home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Simtel MSDOS 1992 September
/
Simtel20_Sept92.cdr
/
msdos
/
trojanpr
/
dirtyd9c.arc
/
TROJAN.DD
< prev
next >
Wrap
Text File
|
1989-12-16
|
31KB
|
576 lines
------------------------------------------------------------------
| |
| TROJAN HORSE LIST |
| |
------------------------------------------------------------------
| Issue #9: December 17, 1989 |
| Revision Stage: C |
| |
| Maintained by Eric Newhouse |
------------------------------------------------------------------
FILENAME EXTENSION CODES:
--------------------------------
. -> - UNKNOWN -
.B -> .BAS - BASIC -
.C -> .COM - DOS -
.E -> .EXE - DOS -
.A -> .ARC PKUNPAK v. 3.61
.L -> .LZH LHARC v. 1.13ß
.P -> .PAK PAK v. 1.60
.Z -> .ZIP ZIP v. 1.02
Name Size Category Notes
------------- ------ -- -----------------------------------------
*.ANS, *.TXT TC The ANSI.SYS driver included with all
versions of DOS has the ability to
redfine keys. Moreover, any text file
that you 'type' to the screen could
conceivably redefine a common key (like
'd'). If the text file is trojan, then
it might, for example, call FORMAT the
next time you hit the letter 'd.'
I recommend that everyone examines all
text files for suspicious ANSI codes.
*.EXE TC Self-Extracting ZIP, ARC, and LZH Files
are fast gaining in popularity. Before
you run one, however, always check to
make sure that you're not really running
a trojan in disguise. At the very
minimum list the files in the self
extracting file.
123JOKE T This so-called utility for Lotus 123
rewrites [hard] disk directories.
3X3SHR.A 78848 TC This trojan supposably waits a while
before eating your HD for lunch.
ANALYZE.E T This program reputedly analyzes the
log file for WWIV 4.x BBS systems.
Instead it trashes FAT tables.
ANTECOPT.A T This trojan offers to "optimize your
hard disk by cleaning it up." In reality
it is a poorly patched version of DOS 3.1
FORMAT.COM.
ANTI-PCB T The story behind this trojan horse is
sickening. Apparently one RBBS-PC sysop
and one PC-BOARD sysop started feuding
about which BBS system is better, and in
the end the PC-BOARD sysop wrote a trojan
and uploaded it to the rbbs SysOp under
ANTI-PCB.COM. Of course the RBBS-PC
SysOp ran it, and that led to quite a few
accusations and a big mess in general.
Let's grow up! Every SysOp has the right
to run the type of BBS that they please,
and the fact that a SysOp actually wrote
a trojan intended for another simply
blows my mind.
ALTCTRL.A T This program reputedly trashes boot
records. Other than that, I know nothing
about it.
AMTECOPT.Z 11505 T This program Keyfake and Format to
format your HD.
ARC513.E T This hacked version of SEA's ARC.EXE
appears normal. However, it writes
over track 0 of your [hard] disk upon
usage, destroying the disk's boot sector.
ARC514.C T This is completely similar to arc
version 5.13 in that it will overwrite
track 0 (boot sector) of your hard disk.
Also, I have yet to see an .EXE version
of this program..
BACKALLY.C 64512 T This sophisticated trojan will axe your
FAT table after a couple of months of
usage. Beware the delayed trojan!
Backally MAY only work on floppy disks,
but that sounds unlikely. Debug has
shown that BACKALLY formats a track at
one point as well as reading in the
amount of freespace on your disk. It may
only wipe out full disks, like NOTROJ.
Please, be wary! An included .BAT file
comes with a request for donations to
"SomeWare" located in Frederickburg, VA.
Look out for other products from
SomeWare!
BACKTALK T This once beneficial utility will
write/destroy sectors on your [hard] disk
drive. Use this with caution if you
acquire it, because it's more than likely
that you got a bad copy.
BARDTALE.Z T Mos* users download this file
immediately when they see it posted on a
BBS, for it's Electronic Arts's
commercial game: The Bard's Tale I.
However, this version isn't all that
it's "cracked up" to be. Somebody
disasembled the real thing and wrote in a
routine to format the hard disk upon
invocation.
The only safe (and legal) way to obtain
Bard's Tale is to buy it at your local
software store.
BXD.A 20480 T This disk killer warns users that "your
.Z 18437 disk will be trashed in 5 seconds" on
sector 17 on the included BXD.COM file.
Watch out for this FAT killer!
CDIR.C T This program supposedly gives you a
color directory of files on disk, but it
in fact scrambles your disks FAT
table.
CHROMA.C 36454 T This program tells you in synthesized
speech that it is "your computer's worst
nightmare." The Program proceeds to
erase your FAT tables. Look out for this
one.
