Interactive interview with Rajaat ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ I found Rajaat at some .uk address while chatting on IRC. Since I at that time had plans for releasing issue #7 and needed to fatten up it a bit, so I asked for an interview and he agreed on doing one. While talking, it turned out to be a very large interview, and I think it became more of a conversation. Since this interview was done, several interesting things that you should be aware of has happend with this character. Some things written here isn't correct anymore. Most important to be aware of is that Rajaat is a member of a new viruswriting group known as Genesis. Genesis aim for quality, and I'm happy to see that Rajaat is not a loner anymore and have find a group in where he really belongs. You saw tb_bug by Rhincewind/Vlad and Rajaat? Well, you've seen nothing yet.. This article has been edit by me to keep it as "clean" as possible. There you go.. TU = The Unforgiven RA = Rajaat TU> You probably have read a few of our old interview's with a few other (fame) scene-guys, so, prepere for the same kinda questions as for starters.. . . 'Introduce yourself to the readers. . ' RA> I'm Rajaat, a newcomer in the virus scene and I hope to stay longer in here than all other virus writers from the UK, like ARCV and Black Baron. TU> Yea, we can always hope so :). Do you have a question you would like me to ask because I don't have too much information about you (except from what I could obtain from your viruses/engines released)? RA> Heh, you can always ask me why I started to write viruses or how I got involved in writing these things.. TU> Yea, ok. Let's take the normal questions as for now, and then I might know you better after a while :). So, why did you start write these kinda programs? RA> Eh, as long as the feds don't get to know me better! HAHAHA! The reason I write these viruses is simply I got nothing better to do. After some incident I got kicked out of college and hanging out on the streets sucks, so I better stick to programming. TU> Any specific reason to you were kicked out from school? RA> Yea... :) It had to do with some account stealing (from other students) and releasing a virus in their directory (and infected their programming projects), that the teachers had to check (at home, eventually). HAHA These stupid goofs got fucked over so they couldn't judge us.. TU> How did you got caught in the first place? RA> I was one of the few assembler programmers there and ofcourse my programs weren't infected :) And they found a list with hacked passwords in my drawer. TU> Ah, okay, I see. . You said you had nothing better to do than to write viruses but why didn't you instead start to program something useful. Then people would appreciate your programs instead of being scared of them? RA> I can't think of anything useful, most utilities are being written already. And, like you, there are people that like viruses. TU> I don't like viruses, what makes you think that? ;) RA> Why would you otherwise write Insane Reality? Or is it something you just have to? I just like to program them, it's a challenge. TU> Now, you're the one asking questions :). So, let's continue. . . From where did you got your handle "Rajaat" ? RA> If people know Advanced Dungeons and Dragons (a role playing game) they also might know the Dark Sun world. Rajaat is the one that invented sorcery there and he is the creator of the Champions, like Andropinis. TU> Oh, I see. Has AD&D or role-playing in general influent you in any way when it comes to writing viruses? RA> No, I just use the names to give my children (the viruses) a name, nothing more and nothing less. TU> Isn't it kinda pervert to refer your viruses as your children? RA> No, see it like this: I created them, I'm the father. I use Turbo Assembler and you can consider it the mother, ah, I don't know, but I feel like I am the father of them. TU> Ok, I've heared stories about the viruswriters refering their computer to be their girlfriend and the virus is a result of love between the writer and the computer :). But that is another story, so is this also your motivation to write viruses, to create life and alternative lifeforms? RA> No, I just do it out of boredom. I can't think of any useful programs to write and writing viruses may bring fame to me, and the UK needs a boost I think. It has been quite silent in here for a time. TU> Hmm, think you already said that :). Yea, aren't you btw afraid to get caught by Dr.Solly and Scotland Yard computer-crime division or so? RA> Ofcourse I am, but that will not stop me. I am hard to trace, because I don't be on #virus but a more general channel and not even using the name Rajaat. Furthermore the viruses I spread on school weren't made by me, so that should give them a hard time to find out. TU> Which viruses did you spread