home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Shareware 1 2 the Maxx
/
sw_1.zip
/
sw_1
/
TEXT
/
HACK122.ZIP
/
HACK122.RPT
next >
Wrap
Text File
|
1992-04-30
|
23KB
|
485 lines
From the files of the Hack Squad:
The Hack Report
-----------------------------
Report Date: May 1, 1992
Welcome to the sixteenth issue of The Hack Report. This is a series
of reports that aim to help all users of files found on BBSs avoid
fraudulent programs, and is presented as a free public service by the
FidoNet International Shareware Echo and the author of the report,
Lee Jackson (FidoNet 1:382/87.4).
| This week, most of the activity is in the ???Questionable Files???
| section: your Hack Squad really needs your help to confirm these files.
| Thanks to everyone who has helped put this report together, and to
| those that have sent in comments and suggestions (we really do listen
| here at Hack Central Station). If you have any comments, please send
| FidoNet NetMail to me at 1:382/87.4, or call The ECS BBS at
| (512)328-6923 and leave a message in the ECS_GENERAL area. RIME
| readers may send comments directed to RIME address MAH (Modem Addictus
| Hospital, (512)443-8941).
NOTE TO SYSOPS: The Hack Report may be freely posted as a bulletin
on your BBS, subject to these conditions:
1) the latest version is used,
2) it is posted in its entirety, and
3) it is not altered in any way.
NOTE TO OTHER READERS: The Hack Report (file version) may be freely
uploaded to any BBS, subject to the above conditions, and only if
you do not change the filename. You may convert the archive type
as you wish, but please leave the filename in its original HACK???.*
format. The Hack Report may also be cross-posted in other networks
(with the permission of the other network) as long as it meets
the above conditions and you give appropriate credit to the FidoNet
International Shareware Echo (and the author <g>).
The idea is to make this information available freely. However,
please don't cut out the disclaimers and other information if you
use it, or confuse the issue by spreading the file under different
names. Thanks!
DISCLAIMER: The listings of Official Versions are not a guarantee
of the files' safety or fitness for use. Someone out there might
just be sick-minded enough to upload a Trojan with an "official"
file name, so >scan everything you download<!!! The author of
this report will not be responsible for any damage to any system
caused by the programs listed as Official Versions, or by anything
using the name of an Official Version.
Now that the Draconian stuff is out of the way, let's get to the
report!
********************************************************************
Hacked Programs
Here are the latest versions of some programs known to have hacked
copies floating around. Archive names are listed when known, along
with the person who reported the fraud (thanks from us all!).
Program Hack(s) Latest Official Version
------- ------- -----------------------
AutoMenu AUTO48 AUTO47
Reported By: Tony Blair (WildNet)
via Ken Whiton (1:132/152)
Verified by Marshall Magee, Magee Enterprises, Inc.
CatDisk CDISK510 CDISK620
CDISK530
CDISK661
Reported By: Jeff Kaplow (1:120/234)
CompuShow CSHOW801 CSHW843
CSHOW831
CSHOW851
Reported By: Paul Brazil
(Note: Any version ending with a B, such as CSHW841B, is _not_
a shareware version. This is the enhanced version received
with the user's registration and is not to be distributed.
Consider all B archives to be pirated copies.)
Las Vegas EGA Casino (unknown)
Reported by the author, Diana Gruber, in the ILink net,
relayed by Richard Steiner (1:282/85)
(Note: a version of this program sold through Gemini
shareware outlets with the title screen "Special GEMINI
game disk" and a version calling itself the "Ledyard$
EGA Casino" have been distributed. No archive names
have been supplied yet.)
List LIST8 LIST76B
LIST18
Reported by: The Hack Squad (from the Buerg BBS)
Math Master MATHMSTR M-MST301
Reported by: James Frazee (1:343/158)
PKZip PKZIP120 PKZIP110
PKZIP20B
Reported by: Fred Towner (1:134/73)
PKZ201.ZIP
PKZ201.EXE
Reported by: Jim Westbrook (1:382/29)
PKX201.EXE
Reported by: Bill Logan (1:300/22)
QEdit Advanced XEDIT QEDIT215
Reported by: Sammy Mitchell, Author
(thanks to Rand Nowell and Joe Morlan for relaying the report)
Telegard 2.9E Alpha TG29EALP Telegard 2.7
Reported by: Karen Maynor (1:3640/5)
(Found on the NightOwl CD-ROM disc version 5.0)
Telix Telix v3.20 Telix v3.15
Telix v3.25
Reported by: Brian C. Blad (1:114/107)
Telix v4.00
Telix v4.15
Reported by: Barry Bryan (1:370/70)
Telix v4.25
MegaTelix
Verified by Jeff Woods, Exis, Inc., in the TELIX echo,
who also states that there will be _no_ release titled
Telix 4.0. He states the next release of Telix will be
under a completely new name, which has not been decided
upon yet.
