home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Magnum One
/
Magnum One (Mid-American Digital) (Disc Manufacturing).iso
/
d20
/
dirtydoz.arc
/
DIRTYDOZ.BBS
next >
Wrap
File List
|
1989-06-01
|
25KB
|
461 lines
----------------------------------------------------------------
| |
|THE DIRTY DOZEN -- An Abbreviated Trojan Alert List |
| to be used as a BULLETIN on BBS's |
----------------------------------------------------------------
| Issue #10: May 27, 1989|
| By Tom Sirianni, |
| Sally Nueman Revision Stage `A' |
----------------------------------------------------------------
NAME CATEGORY NOTES
-------------- -------- ---------------------------------------
3X3SHR *TROJAN* Time Bomb type trojan wipes the Hard
Drive clean. File size is 78848.
ANTI-PCB *TROJAN* The story behind this trojan horse is
sickening. Apparently one RBBS-PC
sysop and one PC-BOARD sysop started
feuding about which BBS system is
better, and in the end the PC-BOARD
sysop wrote a trojan and uploaded it to
the rbbs SysOp under ANTI-PCB.COM. Of
course the RBBS-PC SysOp ran it, and
that led to quite a few accusations and
a big mess in general. Let's grow up!
Every SysOp has the right to run the
type of BBS that they please, and the
fact that a SysOp actually wrote a
trojan intended for another simply
blows my mind.
ARC2ZIP.EXE *VIRUS* This Leigh Virus strain that attacks
the COMMAND.COM and is used in
converting ARCed files to ZIPed files.
This file also copies itself into the
ZIPed file as well as remaining a TSR
within the COMMAND.COM. Also it is
always looking for the COMMAND.COM on
a FLOPPY diskette. So it has two ways
of infection.
ARC513.EXE *TROJAN* This hacked version of ARC appears
normal, so beware! It will write over
track 0 of your [hard] disk upon usage,
destroying the disk.
ARC514.COM *TROJAN* This is totally similar to ARC version
5.13 in that it will overwrite track 0
(FAT Table) of your hard disk. Also, I
have yet to see an .EXE version of this
program.
ARC533.EXE *TROJAN* This is a new Virus program designed to
*VIRUS* emulate Sea's ARC program. It infects
the COMMAND.COM.
BACKTALK *TROJAN* This program used to be a good PD
utility, but someone changed it to be
trojan. Now this program will write/
destroy sectors on your [hard] disk
drive. Use this with caution if you
acquire it, because it's more than
likely that you got a bad copy.
CDIR.COM *TROJAN* This program is supposed to give you a
color directory of files on your disk,
but it in fact will scramble your
disk's FAT table.
D-XREF60.COM *TROJAN* A Pascal Utility used for Cross-
Referencing, written by the infamous
`Dorn Stickel. It eats the FAT and
BOOT sector after a time period has
been met and if the Hard Drive is more
than half full.
DANCERS.BAS *TROJAN* This trojan shows some animated dancers
in color, and then proceeds to wipe out
your [hard] disk's FAT table. There is
another perfectly good copy of
DANCERS.BAS on BBS's around the
country; apparently the idiot trojan
author in question altered a legitimate
program to do his dirty work.
DISKSCAN.EXE *TROJAN* This was a PC-MAGAZINE program to scan
a [hard] disk for bad sectors, but then
a joker edited it to WRITE bad sectors.
Also look for this under other names
such as SCANBAD.EXE and BADDISK.EXE. A
good original copy is availble on SCP
Business BBS.
DMASTER *TROJAN* This is yet another FAT scrambler.
DOSKNOWS.EXE *TROJAN* I'm still tracking this one down --
apparently someone wrote a FAT killer
and renamed it DOSKNOWS.EXE, so it
would be confused with the real,
harmless DOSKNOWS system-status
utility. All I know for sure is that
the REAL DOSKNOWS.EXE is 5376 bytes
long. If you see something called
DOSKNOWS that isn't close to that size,
sound the alarm.