anyways? RA> The ones that are already very common, like Junkie and Tai-Pan. TU> Funny, consider both of them are swedish viruses :). Hmmm, which kinda virus do you like (a few examples maybe) and which virus-writers do you look up to? RA> Er... I don't have many examples, but I like the viruses of Qark (to whom I send Andropinis (anonymously)) and of Priest, but apperently he quitted virus writing. I don't have many idols, because I don't want to influence my programming with other techniques. TU> Haven't you considred joining (or forming) a virus-writing group? RA> Yes, I wanted to join VLAD, but the danger is that the more people do know me, the more chance I have to get caught in the end. It's better that I do contributions to various magazines using a anonymous account. I don't care if I work alone or not. TU> Yea, that seems to be a smart move. Hmmm, how about contributing some new virus of yours to this issue as well? RA> Sounds good. I still have some stealth bootsector virus here somewhere on my disk. I will comment it a little more and then DCC it to you, ok? TU> Yea, send it to tuir@fotd.mcn.ru. What's your policy about destructive viruses, and how do you define destructive viruses? RA> My opinion is that a virus gets more attention if it's destructive. TU> I saw a polymorphic engine by you btw (Thanks for the greetings!), say, what kinda questions can I ask about that? RA> Hmmmm.. I don't really know, it's not very polymorphic and should be easy to crack, but it was just made to make it impossible to use a scan string for a virus. I just used it myself once and that's it. I don't know if there are other viruses that use it. Maybe I will write one engine for polymorphic bootsector viruses HAHAHA! TU> How to detect it then, with cryptoanalyze or something like that (or have you written detection for it yourself)? RA> You can use cryptanalysis for it and it's also possible to trace the decryptor, like TBAV does. It's just that they have to do something more than usual to detect it. I think the better AV'ers will have no problem detecting it. TU> Yea, stupid question of myne btw, I already knew that :). Hmm, which engine do you like the most? Hmm, know this (also) is a kinda stupid question to ask since it's like 25 (or so?) engines out there and nearly none of them is released with source-codes making it exteremly time-consuming to make a depth-in study of them all.. RA> I never bothered to look at them closely, indeed. The ones I liked however are DAME (of Dark Angel), the engine in Natas, the engine in Level_3 and TPE 1.4, but I don't have the source code of the last mentioned. TU> Yea, so, why didn't you released the source-code to your engine? RA> Nobody would use it, though. I think I will clean up the comments and send it to you sometime, I don't know. RTFM seems finished to me, and continueing it seems a waste of time to me. TU> Ok, enuff about polymorphism as for now :). How would you descibe the perfect virus? RA> A virus that takes to much time to detect (by a scanner) that it better can be discarded from it. ;) I don't think there will be the "ultimate" virus. TU> Yea, polymorphism might be a step toward the right direction, but it's still far from the final solution. RA> The engines of today prevent easy recognition, but they lack the protective mechanisms that are needed to conceal the virus from debugging. TU> So, you think an utility that would support stealth, advanced-polymorpism, retro-functions of any kind would be a logical step to do? RA> No. I don't believe in stealth techniques very much, except for bootsector and partition record infections. File stealth is too "fragile" to do. I believe in polymorphic engines than also generate polymorhic anti-trace routines, like the Ultimute engine, but more advanced. TU> Hm, retro-functions and polymoprism might fuck the AV'ers and the researchers up, but for the normal user (the one's who get struck with a virus) it won't really matter. If they notice a virus they won't remove (or debug) it themself anyway (not in most cases that is). Then - stealth might be better for spreading purposes because they won't detect it in ages. . Like with Natas or a virus of that capacity. How easy is that do detect for the average Jow-Blow? RA> Hmmmm, I still don't like it. Look for example at Andropinis. It's very easy to detect in .COM files, but there is also the MBR infection that is stealth indeed. If I have to use stealth on files, it would probably only hide the file size and I would not bother to write a heap of code just to make it also full stealth. (* Full stealth = disinfection/redirection on files as well, - ED *) TU> The package you described above called "Ultimute engine" which Stormbringer (read: Black Wolf) wrote, what does it do? RA> Oh, I didn't knew Black Wolf = Stormbringer! It's an engine that generates a