SwatIt Anti Trojan and Bot Scanner and Remover
BOTS
Bots, Drones, Zombies, Worms and other things that go bump in the night.









 

 

Wicked Speaks Out.

Introduction

After several days of searching we eventually managed to track down Wicked and asked him if he would be agreeable to participating in an interview. Wicked agreed to be interviewed by us on IRC and the results of the interview can be seen a little lower down the page. Wicked is 13 years of age and lives in the Kenosha, Wisconsin area. The interview will hopefully give the reader a little bit of background into IRC DDoS Bot attacks and the people behind such attacks.

It is not often that you get a chance to talk to the orchestrators of DDoS attacks firsthand and on a one to one basis. Much can be learned about the architecture of such attacks and the infrastructure of the underground scene. There are many points raised to the questions that we posed to Wicked which will be of interest to a lot of readers. We find it best not to draw conclusions from the interview and leave it to our readership to reach their own conclusions and offer feedback.

The Interview

Session Start: Thu Sep 06 13:37:36 2001
*** Now talking in #bottalk
*** Retrieving #bottalk info...
*** ld^2k sets mode: +s
*** Wicked has joined #bottalk

<ld^2k> Hi ya :)
<ld^2k> I hear that you are making some news.

<Wicked> uh, you can say that

<ld^2k> Thank you for allowing an interview.
<ld^2k> Do you feel ok with answering some questions?

<Wicked> sure
<Wicked> so long as you dont pre-anaylize me

<ld^2k> Awesome.. So how long have you been on irc?

<Wicked> 2 years

<ld^2k> How old are you?

<Wicked> 13, 14 in 6 months

<ld^2k> Are you a coder?

<Wicked> partly, everything i make is buggy

<ld^2k> Well, you are young .. Can you tell me
what kind of apps that you have coded so far?

<Wicked> a windows crasher, and im working
on a second bot
<Wicked> ive had many ideas, but cant carry them out
because im not smart enogh yet

<ld^2k> What are you coding in?

<Wicked> c
<Wicked> sorry im in two mircs
<Wicked> lol

<ld^2k> Can you tell me a bit more about yourself?
Where are you from? What are your future plans?
<ld^2k> It’s ok :)

<Wicked> kenosha wisconsin
<Wicked> aint really got much to say about myself
<Wicked> i been into comps for more than half my life
<Wicked> and
<Wicked> my plans
<Wicked> really are to learn more
<Wicked> i just like to learn a lot
<Wicked> because thers nothin else to do
<Wicked> i have no social life really
<Wicked> just my laptop and other comps and then the net
<Wicked> then my friends on the net

<ld^2k> I heard about the ddos attacks with ircbots.
What kind of future plans do you have for attacks and such?

<Wicked> well
<Wicked> right now
<Wicked> im working on a new method of attack
<Wicked> and
<Wicked> i havent reallybeen into bots

<ld^2k> Did you get into any trouble from the last attack?

<Wicked> nah
<Wicked> my dad found out about it, he was cool with it

<ld^2k> What kind of new methods do you have ideas for?

<Wicked> well, gimme a sec to type it all out

<ld^2k> Ok

<Wicked> ok, basicly its a spoofed attack, but, u take and
ping a site (udp so it doesnt do a socklisten() and increases
bandwidth) but, the bots ping the site, not the target, then,
the spoofed addy, is your target, and you have a large ip list
in ur bots
<Wicked> so that ur bots

<ld^2k> After, be sure to tell me what your dad said
about it...

<Wicked> will be pinging aol.com and angelfire.com and shit
<Wicked> that way, the pings wont be dropped on route to
the actual target, since they will install filters
<Wicked> the only way thedy be stoped
<Wicked> is at the source
<Wicked> possibly at OS level

<ld^2k>Sounds a little like a smurf attack?

<Wicked> because of the fact udp can be sent in diffrent forms
<Wicked> yeah kinda like smurf
<Wicked> but this would be more effective
<Wicked> because
<Wicked> ur not reciveing a ping back number one
<Wicked> and
<Wicked> since its icmp
<Wicked> its not watched yet for spoofed data
<Wicked> *since its not
<Wicked> and, since it wont be listening for a reply
<Wicked> it will also leave more bandwidth open
<Wicked> plus, the udp header could be very small
<Wicked> a full tcp header is like, 21k in c

<ld^2k> So can you tell me, how many bots do you have now?

<Wicked> well
<Wicked> i dunno
<Wicked> 30 at most
<Wicked> but, ima spreading again

<ld^2k> I heard that you had thousands. What happened?