DOS-HELP *TROJAN* This trojan, when made memory-resident,
is supposed to display a DOS command
for which the User needs help with.
Works fine on a Diskette system but on
a HARD DRIVE system tries to format the
Hard Disk with every access of
DOS-HELP.
DPROTECT *TROJAN* Apparently someone tampered with the
original, legitimate version of
DPROTECT and turned it into a
FAT-table eater. A good version is
available on SCP Business BBS.
DRAIN2 *TROJAN* There really is DRAIN program, but this
revised program goes out does Low Level
Format while it is playing the funny
program.
DROID.EXE *TROJAN* This trojan appears under the guise of
a game. You are supposedly an
architect that controls futuristic
droids in search of relics. In fact,
PC-Board sysops, if they run this
program from C:\PCBOARD, will find that
it copies C:\PCBOARD\PCBOARD.DAT to
C:\PCBOARD\HELP\HLPX. In case you were
wondering, the file size of the .EXE
file is 54,272 bytes.
DRPTR.ARC *TROJAN* File found on two boards in the 343
Net. After running unsuspected file,
the only things left in the Sysop's
root directory were the subdirectories
and two of the three DOS System files,
along with a 0-byte file named
WIPEOUT.YUK. The Sysop's COMMAND.COM
was located in a different directory;
the file date and CRC had not changed.
DSZ (Patch) *CAREFUL* The author of this protocol program,
Chuck Forsberg, warns that anyone using
an Unregistered version of DSZ that was
HACKED with a downloaded PATCH to make
it work fully, might result in a
SCRAMBLED FAT TABLE. Seems someone
created the HACK PATCH and then U/L'd
it to BBS's. *BEWARE* of the PATCH!
It is not the DSZ program that does the
dirty work, but the PATCH.
EGABTR *TROJAN* BEWARE! Description says something like
"improve your EGA display," but when
run, it deletes everything in sight and
prints, "Arf! Arf! Got you!"
EMMCACHE *CAREFUL* This program is not exactly a trojan,
but it (v. 1.0) may have the capability
of destroying hard disks by:
A) Scrambling every file modified after
running the program.
B) Destroying boot sectors.
This program has damaged at least two
hard disks, yet there is a base of
happily registered users. Therefore, I
advise extreme caution if you decide
to use this program.
FILER.EXE *TROJAN* One SysOp complained a while ago that
this program wiped out his 20 Megabyte
hard disk. I'm not so sure that he was
correct and/or telling the truth any
more. I have personally tested an
excellent file manager also named
FILER.EXE, and it worked perfectly.
Also, many other SysOp's have written
to tell me that they have like me used
a FILER.EXE with no problems. If you
get a program named FILER.EXE, it is
probably alright, but better to test it
first using some security measures.
FILES.GBS *TROJAN* When an OPUS BBS system is installed
improperly, this file could spell
disaster for the Sysop. It can let a
user of any level into the system.
Protect yourself. Best to have a
sub-directory in each upload area
called c:\upload\files.gbs (this is an
example only). This would force Opus to
rename a file upload of files.gbs and
prevent its usage.
FINANCE4.ARC *CAREFUL* This program is not a verified trojan;
there is simply a file going around
BBS's warning that it may be a trojan.
In any case, execute extreme care with
it.
FLU4TXT.COM *TROJAN* Man, when I thought we had it licked!
This Trojan was inserted into the
FLUSHOT4.ARC and uploaded to many
BBS's. FluShot is a protector of your
COMMAND.COM. The Author of FluShot
posted this Trojan Warning, and I am
posting it here in the DD. If you need
a good copy, you can get it from here--
SCP Business BBS--or on COMPUSERVE. As
to date, 04/3/88 FLUSHOT3.ARC is the
current version, not the FLUSHOT4.ARC
which is Trojaned.
FUTURE.BAS *TROJAN* This "program" starts out with a very
nice color picture (of what, I don't
know) and then proceeds to tell you
that you should be using your computer
for better things than games and
graphics. After making that point, it
trashes your A: drive, B:, C:, D:, and
so on until it has erased all drives.