decryptor peppered with some antidebugger tricks, but the way he did it can't stop the people who know debugging/tracing tricks well. I have a few ideas, but I don't know if I will make such an engine, but it's on my "to do" list. TU> What ideas? Or is this private information? :) RA> I'll tell you when the product is finished, I don't want to reveal anything until it's ready, as with my virus project I am working on. TU> Ok, how about ART (Antigen's Radical Tunneler), any comments about it? RA> I've looked at it and it looks very nice, but I won't use other peoples code in my viruses. I rather bother to make an own tunneler instead. TU> What makes the tunneling code in ART so special you think? Isn't it a waste of bytes to use as much as 1407 bytes for tracing interrupts? RA> Yes, consider this: you program a virus that uses ART (1407 bytes), regular code to infect COM and EXE files (maybe 400 bytes), bootsector and partition record infection (512 bytes in every case) and some stealth and a polymorphic engine (larger than 1024 bytes for sure). That will make a *huge* virus! TU> Yea, but was that really an answer to my question? :) RA> Let me put it this way. There are far more easier tricks that also work and that will take at most 400 bytes. I don't care if ART works with DosEmu of Linux. How many people will use that? I rather write a normal tracer that detects and skips TBDRIVER in memory. There are a few other monitors that block tracing, but TBDRIVER is the most common program used, I think. TU> Yea, and it only takes about 15 bytes to disable tbdriver anyway, a lot of viruses does that, but do you consider it a waste of bytes to include ART for tunneling-stealth? RA> Yes, I do. The idea was very nice, but it won't be used by virus writers. I rather use that 15 byte code you mentioned and then trace to the original interrupt 21h. TU> Yea, ok. It's the same thing as with polymorphic engines; Noone will use them except for their creators, still Antigen released 2 versions of ART, but no virus using them. Hmm. Ok, let's go on with something complete different, shall we? (* Sidnote: VLAD#5 included a virus of Antigen which used ART, this interview was though done before vlad5 was released *) RA> Uh, OK... (Eddie Murphy intonation (RAW)) TU> Ok ;). So, how are you in a private matter? As most news-paper would describe us (remorsless, rebellion teen with an attitude, a social failure, a malajusted misfit, a . . . . :)), or ? RA> I'm a very quiet person, there aren't many people that like me, because I don't value properties belonging to someone else. Hence the virus spread on college. I didn't care if they lost their project because of that. The only thing I like is an escape from reality, preferably with booze or role-playing. TU> Yea, "rather flee the (insane) reality of today, then facing it" :). So, how did your parents react when you was kicked out from school? Mine didn't like that very much I can tell. RA> Hmmm. After their divorce they just fight with eachother about the house and the money and me and don't listen to me anymore. I can't talk things with them and when they found out I was kicked from school my mother just said I should not hang out on the streets. TU> So, your mother wants half? :) RA> Half of what? I don't like talking about it, it caused me a lot of pain. TU> Uh, (Just a RAW joke, ya'know.. no worries!). Hmm (sorry!), So when did you start with computers and this sort of things? RA> Hmmmm, I don't exactly know at what age I started (I think 12 or so), but I used a MSX at that time. At college I had to work with PCs, and to buy me off, my father purchased a computer for me (to get in favor again). Now I use his present to make viruses HAHAHA! TU> You think he would approve? RA> I don't know. I never told him and I won't care either. I rather leave my parents at once and live on my own. TU> You seem to say "I don't care" often :) RA> Why should I care about something if nobody cares about me? TU> Probably because people only will care about you if you care about them in the first place? RA> I once cared about my parents, you know. But after they divorce they seem to have forgotten they still had a son. And why should I bother cleaning up their messy life? But enough about that, let's continue talking about viruses. TU> Sure. How many and which viruses has you written to this day? RA> I have written 3 resident EXE viruses, 2 resident companion viruses (one of them uses interrupt 28h (dos idle) to infect as fast as possible), 2 non-resident COM infectors (one using RTFM) and a multipartite COM infector (Andropinis) and now a stealth bootsector virus (Uniform). TU> Quite some collection. . . Which virus group did you vote as no #1 as for VLAD#5, and how does your voting in general look? RA> Vote? I didn't get a vote thing! TU> Uh, ok, nevermind, it was a voting (kinda who's the best thing concerning groups, viruses, writers and so forth.. ), but ok, without your result being published, which group are you in favour of? RA> I would rank VLAD as the best, because they are very inventive. The best virus I saw was Natas, it was very good programmed. TU> Ok, now, let's discuss av-programs/persons and so forth so the AVers also can enjoy this thing, shall we? RA> What do you want to discuss about them? You mean if I like some of them or not, if their program is good or not? Hmmm, I don't like AVers at all, they all bear some resemblence with Alan Solomon, so I don't wish to talk to them. The antivirus program I like is TBAV, F-PROT and AVP, the rest is not interesting, save for spoofing them with a virus. TU> I agree you concerning the AV-programs, however I'm afraid that my attitude towards the AVers somehow has become better during the years - less hostile and perhaps less agressive as well. Hm, why do you have this bad-attitude towards AVers that hasn't done anything to you? RA> They would if they had the chance to, I don't say I hate them, but I won't discuss things with them or even talk to them. They won't see me as a person, but as a virus writer, so I consider talking to them as a waste of time. TU> Ok, what if I was a researcher as well, wouldn't you then talk to me either? RA> I don't like dual edged swords, if you know what I mean. So, then I won't talk to you. TU> Ok, before we continue then, sure I make an anti-virus to one of my own viruses, but released another better virus in the remover for it, would that be acceptable? (* This is the Petra-rm story.. *) RA> HAHAHA! Why yes, ofcourse it does. Making a remover for a virus doesn't say you are a researcher, and spreading a virus in it is a great idea. I think I'll hack McAfees scanner for a virus of mine. TU> Yea, that is a great idea I think. But I did a lot of research before writing that virus, now - isn't that to be a virus-researcher? :) RA> Yes, but not acknowledged. With researchers I mean Alan Solomon, Fridrik Skulason, Frans Veldman etc. TU> Yea, AV-researchers that is. Ah well, nevermind. so what makes you think the AV-programs named above makes them interesting? RA> The programs do their job, as supposed to. F-PROT has an accurate identification, TBAV has pretty good heuristics and AVP has very nice virus demonstrations in it. TU> Any comments about VSUM and Patricia Hoffman? RA> HAHAHAHHA!! TU> That is suppose to mean that she is the biggest failure in the community? RA> No, not exactly, she made money with it, so she is not a failure. But I don't value VSUM. TU> Because of the oh-so-holy messed up descriptions of 99% of all viruses included within? RA> Yes. I don't know how she manages that. She surpassed me with fucking up descriptions. I just described Andropinis very well, so she can simply copy it into her database. I don't like if she messes up descriptions of my viruses. TU> No, who wants his children to be called cripples when they're not? Hmmm :). RA> Definitely not me. I think she lost track describing viruses when the rate of discovered viruses increased rapidly. Hmmm, this turns out to be a whole conversation instead of an interview, but that's no problem :) TU> When the viruses began to increase very rapidly was in 1992 or so I reckon, was you into viruses back then? RA> No, I didn't write viruses, I just collected them. I even bought "The Virus Clinic" at that time. But he got busted by the beast. TU> are you refering Alan Solomon as the beast? RA> He is! He just does that to get his face in front of the cameras again and doesn't give a shit about the rest. TU> I agree ;). Hence the articles published in IR#5. Hm, but what do you think about his program? RA> I never seen it, just heard of it. It's supposed to be good, but I can't judge it. TU> Due to the fact that you hate him? RA> No, because I don't have his product. I don't hate him, maybe fear him is a more appropiate word for it. He's one bad motherf*cker. TU> Ok, so have you been involved in any other 'underground' activity than virus-writing? RA> I used to hang out often in #hack, but since I started writing viruses I left that channel to be more secure. I am not affiliated with any other activities, I just started writing because the UK was too silent. TU> Well, not very strange due to the fact that Dr.Solly has succeded in busted pretty much about every virus-writer in the UK. I think you are the only english viruswriter left... RA> Maybe there are others, I don't know. But I am certainly the only one that now surfaces, yes. Maybe the fact that I am the only virus writer in the UK makes me a bit famous. . TU> Yea, and maybe this little thought-to-be-an-interview helps? RA> I don't know and do not care either. I just felt like talking to you. Maybe it helps, indeed, and if that's so, it's fine. TU> So, how