CHUNKER.E TC A part of QEDIT v. 2.02, this program
writes five apparently harmless files to
disk. Chunker, which is supposed to
split large text files into more
manageable, smaller ones, may also
scramble FAT's.
CHUNKER.EXE only comes with the
registered version of QEDIT, and since
Semware didn't release any legitimate
copies for BBS circulation, you can
assume that most BBS versions are
probably trojan, and all are illegal.
Look out for the modified version of
CHUNKER; excercise caution.
One more thing. If this entry makes
you reconsider your purchase of QEDIT,
you betray the values that we're fighting
for. You fight FOR, instead of against,
the trojan horse author. The person who
wrote this has unjustly libeled Semware's
reputation. If you refuse to buy simply
because a pirated copy of their program
is trojan, then you hurt honest people
like Semware and help dishonest people
like the trojan author. QEDIT is a
legitimate program, and if you buy direct
from Semware, then you will receive a
legitimate, trojan-free copy.
If anyone has a trojan copy of CHUNKER,
then please upload it to the SysOp of one
of the BBS's listed in the back with a
clear note that this is a trojan horse for
Eric Newhouse. Thank you.
COOKIES.E T This file, which purports to explain
the secret to Mrs. Fields' cookies,
really scrambles FAT Tables.
COMPRESS.A T This trojan, dated April 1, 1987,
destroys FAT tables. COMPRESS is
executed from a file named RUN-ME.BAT and
is advertised as a 'Shareware 'ARC' from
Borland!'
D-XREF60.C T A Pascal Utility used for Cross-
Referencing, purportedly written by
Dorn Stickel. Although I don't know who
actually wrote this trojan, the "Dorn
Stickel" label is the only sure way to
identify it. After an undetermined time
AND if the HD is more than half full, it
scrambles the FAT and BOOT sector.
DANCERS.B T This trojan shows some animated dancers
in color, and then proceeds to wipe out
your [hard] disk's FAT table. There is
another perfectly good copy of
DANCERS.BAS on BBS's around the country;
apparently the author altered a
legitimate program to do his dirty work.
DEFENDER.A T This trojan both writes to ROM bios and
formats [hard] disks. The Duplicators
claim credit for this trojan; be ware of
other products by them. Also, do not
confuse this trojan with DEFENDER by
Atari. The latter is a pirated program.
DISCACHE.E TC This program uses direct BIOS routines
to write to disk. Apparently, those BIOS
routines will scramble your FAT table.
Please see DISCACHE.WNG, a file that I'm
looking for myself, for more information.
There is at least one legitimate
DISCACHE.EXE file circulating, so
not all DISCACHE programs are trojan.
DISKPREP.E TC This may erase the default drive upon
invocation
DISKSCAN.A 2944 T This was a PC Magazine program to scan a
[hard] disk for bad sectors, but then a
joker edited it to WRITE bad sectors.
Also look for this under other names such
as SCANBAD.EXE and BADDISK.EXE...
DMASTER T This is yet another FAT scrambler..
DND23.A TC This supposed version of the popular
Dungeons and Dragons game purportedly
wipes out track 0 of hard disks.
DOS-HELP T This program advertises itself as a TSR
help system for DOS. Upon invocation,
if a HD is present then DOS Help formats
it.
DOSKNOWS.E 5682 TC I'm still tracking this one down --
6044 apparently someone wrote a FAT killer and
renamed it DOSKNOWS.EXE, so it would be
confused with the real, harmless DOSKNOWS
system-status utility. I'm pretty sure
that sure is that the REAL DOSKNOWS.EXE
is 5376 bytes long. If you see something
called DOSKNOWS that isn't close to that
size, sound the alarm. More info on this
one is welcomed -- a bagged specimen
especially. The malicious DOSKNOWS
contains the string: "Ouch! Dos refused
to tell me! Sob, sob, sob." Be careful;
there may be a legitimate 6144 byte
DOSKNOWS floating around too.
DPROTECT T Apparently someone tampered with the
original, legitimate version of DPROTECT
and turned it into a FAT table eater.
DRAIN.C TC This is a *joke* program which has been
modified to scramble FAT tables. Be
careful if you run a DRAIN.COM; you may
or may not have the legitimate version.
DROID.E 54272 T This trojan appears under the guise of a
game. You are supposably an architech
that controls futuristic droids in search
of relics. In fact, the program copies
C:\PCBOARD\PCBOARD.DAT to
C:\PCBOARD\HELP\HLPX if PC-Board SysOps
run it from C:\PCBOARD
DRPTR.ARC T This trojan deletes the root directory,
excepting the system files, and it
relocates COMMAND.COM out of the root
if it's present. It creates a file
called WIPEOUT.YUK in the root after
doing its dirty work.