<Wicked> i basicly stopped infecting

<ld^2k> How many bots did you have when you started?

<Wicked> and bot thiefs nailed me
<Wicked> well, at my peak
<Wicked> i had 50k of bots, i kept a dalnet server with
mimic down for a day or so, but they went away right away
<Wicked> at the peak
<Wicked> thats a lot of bandwidth.
<Wicked> so much i ended up crashing a server of efnet offline

<ld^2k> How many bots do you think it would take to down
someone’s connection on irc?

<Wicked> for good
<Wicked> well it depends
<Wicked> how much data the bot can send
<Wicked> and how much the target can recive

<ld^2k> Can you explain more please?

<Wicked> if you have a high bot count, you usualy
just send a little data and they go down
<Wicked> ok
<Wicked> hers the basic
<Wicked> a 56k can take 56kb of data a sec
<Wicked> so
<Wicked> if u send 58 from a bot
<Wicked> the modems fucked
<Wicked> plus they are already doing something
<Wicked> if its a cable modem
<Wicked> that could be 100-500k a sec
<Wicked> so usually you go with a few bots
<Wicked> kinda like gutters
<Wicked> if u send too much water into them
<Wicked> they overflow
<Wicked> but, when the overflow
<Wicked> they stop being usefull

<ld^2k> How did you infect so many computers
with your bots? What infection method did you use?
<ld^2k> use

<Wicked> i used many
<Wicked> i dcc'd all over dalnet, i went to a few
thousand bbs's

<ld^2k> Which methods of infection do you think
were the most effective?

<Wicked> bbs
<Wicked> posting it as a security patch

<ld^2k> What method did you use to infect from the bbs?
<ld^2k> Ahh.. it is commonly believed by allot of people
that more Trojans are sent via email than any other method.
Do you agree with this?
<Wicked> no way
<Wicked> email is very hard to do
<Wicked> because most is worm based
<Wicked> useing outlook explorer
<Wicked> and noone uses that
<Wicked> dcc'n on dalnet is for trojans

<ld^2k> Isn’t file shares method used allot?

<Wicked> if u go into a porn chan
<Wicked> i bet
<Wicked> you will be nailed to crap
<Wicked> active x is ok
<Wicked> but no
<Wicked> file shares
<Wicked> are a nono
<Wicked> because its hard
<Wicked> to go look through ip lists
<Wicked> and just find ones

<ld^2k> Can you explain why on the files shares question?

<Wicked> its easyer to just spam

<ld^2k> I see.
<ld^2k> Active x is the common method of infection then?

<Wicked> i dont.
<Wicked> because
<Wicked> when you purchase a dsl
<Wicked> or cable
<Wicked> my main target
<Wicked> you are usually warned
<Wicked> and
<Wicked> now
<Wicked> with windows
<Wicked> they warn
<Wicked> about binding netbios to your dialup adapter
<Wicked> and
<Wicked> thats mostly used on lans
<Wicked> noone i see really has insecure open shares
<Wicked> iis is common though

<ld^2k> Wicked. I am wondering what your father
said when he found out about it..
<Wicked> because thats cable-t3
<Wicked> my dad said that i should have been more
constructive and put more effort into it
<Wicked> in otherwords
<Wicked> packeting was a bad idea
<Wicked> and it was

<ld^2k> more effort into the attack?

<Wicked> it was a media whore
<Wicked> i should have tryed to root him insted
<Wicked> :)
<Wicked> heh

<ld^2k> Is your dad involved with computers?

<Wicked> hes a computer technician
<Wicked> but hes been in the field for 25 years
<Wicked> and hes the one who taught me a lot of what i know
<Wicked> however we currently are, not getting along

<ld^2k> Why did your dad say that you should have been
more constructive? Do you think that he agreed with you
launching the attacks?

<Wicked> he finds it good that i have the capiblity to
break into things, but he thinks that i should use it for a
diffrent purpose

<ld^2k> What purpose?

<Wicked> fixing holes i find insted of exploiting the shit out
of them and pissing on it by puting a bot on them.
<Wicked> can i say shit?
<Wicked> or piss?
<Wicked> lol

<ld^2k> Sure just be yourself

<Wicked> hey look mah im on tv!
<Wicked> ok
<Wicked> there we go.
<Wicked> hes interviewing me
<Wicked> and how did u find us?

<ld^2k> So, your father feels that you should use your
talents for more constructive purposes. I am sure the
public would agree with him.

<Wicked> i say screw the public.
<Wicked> ppl see me as my ddos

<ld^2k> I have interviewed other botnet owners and
some suggested that I talk to you as well.

