Simtel MSDOS 1992 September

home *** CD-ROM | disk | FTP | other *** search

/ Simtel MSDOS 1992 September / Simtel20_Sept92.cdr / msdos / trojanpr / dirtyd9c.arc / TROJAN.DD < prev next >

Wrap

Text File | 1989-12-16 | 31KB | 576 lines

------------------------------------------------------------------ | | | TROJAN HORSE LIST | | | ------------------------------------------------------------------ | Issue #9: December 17, 1989 | | Revision Stage: C | | | | Maintained by Eric Newhouse | ------------------------------------------------------------------ FILENAME EXTENSION CODES: -------------------------------- . -> - UNKNOWN - .B -> .BAS - BASIC - .C -> .COM - DOS - .E -> .EXE - DOS - .A -> .ARC PKUNPAK v. 3.61 .L -> .LZH LHARC v. 1.13ß .P -> .PAK PAK v. 1.60 .Z -> .ZIP ZIP v. 1.02 Name Size Category Notes ------------- ------ -- ----------------------------------------- *.ANS, *.TXT TC The ANSI.SYS driver included with all versions of DOS has the ability to redfine keys. Moreover, any text file that you 'type' to the screen could conceivably redefine a common key (like 'd'). If the text file is trojan, then it might, for example, call FORMAT the next time you hit the letter 'd.' I recommend that everyone examines all text files for suspicious ANSI codes. *.EXE TC Self-Extracting ZIP, ARC, and LZH Files are fast gaining in popularity. Before you run one, however, always check to make sure that you're not really running a trojan in disguise. At the very minimum list the files in the self extracting file. 123JOKE T This so-called utility for Lotus 123 rewrites [hard] disk directories. 3X3SHR.A 78848 TC This trojan supposably waits a while before eating your HD for lunch. ANALYZE.E T This program reputedly analyzes the log file for WWIV 4.x BBS systems. Instead it trashes FAT tables. ANTECOPT.A T This trojan offers to "optimize your hard disk by cleaning it up." In reality it is a poorly patched version of DOS 3.1 FORMAT.COM. ANTI-PCB T The story behind this trojan horse is sickening. Apparently one RBBS-PC sysop and one PC-BOARD sysop started feuding about which BBS system is better, and in the end the PC-BOARD sysop wrote a trojan and uploaded it to the rbbs SysOp under ANTI-PCB.COM. Of course the RBBS-PC SysOp ran it, and that led to quite a few accusations and a big mess in general. Let's grow up! Every SysOp has the right to run the type of BBS that they please, and the fact that a SysOp actually wrote a trojan intended for another simply blows my mind. ALTCTRL.A T This program reputedly trashes boot records. Other than that, I know nothing about it. AMTECOPT.Z 11505 T This program Keyfake and Format to format your HD. ARC513.E T This hacked version of SEA's ARC.EXE appears normal. However, it writes over track 0 of your [hard] disk upon usage, destroying the disk's boot sector. ARC514.C T This is completely similar to arc version 5.13 in that it will overwrite track 0 (boot sector) of your hard disk. Also, I have yet to see an .EXE version of this program.. BACKALLY.C 64512 T This sophisticated trojan will axe your FAT table after a couple of months of usage. Beware the delayed trojan! Backally MAY only work on floppy disks, but that sounds unlikely. Debug has shown that BACKALLY formats a track at one point as well as reading in the amount of freespace on your disk. It may only wipe out full disks, like NOTROJ. Please, be wary! An included .BAT file comes with a request for donations to "SomeWare" located in Frederickburg, VA. Look out for other products from SomeWare! BACKTALK T This once beneficial utility will write/destroy sectors on your [hard] disk drive. Use this with caution if you acquire it, because it's more than likely that you got a bad copy. BARDTALE.Z T Mos* users download this file immediately when they see it posted on a BBS, for it's Electronic Arts's commercial game: The Bard's Tale I. However, this version isn't all that it's "cracked up" to be. Somebody disasembled the real thing and wrote in a routine to format the hard disk upon invocation. The only safe (and legal) way to obtain Bard's Tale is to buy it at your local software store. BXD.A 20480 T This disk killer warns users that "your .Z 18437 disk will be trashed in 5 seconds" on sector 17 on the included BXD.COM file. Watch out for this FAT killer! CDIR.C T This program supposedly gives you a color directory of files on disk, but it in fact scrambles your disks FAT table. CHROMA.C 36454 T This program tells you in synthesized speech that it is "your computer's worst nightmare." The Program proceeds to erase your FAT tables. Look out for this one. CHUNKER.E TC A part of