has the 'scene' and viruswriting influent you in real life? RA> It did not influent my life at all. Just instead of trading viruses I started to write them myself. I think that's all. I don't have many activities beside computing, except for drinking in a pub or so. TU> You seem to spend a awful lot of time behind the computer because you can't find something better to do with your life. You think it's really worth it? RA> I spend about 6 hours per day behind the keyboard, and about 5 days a week, with maybe the exception if there's a good movie on the television. Friday and Saturday are my "day off". TU> Seems to me that your viruswriting is more or less a job than a hobby, is that right? RA> It can't be seen as a job, because it serves no purpose at all. But I have to stand up, otherwise the United Kingdom will perish in the virus community. TU> Say, so what purpose does a politican serve? RA> Our goverment is real fucked up. Have you ever seen them? If they agree to something they shout "Yeah" and otherwise they make sounds like pigs. That's also a good description of them, pigs. TU> Agreed ;). So what is your opinion about politicans trying to forbid the creation, spreading and even collecting/possesing of computer viruses? RA> That will also include the victims of viruses, not just the underground. TU> Yeah, ok - so remove the possesing then, do you think creation of computer- viruses should be considered a crime in any way whatsoever? RA> They just make it illegal because they don't have other good defences. I think it's stupid. They can't do that, because they can't check everyones computer. TU> Here we go with the clipper-chip again :). Hmmm, but see it as a matter of principle then - not in any use (like most other laws which only works theoretically), do you find it wrong or even illegal to create viruses? RA> No I think it's perfectly legal to make viruses. What I do on MY computer is MY business, and not of the government, NSY or Alan Solomon! A law that is just theorie is also utter useless, because it can't be used then. TU> What about spreading? Then the virus is not only on your own computer. RA> If people want 'em, they got 'em. If unsuspecting victims get a virus, they probably did not take the proper defences. If they are ignorant to viruses, it's their own fucking fault, just like if you fuck without a condom you might get AIDS. TU> I fuck without condoms :). Anyway - people know how to protect themself against real-life viruses (like aids), but can you really expect everyone to use bullet-proof anti-virus programs running TSR eating memory, or people to debug/disasm a program before running them? RA> If you fuck without condoms that's your own choice. About users protecting their systems: they don't have to be ASM experts, just check the incoming (mostly illegal) programs or use an integrity checker, like the one of Wolfgang Stiller. That should keep out most of the viruses. TU> Still it's viruses that could sneak by his program, does they also deserve to get struck with a (let's say) destructive virus, slowly corrupting their data, making them lose their jobs, etc? RA> No, then IM (* Integrity Master - TU *) is a ill-designed program and should be improved. If a virus can sneak past it, it means IM (it's an example of a CRC program) is not doing it's job right. It's not the fault of the computer user then. And if he is in deep shit I don't really care, but they better choose another program then. TU> Then who is to blame for them loosing their job (or whatever)? The creator of the virus who (let's say) uploaded it to a vx-board, the sysop of the vx-board, the one who downloaded it and runned it on his harddisk, the person in question who copied a shareware-program from the computer in question (without knowing it was infected), the author of Integrity Master, the system administrator who is hired to keep the computers secure and clean? RA> HAHAHA! You won't trick me with questions like that! I am not to blame whatsoever. The sysop of the vx-bbs can't be blamed, because all his leechers know it's a virus. If the person that downloaded it runs it on his own system it's his own fault. The person that copies shareware and brings it to his work is out of line, but shouldn't lose his job for that. IM can't be blamed for the man losing his job, only for mal- functioning. The system administrator can't be blamed for the man losing his job either, but he is not able to do what he is hired for: securing the system. TU> So, you're saying that noone is to be held responsible for him losing his job and even the whole fucking corporation being ruined and that it was all by a fucking coincidende? Like fate as some girl would have put it? RA> HO! Now you make another assumtion. Now you say the whole company is ruined! That the man loses his job is a stupid decision of the