                              In the News

                           Brought to you by
                              Horny Toad


     This is the fourth edition of the Codebreaker's "In the News".  I
think it is important for us to know what is going on around the world,
and how other people perceive us.  This edition of the news is going to
be peppered with a few hacking articles.  Although the Codebreakers have
shifted focus away from hacking, I still think that some of them are
still pertainent and are interesting to read.



Hey Bach, look at this!
------------------------

Mid July 98, Symantec released stunning reports of a 33 percent increase
in the number of Macintosh viruses.  The increase was seen mostly in the
past few few weeks.  Symantec has no explaination for the unprecedented
rise in Mac infectors.  But we sure do. Our own Codebreakers member Bach
has been leading the way in new Macintosh infection techniques.  I was
recently at a security update conference.  When the speaker came to the
virus portion of the presentation, he announced that someone had written
the first Macintosh polymorphic virus.  I almost died.  In my mind, I
was laughing my ass off, that "someone" is a member of the Codebreakers!
Bach is without question the leading Mac virus writer.  If you have any
doubts, just look at his tuts.  They are the best in the business.
According to Symantec, they have been finding many of the recent Mac
viruses through its Seeker technology, a web spider designed to scour
the net and gather files for analysis.  Recently, Symantec created
antidotes for two variants of the AutoStart Worm.  Anyway, screw
Symantec.  Keep up the good work Bach!



BIOS virus - Win95/CIH
-----------------------
Brought to you by the Codebreakers - the original source to the Win95 CIH virus.  This virus set a panic through many of the AV companies.  The technology is here folks.  This virus will go down as one of the greats.  The virus spreads through windows and has the ability to overwrite a portion of the BIOS on many flash ROM chips.  Many computers, especially in the United States, will not be affected by the BIOS infection portion of the virus, but those that are will experience some really frustrating shit. Enough talk....look at the code and learn.



First Female Hacker Convicted!
------------------------------

Yes, women can do it too.  In June, the first woman convicted of computer
hacking in the United States was sentenced to five months in jail and five
months house arrest plus a $35,000 fine for breaking into a US Coast Guard
computer.  Although the hack was pretty lame, stealing some passwords and
accessing the Coast Guard database from her home computer, this is the
first instance of a woman being convicted of hacking. In the past, several
women have be charged with hacking, but never convicted.  I personally
like to meet a few women in our business.  I would love to have a
girlfriend who was really into it, but most of the time, I find that girls
are disinterested.  Oh well, no centerfolds in the Codebreakers virus mag
yet.  Actually, that's a good idea.  Any girls you know who would like to
pose for the Codebreakers mag #5 centerfold?



The Worm Man
-------------

I don't know if any of you remember (you should) 10 years ago, Robert
Morris unleashed the Internet Worm.  The Worm infected and screwed over
6,000 computers including sensitive hardware owned by NASA and the
Department of Defense.  Robert Tappan Morris was a 24 year old Cornell
student and a programming genius.  He claimed that an error in his
program caused the Worm to go berserk jumping all over networks frying
computers and stealing passwords.  That was one hell of an error.  I
wish that I could have an error in my programming that would cause that
type of panic.  All errors do for me is produce un-compilable code.
In 1990, Morris was convicted of computer fraud and fined $10,000.  He
also received three years probation and had to perform 400 boring hours
of community service.  Morris' name popped up the other day when Yahoo
bought the company Viaweb, a company which was cofounded by Morris.
Morris is now finishing up his PhD in computer science at Harvard.  If
anyone can get a hold of him, I want to interview him.  Actually, since
he will most likely be reading the best virus mag in the world...I might
as well just ask him right here, "Morris, dude, I want to interview you
for the next Codebreaker mag.  We need to discuss exploiting errors in
programming - hehe."
Actually what is really interesting is seeing all of the underground
guys moving onto some incredible jobs.  Morris being one of them. Take
David LaMacchia, accused of computer piracy for doing warez stuff on
local BBS's about 4 years ago. He is now a big hot shot for Oracle.
Kevin Poulson, a crazy bastard, and Randal Schwartz are both respected
columnists.  Two elite hackers, but well respected computer geniuses.
Poulsen became a fugitive and a hacker legend after he gained access to
sensitive FBI investigations in the mid 1980's.  Poulsen, the "Dark
Dante" was eventually caught and sent to prison for five years.
I wonder what great things Mitnick will do when he gets out?  Gates,
watch out.  Boy, can you just imagine how cool Microsoft would be if
Kevin was running it!



