Contents | < Browse | Browse >
===========================================================================
AMIGA HACK REPORT
Erik Loevendahl (SHI) hlau@dou.dk
===========================================================================
||
The Hack Report || Written by Erik Loevendahl
for April, 1995 ||
|| Fidonet : 2:236/116.17
Safe Hex International Support BBS: || Amiganet: 39:141/127.17
|| Telefax : +45 5599 3498
DAN BBS: +45 43621655 V-Fast 28.8 ||
Formula II: +45 43432463 V-Everyth. || Henrik Lauridsen Internet support:
|| hlau@dou.dk
||
||
Lars Stockholm Packet Radio support:|| Benny Petersen Cbmnet support:
OZ1GYQ@OZ4BOX.SAX.LOL.DNK.EU || bennyp@bennyp.adsp.sub.org
||
|| Number 4
Released by Safe Hex International || Report Date: 09 April, 1995
||
=========================================================================
Welcome to the second issue of The Amiga Hack Report. This is a series
of reports that aim to help all users of files found on BBSs avoid
fraudulent programs, and is presented as a public service by the FidoNet,
Internet and Amiganet International E-mail echos.
Thanks to everyone who has helped put this report together, and to those
that have sent in comments and suggestions.
NOTE TO SYSOPS: The Hack Report may be freely posted as a bulletin on your
BBS, subject to these conditions:
1) the latest version is used,
2) it is posted in its entirety, and
3) it is not altered in any way.
NOTE TO OTHER READERS: The Hack Report (file version) may be freely
uploaded to any BBS, subject to the above conditions, and only if you do
not change the filename.
The author is not responsible for any loss of data nor is he responsible
for any information if it isn't correct. This list is made as a help and
a lot of work is done to validate all the below mentioned informations to
be so correct as possible, but who knows? .....
The idea is to make this information available freely. However, please
don't cut out the disclaimers and other information if you use it, or
confuse the issue by spreading the file under different names. Thanks!
If you see other fake or trojan versions NOT listed here, please contact
one of the above supporters or myself so that we can keep this listing up
to date.
Erik Loevendahl
=========================================================================
HACKED AMIGA PROGRAMS
Here are the latest and most common versions of some programs known to
have hacked fake or trojan copies floating around. Archive names are
listed when known, along with the person who reported the fraud. (thanks
from us all!).
20-03-94 X-Copy 8.5 66424 bytes is a trojan. Installs the Fmfoj Xjsvt
v2.2 (Eleni) boot virus, which can damage your harddisk.
17-05-94 Decompiler (Autoboot Disc Creator), 53.992 bytes is a trojan.
Renames your harddisk directories. Reported by W. Gorzkowski.
25-05-94 Hacker 20.980 bytes unpacked is said to optimize your modem
settings, but in fact it is a trojan
05-06-94 DMS 2.13 92.440 bytes packed in a file named "Dms213ur.lha"
will format your harddisk. Reported by Kim B. Jensen.
* 15-06-94 NoCare27.lha 28.848 bytes unpacked will delete your HD files.
18-06-94 DMS2.12 lha, Device-Masher System, DMS/FMS-Masher 2.12 Extra
Turbo 92.208 bytes is a fake.
20-06-94 Ua62.lha, Ua-dialer v6.2 26828 bytes PPacked, 51956 bytes
unpacked is said to damage your S/Dir.
22-06-94 Mformt12.lha, Mformat 1.2 unpacked 25168 bytes is said to
format harddisks after 8. floppies. Reported by Gerard Sens
* 02-07-94 NCOmm 3.09 221.056 bytes is said to be a trojan, which
installs the eleni virus, that can damage your harddisk.
07-07-94 Hd_speedup.exe, 6252 bytes unpacked found in "HD_Speedup.lha"
will damage your harddisk. Reported by Steen Brusgaard.
15-07-94 Clx_doom.lha, Doom 32020 bytes is a nasty trojan, which change
your assign and setpatch command. Reported by Edwin Leenders.
23-07-94 Elien_virus_checker 0.1 is nasty trojan. Found in a file
called "elien.exe". 1016 bytes PPacked, 596 bytes unpacked.
* 02-08-94 Esp-dmpd.lha (DiskMaster 2 PAL Fix) is said to contain a
linkvirus.