QEDIT v. 2.02, this program writes five apparently harmless files to disk. Chunker, which is supposed to split large text files into more manageable, smaller ones, may also scramble FAT's. CHUNKER.EXE only comes with the registered version of QEDIT, and since Semware didn't release any legitimate copies for BBS circulation, you can assume that most BBS versions are probably trojan, and all are illegal. Look out for the modified version of CHUNKER; excercise caution. One more thing. If this entry makes you reconsider your purchase of QEDIT, you betray the values that we're fighting for. You fight FOR, instead of against, the trojan horse author. The person who wrote this has unjustly libeled Semware's reputation. If you refuse to buy simply because a pirated copy of their program is trojan, then you hurt honest people like Semware and help dishonest people like the trojan author. QEDIT is a legitimate program, and if you buy direct from Semware, then you will receive a legitimate, trojan-free copy. If anyone has a trojan copy of CHUNKER, then please upload it to the SysOp of one of the BBS's listed in the back with a clear note that this is a trojan horse for Eric Newhouse. Thank you. COOKIES.E T This file, which purports to explain the secret to Mrs. Fields' cookies, really scrambles FAT Tables. COMPRESS.A T This trojan, dated April 1, 1987, destroys FAT tables. COMPRESS is executed from a file named RUN-ME.BAT and is advertised as a 'Shareware 'ARC' from Borland!' D-XREF60.C T A Pascal Utility used for Cross- Referencing, purportedly written by Dorn Stickel. Although I don't know who actually wrote this trojan, the "Dorn Stickel" label is the only sure way to identify it. After an undetermined time AND if the HD is more than half full, it scrambles the FAT and BOOT sector. DANCERS.B T This trojan shows some animated dancers in color, and then proceeds to wipe out your [hard] disk's FAT table. There is another perfectly good copy of DANCERS.BAS on BBS's around the country; apparently the author altered a legitimate program to do his dirty work. DEFENDER.A T This trojan both writes to ROM bios and formats [hard] disks. The Duplicators claim credit for this trojan; be ware of other products by them. Also, do not confuse this trojan with DEFENDER by Atari. The latter is a pirated program. DISCACHE.E TC This program uses direct BIOS routines to write to disk. Apparently, those BIOS routines will scramble your FAT table. Please see DISCACHE.WNG, a file that I'm looking for myself, for more information. There is at least one legitimate DISCACHE.EXE file circulating, so not all DISCACHE programs are trojan. DISKPREP.E TC This may erase the default drive upon invocation DISKSCAN.A 2944 T This was a PC Magazine program to scan a [hard] disk for bad sectors, but then a joker edited it to WRITE bad sectors. Also look for this under other names such as SCANBAD.EXE and BADDISK.EXE... DMASTER T This is yet another FAT scrambler.. DND23.A TC This supposed version of the popular Dungeons and Dragons game purportedly wipes out track 0 of hard disks. DOS-HELP T This program advertises itself as a TSR help system for DOS. Upon invocation, if a HD is present then DOS Help formats it. DOSKNOWS.E 5682 TC I'm still tracking this one down -- 6044 apparently someone wrote a FAT killer and renamed it DOSKNOWS.EXE, so it would be confused with the real, harmless DOSKNOWS system-status utility. I'm pretty sure that sure is that the REAL DOSKNOWS.EXE is 5376 bytes long. If you see something called DOSKNOWS that isn't close to that size, sound the alarm. More info on this one is welcomed -- a bagged specimen especially. The malicious DOSKNOWS contains the string: "Ouch! Dos refused to tell me! Sob, sob, sob." Be careful; there may be a legitimate 6144 byte DOSKNOWS floating around too. DPROTECT T Apparently someone tampered with the original, legitimate version of DPROTECT and turned it into a FAT table eater. DRAIN.C TC This is a *joke* program which has been modified to scramble FAT tables. Be careful if you run a DRAIN.COM; you may or may not have the legitimate version. DROID.E 54272 T This trojan appears under the guise of a game. You are supposably an architech that controls futuristic droids in search of relics. In fact, the program copies C:\PCBOARD\PCBOARD.DAT to C:\PCBOARD\HELP\HLPX if PC-Board SysOps run it from C:\PCBOARD DRPTR.ARC T This trojan deletes the root directory, excepting the system files, and it relocates COMMAND.COM out of the root if it's present. It creates a file called WIPEOUT.YUK in the root after doing its dirty work. DSZ.C TC It looks like there are