Virus group 29A disbanded - who’s next?

Couple of weeks back, 29A officially shut down business. 29A’s published work was one of the best (IMHO) sources for cutting edge virus technologies. Their e-zines provided a sampling of what was happening in the Virus underground during that period.

This was the last message posted by VirusBuster in their site:

I tried to contact ValleZ for some time in order to take a decision together about the future of 29A with no luck therefore I decided to take the decision alone. And my decision is that 29A goes officially retired. I feel this is fair because I am kinda the alpha and the omega of the group. 29A was born in Dark Node, my BBS, and I am the last active member of the group. My last words as 29A member are for all the people that worked hard to make of this group the best one: Thank you very much! Regards, VirusBuster/29A

29A has left the building!

Kind of sad.

I came to know of 29A when I was in my 2nd year UG, around 1997. 29A was a new group then (If I am right, the group formed only in the mid of 1996). BTW, if you are wondering why they named it so, 29A is the hex representation of 666 decimal.

One of my (crazy, if you ask my wife now!) hobbies back then was collecting DOS/Windows virii source code. I was more interested in the source than the binary. I had close to 23K source files when I decided to move on to other things. There were umpteen number of sites even back then which listed for download many viruses, but most of them were distributed as either EXE or COM files. I used to take them, decompile/disassemble them using SOURCER or debug.exe (I had to use this only for a few files; Sourcer did a good job for the others.) and add to my virus database. I remember checking out a DB tool (VirSort or VirusBuster??) for sometime, but resorted to maintaining them myself (that is, keeping them scattered through out my 4GB HDD ).

Apart from these, lots of VX tutors were there too. I remember some of the tutorials that were considered state-of-the-art (!?) then:

• Advanced Polymorphism Primer by DarkAngel
• Calling the Windows API in Assembly Language by Qark
• MCB Stealth by Darkman

Particularly, I used to devour anything by Dark Angel, Lord Julus & VLAD. How can I ever forget Lord Julus’s "Ring 0 Residency under Windows 95/98" article?? Classic!!

When 29A started releasing their e-zines, it quickly became one of my favorites. I loved all their articles, especially by MrSandman, Benny, VirusBuster, Jacky Qwerty, Vecna & Rajaat - they were my favorites. Issue #4 was, IMO, pure gold!!

Later, when I came out of the college, I lost touch with the VX scene. Register.co.uk & F-Secure’s blog were the only VX news source for me. Though 29A published lots of new things, the following are considered notable accomplishments (?!):

• Cabir, which infected Symbian mobile phones
• Duts, the first ever Pocket PC virus
• Haiku, which generated Japanese-style poetry
• Stream, which was the first virus to take advantage of NTFS Alternate Data Streams
• Lindose, which infected both Windows and Linux computers
• Donut a .NET aware Windows file infector

I have given some links to the interviews (public/through email) of some 29A members below: I will be updating this with more as I find them in the net.

Benny/29A

• Interview with Marek “Benny” Strihavka.

Antivirus companies frequently say that no virus writer should ever have a job in security. What are your views of this opinion?

That is funny. Why? Just because a lot of skilled virus writers already have jobs in the antivirus industry. I don’t want to cause any problems to my friends, so I won’t give concrete examples. But believe me, this is just marketing theater for customers–the truth is a bit different. In any event, who else should code antivirus programs? Who else has the experience and technical skills for fighting viruses? Some antivirus firms say that I have no moral right to do it, but…almost all ex-members and current members of 29A are employed in the antivirus and information technology security industry.

• Another interview with Benny

Ratter/29A

• His articles from InformIT
  • Details Emerge on the First Windows Mobile Virus (Part 1 of 3)
  • Details Emerge on the First Windows Mobile Virus (Part 2 of 3)
  • Details Emerge on the First Windows Mobile Virus (Part 3 of 3)

Look in VDAT or other e-zines for more interviews. Some other random links:

• Some more recent interviews with 29A members. (In Portugese. With MrSandman and GriYo)
• Interview with Jacky Qwerty
• Interview with MrSandMan (Asterix e-zine)
• Trouble for 29A group. Related article here.

Do let me know of any other links related to 29A/members in the comments section. TIA.