staff. That also causes people not to tell about the infection and even infecting other computers to stay out of trouble. And who is responsible for Lloyds going to the edge of ceasing to excist? They had some bad coincidences, and YES, a virus could be one of them. TU> Would you feel sorry if you had written the virus in question? RA> Not at all. I really don't care what would happen. I would regret if a person in a hospital dies for some system fault, but not a company that spends money from the "Names" and can't even do that right anymore. A hospital is there to help people, most companies are there to get richer. TU> How can one regret something that one never did? :) RA> HAHAHA! My child did it, not me! :) You have some point in there. TU> Ok, how can you miss something that you never had? RA> You won't miss life after you are dead. TU> Ugh, are you religious? RA> I'm disappointed in religion. My parents married but now you see it doesn't mean shit. It's just some situation, and can be undone easily, but one of them got hurt. And that's not my father nor my mother, but me. TU> You said above that you didn't want to talk about this incident, what made you change your mind? RA> It just happened. The whole thing made me realise that marriage doesn't mean shit and that the ritual is a farce. The people that got better of it was the church and the lawyers. I used to be religious once and went to church every Sunday. Now I do not anymore, but I still believe. TU> Hmmm, on channel #virus religion is quite a well discussed topics, so why do you believe? I mean it's not that you see any proof from a good god in today's soceity? RA> Who made this world? We weren't able to do that. But we are made in his own image, that's why I create. But I don't like to discuss religion now, because then we could chat for hours and hours. TU> Ok, let's have some quick discussion about religion anyways :). Then if God was good and created us (the human beings) from his own image, wouldn't we be good then as well? Or does this mean that you think mankind is good? RA> How can you define good if there is no evil? One cannot excist without the other. "Good" will lose it's meaning if there's no "evil" to compare with it. TU> Hm, nice words, but personally, I think it's just words invented by humans to be able to communicate better. Well, if you couldn't compare bad and good then everything would probably be defined as fucking perfect even though it wasn't, eh.. Like an Utopia or so. But since we have completely slitted opinions about this, we might not discuss this kind of things before we finish this interview. We don't want to argue, now do we? :). RA> We can, but it's out of scope for the interview (it's not that anymore it's a discussion that became very very large) I think. TU> Yea. Ok, let's us then stop talking about such things as religion. About that little hospital incident above, do you believe in poetical justice? Like if you die because of your own virus making the computers on the hospital when you're being operated in useless? RA> If that happens I have nothing to worry about anymore. TU> Ok, let's say that you instead of died got a nice wheel-chair for the rest of your life! RA> Then I'd rather take my own life, I think. But don't you think you are now going too abstract??? TU> AH, sorry! I usually do :), when I get excited about something. . . . (* This wasn't ment that I got exited about Rajaat spending his life in a wheel-chair, btw.. I'm not that sick, really!!!) Hmm, ok, have you heard of any new virus writing techinques btw? RA> Er... I think not. It's now just combining techniques, I think. Maybe some people will come up with something good, but I can't think of anything new. TU> You think all virus-writing techniques for DOS already are invented? RA> No, but I just don't know what to expect anymore. TU> Ok, I better be going now, something else you wish to say but never had the oppertunity to say before? RA> No, I think I have said what I wanted to say. I just will continue here and keep NSY (* New Scotland Yard - ED *) busy for a while. TU> Any greetings you would like to send out? RA> Oh, yeah! I want to greet VLAD and P/S. I think that's all.. Oh, yeah, ofcourse Immortal Riot! (* Thanks :)) *) TU> Not any personal greetings or goto hell messages? RA> HAHAHA! Yes, go to hell, Dr. Solomon! And personal greetings to Qark and Priest, might he ever read this. TU> Hmm, okay, nice talking to you, see you around, (don't forget to send me that virus of yours), and keep up the faith! Taw-Taw :). RA> Sure, it was nice talking to you, I'll message you if I spot you again on IRC, but don't expect me to come to #virus, I better stay out of there, Hermanni also is there sometimes and maybe there are other researchers there also. TU> Yea, sometimes.. well, as I said, better be going, bye! RA> Bye!