[109626] in Cypherpunks
ZD FINGERS Melissa Creator (sorry to post more) Bull shit about this virus
daemon@ATHENA.MIT.EDU (Jon Doe)
Wed Mar 31 03:21:52 1999
From: "Jon Doe" <Some@some.com>
To: <cypherpunks@toad.com>
Date: Wed, 31 Mar 1999 01:35:25 -0600
Reply-To: "Jon Doe" <Some@some.com>
This is a multi-part message in MIME format.
------=_NextPart_000_0035_01BE7B16.C021F360
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
the views described below r copyrighted by zdtv and r not my views nor =
do i take ne credit for the this is so i dont get in trouble by zdtv =
heres there story of who they thank did it and y they think so
Is 'VicodinES' the Author of Melissa?
Don't just jump to conclusions. Read our case for 'VicodinES' =
being Melissa's creator before deciding.
By Jim Louderback =20
I've been exploring virus files and websites for the last few =
days, and I've uncovered a number of interesting facts that strongly =
indicate that VicodinES wrote the Melissa Virus. Here's the case, so =
far, in favor of VicodinES -- but, remember, the case isn't closed yet.=20
The most damning evidence comes from the GUID contained in the =
List.Doc file that forms the heart of Melissa. List.Doc contains the =
virus code that generates all those e-mail messages. The GUID is a code =
that uniquely identifies the PC that created that document. The GUID is =
generated when the file is created, but is not updated even if that file =
is renamed and stored on a separate computer.=20
Tune in tomorrow for the case against VicodinES =20
A virus-infected Word 2000 file, PSD2000.doc, found on VicodinES' =
site also contains that same GUID. Although the other files on =
Vicondin's website contain different GUID's, the fact that even one file =
has a GUID that matches makes VicodinES a prime suspect.=20
PSD2000.doc is also the first Word 2000 macro virus we've seen. =
Since Word 2000 (a part of Office 2000) has yet to ship, these viruses =
are relatively rare. In fact, on VicodinES' site, he congratulates =
himself for developing the very first Word 2000 macro. Melissa is both a =
Word 97 and Word 2000 macro, and both contain the same GUID, which means =
both were built on the same workstation, or both were based on the same =
original document.=20
What's your opinion? Post your Talkback at the bottom of =
this page =20
Why did Melissa include support for an application that hasn't =
shipped yet, and requires additional coding to support? Perhaps because =
the author wanted to trumpet his Word 2000 expertise to other virus =
writers. And that behavior is entirely consistent with remarks made by =
VicodinES on his website.=20
VicodinES obviously craves attention. His website includes faked =
press releases touting his supposedly superior expertise in writing =
macro viruses, and calling a previous effort a "stunning achievement." =
And at the end of the page, he says in his own words "feel the chill in =
the air? yea? that's me...." And on another part of the site, he states =
that "all this media attention is getting difficult to ignore." =
VicodinES hates to be ignored. He lambastes Network Associates, Inc., =
the developer of McAfee's anti-virus products, for failing to include =
protection against one of his viruses.=20
In another part of the site, he quotes Jimmy Kuo, Director of =
Anti-Virus research at Network Associates, calling one of VicodinES' =
progeny "one of the most widespread viruses around right now." The =
author of Melissa also craves attention-- and is obviously receiving it. =
Another clue is the infomation that surrounds Melissa. The word =
file that makes up the Melissa virus contains about 80 URLs, user-names, =
and passwords for adult-entertainment websites. Obviously the author of =
the virus is no stranger to these sites. VicodinES also enjoys the odd =
randy picture. A different suggestive graphic graces the top of every =
page on his website.=20
When we talked to Roger Sibert, the administrator of the =
SourceOfKaos site which hosts VicodinES, he claimed that VicodinES had =
