WarGame’s Blog

I have just finished to write an infector for the virtual disks of VirtualBox. Check it and my article.

I have just seen this exploit on milw0rm.
This trick can be used to run code in ring0 mode …

I have just finished to code my ettercap dissector to log myspace.com sessions. Check misc section

From Peter Ferrie:

It’s when a VX group folds, and it has happened again. Twice, even. The day before the “much anticipated” EOF-DoomRiderz-rRlf group zine was released, rRlf announced that they were disbanding. This is something that we could have guessed anyway, based on the comment in Latin that was posted on their website a few days prior. While I didn’t get a good translation for it, I understood it to mean something along the lines of “I must think about things”.

These days, VX groups are little more than a distraction from our real work. Customers, for the most part, don’t care if - or even that - they exist. With the more strict laws that have come into effect in several countries recently, the binaries have generally disappeared from the sites, leaving nothing for people to submit to us. Of course, there have been occasions when new techniques, developed by the authors within those groups, have been used outside. Consider exceptions as an anti-debugging method, and file mapping for fast infection. Pop quiz: can you name the first virus that used both of those techniques, and when it was written? Answer below.

So rRlf is gone, that was one group. The other? On the day of the zine’s release (which was, incidentally, about the level that we expected from those who remain), DoomRiderz announced that they were disbanding, too. Technically speaking, it was WarGame, as the only remaining member, who made the announcement. However, he is not quitting, he’s just moving back to EOF.

In effect, that leaves EOF as the only “active” group, along with a couple of freelancers like herm1t. With luck, they will run out of ideas to surprise us, and they will quit, too.

The answer to the quiz? Come on, it’s a quiz. This whole entry fits on one screen, it would be even easier than looking in the back of the book. No answers for you.

- Peter Ferrie

After an hard work the zine is ready and released ! Download it or check the online version hosted by gedzac!

Before release of our collaborative zine, RRLF group issued an own one, containing the best of what they did all over the years of their existence. Sadly, today is the last day when we see the group alive. Goodbye, RRLF! We will miss you.

RRLF best zine

This live CD can be very useful, check it here.
It makes me think about using a live cd as an infection vector …

There is only one week left until EOF/DR/RRLF joint zine release! Deadline for submissions is July 26 and release is scheduled on July 27. If you want to contribute, please do it until next week’s end, thanks.

EOF - DooMRiderZ - rRlf joint zine release is very near. Deadline will be announced soon!

I have been playing with master boot record on my virtualized Windows XP SP0 for an article that I will publish in the joint zine. The strange thing is that AntiVir did not detect the altered boot sector.

Here a screenshot