some trojan 01/17/89 v. DSZ's floating around BBS's. To date, 01/29/89 v. only DSZ's dated 1/17 and 1/29 have been labeled trojan. Trojan DSZ's are caused by non Omen-Tech modification programs that attempt to illegally register DSZ. DRPTR.A T Advertised as a "directory reporter", this program will trash all files in the root directory. EGABTR T BEWARE! Description says something like "improve your EGA display," but when run it deletes everything in sight and prints "Arf! Arf! Got you!" ELEVATOR.A T This poorly written trojan suggests in the documentation that you run it on a floppy. If you do not run it on a floppy, Elevator chastises you for not reading the documentation. Regardless of what disk you run it on, Elevator will erase your files. It MAY format disks too; be careful. One more interesting note: my name is plastered all over this program; the writers attempt to lay blame for this trojan on me. EMMCACHE ???? TC This program is not exactly a trojan, V. 1.0 but it may have the capability of destroying hard disks by: A) Scrambling every file modified after running the program, B) Destroying boot sectors. This program has damaged at least two hard disks, yet there is a base of happily registered users. Therefore, I advise extreme caution if you decide to use this program. FALCON.Z TC This purportedly scrambles FAT tables. FILER.E T One SysOp complained a while ago that this program wiped out his 20 Megabyte HD. I'm not so sure that he was correct and/or telling the truth any more. I have personally tested an excellent file manager also named FILER.EXE, and it worked perfectly. Also, many other SysOp's have written to tell me that they have like me used a FILER.EXE with no problems. If you get a program named FILER.EXE, it is probably allright, but better to test it first using some security measures. FILES.GBS TC If an OPUS BBS system is installed improperly, this file could spell disaster for the Sysop. It can let a user of any level into the system. Protect yourself. Create a sub-directory in each upload area called FILES.GBS if you must to prevent users from uploading this file. FINANCE4.A ?????? TC This program is not a verified trojan, but there is a file going around BBS's warning that it may be trojan. In any case, execute extreme care with it. FLU4TXT.C T This "executable documentation" to FluShot v. 4.0 (which is hacked) will modify your disk parameter table as it exits. FUTURE.B T This "program" starts out with a very nice color picture (of what I don't know) and then proceeds to tell you that you should be using your computer for better things than games and graphics. After making that point it trashes your all of your disk drives, starting with disk A:. Not only does Future scramble FATs, but it also erases files. As far as I know, however, it erases only one sub-directory tree level deep, thus hard disk users should only be seriously affected if they are in the "root" directory. More information about this is especially welcome. GATEWAY2 T Some copies of this CTTY monitor now ruin FATS. Be careful with v. 2.0 of Gateway; download a good copy from compuserve if you must have it. G-MAN TC This game possibly scrambles FAT Tables. GRASP200.A T This ARChive advertises itself as GRASP v. 2.0. A modidied READ.ME file suggests that users run RUNDEMO.BAT. RUNDEMO destroys the root directory of hard drives. LM TC LM deletes the root directory as it runs. MAP.B 8554 TC This is another trojan horse purportedly written by Dorn W. Stickle. I believe that there are legitimate MAP.EXEs floating around. The trojan supposably draws a world map. MATHKIDS.A T PC-Board SysOp's beware! This program MATH1.E quizes you or your family by throwing math flashcards on the screen. However, at the same time it copies: C:\PCB\MAIN\USERS to C:\PCB\DL\FIXIT.ARC. If you have a FIXIT.ARC on your system, you may want to make sure it's not your USERS file. (!!). NOTROJ.C T This "program" is the most sophisticated trojan horse that I've seen to date. All outward appearances indicate that the program is a useful utility used to FIGHT other trojan horses. Actually, it is a time bomb that erases any hard disk FAT table that IT can find, and at the same time it warns: "another program is attempting a format, can't abort!" After erasing the FAT(s), NOTROJ then proceeds to start a low level format. One extra thing to note: NOTROJ only damages FULL hard drives; if a hard disk is under 50% filled, this program won't touch it! If you are interested in reading a thorough report on NOTROJ.COM, James H. Coombes has written an excellent text file on the matter named NOTROJ.TXT. If you