Hello script kiddies brothers, in this article I decided to try myself as a kind of journalist, and asked a couple of questions to the administrator (creator) of the ru-sfera.org forum, as well as a part-time programmer engaged in low-level development, a person known under the nickname X -Shar.
Interview.
How did you get acquainted with malware? What was the first virus?
- Oh, that's the whole story. Malware started to get involved in school, I don't remember about 14 years old, I was probably 14, at that time there were popular malware builders, such as "Apocalypse", "Death of a Lamer", these builders can be downloaded from my website until now, although they are out of date.
So, at that time, the Internet just appeared, on dialup and once I picked up the "Death of a Lamer" virus, I wondered what it was, started googling and realized that you can create such things yourself.)
Then I started like this joking with school computers was, in short, fun. Then, when I got older, interest in malware did not pass, I became interested in antiviruses in terms of settings. I started experimenting with the settings, how the antivirus behaves when changing settings etc.
Then I started looking for like-minded people and surprisingly found forums where people talked about such topics. Subsequently, this led to the creation of the "Ru-Sphere" forum, so I will move on to the answer to the next question.
Your first programming language, and why is it?
- My first programming language was turbo-pascal, if anyone remembers that.). Because at school, and then at the institute, he was taught, we wrote programs mainly mathematical, calculating the integral, etc., in short, naked mathematics.
Does your nickname have any history?
- There is no history, just my site is called "Ru-Sphere", from here was born "X-Shar".))) Why "Ru-Sphere", I now do not remember.)
Why did you decide to make your own forum? The story of the creation of ru-sfera.org
- As written above, it was interesting for me to study antiviruses in terms of settings and how they react to malware, as it turned out at that time there were many forums on the network where people talked, there were even forums for fans of specific antiviruses.
Inhabitants of these forums, often were not even IT specialists, the people were of different professions, the main topic for communication was: these are antivirus settings, antivirus tests, keys for antiviruses. Yes, at that time it was interesting to get the keys for antiviruses myself, it was a kind of quest, you had to register somewhere through a proxy, or just install the antivirus on your virtual machine. The keys were sent to the post office and the members of the forum shared them. In the end it was fun and interesting, I was drawn into all this. Then I thought, why not create your own forum in this direction?
At that time, all forums of a similar topic were on the vBulletin 3 forum engine, but the forum engine XenForo was still not very popular, but the forum engine XenForo is promising, as I installed it and immediately "fell in love with it", then I was even more involved in site building, I began to develop in this area, later he was active on the forums dedicated to XenForo and did "experiments" on his forum, it was also quite interesting.
In general, interest in malware did not disappear even then, at the beginning of the sections / content on the forum there was not much, in my opinion there were three total sections:
In general, the "Hacker section" also developed, but mostly it was "Amateur articles", like "How to hide a virus", "How to write a cryptor".
Also uploaded software, like warriors, trojans and virus generator programs like "Apocalypses".
In general, everything was laid out, not in order that someone would harm someone, everyone was interested in discussing it.
But over time, people's interest has disappeared, in principle, with the advent of social services. networks, and later messengers, the forums are now not as crowded as before ...
Also, like, those who were in the team have matured, got a family, interests have changed.
And if we talk about me, then my interests have also changed, now I became interested in more complex things, I became interested in technologies,
how malware works inside and how you can do it yourself.)
In general, I am still interested in all this, but since historically, my field of activity is low-level development, for some hardware.
That is actually the interest now in low-level malware, namely, these are rootkits, maybe cryptors, etc.
In general, I am now studying various operating systems, including real-time operating systems, it is very interesting to do something there, at the kernel level.
Well, actually, the content from me will be mainly in this area, if malware is the study of rootkits, if development, then it is mainly "system programming" and development at the kernel level.
.NET malware, is it possible in 2021?
- As I already wrote, my field of activity is low-level development, I use C # very rarely, only to create gui.
Nevertheless, why not create malware in C #?
What prevents this, it is relatively easier to code in C # than in C ++, so stealers, loaders, bots. It is quite possible to write in C #.
Another thing is a driver for Windows, you will not write in C #, there at the kernel level C ++ did not appear so long ago.)))
Actually, therefore, and if we are talking about rootkits, there is already old C.)))
WhiteHat or BlackHat, and why?
- I consider myself to be WhiteHat, because malware for me has always been as an incentive to learn something new, in principle, even now, my main activity is not related to malware, but my interest in malware stimulates me to learn something new. As a result, it helps with work.)))
Have you written commercial malware?
- No, I didn't. Keyloggers, cryptors wrote to the public. But not for sale. It happens that I am asked to help with kodeng, who writes malware to comers, if the person is adequate and if there is time and the opportunity to help, then I do not refuse. Someone even pays for it.)
Also, it can be interesting to talk to BlackHat, you learn something new for yourself, I don’t have that, as if I’m WhiteHat and blackhat is a shame and sucks. No, it's just that everyone chooses his own path, it's not for me to condemn someone, nevertheless, I would not want to do black scheme, this is not mine for sure.)))
Where can you track your activities?
- On my site https://ru-sfera.org/
In fact, the forum is now almost like a personal blog, I decided to develop mainly the topics "System programming" and low-level development of the kernel level.
There will also be topics for studying rootkits.
I also have an account on github: https://github.com/xshar
There are contacts on the forum, but the main mail where you can contact me is: [email protected]
On this, the questions have come to an end, special thanks to X-Shar for taking the time to answer the questions.
Interview.
