========================================================================= AMIGA HACK REPORT ========================================================================= || The Hack Report || Written by Erik Loevendahl for May, 1995 || || Fidonet : 2:236/116.17 Safe Hex International Support BBS: || Amiganet: 39:141/127.17 || Telefax : +45 5599 3498 DAN BBS: +45 43621655 V-Fast 28.8 || Formula II: +45 43432463 V-Everyth. || Henrik Lauridsen Internet support: || hlau@dou.dk || || Lars Stockholm Packet Radio support:|| Benny Petersen Cbmnet support: OZ1GYQ@OZ4BOX.SAX.LOL.DNK.EU || bennyp@bennyp.adsp.sub.org || || Number 7 Released by Safe Hex International || Report Date: 10 May, 1995 || ========================================================================= Welcome to the second issue of The Amiga Hack Report. This is a series of reports that aim to help all users of files found on BBSs avoid fraudulent programs, and is presented as a public service by the FidoNet, Internet and Amiganet International E-mail echos. Thanks to everyone who has helped put this report together, and to those that have sent in comments and suggestions. NOTE TO SYSOPS: The Hack Report may be freely posted as a bulletin on your BBS, subject to these conditions: 1) the latest version is used, 2) it is posted in its entirety, and 3) it is not altered in any way. NOTE TO OTHER READERS: The Hack Report (file version) may be freely uploaded to any BBS, subject to the above conditions, and only if you do not change the filename. The author is not responsible for any loss of data nor is he responsible for any information if it isn't correct. This list is made as a help and a lot of work is done to validate all the below mentioned informations to be so correct as possible, but who knows? ..... The idea is to make this information available freely. However, please don't cut out the disclaimers and other information if you use it, or confuse the issue by spreading the file under different names. Thanks! If you see other fake or trojan versions NOT listed here, please contact one of the above supporters or myself so that we can keep this listing up to date. Erik Loevendahl ========================================================================= HACKED AMIGA PROGRAMS Here are the latest and most common versions of some programs known to have hacked fake or trojan copies floating around. Archive names are listed when known, along with the person who reported the fraud. (thanks from us all!). 20-03-94 X-Copy 8.5 66424 bytes is a trojan. Installs the Fmfoj Xjsvt v2.2 (Eleni) boot virus, which can damage your harddisk. 17-05-94 Decompiler (Autoboot Disc Creator), 53.992 bytes is a trojan. Renames your harddisk directories. Reported by W. Gorzkowski. 25-05-94 Hacker 20.980 bytes unpacked is said to optimize your modem settings, but in fact it is a trojan 05-06-94 DMS 2.13 92.440 bytes packed in a file named "Dms213ur.lha" will format your harddisk. Reported by Kim B. Jensen. * 15-06-94 NoCare27.lha 28.848 bytes unpacked will delete your HD files. 18-06-94 DMS2.12 lha, Device-Masher System, DMS/FMS-Masher 2.12 Extra Turbo 92.208 bytes is a fake. 20-06-94 Ua62.lha, Ua-dialer v6.2 26828 bytes PPacked, 51956 bytes unpacked is said to damage your S/Dir. 22-06-94 Mformt12.lha, Mformat 1.2 unpacked 25168 bytes is said to format harddisks after 8. floppies. Reported by Gerard Sens * 02-07-94 NCOmm 3.09 221.056 bytes is said to be a trojan, which installs the eleni virus, that can damage your harddisk. 07-07-94 Hd_speedup.exe, 6252 bytes unpacked found in "HD_Speedup.lha" will damage your harddisk. Reported by Steen Brusgaard. 15-07-94 Clx_doom.lha, Doom 32020 bytes is a nasty trojan, which change your assign and setpatch command. Reported by Edwin Leenders. 23-07-94 Elien_virus_checker 0.1 is nasty trojan. Found in a file called "elien.exe". 1016 bytes PPacked, 596 bytes unpacked. * 02-08-94 Esp-dmpd.lha (DiskMaster 2 PAL Fix) is said to contain a linkvirus. 09-08-94 God-j12.lha, JiZaNSi 1.2 - IFF 2 ANSI converter 22.008 bytes unpacked is a trojan. Reported by Peter Hansen. * 24-08-94 Viewtek22.lha 93.844 bytes contains a link virus. Reported by Betasoft. 01-09-94 Dskslv3.DMS. Disksalv 3.01 106584 bytes unpacked is said to be a trojan. Reported by Dave Haynie. 08-09-94 Vmk30.lha, Virus Memory Kill V3.00 2620 bytes is a trojan which will damage your harddisk. Reported by Chris Hames 30-12-94 Surprise.exe 39296 bytes is spread at a demo at "The Party 94" in Denmark will damage your harddisk. Reported by B. Petersen 31-01-95 VZII-114.lha is a fake version. Please use the new version VZ-115.lha 128182 bytes (unpacked 74028 bytes). 