, and how other people perceive us. This edition of the news is going to be peppered with a few hacking articles. Although the Codebreakers have shifted focus away from hacking, I still think that some of them are still pertainent and are interesting to read. Hey Bach, look at this! ------------------------ Mid July 98, Symantec released stunning reports of a 33 percent increase in the number of Macintosh viruses. The increase was seen mostly in the past few few weeks. Symantec has no explaination for the unprecedented rise in Mac infectors. But we sure do. Our own Codebreakers member Bach has been leading the way in new Macintosh infection techniques. I was recently at a security update conference. When the speaker came to the virus portion of the presentation, he announced that someone had written the first Macintosh polymorphic virus. I almost died. In my mind, I was laughing my ass off, that "someone" is a member of the Codebreakers! Bach is without question the leading Mac virus writer. If you have any doubts, just look at his tuts. They are the best in the business. According to Symantec, they have been finding many of the recent Mac viruses through its Seeker technology, a web spider designed to scour the net and gather files for analysis. Recently, Symantec created antidotes for two variants of the AutoStart Worm. Anyway, screw Symantec. Keep up the good work Bach! BIOS virus - Win95/CIH ----------------------- Brought to you by the Codebreakers - the original source to the Win95 CIH virus. This virus set a panic through many of the AV companies. The technology is here folks. This virus will go down as one of the greats. The virus spreads through windows and has the ability to overwrite a portion of the BIOS on many flash ROM chips. Many computers, especially in the United States, will not be affected by the BIOS infection portion of the virus, but those that are will experience some really frustrating shit. Enough talk....look at the code and learn. First Female Hacker Convicted! ------------------------------ Yes, women can do it too. In June, the first woman convicted of computer hacking in the United States was sentenced to five months in jail and five months house arrest plus a $35,000 fine for breaking into a US Coast Guard computer. Although the hack was pretty lame, stealing some passwords and accessing the Coast Guard database from her home computer, this is the first instance of a woman being convicted of hacking. In the past, several women have be charged with hacking, but never convicted. I personally like to meet a few women in our business. I would love to have a girlfriend who was really into it, but most of the time, I find that girls are disinterested. Oh well, no centerfolds in the Codebreakers virus mag yet. Actually, that's a good idea. Any girls you know who would like to pose for the Codebreakers mag #5 centerfold? The Worm Man ------------- I don't know if any of you remember (you should) 10 years ago, Robert Morris unleashed the Internet Worm. The Worm infected and screwed over 6,000 computers including sensitive hardware owned by NASA and the Department of Defense. Robert Tappan Morris was a 24 year old Cornell student and a programming genius. He claimed that an error in his program caused the Worm to go berserk jumping all over networks frying computers and stealing passwords. That was one hell of an error. I wish that I could have an error in my programming that would cause that type of panic. All errors do for me is produce un-compilable code. In 1990, Morris was convicted of computer fraud and fined $10,000. He also received three years probation and had to perform 400 boring hours of community service. Morris' name popped up the other day when Yahoo bought the company Viaweb, a company which was cofounded by Morris. Morris is now finishing up his PhD in computer science at Harvard. If anyone can get a hold of him, I want to interview him. Actually, since he will most likely be reading the best virus mag in the world...I might as well just ask him right here, "Morris, dude, I want to interview you for the next Codebreaker mag. We need to discuss exploiting errors in programming - hehe." Actually what is really interesting is seeing all of the underground guys moving onto some incredible jobs. Morris being one of them. Take David LaMacchia, accused of computer piracy for doing warez stuff on local BBS's about 4 years ago. He is now a big hot shot for Oracle. Kevin Poulson, a crazy bastard, and Randal Schwartz are both respected columnists. Two elite hackers, but well respected computer geniuses. Poulsen became a fugitive and a hacker legend after he gained access to sensitive FBI investigations in the mid 1980's. Poulsen, the "Dark Dante" was eventually caught and sent to prison for five years. I wonder what great things Mitnick will do when he gets out? Gates, watch out. Boy, can you just imagine how cool Microsoft would be if Kevin was running it! Trojan on the loose -------------------- No, I am not talking about some animated condom. Solomon has released a report that they have found a new trojan horse which specifically targets Windows 95 and NT dial-up networking users. The trojan steals ISP passwords and emails them to the author. This is the first trojan that has been specifically designed to target Windows95/NT. By stealing the password and user identity, the trojan author has unlimited access network and ISP accounts. In several cases, the users have been locked out of their accounts while the infamous trojan author has hacked away in their names. Many of the AV companies are spending thousands