retired. But that may not be true. One of the fake press-releases on =
VicodinES's website clearly contradicts his "retirement." The full text =
states: "When asked about being 'retired' from virus writing VicodinES =
started cursing loudly into the phone and yelling about warm diet soda, =
then the phone hung up. I can only assume that meant that he didn't want =
to discuss that subject." The fact that a press release (dated December) =
states that he's still writing viruses, added to the fact that he's =
developed a Word 2000 virus, indicates that he's actually still quite =
active.=20
Finally, even his virus-writing peers seem to think VicodinES is =
the culprit. During a chat yesterday on an IRC channel where virus =
writers hang out, the participants were discussing Melissa and =
VicodinES. One member said, "Vic is gonna get in deeeepppppp s*** over =
this one." According to Roger Sibert, VicodinES uses the nickname Vic =
regularly on IRC. It appears even the close-knit virus-writing community =
thinks VicodinES did it.=20
Certainly many facts and circumstances point directly to =
VicodinES. But there's a few facts that just don't fit. Tomorrow I'll be =
writing about the case for why someone else, not VicodinES, wrote =
Melissa. But I need your help. If you have any evidence, pro or con, =
please post it below, or email it to me at jim@zdtv.com. And VicodinES, =
if you're out there, I'd like to get your side of the story out as soon =
as possible.=20
Jim Louderback, host of Fresh Gear, is the editorial director of =
ZDTV.=20
=20
------=_NextPart_000_0035_01BE7B16.C021F360
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2014.210" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>the views described below r =
copyrighted by=20
zdtv and r not my views nor do i take ne credit for the this is so i =
dont get in=20
trouble by zdtv heres there story of who they thank did it and y they =
think=20
so</FONT></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>
<TABLE border=3D0 cellPadding=3D0 cellSpacing=3D0 width=3D612>
<TBODY>
<TR>
<TD noWrap width=3D10></TD>
<TD align=3Dleft vAlign=3Dtop width=3D283><FONT =
face=3DVERDANA,HELVETICA,ARIAL=20
size=3D-1>
<H3>Is 'VicodinES' the Author of Melissa?</H3><B>Don't just jump =
to=20
conclusions. Read our case for 'VicodinES' being Melissa's creator =
before=20
deciding.</B><BR><FONT size=3D-1>By Jim Louderback</FONT> =20
<P>I've been exploring virus files and websites for the last few =
days, and=20
I've uncovered a number of interesting facts that strongly =
indicate that=20
VicodinES wrote the Melissa Virus. Here's the case, so far, in =
favor of=20
VicodinES -- but, remember, the case isn't closed yet.=20
<P>
<P>The most damning evidence comes from the GUID contained in the =
List.Doc=20
file that forms the heart of Melissa. List.Doc contains the virus =
code=20
that generates all those e-mail messages. The GUID is a code that =
uniquely=20
identifies the PC that created that document. The GUID is =
generated when=20
the file is created, but is not updated even if that file is =
renamed and=20
stored on a separate computer.=20
<P>
<P><!-- Begin Pullquote -->
<TABLE align=3Dright cellPadding=3D5 cellSpacing=3D5 width=3D175>
<TBODY>
<TR>
<TD align=3Dleft vAlign=3Dtop><FONT =
face=3DVERDANA,HELVETICA,ARIAL=20
size=3D+1><B>Tune in tomorrow for the case against VicodinES =
</B></FONT></TD></TR></TBODY></TABLE><!-- End Pullquote -->A =
virus-infected Word 2000 file, PSD2000.doc, found on VicodinES' =
site also=20
contains that same GUID. Although the other files on Vicondin's =
website=20
contain different GUID's, the fact that even one file has a GUID =
that=20
matches makes VicodinES a prime suspect.=20
<P>
<P>PSD2000.doc is also the first Word 2000 macro virus we've seen. =
Since=20
Word 2000 (a part of Office 2000) has yet to ship, these viruses =
are=20
relatively rare. In fact, on VicodinES' site, he congratulates =
himself for=20
developing the very first Word 2000 macro. Melissa is both a Word =
97 and=20
Word 2000 macro, and both contain the same GUID, which means both =