TheDraw TDRAW430 TDRAW451
TDRAW500
Reported By: Ian Davis, Author
TDRAW600
Reported By: Hawley Warren (1:120/297)
TDRAW800
Reported By: James Carswell (1:153/775)
Turbo Antivirus Version 9.00b Version 8.10
Version 9.01a
(Archive names unknown)
Reported by: Thomas Ruess (2:246/24)
X00 Fossil X00V130 X00V124
X00V130J
====================================================================
Hoax Alert:
Tim Fitzgerald of 1:3800/18.0 has concluded his test on XTRATANK, and
has confirmed what we suspected all along: it doesn't work. Here is
how you can tell, according to Tim:
1. Run CHKDSK and write down the free space it reports as free.
2. Do a DIR command and write down what XTRATANK reports.
3. Copy any text file to a new text file.
4. Repeat steps 1 and 2, and compare.
You will see that XTRATANK reports that twice as much disk space is
taken up by the new text file. Tim concludes that XTRATANK fools you
into thinking that it gives you more space by doubling what the DOS
DIR command reports. Fortunately, it is still harmless. Consider it
a hoax that doesn't work.
Other previously reported hoaxes:
Filename Claimed use/Actual activity/Reporter(s)
------------ -----------------------------------------------------
2496.* This, and all files that claim to run a 2400 bps
modem at 9600 or 14400 bps, are hoaxes. If you
follow their instructions, you will have a 0 bps
modem. Reported by several people.
AMIGA.* Claims to allow IBM/Clones to read Amiga Workbench
Disks: displays a picture of an Amiga Workbench disk
on your screen, then spins your A: drive and locks
your system. From Suriya Matsuda, Jacob Kanafoski
| (1:3613/4), Derek Vanmunster (1:229/418), and Jeff
Hancock (1:3600/7).
BIMOD126.* Claims to be version 1.26 of BiModem - actually v1.24
renamed and re-archived.
CREDITFX.* Promises to repair your credit if you buy the full
program for $39.00: the phone number in the file
has been disconnected. From Paul Reimche (1:206/2404).
====================================================================
The Trojan Wars
There are no new Trojans to report this week, but there is a file
listed in the ???Questionable Programs??? section that may be one.
However, if you are reading the report for the first time, this is one
section you shouldn't skip: read on and see why.
Please be aware that the PKZip v2.0B hack reported in the hack
section of this report could be a Trojan. According to the report
filed in the VIRUS_INFO echo by Fred Towner, the archive (an ARJ
archive, no less(!)) had these files in it:
PKZIP20B.EXE
UNKNOWN.NFO
MUSTREAD.COM (archived with PKLITE)
WATCHME!.EXE (archived with PKLITE)
Fred was wise enough not to try and run any of these programs, so
Trojan activity has not been confirmed. Fortunately, the PKZ201 (and
PKX201) files appear to be nothing more than hacks of the 1.93 Alpha
release. Some relief, but a hack is a hack.
Other previously reported Trojans/Droppers:
Filename Claimed use/Actual activity/Reporter(s)
------------ ----------------------------------------------------
GREYSCAL.* Claims to be a monitor adjustment utility - actually
a dropper - infects files on your hard drive with the
FISH virus through the README.EXE file in the archive.
Not detectable by any scanner. From Bill Logan
(1:300/22).
MONOP3-0.* Supposed to be Monopoly for Windows. Contains
FORMAT.COM from DOS 4.01 and STACKEY v2.1 (renamed as
MONOP1.COM and MONOPOLY.COM and invoked by a batch
file called README!!.BAT). Will try and format your
hard drive - a volume label on your HD will thwart
this one. From Derek Vanmunster (1:229/418).
Obnoxious "Tetris" clones for the Macintosh - actually droppers
Tetris of the MBDFA virus. Via Paul Ferguson (1:109/229)
Tetriscycle in the VIRUS_INFO echo.
Ten Tile Puzzle
OCEAN.ZIP From the BBS description: "Wonderful Game, Reward for
PLANTS.ZIP the person who conquers it 1 time, Good luck, how does
RAINBOW.ZIP 30,000 bucks sound to you if you break the pattern, try
this game, it is wonderful, waht a challenge, bet you
can't break the pattern. $50, 000 if you do it twice."
Actually a compiled batch file that tries to erase all
files on your C: drive. From Richard Dale (1:280/333).
PSI3.ARJ Passing itself as the LHA Archiver, version 3.00. It
destroys your partition table, boot sector, and parts
of FAT 1 and FAT 2. From Nemrod Kedem (2:403/138).