01-01-95 DMS206.lha and CRY_206 contain DMS206.exe is a BBS infiltrator program. Use the latest >original<... DMS 2.04 (96284 bytes). 13-01-95 IStrip21.lha unpacked 12212 bytes is an infiltrator program which place BBS user.data in download dir named "eatme.lha". 06-02-95 The Achtung.exe demo in the GATH95-!.lha archive will format your harddisk (COP trojan). Reported by John Vickers. 03-03-95 The archive axripii.lha, about 120046 bytes contains harddisk damage program called Fucker virus in the file called AMIBBB. * 04-03-95 The DMS file Zaxxon.DMS is said to be a HD Formatter. Reported from Holland. No more info yet sorry !!!!!! 14-03-95 Personal Paint version: 6.2 is a fake. The last original PPaint version is 6.1. Reported by the programmer M.C. Battilana 21-03-95 ncomm32.lha, 121896 bytes Stonecracker 4.04 packed), 226116 bytes unpacked. Pretend to be NComm 3.2, but is in fact a COP trojan (harddisk tasher) 25-03-95 opus5.lha, unpacked 347308 bytes. Pretend to be DirectoryOpus 5.0, but is in fact a COP trojan (harddisk trasher) 26-03-95 lha30.lha, 69888 bytes StoneCracker 4.04 packed, 105808 bytes unpacked. Pretend to be Lha 3.0, but is in fact a COP trojan (harddisk trasher) 26-03-95 ced4.lha 174500 bytes unpacked. Pretend to be CygnusEd 4.0, but is in fact a COP trojan (harddisk trasher) 31-03-95 sinfo10.lha, unpacked 2852 bytes. Pretend to be SInfo v1.0, but is in fact a COP trojan (harddisk trasher) 06-04-95 nxs-pt4.lha unpacked 180188 bytes. Pretend to be ProTracker 4.0, but is in fact a COP trojan (again a harddisk trasher) * 08-04-95 led-tdc6.lha the swedish "Dreamcharts" is said to contain a COP harddisk trasher. Reported by Mike Hayes. * 10-04-95 hakvirus.lha is said to be a warning against a 'dir virus', but the new trojan is inside of it! Reported by Remko Wiersma * 10-04-95 hackt.lha contains Conman virus in the file Hackt.exe unpacked 12312 bytes. Reported again by Remko Wiersma. 13-04-95 Creator.lha is a HD formatter. In the archive you will find the following files C:creator.scr 40 bytes and S:Creator.dat 2880 bytes both files unpacked. * 14-04-95 DMS205 a DMS fake is said to circulate in Holland. Can anyone confirm this, then please contact SHI??? (And use DMS 2.04). 17-04-95 SNK305.lha archive contains a trojan called Super Nova Killer 3.05, which is send to SHI from a programmer as a quite new SHI program, but.........(packed/unpacked 4792/5480 bytes). 19-04-95 orb-kc.dms, a game "Kid Curry" have a file "Hd_Install.exe" unpacked 8052 bytes, it's in fact a HD trasher. 20-04-95 trsi-vw5.lha contains VirusWorkshop V5.0 (no-packed 135.744 bytes), but in fact it's a COP trasher against your harddisk. 21-04-95 trsi-ft.lha pretend to be FutureTracker, 317.608 bytes unpacked, but is in fact a COP HD trasher. 24-04-95 icond13.lha a program called IconDept 1.3, 4188 bytes unpacked is (again) COP trasher against your HD. Thanks to Knut Rod. 26-04-95 toolsd26.lha contains a ToolsDeamon 2.6, nopacked 4864 bytes but in fact it's a harddisk trasher. Thanks to Pat Morris. 26-04-95 creat_11.lha very like the creator.lha (13-04-95) only 3 bytes is changed in the creator.scr file. Very original inded?? 26-04-95 dt230.lzx pretend to be DosTrace 2.3, nopacked 9692 bytes, but is infact a new COP trojan against your HD. Use the original 2.20 from Peter Stuer! 30-04-95 psg-ae5.lha pretend to be AmyExpress 5.0, 71.904 bytes unpacked, but is in fact a COP HD trasher. Thanks Mats Nyman 02-05-95 cchack22.exe, 11.216 bytes is a hacker against BBS to get the bbs: userdata for infiltrating your BBS. Thanks to Oluf Witt. 08-05-95 Commander virus is to-day spreaden in all the folowing files: dagis!up.exe, Denistro_1.exe, Denistro_2.exe, mn-acid.exe, Vampire.exe, Dpl-Mam1.DMS, Dpl-Mam2.DMS, Removcmd.lha, Network90.DMS PLEASE ATTENTION ---------------- The above marked > * < trojans or fake versions isn't implementet in the SHI virus killers yet, so please TAKE CARE AND SEND THESE TROJANS for new updates to the mentioned SHI members/BBS'es in this list!!. Do yo want more information please read more about the viruses and trojans in Virus Info Base an excellent multi media datebase program made by SHI and spread by ADS, achive name: "VIB9508.lha" ========================================================================= SPECIAL FOR SYSOP'S ------------------- * Did you know that today no