09-08-94 God-j12.lha, JiZaNSi 1.2 - IFF 2 ANSI converter 22.008 bytes
unpacked is a trojan. Reported by Peter Hansen.
* 24-08-94 Viewtek22.lha 93.844 bytes contains a link virus. Reported by
Betasoft.
01-09-94 Dskslv3.DMS. Disksalv 3.01 106584 bytes unpacked is said
to be a trojan. Reported by Dave Haynie.
08-09-94 Vmk30.lha, Virus Memory Kill V3.00 2620 bytes is a trojan
which will damage your harddisk. Reported by Chris Hames
30-12-94 Surprise.exe 39296 bytes is spread at a demo at "The Party 94"
in Denmark will damage your harddisk. Reported by B. Petersen
31-01-95 VZII-114.lha is a fake version. Please use the new version
VZ-115.lha 128182 bytes (unpacked 74028 bytes).
01-01-95 DMS206.lha and CRY_206 contain DMS206.exe is a BBS infiltrator
program. Use the latest >original<... DMS 2.04 (96284 bytes).
13-01-95 IStrip21.lha unpacked 12212 bytes is an infiltrator program
which place BBS user.data in download dir named "eatme.lha".
06-02-95 The Achtung.exe demo in the GATH95-!.lha archive will format
your harddisk (COP trojan). Reported by John Vickers.
03-03-95 The archive axripii.lha, about 120046 bytes contains harddisk
damage program called Fucker virus in the file called AMIBBB.
14-03-95 Personal Paint version: 6.2 is a fake. The last original
PPaint version is 6.1. Reported by the programmer M.C.
Battilana
21-03-95 ncomm32.lha, 121896 bytes Stonecracker 4.04 packed), 226116
bytes unpacked. Pretend to be NComm 3.2, but is in fact a COP
trojan (harddisk tasher)
25-03-95 opus5.lha, unpacked 347308 bytes. Pretend to be DirectoryOpus
5.0, but is in fact a COP trojan (harddisk trasher)
26-03-95 lha30.lha, 69888 bytes StoneCracker 4.04 packed, 105808 bytes
unpacked. Pretend to be Lha 3.0, but is in fact a COP trojan
(harddisk trasher)
26-03-95 ced4.lha 174500 bytes unpacked. Pretend to be CygnusEd 4.0,
but is in fact a COP trojan (harddisk trasher)
31-03-95 sinfo10.lha, unpacked 2852 bytes. Pretend to be SInfo v1.0,
but is in fact a COP trojan (harddisk trasher)
* 06-04-95 nxs-pt4.lha unpacked 180188 bytes. Pretend to be ProTracker
4.0, but is in fact a COP trojan (again a harddisk trasher)
09-04-95 Commander virus is to-day spreaden in all the folowing files:
dagis!up.exe, Denistro_1.exe, Denistro_2.exe, mn-acid.exe,
Vampire.exe, Dpl-Mam1.DMS, Dpl-Mam2.DMS, Removcmd.lha,
Network90.DMS
The above marked > * < trojans or fake versions isn't implementet in the
SHI virus killers yet, so please TAKE CARE AND SEND THESE TROJANS for new
updates to the mentioned SHI members/BBS'es in this list!!.
Do yo want more information please read more about the viruses and trojans
in Virus Info Base an excellent multi media datebase program made by SHI
and spread by ADS, achive name: "VIB9508.lha"
=========================================================================
SPECIAL FOR SYSOP'S
-------------------
* Did you know that today no file is safe anymore!
* Did you know there is a lot of virus, trojans and fakes today?
* Do you want to protect your harddisk 100%?
* Do you want to use a simple and effective way?
A little trick for SysOp's: Print this little list and use it to check
your new uploads!!
Please use this form below if you find some fake versions or trojans and
send it to Safe Hex Internalional by E-mail or by post.
--> cut here
========================================================================
HACK REPORT FORM:
------------------------------------------------------------------------
YOUR NAME:
------------------------------------------------------------------------
ADDRESS: ZIP CODE:
------------------------------------------------------------------------
COUNTRY: PHONE:
------------------------------------------------------------------------
WHICH PROGRAM IS A FAKE OR A TROJAN : VERSION:
------------------------------------------------------------------------
FOUND IN ARCHIVE NAME: ARCHIVE DATE:
------------------------------------------------------------------------
BYTES UNPACKED:
------------------------------------------------------------------------
A LITTLE DESCRIPTION
(Why do you think this is a fake or a trojan)
-------------------------------------------------------------------------
ATTENTION IF..