SCAN87.* Suspected of Trojan activity, but not confirmed. The
SCAN88.* latest official release is SCAN89B. Reported by
SCAN96.* several.
TGSEC16.* Trojan version of Telegard Security Package - both
executables in the archive will infect your system
with the Dark Avenger virus, and the text files show
you how to ease access to your system by hackers instead
of prevent access. By Scott Raymond, author of the
real package (latest official version is TGSEC17.*).
ZAPPER15.* PSI3, mentioned above, recommends an "antivirus"
program called ZAPPER15.* to remove a virus called
"PSQR". ZAPPER15 is another Trojan which overwrites
your hard disk's boot sector with random garbage data
from memory. It contains no viral code. Also from
Nemrod Kedem (2:403/138)
====================================================================
Pirated Commercial Software
Program Archive Name(s) Reported By
------- --------------- -----------
Above Disk v3.00A EXP-MEM.* Dale Woloshin (1:163/211.3)
and Wolfgang Fritz
BeetleJuice (game) BJUICE.* Alan Hess (1:261/1000)
BJ.* Bill Blakely
(RIME Shareware echo)
Bootcon unknown Mike Dunsmore
(by Modular Software (RIME Shareware echo)
Systems)
Commander Keen #2KEEN.* Steve Hodsdon (1:132/119.12)
(parts 2 and 3) #3KEEN.* Harold Stein
(via Ken Whiton, 1:132/152)
Double Disk DDISK214.* Ronald McGill (1:167/149)
Duke Nukem parts 2 & 3 DUKEZIP2.EXE Steve Hodsdon (1:132/119.12),
#2DUKE.* Craig Demarsh (1:260/213),
DUKEZIP3.EXE and Hal Thompson (1:353/220)
Eagle's Nest (game) Unknown Mike Headley (1:362/112)
(not in wide distribution)
Fastback Plus v2.0 FBPL200.* Bogie Bugsalewicz (1:115/738)
Flashlink MNP Emulator FLASHLNK.* Several
LotusWorks v1.0 LWORKS.* Brian Luker (1:167/149)
Mac-in-Dos CLINK.* Arthur Taber (1:125/28)
(not the SEALink protocol)
MAC-DOS.* Ron Bass (1:128/13.3)
Leslie Meehan, original
reporter (unknown)
Microsoft Mouse Driver MOUSE810.* Bat Lang (1:382/87)
MTE MNP Emulator MTE215.* Bat Lang (1:382/87)
MTE210E.*
MTE210F.*
MTE210G.*
MX5.* Wolfgang Fritz
Verified by Steve Lieberman
of MagicSoft, Inc.
MX6.*
Optune OPTUNE.* Bat Lang (1:382/87)
OPTUNE11.*
OPTUNE12.* Jeff Dunlop (1:203/16)
Paganitzu part 2 #2PAGA.* Harold Stein
(via Ken Whiton, 1:132/152)
QModem 5.0 QM50.* Daniel Hagerty (1:208/216)
SimCGA SIMCGA40.* Joe Morlan (1:125/28)
SIMCGA41.*
SIMCITY SIMCITY.* Mark Visser
Solitare Royale SOLITRYL.* Dan Brady (1:282/108)
SOLIT.* Bud Webster (1:264/165.7)
Spot (7-Up game) SPOT.* Steve Hodsdon (1:132/119.12)
Squish 2.1 SQUISH21.* Several
(verified by Joe Morlan)
Tunnels of Armageddon TUNNELS1.* Wolfgang Fritz (1:249/140)
TUNNELS2.*
====================================================================
?????Questionable Programs?????
| A report has been relayed from Brian Hess (WildNet, via Ken Whiton)
| concerning a program called TMFIX.ZIP. The archive contains the files
| TMFIX.EXE and TMFIX.DOC. Brian states that McAfee Associates
| determined the archive is "absolutely a Trojan file," and he thanks
| them for their help in fixing "all problems with this file." I must
| admit that I'm a bit lost on this one, and I can not confirm McAfee's
| involvement with this archive. If someone reading this has any inside
| information that could fill in the gaps, please enlighten your pleading
| Hack Squad.
| Steve Baker (1:114/116) reported a file that appeared on his board
| called CSHOWA.ARJ. The description of the file stated it was version
| 8.44a of the CompuShow GIF viewer, and the file dates were newer than
| the ones in the version reported here as official (8.43). If a new
| version is in fact out, please notify me so I can correct my
| information.
