--------------------------------------------------------------------------------
          INTERVIEW WITH MASUD KHAFIR / TRIDENT / THE NETHERLANDS
--------------------------------------------------------------------------------

Give me a short description of who you are!

- I am Masud Khafir, virus writer.
 Age: twenty-something.
 Country: The Netherlands
 That's about all that I want to reveal about my identity.

From where did you get your handle, Masud Khafir?

- 'Masud' is a common name in the middle east. I chose that name in the
 spring of 1991, when the kurdish rebellion in iraq was active. Their
 leader was Masud Barzani. There are more rebel leaders with that name:
 Masud Rajavi, leader of the Iranian Mujahedin e Khalq and Ahmad Shah
 Masud, one of the Afghan rebel leaders. 'Khafir' is a word I once
 found in the dictionary. It's arab and is a rude word for non-muslims.
 In the south-african language it's 'kaffir' and means 'nigger'. In
 Holland it is 'kaffer' and is used for calling someone an idiot. I
 found it a funny word, because of its strange history.

When did you discovered the world of computers?

- A long time ago. My first computer was a C-64. That was about 10
 years ago. But I have even programmed before that time.

How long have you been active in the scene?

- Like I said, I started in the spring of 1991. That's allmost 3
 years now.

How did you came into the virus business?

- It started when I got a virus from a friend. I dissasembled that
 virus and after that I was wondering if I could write one myself.
 In the same time I started reading the virus areas on fidonet and
 there I read about Todor Todorov's Virus eXchange BBS. I was very
 curious about that and so I called it a few times. That's how I got
 into the scene.

Positive/negative aspects of the scene?

- I think that the attitude towards the AV community is sometimes a bit
 too hostile. I see it more like a chessgame, they are our opponents,
 but we don't have to be enemies. Many of them are just nice people.
 But of course the same is true for the other side. Some of them just
 hate us. What I also don't like is the negative image of the scene,
 that adolescent rebellious attitude and creating an image of oneself
 as evil and dangerous. But that's just my personal opinion. This
 also means that I don't like destructive viruses.

Have you been involved in any other group than Trident?

- No.

Who started/created Trident?

- It was started by John Tardy.

What's the groups goal?

- I think the main goal is to keep in touch with each other. There's not
 a big cooperation on writing viruses. Everybody does its own things.

How many people are you?

- About between 5 and 10.

Do all of them program, if not, what's the others job?

- It's mainly a programmers group. But there are some non-writers
 affiliated with the group.

How is Trident (currently) organzied?

- There is no real organisation. It's mainly a group of friends.

Have you got any contacts with other virus-groups/programmers?

- Some of us have contacts with others. At this moment we can have
 access to Nuke-net.

Can anyone ask for membership, or are you a "private" group?

- I guess we are more or less a private group. There have been new
 members in the past. In that case we just all agreed. At this moment
 we don't feel to expand.

You've programmed aloth of polymorphic things, and one of them is the
Trident Polymorphic Engine, what comments have you recieved about it?

- Well, various. I have not had that many personal responses, as I am
 not too easy to reach. But it has got quite some attention in the
 virus/antivirus world. It's also one of the things that made the
 name Trident known in the scene.

Will you continue to "upgrade" it, or is it a finished project?

- TPE is now finished. The first versions all had some bugs. I thought
 that version 1.3 would be the last one, but that one still had a small
 bug. Version 1.4 seems to be okay, as far as I know now. Besides, I
 don't think I would want to put out a new version again, anymore.

How many strains/mutations can it produce?

- I have no idea. Enough, I think. The most important thing is that the
 decryptors can not be found with wildcard scanstrings. That's the main
 idea behind polymorphism. In version 1.4 I also enhanced the way in
 which it encrypts, because this was a weak point.

Even thought polymorphic engine's are a great thing, not many people
seems to use them? You have any theorie why they don't?

- I think most people just want to make their own things, rather than
 use someone else's products. And maybe because antivirus writers have
 been quite succesful in finding ways to detect them.

Which is the best polymorphic engine around today?

- It's hard to say. I've seen several of them but I haven't done a real
 close study on any of them. Each of them has its strong and weak
 points, I think. Of course there are not only the engines, but also
 a lot of other polymorphic viruses, like V2P*, Maltese Amoeba,
 Uruguay, etc. TPE started this way too. Some of these viruses are
 just as advanced as the engines. But none of those engines and viruses
 is perfect. For every one of them the AV people have found a solution.

Have you ever thought of/are you currently releasing some sort of
electronic magazine (text/executable/hard-copy)

- Yes, we have been thinking about that. But we didn't have enough good
 ideas (and are too lazy) to write enough articles. We rather write
 code than text. We couldn't even agree on the title...

Are you into other things such as hacking and phreaking aswell, or
just viruses?

- I once was interrested in things like hacking etc. But I'm not
 involved in that scene now.

Can you name a few viruses/engines you in person have written?

- The most known are: Gotcha, 7th son, Little Brother, Pogue,
 CoffeeShop, WinVir, TPE, Cruncher, PlayGame, etc..