were=20
built on the same workstation, or both were based on the same =
original=20
document.=20
<P>
<P><!-- Begin Pullquote -->
<TABLE align=3Dright cellPadding=3D5 cellSpacing=3D5 width=3D175>
<TBODY>
<TR>
<TD align=3Dleft vAlign=3Dtop><FONT =
face=3DVERDANA,HELVETICA,ARIAL=20
size=3D+1><B>What's your opinion? Post your Talkback at the =
bottom of=20
this page </B></FONT></TD></TR></TBODY></TABLE><!-- End =
Pullquote -->Why=20
did Melissa include support for an application that hasn't shipped =
yet,=20
and requires additional coding to support? Perhaps because the =
author=20
wanted to trumpet his Word 2000 expertise to other virus writers. =
And that=20
behavior is entirely consistent with remarks made by VicodinES on =
his=20
website.=20
<P>
<P>VicodinES obviously craves attention. His website includes =
faked press=20
releases touting his supposedly superior expertise in writing =
macro=20
viruses, and calling a previous effort a "stunning achievement." =
And at=20
the end of the page, he says in his own words "feel the chill in =
the air?=20
yea? that's me...." And on another part of the site, he states =
that "all=20
this media attention is getting difficult to ignore." VicodinES =
hates to=20
be ignored. He lambastes Network Associates, Inc., the developer =
of=20
McAfee's anti-virus products, for failing to include protection =
against=20
one of his viruses.=20
<P>
<P>In another part of the site, he quotes Jimmy Kuo, Director of=20
Anti-Virus research at Network Associates, calling one of =
VicodinES'=20
progeny "one of the most widespread viruses around right now." The =
author=20
of Melissa also craves attention-- and is obviously receiving it.=20
<P>
<P>Another clue is the infomation that surrounds Melissa. The word =
file=20
that makes up the Melissa virus contains about 80 URLs, =
user-names, and=20
passwords for adult-entertainment websites. Obviously the author =
of the=20
virus is no stranger to these sites. VicodinES also enjoys the odd =
randy=20
picture. A different suggestive graphic graces the top of every =
page on=20
his website.=20
<P>
<P>When we talked to Roger Sibert, the administrator of the =
SourceOfKaos=20
site which hosts VicodinES, he claimed that VicodinES had retired. =
But=20
that may not be true. One of the fake press-releases on =
VicodinES's=20
website clearly contradicts his "retirement." The full text =
states: "When=20
asked about being 'retired' from virus writing VicodinES started =
cursing=20
loudly into the phone and yelling about warm diet soda, then the =
phone=20
hung up. I can only assume that meant that he didn't want to =
discuss that=20
subject." The fact that a press release (dated December) states =
that he's=20
still writing viruses, added to the fact that he's developed a =
Word 2000=20
virus, indicates that he's actually still quite active.=20
<P>
<P>Finally, even his virus-writing peers seem to think VicodinES =
is the=20
culprit. During a chat yesterday on an IRC channel where virus =
writers=20
hang out, the participants were discussing Melissa and VicodinES. =
One=20
member said, "Vic is gonna get in deeeepppppp s*** over this one." =
According to Roger Sibert, VicodinES uses the nickname Vic =
regularly on=20
IRC. It appears even the close-knit virus-writing community thinks =
VicodinES did it.=20
<P>
<P>Certainly many facts and circumstances point directly to =
VicodinES. But=20
there's a few facts that just don't fit. Tomorrow I'll be writing =
about=20
the case for why someone else, not VicodinES, wrote Melissa. But I =
need=20
your help. If you have any evidence, pro or con, please post it =
below, or=20
email it to me at <A =
href=3D"mailto:jim@zdtv.com">jim@zdtv.com</A>. And=20
VicodinES, if you're out there, I'd like to get your side of the =
story out=20
as soon as possible.=20
<P>
<P><I>Jim Louderback, host of <A =
href=3D"http://www.zdtv.com/freshgear"=20
target=3D_top>Fresh Gear</A>, is the editorial director of =
ZDTV.</I>=20
</P></FONT></TD></TR></TBODY></TABLE></FONT></DIV></BODY></HTML>
------=_NextPart_000_0035_01BE7B16.C021F360--