As reported last week, there is information on the file AUTO48.*,
reported by Tony Blair in the WildNet Shareware echo and relayed by Ken
Whiton (1:132/152). I called Magee Enterprises, Inc., the company that
produces AutoMenu, and spoke with Marshall Magee himself. Mr. Magee
was very helpful, and according to him, "the current version of
AutoMenu is version 4.7." Any version higher that that should be
considered a hack. My thanks to Tony, Ken, and Mr. Magee in verifying
this.
| Kevin Donald (1:123/54) located a file called Supaplex (no archive
| name) that is a game with VGA and SoundBlaster support. Rick Rosinski
| (1:239/1004) says he has seen this file, and claims it is a pirated
| commercial game. Dennis Matney (1:230/12) also says that this is
| commercial. A text file in the archive contained the text "cracked by
| XXXXXX." To complicate matters, Phil Ransone (2:440/25) reports that
| there was a playable demo version of this game released. What I need
| to confirm this is some information on the real publisher, such as
| name, address, and/or phone number. If anyone has this, please send it
| in.
| Last week, Harold Stein (WildNet) had asked, via Ken Whiton, to relay
| that any games by Apogee with a number other than #1 in the filename
| are usually not a shareware, but registered modules of the games in
| question. This week, he reports that there may be a second trilogy of
| the Commander Keen series, numbered #4KEEN - #6KEEN, and that #4 may
| have been released as shareware. Please be careful with any Apogee
| game not numbered #1, however, since there are some pirated modules
| floating around. Be on the lookout, and double check any you see.
BiModem is the subject this time, but the situation doesn't quite fit
into any of the other categories of this report. A few users have
seen a version called BIMOD125.* floating around, and wondered if it
was a hack. Steve Baker (1:114/116.0) called the support BBS and
verified your Hack Squad's information: v1.25 is a closed beta.
Version 1.24 is the latest public release. This information was also
verified by the Hack Squad (in lurk mode over in the BIMODEM echo)
through a message posted by Michael Ingram (1:114/151). In short, if
you see BIMOD125, delete it - it's a beta that shouldn't be out yet.
Yet another one that doesn't seem to fit anywhere is a Windows program
| called WinSpeed. Bill Eastman (1:382/87.12) relayed a message from
Alan Zisman (1:153/9) in the WINDOWS echo about this file, and
Piyadaroon Kalayanamit (1:382/87) quickly cleared the confusion.
Apparently, there are _two_ different programs called WinSpeed: one is
a commercial package of Windows video drivers, which should not be
posted for download on any BBS. The other is a small utility that
will report your system speed from within Windows, and is a legitimate
shareware file.
| James Brown (1:266/22.0) has reported in the WINDOWS echo that the
| shareware WinSpeed has been renamed to WINDSOCK. According to James,
| the author(s) took the original off of CompuServe, renamed it, and
| resubmitted it. Hopefully, this will ease the confusion, but there
| _will_ be copies floating around under the old name. So, be careful
| with this one. If you get a copy of the video driver file from
| someone, delete it: it is not shareware.
I still have no further confirmation of MTG2400, reported by Zach
Adam of 1:2200/103. The description says this program will run a
2400bps modem like a 4800bps modem, which sounds a bit like the MTE
program listed in the Pirated Commercial Software section. Any
information would be appreciated.
****************************************************************
Conclusion
If you see one of these on a board near you, it would be a very
friendly gesture to let the SysOp know. Remember, they can get
in just as much trouble as the fiend who uploads pirated files,
so help them out if you can.
***HACK SQUAD POLICY***
The intent of this report is to help SysOps and Users to identify
fraudulent files. To this extent, I give credit to the reporter
of a confirmed hack. On this same note, I do _not_ intend to "go
after" any BBS SysOps who have these programs posted for d/l. The
Shareware World operates best when everyone works together, so it
would be counter-productive to "rat" on anyone who has such a file
on their board. Like I said, my intent is to help, not harm.
SysOps are strongly encouraged to read this report and remove all
files listed within from their boards. I can not and will not
take any "enforcement action" on this, but you never know who else
may be calling your board. Pirated commercial software posted for
d/l can get you into _deeply_ serious trouble with certain
authorities.
Updates of programs listed in this report need verification. It
is unfortunate that anyone who downloads a file must be paranoid
about its legitimacy. Call me a crusader, but I'd really like to
see the day that this is no longer true. Until then, if you
_know_ of a new official version of a program listed here, please
help me verify it.
On the same token, hacks need to be verified, too. I won't be
held responsible for falsely accusing the real thing of being a
fraud. So, innocent until proven guilty, but unofficial until
verified.
Upcoming official releases will not be included or announced in
this report. It is this Co-Moderator's personal opinion that the
hype surrounding a pending release leads to hacks and Trojans,
which is exactly the opposite of what I'm trying to accomplish
here.
If you know of any other programs that are hacks, bogus, jokes,
hoaxes, etc., please let me know. Thanks for helping to keep
shareware clean!
Lee Jackson, Co-Moderator, FidoNet International Echo SHAREWRE (1:382/87)