<Wicked> which also is y i shouldnt have

<ld^2k> Do you feel any regret in your last attacks?
Do you plan on future attacks in that direction?

<Wicked> yeah i do, because steave is a media whore
and i should known hed take advantage of it.
<Wicked> could you ask something not realated about bots?
like i said youve pre steriotyped me

<ld^2k> Why do you feel that you have been taken
advantage of?

<Wicked> he fucking went on tech tv about it
<Wicked> hello
<Wicked> y do that?
<Wicked> sites get ddosed all the time
<Wicked> hes not even a fucking expert
<Wicked> i refer to grcsucks.com
<Wicked> i back it 100%
<Wicked> he refers to raw sockets as full winsock sockets

<ld^2k> What makes you say that?

<Wicked> not as in step by step instructions
<Wicked> he also cant make up his mind
<Wicked> first he says spoofing cant be done unless you
have a full suplememnt of win2k
<Wicked> *sockets
<Wicked> like in win2k

<ld^2k> Can you expand more on this subject?

<Wicked> yeah but the public is also who i manipulate
<Wicked> ok
<Wicked> listen

<ld^2k> Ok, thank you

<Wicked> first, he says he can stop my attacks
<Wicked> then
<Wicked> he says he cant
<Wicked> then he says he can and turns back to he cant
<Wicked> then
<Wicked> he says spoofin can not be done under win9x
<Wicked> completely untrue
<Wicked> even without packet drivers
<Wicked> its doable
<Wicked> and
<Wicked> then
<Wicked> he says hes going to make spooferino
<Wicked> (didnt he just say it cant be done)?
<Wicked> and he also manipulates his storys
<Wicked> i did not say that i was the author of wkdbot 1.0
<Wicked> i simply named it that because i fixed a bug and
it was partly mine
<Wicked> then he says that i claim i made it
<Wicked> not true.
<Wicked> thats shit.
<Wicked> win2k has the same exact thing
<Wicked> proccess's can be hidden
<Wicked> period
<Wicked> and please refur to what i said earlyer
<Wicked> steave talks about winsock
<Wicked> and compares it to unix complemet sockets
<Wicked> evilgoat.

<ld^2k> Has evilgoat coded any other programs other than evilbot?

<Wicked> yeah he made a trojan thats widely used
<Wicked> yeah he did a lot
<Wicked> he made psychward
<Wicked> widely used

<ld^2k> Can you think of any other Trojans that evilgoat created?

<Wicked> yes, hes made several versions of evilbot
<Wicked> hes very skilled, but his code is buggy
<Wicked> and hes very very 2d
<Wicked> he isnt creative and only thinks from his angle

<ld^2k> 2d? Do you mean 2 dimensional?

<Wicked> yes

<ld^2k> Ok

<Wicked> he only thinks side to side, not up and down side to side

<^Da-BiTcH^> ld do u work for steve then or some thing ?
you sound a bit steve friendly

<ld^2k> No, I dont work for him. I'm keeping the interview
impartial and unbiased.

<Wicked> heh

<ld^2k> Having read about yourself and the way you are
portrayed by the media, is there anything that you feel they
have got wrong in reference to yourself?

<Wicked> yeah: me.

<Wicked> From my dialog with "Wicked", I saw that these
repeated attacks were "fun" for him. He was like a child
pulling the legs off a spider to see what it would do,
watching it flail and attempt to get away from its tormentor.
And, as we have seen, he experiences absolutely no remorse
and has no regard for any damage being done as a consequence.
He believes that he can not and will not be caught. Hiding
behind the anonymity created by the Internet's trusting

<^Da-BiTcH^> by doing this interview its makeing the whole
situation more money for that dick head
<^Da-BiTcH^> what wicked has done to steve is yes a pin
in the ass but is nothign more than ppl getting bored

<ld^2k> Well, throughout the entire interview, I have not
made one reference to him.

<Wicked> actually you have
<Wicked> yeah
<Wicked> and
<Wicked> take this for an example
<Wicked> ^Da-Bitch^ hated my ass when we first met
<Wicked> she used to do to me what i did to steave
<Wicked> and look at her now
<Wicked> we are best buds
<^Da-BiTcH^> :)

<ld^2k> The interview will go into a news letter for security
conscious people and will be included with an interview
with mobman the subseven author along with interviews
with dalnet irc operators.

<^Da-BiTcH^> mobman the subseven author
<^Da-BiTcH^> damn
<Wicked> haha
<Wicked> yeah
<Wicked> mobman hates me
<Wicked> he dont even know me
<Wicked> lol

<ld^2k> We interviewed him last night and it was a very
interesting interview.