DSZ.C TC It looks like there are some trojan
01/17/89 v. DSZ's floating around BBS's. To date,
01/29/89 v. only DSZ's dated 1/17 and 1/29 have been
labeled trojan. Trojan DSZ's are caused
by non Omen-Tech modification programs
that attempt to illegally register DSZ.
DRPTR.A T Advertised as a "directory reporter",
this program will trash all files in the
root directory.
EGABTR T BEWARE! Description says something like
"improve your EGA display," but when run
it deletes everything in sight and prints
"Arf! Arf! Got you!"
ELEVATOR.A T This poorly written trojan suggests in
the documentation that you run it on a
floppy. If you do not run it on a
floppy, Elevator chastises you for not
reading the documentation. Regardless of
what disk you run it on, Elevator will
erase your files. It MAY format disks
too; be careful. One more interesting
note: my name is plastered all over this
program; the writers attempt to lay blame
for this trojan on me.
EMMCACHE ???? TC This program is not exactly a trojan,
V. 1.0 but it may have the capability of
destroying hard disks by:
A) Scrambling every file modified after
running the program,
B) Destroying boot sectors.
This program has damaged at least two
hard disks, yet there is a base of
happily registered users. Therefore, I
advise extreme caution if you decide to
use this program.
FALCON.Z TC This purportedly scrambles FAT tables.
FILER.E T One SysOp complained a while ago that
this program wiped out his 20 Megabyte
HD. I'm not so sure that he was correct
and/or telling the truth any more. I
have personally tested an excellent file
manager also named FILER.EXE, and it
worked perfectly. Also, many other
SysOp's have written to tell me that they
have like me used a FILER.EXE with no
problems. If you get a program named
FILER.EXE, it is probably allright, but
better to test it first using some
security measures.
FILES.GBS TC If an OPUS BBS system is installed
improperly, this file could spell
disaster for the Sysop. It can let a
user of any level into the system.
Protect yourself. Create a
sub-directory in each upload area
called FILES.GBS if you must to prevent
users from uploading this file.
FINANCE4.A ?????? TC This program is not a verified trojan,
but there is a file going around BBS's
warning that it may be trojan. In any
case, execute extreme care with it.
FLU4TXT.C T This "executable documentation" to
FluShot v. 4.0 (which is hacked) will
modify your disk parameter table as it
exits.
FUTURE.B T This "program" starts out with a very
nice color picture (of what I don't know)
and then proceeds to tell you that you
should be using your computer for better
things than games and graphics. After
making that point it trashes your all of
your disk drives, starting with disk A:.
Not only does Future scramble FATs, but
it also erases files. As far as I know,
however, it erases only one sub-directory
tree level deep, thus hard disk users
should only be seriously affected if they
are in the "root" directory. More
information about this is especially
welcome.
GATEWAY2 T Some copies of this CTTY monitor
now ruin FATS. Be careful with v. 2.0
of Gateway; download a good copy from
compuserve if you must have it.
G-MAN TC This game possibly scrambles FAT Tables.
GRASP200.A T This ARChive advertises itself as GRASP
v. 2.0. A modidied READ.ME file suggests
that users run RUNDEMO.BAT. RUNDEMO
destroys the root directory of hard
drives.
LM TC LM deletes the root directory as it
runs.
MAP.B 8554 TC This is another trojan horse purportedly
written by Dorn W. Stickle. I believe
that there are legitimate MAP.EXEs
floating around. The trojan supposably
draws a world map.
MATHKIDS.A T PC-Board SysOp's beware! This program
MATH1.E quizes you or your family by throwing
math flashcards on the screen. However,
at the same time it copies:
C:\PCB\MAIN\USERS to C:\PCB\DL\FIXIT.ARC.
If you have a FIXIT.ARC on your system,
you may want to make sure it's not your
USERS file. (!!).
NOTROJ.C T This "program" is the most sophisticated
trojan horse that I've seen to date. All
outward appearances indicate that the
program is a useful utility used to FIGHT
other trojan horses. Actually, it is a
time bomb that erases any hard disk FAT
table that IT can find, and at the same
time it warns: "another program is
attempting a format, can't abort!" After
erasing the FAT(s), NOTROJ then proceeds
to start a low level format. One extra
thing to note: NOTROJ only damages FULL
hard drives; if a hard disk is under 50%
filled, this program won't touch it! If
you are interested in reading a thorough
report on NOTROJ.COM, James H. Coombes
has written an excellent text file on the
matter named NOTROJ.TXT. If you have
trouble finding it, you can get it from
my board.
TIRED TC Another scramble the FAT trojan by Dorn
W. Stickle. There may be a legitmate
TIRED utility around.