Which one was the hardest to write?

- Probably the first one: Gotcha. WinVir and Cruncher were quite
 hard too.

Do you have any sort of company or law-enforcement who are trying
to hunt Trident down?

- Perhaps. This could be possible. Anyway, we keep cautious, because
 you never know...

If so, are they a real threat or just "childish"?

- There is a new law against various computer crimes since 1 march 1993.
 Writing a virus is not illegal. Distributing viruses in any way can be
 illegal. The law is not very clear about this. If we as writers
 exchange viruses amongst each others, that could perhaps be
 interpreted as something illegal. Last year another guy in Holland
 was arrested for hacking, and although he hasn't been convicted for
 anything yet, the law enforcement has been quite tough on him. So
 they certainly can make  your life hard if they want to.

Have you ever had any trouble in the group with the result of
kicked members?

- No.

How good are Trident comparing to other groups?

- Well, I leave that to others to decide.

Do you have any couriers that spread your products around?

- We don't spread our viruses in the wild. But we do exchange them
 with other people in the virus scene.

What do you think about the laws against h/p/v that has arrived
lately?

- They were inevitable. I don't know much about the laws in other
 countries, but I think here they are too tough. The penalties are
 too high. OK, these things we do might be naughty, but they not
 crimes.

What do you think about various news-papers thinking us as nerds?

- They have used the same cliche's before for computer freaks in
 general. I don't know, maybe it is true for some. At least I think
 most of us are young, male, IQ>100, interested in technical stuff,
 etc. But that doesn't mean that we're nerds. The people that I know
 aren't.

Has the scene in any way influented on your real life?

- No, not really.

Would you feel guilty if one of your viruses made damage to a
hospital?

- Yes, I would. For that reason I don't write viruses that destroy data.
 I usualy don't spread them in the wild at all. I only did that once,
 when I was in a bad mood. I don't wanna cause other people trouble.
 For me creating them is the most important thing. But of course I
 also like it if they get some worldwide attention. That's human
 nature, I guess. That's why I don't mind if AV people get them.
 But I don't see a problem in giving them to VX people either,
 because my experience is that viruses in the VX scene very rarely
 leak out in the wild.

Do you see any differences between the scene now and a couple of
years ago (concerning the underground part ofcause)?

- The scene is growing and there are more contacts between each other.
 A few years ago it was much harder to get in contact with other virus
 writers.

Which virus-magazine do you think is the best avalible now-a-days?

- I think my favorite is 40hex.

Which virus-group/programmer do you admire/like?

- Of course Dark Avenger was one of the best, maybe the best. He often
 introduced new techniques. I also people like Dark Angel from P/S.
 But to be honest, I don't often take a deep look at other viruses
 anymore these days.

Which country is the best virus-writing today (Before it was
Bulgaria, maybe changed)?

- I haven't heard anything from Bulgaria for a long time. Sometimes I
 have some nostalgia for the times when Bulgaria was the virus centre
 of the world. :-) Today it's probably the USA, because they're the
 biggest country in the west. I think it's strange we don't hear that
 much about Russia.

What do you think about these virus generators, such as VCL and PS-MPC?

- They are funny things. I like them for what they can do, for the
 technical side of it.

What do you think about the people using them?

- It's nice to experiment a bit with them, but creating a virus this
 way is defenitly not something to be proud of.

What do you think about people bragging over (almost) nothing and
ragging with other groups aswell?

- I think they're giving the virus scene a bad name.

What do you think about such individes as board-crashers?

- I don't know any of them, but I think it's rather lame.

Describe the perfect virus :

- One that is totally bug-free. One that is 100% compatible with all
 programs and doesn't for example crash the computer is you start
 Windows.

Describe the perfect viruscoder :

- One that invents new techniques. One that can defeat the anti-virus
 programs.

Describe the AV-community with a few lines :

- We need them. I think every virus writer uses AV programs.
 It is nice when a virus can be smarter than the current AV software,
 but it would be scary if they wouldn't be able to find a solution for
 it. But it's a shame that some AV people hate us.

Which AV-program do think is the best, and why?

- I like TBscan a lot, mainly for its heuristic features. And it's
 fast. F-prot is best in identifying viruses and it's very user
 friendly. I also like AVP from russia. Sometimes it's a bit slow,
 but it is very powerful. It also has a very nice info section.

What do you think about the underground's future?

- I think it will continue to grow, but perhaps it will get less
 exciting. Viruses are not as special and mysterious anymore as
 they were before.

Do you know/heard of any new technics coming in the near future?

- No, I wish I knew...

Any advice to people who want's to learn the basic of virus-writing?

- Take a good look at other viruses and sources. Try to understand
 their weak and their strong points. Test your stuff before you give
 it away, because it's a shame to have dozens of bug-fix updates for
 the same virus. Do it for the fun of it, and not to cause other
 people trouble. And try to be original.

You are viewing proxied material from gopher.altexxanet.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.