It does not go after the FAT alone; it
also erases all of your data. As far
as I know, however, it erases only one
sub-directory tree level deep, thus
hard disk users should only be
seriously affected if they are in the
"root" directory. I'm not sure about
this one either, though.
GATEWAY2 *TROJAN* Someone tampered with the version 2.0
of the CTTY monitor GATEWAY. What it
does is ruin the FAT. If you need a
good copy, you can file request it or
pick one up from 105/301--SCP Business
BBS--at 1-503-648-6687.
G-MAN *TROJAN* Another FAT killer.
GRABBER *TROJAN* This program is supposed to be SCREEN
CAPTURE program that copies the screen
to a .COM to be later ran from DOS
command line - and as a TSR it will
also attempt to do a DISK WRITE to hard
drive when you do not want it to. It
will wipe whole Directories when doing
a normal DOS command. One sysop who
ran it lost all of his ROOT DIR
including his SYSTEM files. The file
status is :
Name Size Date Time
GRABBER.COM 2583 05/28/87 22:10
LM *TROJAN* Deletes the COMMAND.COM and other
files from the ROOT directory of the
Hard Drive when the program runs.
MAP *TROJAN* This is another trojan horse written by
the infamous "Dorn Stickel." Designed
to display what TSR's are in memory and
works on FAT and BOOT sector.
MATHKIDS.ARC *TROJAN* This is a fairly benign trojan that
will not reformat your hard disks or do
any system-level damage. It is instead
designed to crack a BBS system. It
will attemp to copy the USERS file on a
BBS to a file innocently called
FIXIT.ARC, which the originator can
later call in and download. Believed
to be designed for PCBoard BBS's.
NOTROJ.COM *TROJAN* This "program" is the most sophisti-
cated trojan horse that I've seen to
date. All outward appearances indicate
that the program is a useful utility
used to FIGHT other trojan horses.
Actually, it is a time bomb that erases
any hard disk FAT table that IT can
find, and at the same time, it warns:
"another program is attempting a
format, can't abort! After erasing the
FAT(s), NOTROJ then proceeds to start a
low level format. One extra thing to
note: NOTROJ only damages FULL hard
drives; if a hard disk is under 50%
filled, this program won't touch it!
If you are interested in reading a
thorough report on NOTROJ.COM, James H.
Coombes has written an excellent text
file on the matter named NOTROJ.TXT.
If you have trouble finding it, you
can get it from SCP Business BBS.
PACKDIR *TROJAN* This utility is supposed to "pack"
(sort and optimize) the files on a
[hard] disk, but apparently it
scrambles FAT tables.
PCW271xx.ARC *TROJAN* A modified version of the popular
PC-WRITE word processor (v. 2.71) has
now scrambled at least 10 FAT tables
that I know of. If you want to
download version 2.71 of PC-WRITE, be
very careful! The bogus version can be
identified by its size; it uses 98,274
bytes whereas the good version uses
98,644. For reference, version 2.7 of
PC-WRITE occupies 98,242 bytes.
PKX35B35.ARC } *TROJAN* This was supposed to be an update to
PKB35B35.ARC } *VIRUS* PKARC file compress utility - which
when used *EATS your FATS* and is or
at least RUMORED to infect other files
so it can spread - possible VIRUS?
PKPAK/PKUNPAK *TROJAN* There is a TAMPERED version of 3.61
v3.61 *CAREFUL* that when used interfers with PC's
interupts.
PKFIX361.EXE *TROJAN* Supposed patch to v3.61 - what really
does is when extracted from the .EXE
does a DIRECT access to DRIVE
CONTROLLER and does Low-Level format.
Thereby bypassing checking programs.
PK362.EXE *CAREFUL* This is a NON-RELEASED version and is
suspected as being a *TROJAN* - not
verified.
PK363.EXE *CAREFUL* This is a NON-RELEASED version and is
suspected as being a *TROJAN* - not
verified.
