Interview with Golcor DALnet #NoHack Operator

1.Can you tell me a little bit about yourself. Background information etc?

I am what you would call a hobbyist computer programmer. I took a computer programming
course at the Toronto School of Business in Hamilton Ontario in 1986. There I learned
several programming languages and a bit of Systems Analysis. I spend the next
10 years just playing with computers, doing it more as a hobby than a job.

After the internet took off, I decided to update my skills to learn web design programming.
I learned HTML, javascript, perl and have become a bit of an authority on CSS.

I founded Golcor Web Design two years ago, and I am now working on Planet Software
Development. I am changing my focus from web design to windows applications because
I feel that my interests are better served there.

I am currently working on a sheet metal apprenticeship so I can apply my programming skills
to a real world trade. As part of this I have undertaken a programming project to aid
Estimators in the field develop HVAC retrofit projects using laptop computers that can
uplink to a central server.

2. What made you get interested in studying IRC Bots and Trojans?

I was an Op in #Family_Chat when a user infected with dmsetup came in the channel.
Another op in the channel kick/banned the user with a simple message: "you have a virus".
This seemed very crude to me, and I took it upon myself to help this user. This is when
I discovered #NoHack. I was excited that such a channel existed, so I spent the next 2
weeks learning all I could about irc trojans, and took their quiz. I was accepted
immediately, and have been there ever since.

3. Can you tell me a little about your work in the #nohack channel or exploits team?

What can I say about that?

I have recently formatted an old laptop and installed windows 95 on it. It is my
intention to begin analysing trojans as they hit dal.net, and start to write fixes for
them. All fixes have to be approved by nohack, but at least it will help, many trojans
seem to take weeks before the big companies seem to address them. Some antivirus
software still can't detect every version of the sub7 Trojan.

4. How do you for see the future for these bots? As in do you think the problem will
escalate or die out?

Well, if the attacks on #NoHack are any indication, I see nothing but escalating problems coming. Just yesterday I was talking to a user that was a teacher of Visual basic in a college. This guy was telling me that his computer was very lagged, and described to me what seeemed like the Codered.C worm. I advised him to get scanned, so he did, and he WAS infected. If knowledgable programmers like this guy was, can be infected for so long (about 2 weeks) and not even know, what chance does the average user stand.

5. How do you think the problems could be avoided and solved for both the users and the IRC Service?

That is a tough one. Trojan spreaders are crafty. Every time the IRC Service puts up a block, they find a way around it. The only real solution is education. Users need to be informed about
these problems, and they need to be using software that can detect the trojans that are current.
Nothing can replace common sense, if users would stop downloading files from people they do not know, that would go a long way to helping. Just the other day I had a user run a file called "iamavirus.exe". When I asked him why he would do such a thing, he said he was curious what it would do.

6. How much have you learned about these Bots and how many Bots roughly have you
learned about and where did you learn about them?

I have learned a lot about theses bots. I haven't actually counted, but I think I am aware of
20 bots or so, trojans in the hundreds I'd say. Most of this learning took place between #Nohack, cert.org and various users on irc that are familiar with them. These bots are actually
the reason I want to have a test computer to install and track what they do. There is a real
need in #nohack for this, because the bots change so often, many times the only resource I have for removal is me. Some times I encounter trojans or bots that are very literally hours old.
You can't research that kind of information :)

7. Is there any other comments you would like to add?

Just that #NoHack ops are a special breed. We are all non-profit. None of us get
paid for what we do. We suffer attacks from hackers, abuse from users and hours of
endless directions to people to help them remove a file they unwittingly installed.
And I think that most enjoy it, in spite of all that. I do it mostly for the education
value. Being in #NoHack has taught me a great deal about Windows. I am still learning.
I think the "Working towards a virus free irc" slogan on the nohack.net web site is
a vain goal. It will never be achieved that I can see. But at least we can help those
we can...and learn along the way. That's a fair trade.
   
       
    Questions? Comments?
E-mail Web master: www@lockdowncorp.com
Copyright © 2001 by LockDown Corp. All rights reserved.
Site is optimized for 800x600 resolution or greater.