The Romanian Virus Writer, a National Hero ?
 
 
 

Costin Raiu, <craiu@gecad.ro>

GeCAD, Romania

 
 

 I have been waiting with great interest an article in the Romanian publication "Privirea", about romanian virus writers and hackers. I personally used to respect the quality of the articles printed by the above mentioned magazine, as they used to be fair and also correct when it came to technical aspects of the computer life.
 That's why when I got the magazine on my desk, I quickly browsed through its pages to find the respective article and read it. The article itself (called "The information reformers") is quite interesting, as it's based on an interview with one notorious Romanian virus writer, known under the nick "muRPhy". Those of you which are directly involved in anti-virus product database maintenance and updates should be familiar with the Dodgy and RP virus families, which were also reported in the wild, with RP.A even still beeing in the WildList. (http://www.virusbtn.com/wildlist/)
The respective virus writer is known as one of the authors of the above mentioned two viruses, as well as co-author for other viruses, most of them with highly destructive payloads.

 So, what is this article about ? Mainly, it describes muRPhy's first  experiences with computers, cracking and virus writing. More precisely, this guy started his computer experience while he was in the 10th degree, while he used to "work" over 6 hours each day with his computer, cracking software and playing games, 6 hours that are pictured as a huge, impressive ammount of time for the young apprentice. Nothing unusual for someone familiar with the generic mediocre virus writer profile, except that probably most of the readers of the publication where the article was printed are not familiar even with the most common computer software, not to mention something like hacking and virus writing. If 6 hours might seem quite a deal for such people, for me it is really pathetic, as some of my friends used to do real work during the same time (not cracking or play-ing) over 10 hours per day, and even more. Not to mention that a good antivirus researcher works an average of over 90 hours per week, or even more than 110 or 120 hours per week. (and I'm sure many of you can confirm that)

 The next problem is that our hardworking guy discovered assembler code, and as the article proudly reports, this self-teaching guy with quite a high IQ wrote the "RP.A" boot virus. Nothing special, just that the virus contained a payload which triggered on 17th December, wiping the Master Boot Record of the computer with trash, rendering the system unbootable. Very happy with their 'cool' creation, muRPpy and his friend, which we know under the nickname of 'RP', heard some time after the wrote the RP.A virus that AV companies managed to sell many programs and make good money because of their creation, and this made them really mad. They quickly wrote
a better, more advanced boot virus, which targetted the users of my antivirus program, RAV. At this point, I should say the original article is really fun to read, as it contains a nice definition for what we call computer virus: 'a very small, well optimized program, which executes very fast, and either hangs up the computer, or deletes all the data from it'. No comment needed for this 'definition'.

 Oh well, our 'friend' has even more to say to the reader - "since 1996, when I wrote the virus (which for those curious, is the Dodgy virus) I lost my interst for virus writing, as I can anytime 'invent' an undetectable virus". I can of course only welcome the fact he stopped writing viruses, but on the other side, I regard the claim of 'inventing undetectable viruses' as puerile and stupid. No one can claim to be able to detect any possible virus before it is actually written, but after we, the antivirus people get our hands on the new virus, almost nothing can stop us from adding detection and disinfection to our programs.

"Master Qui-Gon, more to say, have you?" says a character from a recently released movie. Oh, yes, and our young virus writer has even more to say in the article. He describes how he and his friend used to visit company stands at computer fairs, and infect their PCs with their viruses. "It was pretty funny" says muRPhy in the article... They also used to come days later, and check the infected computers. Most of them were not working anymore, and sometime the victim company had to close the stand because their computers were not working, and failed to boot because of the virus previously implanted there by the two virus writers. Oh well, and that not beeing enough, I was myself visited by muRPhy, pretending to have a problem with his unbootable computer, and trying to make me suggest solutions for what seemed to be a CIH-damaged FLASH-BIOS. And this mainly to 'test' my skills, and see how smart am I, and if I manage to guess what his problem was. Because, besides having a such high IQ, as the article states, muRPhy seems to have wiped out his own home computer with the CIH virus on 26 of April.

 One might wonder what is muRPhy now doing for a living ? Easy - cracking software for money. He 'explains' for the reader: "I was never interested in hacking. It is far much expensive, and doesn't require to much intelligence" - my comment would be that it might not take too much of your intelligence if you don't have any. About the other aspect, cracking software for money, I'm really amazed how stupid people can be - would anyone really pay such a guy to crack a computer program in order to remove a time-lock protection ?
Oh yes, it seems so, because the two reformed virus writers seem to make 'good money' from this business. And as supreme conclusions, a quote from one of their friends removes any doubt someone could have about such a honest, and benevolent activity like cracking: "after you become a grown-up, you can even make a vocation out of this hobby"... So, this is my country, where someone can even get a living from cracking, hacking and virus writing.

 Oh well, no more words needed. Or, tons of words left to say. Like for example, that despite the fact I know the real names of both muRPhy and his pal, RP, and having met them both face to face not one time, but many times, me or my company, or even the unlucky
users who had their disks trashed by their viruses (and there are hundreds of such cases, if not thousands) can do nothing about it. I personally regard this problem as a global one for my country, and for other Eastern countries. Because there is no one in the government skilled enough to understand the problem of computer fraud, (Yes, that's right, and I can argue that with anyone trying to say 'not quite true, we actually have trained people, etc...') and no one in the law enforcement is able to use the law to convict people like muRPhy and RP, such cases remain the problem only for the antivirus developer, which has to fight their creations and of course, to gain evidence for a better time, when sending the two of them to jail for the evil they've done to the world computer user community will be a not only possible, but really a doable and mandatory thing.
 

Costin Raiu, May 1999