file is safe anymore! * Did you know there is a lot of virus, trojans and fakes today? * Do you want to protect your harddisk 100%? * Do you want to use a simple and effective way? A little trick for SysOp's: Print this little list and use it to check your new uploads!! Please use this form below if you find some fake versions or trojans and send it to Safe Hex Internalional by E-mail or by post. --> cut here ======================================================================== HACK REPORT FORM: ------------------------------------------------------------------------ YOUR NAME: ------------------------------------------------------------------------ ADDRESS: ZIP CODE: ------------------------------------------------------------------------ COUNTRY: PHONE: ------------------------------------------------------------------------ WHICH PROGRAM IS A FAKE OR A TROJAN : VERSION: ------------------------------------------------------------------------ FOUND IN ARCHIVE NAME: ARCHIVE DATE: ------------------------------------------------------------------------ BYTES UNPACKED: ------------------------------------------------------------------------ A LITTLE DESCRIPTION (Why do you think this is a fake or a trojan) ------------------------------------------------------------------------- ATTENTION IF.. Possible please send the actual fake or trojan to Safe Hex International! THANK YOU VERY MUCH FOR YOUR HELP! WITHOUT YOUR VALUABLE HELP WE COULDN'T HAVE MADE THIS LIST!!! ======================================================================== --> cut here Please send the hack or the infected file together with the above report to: SAFE HEX INTERNATIONAL MAIN Erik Loevendahl Fidonet: 2:236/116.17 Snaphanevej 10 Amiganet: 39:141/127.17 DK-4720 Praestoe Telefax: +45 5599 3498 Denmark /or to .... __ __ /// SAFE HEX INTERNATIONAL BULLETIN BOARD SUPPORT: \\\/// ::::::::::::::::::::::::::::::::::::::::::::: \XX/ * Programmers Resort BBS: +45 98380575 ZyXEL/v32bis +45 96869090 ISDN Special support for the SHI programmers and disk copy service for SHI programmars without a modem. * Attention special SHI area for uploads of new viruses!~ SysOp: Alex Holst, member of SHI Address: Alex Holst Jaettestuen 70 DK-9230 Svenstrup J Denmark Tlf. Voice: +45 96869090 * DAN BBS is one of the best and biggest BBS in Europe Anti-Virus PC and Amiga CoSysOP: Erik Loevendahl * Attention special SHI area for uploads of new viruses!~ Server: 486DX2-66,32mb-RAM,Adaptec 2842VL Micropolis 1528+4110 (Micro2:86127799) Total harddisks: 4.3 GIGA, 2/8 Giga Sony DAT streamer CD-Server: 386-40mhz,4MB, 18 CD's online ISDN workstation: 386-40mhz, 4MB, TELES Total 14 GB on-line (More than 30 PC's in system) Linie 1 payment line 42643990 V-Fast 28.8 Linie 2 43628230 ZyXEL/v32bis Linie 3 43627750 ZyXEL/v32bis Linie 4 43625880 ZyXEL/v32bis Linie 5-19 payment lines! 4362XXXX ZyXEL/v32bis Linie 20 42643827 V34/VFC 28.8 Linie 21 43621655 VFC 28.8 Linie 22+23 43661070 ISDN DAN BBS fax: 42643357 Group 3 HOW TO DO: --------- Do you wish to contact our SHI >free< anti-virus areas for uploads of new virus or download of the newest SHI anti-virus stuff type: "Guest", "Guest" (for free files), and "V" (for the SHI anti-virus free area) ========================================================================= WE NEED......YOUR SUPPORT CONCERNING NEW VIRUSES FOR FUTURE UPDATES of this Virus Info Base program. We are thinking that you can see how important your support is too if you are using one of the following programs, which are using our anti-virus.libraries: * Virus Checker by Johan Veldthuis * Virus Scanner by Gabriele Greco * Fides Professional by John Lohmeyer * DMS by ParCon Software * Virus Info Base by Safe Hex International * D-Copy by Stefan Bernbo * X-Copy by Cachet Software (commercial) * Xtruder BBS virus killer by Martin Wulffeld * MT-Copy by Gert-Jan Strik * Harboot virus analyser by Martin Harbo * Bootwriter by Ralf Thanner * DMSChecker by Martin Wulffeld * AntiCicloVir by Mathias Gutt ATTENTION: ARE YOU USING SOME OF THE ABOVE PROGRAMS, YOU HAVE OF COURSE INTERREST TO HELP US, SO WE WE CAN HELP YOU TOO. THEREFORE REMEMBER TO SEND ALL NEW VIRUSE TO SHI FOR FUTURE UPDATES. THANK YOU VERY MUCH AND REGARDS "THE AMIGA LIVE" ========================================================================= Kind regards your friend /~\ ERIK LOEVENDAHL SOERENSEN, SAFE HEX INTERNATIONAL C-oo) Phone +45 5599 2512 | Fidonet: 2:236/116.17 \-) Fax +45 5599 3498 | Amiganet: 39:141/127.17 /~\