Possible please send the actual fake or trojan to Safe Hex International!
THANK YOU VERY MUCH FOR YOUR HELP! WITHOUT YOUR
VALUABLE HELP WE COULDN'T HAVE MADE THIS LIST!!!
========================================================================
--> cut here
Please send the hack or the infected file together with the above report
to:
SAFE HEX INTERNATIONAL MAIN
Erik Loevendahl Fidonet: 2:236/116.17
Snaphanevej 10 Amiganet: 39:141/127.17
DK-4720 Praestoe Telefax: +45 5599 3498
Denmark
/or to ....
__
__ /// SAFE HEX INTERNATIONAL BULLETIN BOARD SUPPORT:
\/// :::::::::::::::::::::::::::::::::::::::::::::
XX/
* Formula II Amiga BBS: +45 43432463 US Robotics V-Everything
SysOp: Flemming Lindeblad
* Programmers Resort BBS: +45 98380575 ZyXEL/v32bis
+45 96869090 ISDN
Special support for the SHI programmers and disk copy service
for SHI programmars without a modem.
SysOp: Alex Holst, member of SHI
Address: Alex Holst
Jaettestuen 70
DK-9230 Svenstrup J
Denmark
Tlf. Voice: +45 96869090
* DAN BBS is one of the best and biggest BBS in Europe
Anti-Virus PC and Amiga CoSysOP: Erik Loevendahl
Server: 486DX2-66,32mb-RAM,Adaptec 2842VL
Micropolis 1528+4110 (Micro2:86127799)
Total harddisks: 4.3 GIGA,
2/8 Giga Sony DAT streamer
CD-Server: 386-40mhz,4MB, 18 CD's online
ISDN workstation: 386-40mhz, 4MB, TELES
Total 14 GB on-line
(More than 30 PC's in system)
Linie 1 payment line 42643990 V-Fast 28.8
Linie 2 43628230 ZyXEL/v32bis
Linie 3 43627750 ZyXEL/v32bis
Linie 4 43625880 ZyXEL/v32bis
Linie 5-19 payment lines! 4362XXXX ZyXEL/v32bis
Linie 20 42643827 V34/VFC 28.8
Linie 21 43621655 VFC 28.8
Linie 22+23 43661070 ISDN
DAN BBS fax: 42643357 Group 3
HOW TO DO:
---------
Do you wish to contact our SHI >free< anti-virus areas for uploads
of new virus or download of the newest SHI anti-virus stuff type:
"Guest", "Guest" (for free files), and "V" (for the SHI anti-virus
free area)
=========================================================================
WE NEED......YOUR SUPPORT CONCERNING NEW VIRUSES FOR FUTURE UPDATES of
this Virus Info Base program.
We are thinking that you can see how important your support is too if you
are using one of the following programs, which are using our
anti-virus.libraries:
* Virus Checker by Johan Veldthuis
* Virus Scanner by Gabriele Greco
* Fides Professional by John Lohmeyer
* DMS by ParCon Software
* Virus Info Base by Safe Hex International
* D-Copy by Stefan Bernbo
* X-Copy by Cachet Software (commercial)
* Xtruder BBS virus killer by Martin Wulffeld
* MT-Copy by Gert-Jan Strik
* Harboot virus analyser by Martin Harbo
* Bootwriter by Ralf Thanner
* DMS Checker by Martin Wulffeld
* AntiCicloVir by Mathias Gutt
ATTENTION: ARE YOU USING SOME OF THE ABOVE PROGRAMS, YOU HAVE OF COURSE
INTEREST TO HELP US, SO WE WE CAN HELP YOU TOO. THEREFORE REMEMBER TO
SEND ALL NEW VIRUSE TO SHI FOR FUTURE UPDATES.
THANK YOU VERY MUCH AND REGARDS
"THE AMIGA LIVE"
=========================================================================
Kind regards your friend
/~ ERIK LOEVENDAHL SOERENSEN, SAFE HEX INTERNATIONAL
C-oo) Phone +45 5599 2512 | Fidonet: 2:236/116.17
-) Fax +45 5599 3498 | Amiganet: 39:141/127.17
/~