<Wicked> we are only known for what we do
<Wicked> and sterio typed
<Wicked> you came in here from steaves profile on me
<Wicked> with pre based usumptions
<Wicked> not knowing me or what i can do

<ld^2k> On reflection what would you add in your defense
of what the media has said about you?

<Wicked> uhm
<Wicked> 'your all going to regret letting me bring my
backpack to school'
<Wicked> <ld^2k> On reflection what would you add in
your defense of what the media has said about you? lou
<Wicked> :)

<ld^2k> Actually, we had no preconceptions at all about
you and this is why we are talking to you know so we can
try and see your side of it.

<Wicked> i highly doupt that
<Wicked> because
<Wicked> of the fact
<Wicked> that the reason ur hear
<Wicked> is u heard form grc
<Wicked> but
<Wicked> when u heard this
<Wicked> you pre made asumptions
<Wicked> of how i will act
<Wicked> how i will talk
<Wicked> what i can do
<Wicked> and all that
<Wicked> why even bother
<Wicked> what you do
<Wicked> is you take someone who knows nothing
<Wicked> about the situation
<Wicked> you give him some quiestions wiht no
refrence to the oposite side
<Wicked> and tell him to interview the person
<Wicked> that way there are no pre conseptions

<ld^2k> The only assumption we had was that you had
launched an attack using irc bots which you had openly
admitted to. The rest we wanted to get from the horses mouth.

<Wicked> like i said human nature states otherwise
<Wicked> if you wanna be more scientific
<Wicked> the first thing you hear on the topic
<Wicked> will reflect your outlook

<ld^2k> The article is a lot of work it is a co-ordinated effort
of research and facts on actual bots and a series of one to
one interviews.

<Wicked> by research you mean steaves site?
<Wicked> talk to the people around me
<Wicked> that youve already interviewed

<ld^2k> No, it is completely independent research.

<Wicked> that actually know me
<Wicked> yes but before you heard me you heard about steave

<ld^2k> We are not affiliated with anybody else.

<Wicked> i know
<Wicked> but
<Wicked> because u heard them first
<Wicked> u lean twords them
<Wicked> but
<Wicked> if u take a person
<Wicked> who has heard of niether
<Wicked> and give him a set of quiestions
<Wicked> that he is to follow exactly

<ld^2k> Actually the news was all over the web.
I believe I read it first on the register

<Wicked> it is a lot more acturate
<Wicked> i know, cause steave is a media whore.
<Wicked> but
<Wicked> because of that fact
<Wicked> you make pre asumtions
<Wicked> cause when u heard
<Wicked> u went to steaves site
<Wicked> and read crap
<Wicked> thats fine
<Wicked> but you find a person
<Wicked> who knows nothing of me or steave
<Wicked> and then u put him in the middle of the interview
<Wicked> someone who takes no sides
<Wicked> hah
<Wicked> thats not something that is beliveable
<Wicked> this is a stupid interview comeing from a side
who already read about grc
<Wicked> who would already
<Wicked> have thoughts
<Wicked> of crap
<Wicked> in there mind
<Wicked> thats beside the point
<Wicked> u dont get what i say
<Wicked> u dont haveto interview them
<Wicked> its that the way you come to the interview

<ld^2k> The article is bot related entirely to bring out the
facts and get rid of the common misconceptions.

<Wicked> well thats the thing right there
<Wicked> its completely bot related
<Wicked> thats the missconseption
<Wicked> i dont just use bots

<ld^2k> This is your chance to be yourself and state
your side of it in your own words.

<Wicked> ok
<Wicked> hres my words
<Wicked> 'Your all going to regret letting me bring my
mother fucking backpack to school'
<Wicked> 'You can all burn in hell'
<Wicked> 'Life sucks and then you end it'
<Wicked> 'Stop making fun of gay people cause they
like there own gender'
<Wicked> 'Why the hell is oprah still on the air'
<Wicked> 'Why do we allow morons to exist?'
<Wicked> thats basicly my mind
<Wicked> oh
<Wicked> and
<Wicked> i aint no ddos kid
<Wicked> heh

<ld^2k> ok thanks for your time and thank you for talking to us today.

<Wicked> k
<Wicked> lets go :)



You can download and try SwatIt now free of charge by clicking
on the download link on the left.

Infected With Karma Worm and Sending Spam Messages
on IRC? click here

home - about - screenshots - links - contact

©2003 SwatIt.Org