%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% CodeBreakers Vx Zine #5 Introduction By Opic %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% "The world can be brought forward only by those who oppose it." -Goethe Well here we are, finally. This has probably been the most eventful period of time that Vx history has ever seen. Much has changed, shifted, fallen into place, and blown up in our faces. There is so much I'd like to say about all that has gone on, but I barely know where to start, and even if I did it may not be in the CodeBreakers, nor my own best interests to make any public statements about it, so I'll attempt to keep it brief and factual. What's been happening inside the CodeBreakers since our last release of CBVx-Zine #4? I'll try to map it out chronologically for you (to the best of my abilities anyways, it's all becoming a blur these days): -CodeBreakers release a new platform virus: Winscript viruses. As always the AV community releases alot of disinformation about its spreading capabilities. (source found in this issue). -WinNT.Remote Explorer (the first NT native resident virus -binary found in this issue) is released specifically on the MCI network...allegedly an "inside job" making it available only to the AV community..until now ;) -Opic dumps his now ex-girlfriend for good (finally). "Welcome to Dumpsville, baby. Population: you." Good ridence to old rubbish. -CodeBreakers releases the second java native virus (Beanhive- source found in this issue) which the AV also releases alot of disinformation about. -A macro virus revolution occurs a'la VicodinES "class infection" released in CbVx #4. Class.d infects the house of representatives and many other organizations/governments. -CodeBreakers releases W97M/Caligula (steals PGP keys and uploads them to CodeBreakers.org -source found in this issue). The virus created alot of media attention to the advent of "internet-aware" and "espionage enabled" viruses. A CERT report is released on Caligula as well as countless newspaper/television/radio reports. -Fred Cohen of ALL.net (sandia labs) preforms himself and recommends that the readers of RISKS security digest preform "Denial Of Service Attacks" on CodeBreakers.org in retaliation for Caligula. -CodeBreakers.org is taken offline due to constant DoS attacks. -Fred Cohen suggest to Internet News and other media that I and other CodeBreakers members be prosecuted with international cooperation for "control of access devices". (That's right: "treat the *symptom* not the problem") - [Insert other fuct up shit that happened to CB here] -CodeBreakers.org goes back online on a much more "secure" server. -The W2KM/Melissa virus is found ITW and spreads like mad across the entire globe in less then 24 hours. -Mass panic is induced by the media. Through the use of "GUID" #'s contained in the infected document it is suggested that Alt-F11 and/or VicondinES had somthing to do with the writing and/or releasing of the virus. -The FBI and other government organizations, not wanting to look incompentent; begin a intensive manhunt for the author. -Due to the suggestion that VicondinES may be involved, and given his past membership to the CodeBreakers (as well as the CodeBreakers association with AVM); the FBI (allegedly) seizes the computer used to host CodeBreakers.org. -The FBI also seizes the computer used to host SOK.com, rendering perhaps 90% of the Vx websites dead. -AOL locates the telephone number from which the virus was posted and hands their logfiles over to the FBI (the virus was apparently posted from a hacked AOL account). -A screenshot of the CodeBreakers.org website is rumored to have been seen by Opic's ex-girlfriend on CNN further proof of what a "creep" I am. The CodeBreakers affiliations land us in many major magazines and newspapers. What we once thought would be a dream come true was quickly becoming a nightmare. -David L. Smith is arrest at his brothers home in New Jersey allegedly for the release of the Melissa virus. He is currently facing up to 40 years in prison and roughly 1/2 of a million dollars in fines (not to mention the civil suits which will undoubtedly be brought against him after his trial). -The FBI makes a statement that the David L. Smith is NOT VicodinES. -There are rumors and considerations about the retirement of CodeBreakers and of my own vx "career". Things had avalanched so quickly, no one was quite sure what to do about it (including the authorities). -The CIH virus (whose source was originally released in CBVX#4) strikes in april rendering hundreds of thousands of computers useless (by overwriting FLASH BIOS). -Many public and private investigators take an interest in finding out the true identities of many of the CodeBreakers members. -The CIH author is caught by autorities in Tiawan. So..........After much internal dialogue the CodeBreakers determined the best course of action is to continue doing what we have always done: Find new, inovative, and interesting viral techniques. We realised that there was a very good reason why we were still around: we simply hadn't broken any laws. So though our brushes with the abyss had come close, and many of our affiliates had been implicated, we see no reason to quit now. Besides; things are just starting to get good ;-) As for the future of the CodeBreakers.org website, it seems as though we will soon be back online (or may already be by the time of this publications release. In the mean time, we sit and wait for the dust to settle....only so that it might be stirred up yet again. Anyways I digress..In this issue you'll find many of the viruses I have been talking about, our final DOS virus tutorial (windows compatible BS/MBR infection), a few windows 95/32/NT goodies incuding a win32 asm tutorial, alot of WM/VBA code, some nice little utilities, a large article concerning anonymity on the internet plus much, much more. But enuf rambling of this and that, on with the zine..... -Opic [CodeBreakers] opic@redneck.efga.org