QUIKRBBS.COM *TROJAN* This Trojan horse advertises that it
will install program to protect your
RBBS but it does not. It goes and eats
away at the FAT.
QUIKREF *TROJAN* This ARChive contains ARC513.COM.
Loads RBBS-PC's message file into
memory two times faster than normal.
What it really does is copy RBBS-PC.DEF
into an ASCII file named HISCORES.DAT.
RCKVIDEO *TROJAN* This is another trojan that does what
it's supposed to do, and then wipes out
hard disks. After showing some simple
animation of a rock star ("Madonna," I
think), the program will go to work on
erasing every file it can lay it's
hands on. After about a minute of
this, it will create three ascii files
that say "You are stupid to download a
video about rock stars," or something
of the like.
SECRET.BAS *TROJAN* BEWARE!! This may be posted with a note
saying it doesn't seem to work, and
would someone please try it; when you
do, it formats your disks.
SIDEWAYS.COM *TROJAN* Be careful with this trojan; there is a
perfectly legitimate version of
SIDEWAYS.EXE circulating. Both the
trojan and the good SIDEWAYS advertise
that they can print sideways, but
SIDEWAYS.COM will trash a [hard] disk's
boot sector instead. The trojan .COM
file is about 3 KB, whereas the
legitimate .EXE file is about 30 KB
large.
STAR.EXE *TROJAN* Beware RBBS-PC SysOps! This file puts
some stars on the screen while copying
RBBS-PC.DEF to another name that can be
downloaded later!
STRIPES.EXE *TROJAN* Similar to STAR.EXE, this one draws an
American flag (nice touch), while it's
busy copying your RBBS-PC.DEF to
another file (STRIPES.BQS) so the joker
can log in later, download STRIPES.BQS,
and steal all your passwords. Nice,
huh!
SUG.COM *TROJAN* This one is supposed to go out and
unprotect copy protected programs disks
by Softguard Systems, Inc. After it
trashes your disk it comes back and
displays:
"This destruction constitutes a prima
facie evidence of your violation. If
you attempt to challenge Softguard
Systems Inc..., you will be vigorously
counter-sued for copyright infringement
and theft of services."
AND it by-passes any attempt by
CHK4BOMB to search for the any hidden
messages that tell you, "YOU BEEN
HAD... or GOTCHA>>> Ar..Ar..Ar..; it
encrypts the Gotcha message so no
Trojan checker can scan for it.
TIRED *TROJAN* Another scramble the FAT trojan by Dorn
W. Stickel.
TOPDOS *TROJAN* This is a simple high level [hard] disk
formatter.
TSRMAP *TROJAN* This program does what it's supposed to
do: give a map outlining the location
(in RAM) of all TSR programs, but it
also erases the boot sector of drive
"C:".
ULTIMATE.EXE *TROJAN* Another FAT eater - this program
apearantly when says it is INSTALLING
ULTIMATE also deletes everything on
the current drive.
- File status:
Name Size
ULTIMATE.EXE 3090
ULTIMATE.ARC 2432
UNIX *VIRUS* The UNIX operating system by Berkley
verson 4.3, is an INTERNET virus, a
Patch is available on SCP Business
BBS. This is MAIL PACKET VIRUS.
VDIR.COM *TROJAN* This is a disk killer that Jerry
Pournelle wrote about in BYTE Magazine.
I have never seen it, although a
responsible friend of mine has.
WOW *VIRUS* Also known as the 1701 Virus. This
is a new strain of the Leigh Virus
as it not only looks for the
COMMAND.COM but any .COM file. As it
does it, the infected file is enlarged
1,701 bytes in SIZE. The infection
takes as you run the .COM, WOW is a
TSR. What it does when you run WOW is
display an advertisement:
" "The Wizards of Warez"
in assocoation with
the copycats
the Pirates Unlimited
OUTRUN
WOW 1989 "
The virus is also known as WOWTITLE.
<< END OF ABBREVIATED LIST>>