to prevent such net attacks as malicious Java and ActiveX viruses. This trojan exploits the flaw that Windows 95/NT saves the password linked with a given user ID in the Windows sub-directory so that it can be automatically supplied when the users logged on. The trojan searches the user's phonebook for a list of phone numbers and the latest user ID for each entry. It then emails the results back to the author. The results are of course encrypted, but decryption programs can be found everywhere to retrieve the passwork. I personally can't stand Solomon's shit. It is way too sensitive and gives numerous false findings. Another reason is that they are so damned full of themselves, it makes me sick. World Cup Fever ---------------- France should have lost. I got sick watching the World Cup this year, it sucked. Hundreds of other people besides me were pretty pissed when the W97M/WorldCup98 macro virus fucked their computers. Panda Sortware released info about the World Cup virus designed to screw computers on July 12, the date the World Cup games ended. The Madrid based antivirus firm described that the World Cup virus contains two macros, WorldCup98 and Pronostic. Panda said that 40% of the time the virus adds a message to a user's autoexec.bat along with two lines containing the format command. In 27% of the cases where the virus is found, it affects the C:\DOS, C:\WINDOWS\COMMAND directories and the IO.SYS and MSDOS.SYS files in the C:\ directory. In the remaining 33% of the cases, the current text in use is modified and printed. If Word is opened on July 12 or if the seconds of the internal clock are at 12, the WorldCup98 macro will initiate one of two commands. Half of the time, a dialog box appears containing the names of the nine teams competing in the soccer championships. The user will then be prompted to type in his or her favorite team. If the choice coincides with the one the virus likes, a congratulation screen pops up. Otherwise, a message appears expressing sympathy. The virus executes regardless of the answer and whether or not a response is given. Don't ya love them macro viruses? Russia on the attack --------------------- On 22 July 98, servers of the Meganet Corporation were subjected to two massive attacks originating from a URL belonging to the Russian Academy of Sciences in Moscow. The attacks came from "lab1313.chph.ras.ru". Meganet Corporation is responsible for authoring the Virtual Matrix Encryption (VME) system. VME is currently the most advanced encryption system on the market, offering a 1 million bit symetric key. The two attacks, comprising of tens of thousands of hits, failed due to the fact that Meganet does not keep their source code on the servers. VME was born from the call for a more advanced system after the DES algorithm was recently compromised. By the way, Meganet is offering a $1.2 million prize if you can break their code. Good luck. VME is the only algorithm that does not encrypt the data nor transfers it. By comparing the data to a random built-in virtual matrix, a system of pointers is created, which are meaningless outside the context of the matrix they belong to, and then are repeatedly encrypted in a plethora of algorithms. Piece of cake, right? I'll bet Sea4 has already started on a system 10 times more advanced. Meganet is playing off the recent two attacks saying that even if the algorithms were compromised, the set of pointers would be completely unrelated to the original data. Check out Meganet at www.meganet.com. Time to hit Japan ------------------ According to current figures, computer viruses are on the fall in Japan. For the second month in a row, the amount of infections are dropping every month. Actually, there has been a 42 percent decline since last year. There are an average of 200 reported virus infections a month in Japan, with honors going to the macro virus. Reports do show that a new virus has emerged in Japan, AutoStart9805, a Macintosh infector. AutoStart9805 forces users to restart the computer or damages files by infecting the extensions folder of the Macintosh. Many new Excel and Word viruses have been found recently too. I have no idea why figures are showing such a decline in Japan these days. I do think that they are feeling left out. Therefore, in your distribution schemes, try and remember to funnel some of you infectors to the land of the rising sun. Sara finding many Viruses -------------------------- No, I am not talking about the Gordon bitch. (S)ymantec (A)ntiVirus (R)esearch (A)utomation, or Sara for short, is a three year old computer used by Symantec to weed out many of the basic viruses that the company receives from people every day. It takes virus experts at Symantec an average of three days to come up with an antidote to newly found virus strains. Sara takes over 100 infected files a week sent in by customers and sorts through them testing to ensure that the files are in fact infected. Then Sara tests the viruses against its 15,000+ database of common viruses. Any new and complex viruses are then channeled though to the engineers for study. Antidotes to new virus strains are then uploaded to the Symantec Web site weekly so that its customers can get updates. Symantec states that only 10 to 15 percent of the files that are sent in to the company are in fact legitimate infections. Sara has the ability to write antidotes to the more common viruses. The more advanced ones are sent to the engineers to be attacked. Sara is run on a Pentium processor under Linux. Let's try to find some way to make Sara (the computer and Gordon) choke on one of our creations.