How did you get acquainted with malware? What was the first virus?
- Oh, that's the whole story. Malware started to get involved in school, I don't remember about 14 years old, I was probably 14, at that time there were popular malware builders, such as "Apocalypse", "Death of a Lamer", these builders can be downloaded from my website until now, although they are out of date.
So, at that time, the Internet just appeared, on dialup and once I picked up the "Death of a Lamer" virus, I wondered what it was, started googling and realized that you can create such things yourself.)
Then I started like this joking with school computers was, in short, fun. Then, when I got older, interest in malware did not pass, I became interested in antiviruses in terms of settings. I started experimenting with the settings, how the antivirus behaves when changing settings etc.
Then I started looking for like-minded people and surprisingly found forums where people talked about such topics. Subsequently, this led to the creation of the "Ru-Sphere" forum, so I will move on to the answer to the next question.
Your first programming language, and why is it?
- My first programming language was turbo-pascal, if anyone remembers that.). Because at school, and then at the institute, he was taught, we wrote programs mainly mathematical, calculating the integral, etc., in short, naked mathematics.
Does your nickname have any history?
- There is no history, just my site is called "Ru-Sphere", from here was born "X-Shar".))) Why "Ru-Sphere", I now do not remember.)
Why did you decide to make your own forum? The story of the creation of ru-sfera.org
- As written above, it was interesting for me to study antiviruses in terms of settings and how they react to malware, as it turned out at that time there were many forums on the network where people talked, there were even forums for fans of specific antiviruses.
Inhabitants of these forums, often were not even IT specialists, the people were of different professions, the main topic for communication was: these are antivirus settings, antivirus tests, keys for antiviruses. Yes, at that time it was interesting to get the keys for antiviruses myself, it was a kind of quest, you had to register somewhere through a proxy, or just install the antivirus on your virtual machine. The keys were sent to the post office and the members of the forum shared them. In the end it was fun and interesting, I was drawn into all this. Then I thought, why not create your own forum in this direction?
At that time, all forums of a similar topic were on the vBulletin 3 forum engine, but the forum engine XenForo was still not very popular, but the forum engine XenForo is promising, as I installed it and immediately "fell in love with it", then I was even more involved in site building, I began to develop in this area, later he was active on the forums dedicated to XenForo and did "experiments" on his forum, it was also quite interesting.
In general, interest in malware did not disappear even then, at the beginning of the sections / content on the forum there was not much, in my opinion there were three total sections:
- Promotions for antiviruses - All sorts of promotions for getting keys were discussed here;
- System Security - AB settings, various problems, etc. were discussed here.
- Hacker section - In the first couples, there was nothing but copy-paste, and the programs were mostly destructive, like "Apocalypse", "Death of a Lamer", etc.
In general, the "Hacker section" also developed, but mostly it was "Amateur articles", like "How to hide a virus", "How to write a cryptor".
Also uploaded software, like warriors, trojans and virus generator programs like "Apocalypses".
In general, everything was laid out, not in order that someone would harm someone, everyone was interested in discussing it.
But over time, people's interest has disappeared, in principle, with the advent of social services. networks, and later messengers, the forums are now not as crowded as before ...
Also, like, those who were in the team have matured, got a family, interests have changed.
And if we talk about me, then my interests have also changed, now I became interested in more complex things, I became interested in technologies,
how malware works inside and how you can do it yourself.)
In general, I am still interested in all this, but since historically, my field of activity is low-level development, for some hardware.
That is actually the interest now in low-level malware, namely, these are rootkits, maybe cryptors, etc.
In general, I am now studying various operating systems, including real-time operating systems, it is very interesting to do something there, at the kernel level.
Well, actually, the content from me will be mainly in this area, if malware is the study of rootkits, if development, then it is mainly "system programming" and development at the kernel level.
.NET malware, is it possible in 2021?
- As I already wrote, my field of activity is low-level development, I use C # very rarely, only to create gui.
Nevertheless, why not create malware in C #?
What prevents this, it is relatively easier to code in C # than in C ++, so stealers, loaders, bots. It is quite possible to write in C #.
Another thing is a driver for Windows, you will not write in C #, there at the kernel level C ++ did not appear so long ago.)))
Actually, therefore, and if we are talking about rootkits, there is already old C.)))
WhiteHat or BlackHat, and why?
- I consider myself to be WhiteHat, because malware for me has always been as an incentive to learn something new, in principle, even now, my main activity is not related to malware, but my interest in malware stimulates me to learn something new. As a result, it helps with work.)))
Have you written commercial malware?
- No, I didn't. Keyloggers, cryptors wrote to the public. But not for sale. It happens that I am asked to help with kodeng, who writes malware to comers, if the person is adequate and if there is time and the opportunity to help, then I do not refuse. Someone even pays for it.)
Also, it can be interesting to talk to BlackHat, you learn something new for yourself, I don’t have that, as if I’m WhiteHat and blackhat is a shame and sucks. No, it's just that everyone chooses his own path, it's not for me to condemn someone, nevertheless, I would not want to do black scheme, this is not mine for sure.)))
Where can you track your activities?
- On my site https://ru-sfera.org/
In fact, the forum is now almost like a personal blog, I decided to develop mainly the topics "System programming" and low-level development of the kernel level.
There will also be topics for studying rootkits.
I also have an account on github: https://github.com/xshar
There are contacts on the forum, but the main mail where you can contact me is: [email protected]
On this, the questions have come to an end, special thanks to X-Shar for taking the time to answer the questions.