Trojan on the loose
--------------------

No, I am not talking about some animated condom.  Solomon has released
a report that they have found a new trojan horse which specifically
targets Windows 95 and NT dial-up networking users.  The trojan steals
ISP passwords and emails them to the author.  This is the first trojan
that has been specifically designed to target Windows95/NT.  By stealing
the password and user identity, the trojan author has unlimited access
network and ISP accounts.  In several cases, the users have been locked
out of their accounts while the infamous trojan author has hacked away
in their names.  Many of the AV companies are spending thousands to
prevent such net attacks as malicious Java and ActiveX viruses.  This
trojan exploits the flaw that Windows 95/NT saves the password linked
with a given user ID in the Windows sub-directory so that it can be
automatically supplied when the users logged on.  The trojan searches
the user's phonebook for a list of phone numbers and the latest user
ID for each entry.  It then emails the results back to the author. The
results are of course encrypted, but decryption programs can be found
everywhere to retrieve the passwork. I personally can't stand Solomon's
shit.  It is way too sensitive and gives numerous false findings.
Another reason is that they are so damned full of themselves, it makes
me sick.



World Cup Fever
----------------

France should have lost.  I got sick watching the World Cup this year,
it sucked.  Hundreds of other people besides me were pretty pissed
when the W97M/WorldCup98 macro virus fucked their computers.  Panda
Sortware released info about the World Cup virus designed to screw
computers on July 12, the date the World Cup games ended.  The Madrid
based antivirus firm described that the World Cup virus contains two
macros, WorldCup98 and Pronostic.  Panda said that 40% of the time the
virus adds a message to a user's autoexec.bat along with two lines
containing the format command. In 27% of the cases where the virus is
found, it affects the C:\DOS, C:\WINDOWS\COMMAND directories and the
IO.SYS and MSDOS.SYS files in the C:\ directory.  In the remaining
33% of the cases, the current text in use is modified and printed.
If Word is opened on July 12 or if the seconds of the internal clock
are at 12, the WorldCup98 macro will initiate one of two commands.
Half of the time, a dialog box appears containing the names of the
nine teams competing in the soccer championships.  The user will then
be prompted to type in his or her favorite team.  If the choice
coincides with the one the virus likes, a congratulation screen pops
up.  Otherwise, a message appears expressing sympathy.  The virus
executes regardless of the answer and whether or not a response is
given.  Don't ya love them macro viruses?




Russia on the attack
---------------------

On 22 July 98, servers of the Meganet Corporation were subjected to two
massive attacks originating from a URL belonging to the Russian Academy
of Sciences in Moscow.  The attacks came from "lab1313.chph.ras.ru".
Meganet Corporation is responsible for authoring the Virtual Matrix
Encryption (VME) system.  VME is currently the most advanced encryption
system on the market, offering a 1 million bit symetric key.  The two
attacks, comprising of tens of thousands of hits, failed due to the fact
that Meganet does not keep their source code on the servers.  VME was
born from the call for a more advanced system after the DES algorithm
was recently compromised.  By the way, Meganet is offering a $1.2
million prize if you can break their code.  Good luck.  VME is the only
algorithm that does not encrypt the data nor transfers it.  By comparing
the data to a random built-in virtual matrix, a system of pointers is
created, which are meaningless outside the context of the matrix they
belong to, and then are repeatedly encrypted in a plethora of
algorithms.  Piece of cake, right?  I'll bet Sea4 has already started
on a system 10 times more advanced.  Meganet is playing off the recent
two attacks saying that even if the algorithms were compromised, the
set of pointers would be completely unrelated to the original data.
Check out Meganet at www.meganet.com.




Time to hit Japan
------------------

According to current figures, computer viruses are on the fall in Japan.
For the second month in a row, the amount of infections are dropping
every month.  Actually, there has been a 42 percent decline since last
year. There are an average of 200 reported virus infections a month
in Japan, with honors going to the macro virus.  Reports do show that
a new virus has emerged in Japan, AutoStart9805, a Macintosh infector.
AutoStart9805 forces users to restart the computer or damages files by
infecting the extensions folder of the Macintosh.  Many new Excel and
Word viruses have been found recently too.  I have no idea why figures
are showing such a decline in Japan these days.  I do think that they
are feeling left out.  Therefore, in your distribution schemes, try and
remember to funnel some of you infectors to the land of the rising sun.



Sara finding many Viruses
--------------------------

No, I am not talking about the Gordon bitch.  (S)ymantec (A)ntiVirus
(R)esearch (A)utomation, or Sara for short, is a three year old computer
used by Symantec to weed out many of the basic viruses that the company
receives from people every day. It takes virus experts at Symantec an
average of three days to come up with an antidote to newly found virus
strains.  Sara takes over 100 infected files a week sent in by customers
and sorts through them testing to ensure that the files are in fact
infected.  Then Sara tests the viruses against its 15,000+ database of
common viruses.  Any new and complex viruses are then channeled though
to the engineers for study.  Antidotes to new virus strains are then
uploaded to the Symantec Web site weekly so that its customers can get
updates.  Symantec states that only 10 to 15 percent of the files that
are sent in to the company are in fact legitimate infections.  Sara has
the ability to write antidotes to the more common viruses.  The more
advanced ones are sent to the engineers to be attacked. Sara is run
on a Pentium processor under Linux.  Let's try to find some way to make
Sara (the computer and Gordon) choke on one of our creations.  