TSRMAP T This program does what it's supposed to
do: give a map outlining the location (in
RAM) of all TSR programs, but it also
erases the boot sector of drive "C:".
PACKDIR T This utility is supposed to "pack" (sort
and optimize) the files on a [hard] disk,
but apparently it scrambles FAT tables.
PCLOCK TC This program reputedly destroys FAT
tables! Be careful! Also, please bear
in mind that there are more than one
PCLOCK programs in circulation, so please
don't confuse the trojan program with a
legitimate one. Simply excercise EXTREME
caution when running a NEW PCLOCK
program.
PCW271xx.A T A modified version of the popular
PC-WRITE word processor (v. 2.71) has now
scrambled at least 10 FAT tables that I
know of. If you want to download
version 2.71 of PC-WRITE be very careful!
The bogus version can be identified by
its size; it uses 98,274 bytes wheras the
good version uses 98,644. For reference,
version 2.7 of PC-WRITE occupies 98,242
bytes.
PK362.E, PK363.E TC These are NOT updates to Phil Katz's now
out of print PKPAK program. The last
authorized version was v. 3.61.
PKFIX361.E T This file pretends to contain a bug fix
for PKPAK 3.61. In reality, it directly
accesses your HD controller and performs
a low level format.
PKX35B35.E T Phil Katz verifies that this is a
hacked, non-supported version of PKXARC
which scrambles FAT tables. Use v. 3.61
of PKUNPAK for your .ARC files.
QUIKRBBS.C T This Trojan horse claims that it can
load RBBS-PC's message file into memory
200% faster than normal. What it really
does is copy RBBS-PC.DEF into an ASCII
file named HISCORES.DAT...
QUIKREF T Little is known about this trojan, other
than it scrambles FATS
RCKVIDEO T This is another trojan that does what
it's supposed to do, then wipes out hard
disks. After showing some simple
animation of a rock star ("Madonna," I
think), the program erases every file it
can lay it's hands on. After about a
minute of this, it will create 3 ascii
files that say "You are stupid to
download a video about rock stars," or
something of the like.
RECOUP.E 49920 TC This is either a trojan or a very poorly
written program. One way or the other,
use caution when running this.
SCRNSAVE.C TC I know nothing about this program, but a
user of mine reports that it erases HD's.
SECRET.B T BEWARE!! This may be posted with a note
saying it doesn't seem to work, and would
someone please try it. If you do try it,
however, it will format your disks.
SEX-SNOW.A T This trojan deletes all of the files
in your directory and creates a gloating
message using those filenames. Ugly.
SIDEWAYS.C T Be careful with this trojan; there is a
perfectly legitimate version of
SIDEWAYS.EXE circulating. Both the trojan
and the good SIDEWAYS advertise that they
can print sideways, but SIDEWAYS.COM will
trash a [hard] disk's boot sector
instead. The trojan .COM file is about 3
KB, whereas the legitimate .EXE file is
about 30 KB large.
STAR.E 3072 T Beware RBBS-PC SysOps! This file puts
some stars on the screen while copying
RBBS-PC.DEF to another name that can be
downloaded later!
STRIKE.A TC May scramble FAT tables
STRIPES.E T Similar to STAR.EXE, this one draws an
American flag (nice touch), while it's
busy copying your RBBS-PC.DEF to another
file (STRIPES.BQS) so Bozo can log in
later, download STRIPES.BQS, and steal
all your passwords. Nice, huh!
SUG.A T Words can not express my feelings about
this trojan. SUG.ARC advertises that it
can break SOFTGUARD copy protection, but
upon invocation, it will scramble the
FAT's on drive A, B, C, and onwards to
your higest drive. While this is
certainly a nasty trojan, it is
particularly repulsive because Softguard
Corp, the creators of Softguard
copy protection, wrote it - perhaps in
response to declining business. They
claim that anyone who runs SUG is
breaking an original license agreement;
therefore they may legally destroy data.
I don't credit this, and neither does an
attorney I know, so I eagerly anticipate
Softguard's day in court.
TOPDOS T This is a simple high level [hard] disk
formatter. Do not confuse this with the
pirated TOPDOS.COM.
ULTIMATE.E 3090 TC The author of this claims that this 3k
.A 2432 file is a DOS shell. Sure, and trojan
horses don't exist. Running this brings
up a "Loading . . ." prompt; instead of
loading the program really trashes your
FAT tables. Be aware!
VDIR.C T This is a disk killer that Jerry
Pournelle wrote about in BYTE Magazine.
I have never seen it, but two users of
mine have.
VISIWORD.A TC A user of mine called this trojan in
complaining that it destroyed his hard
disk. Other than that, I know nothing
about this program.
WARDIAL1.A TC This Wardialer may scramble FAT tables