have trouble finding it, you can get it from my board. TIRED TC Another scramble the FAT trojan by Dorn W. Stickle. There may be a legitmate TIRED utility around. TSRMAP T This program does what it's supposed to do: give a map outlining the location (in RAM) of all TSR programs, but it also erases the boot sector of drive "C:". PACKDIR T This utility is supposed to "pack" (sort and optimize) the files on a [hard] disk, but apparently it scrambles FAT tables. PCLOCK TC This program reputedly destroys FAT tables! Be careful! Also, please bear in mind that there are more than one PCLOCK programs in circulation, so please don't confuse the trojan program with a legitimate one. Simply excercise EXTREME caution when running a NEW PCLOCK program. PCW271xx.A T A modified version of the popular PC-WRITE word processor (v. 2.71) has now scrambled at least 10 FAT tables that I know of. If you want to download version 2.71 of PC-WRITE be very careful! The bogus version can be identified by its size; it uses 98,274 bytes wheras the good version uses 98,644. For reference, version 2.7 of PC-WRITE occupies 98,242 bytes. PK362.E, PK363.E TC These are NOT updates to Phil Katz's now out of print PKPAK program. The last authorized version was v. 3.61. PKFIX361.E T This file pretends to contain a bug fix for PKPAK 3.61. In reality, it directly accesses your HD controller and performs a low level format. PKX35B35.E T Phil Katz verifies that this is a hacked, non-supported version of PKXARC which scrambles FAT tables. Use v. 3.61 of PKUNPAK for your .ARC files. QUIKRBBS.C T This Trojan horse claims that it can load RBBS-PC's message file into memory 200% faster than normal. What it really does is copy RBBS-PC.DEF into an ASCII file named HISCORES.DAT... QUIKREF T Little is known about this trojan, other than it scrambles FATS RCKVIDEO T This is another trojan that does what it's supposed to do, then wipes out hard disks. After showing some simple animation of a rock star ("Madonna," I think), the program erases every file it can lay it's hands on. After about a minute of this, it will create 3 ascii files that say "You are stupid to download a video about rock stars," or something of the like. RECOUP.E 49920 TC This is either a trojan or a very poorly written program. One way or the other, use caution when running this. SCRNSAVE.C TC I know nothing about this program, but a user of mine reports that it erases HD's. SECRET.B T BEWARE!! This may be posted with a note saying it doesn't seem to work, and would someone please try it. If you do try it, however, it will format your disks. SEX-SNOW.A T This trojan deletes all of the files in your directory and creates a gloating message using those filenames. Ugly. SIDEWAYS.C T Be careful with this trojan; there is a perfectly legitimate version of SIDEWAYS.EXE circulating. Both the trojan and the good SIDEWAYS advertise that they can print sideways, but SIDEWAYS.COM will trash a [hard] disk's boot sector instead. The trojan .COM file is about 3 KB, whereas the legitimate .EXE file is about 30 KB large. STAR.E 3072 T Beware RBBS-PC SysOps! This file puts some stars on the screen while copying RBBS-PC.DEF to another name that can be downloaded later! STRIKE.A TC May scramble FAT tables STRIPES.E T Similar to STAR.EXE, this one draws an American flag (nice touch), while it's busy copying your RBBS-PC.DEF to another file (STRIPES.BQS) so Bozo can log in later, download STRIPES.BQS, and steal all your passwords. Nice, huh! SUG.A T Words can not express my feelings about this trojan. SUG.ARC advertises that it can break SOFTGUARD copy protection, but upon invocation, it will scramble the FAT's on drive A, B, C, and onwards to your higest drive. While this is certainly a nasty trojan, it is particularly repulsive because Softguard Corp, the creators of Softguard copy protection, wrote it - perhaps in response to declining business. They claim that anyone who runs SUG is breaking an original license agreement; therefore they may legally destroy data. I don't credit this, and neither does an attorney I know, so I eagerly anticipate Softguard's day in court. TOPDOS T This is a simple high level [hard] disk formatter. Do not confuse this with the pirated TOPDOS.COM. ULTIMATE.E 3090 TC The author of this claims that this 3k .A 2432 file is a DOS shell. Sure, and trojan horses don't exist. Running this brings up a "Loading . . ." prompt; instead of loading the program really trashes your FAT tables. Be aware! VDIR.C T This is a disk killer that Jerry Pournelle wrote about in BYTE Magazine. I have never seen it, but two users of mine have. VISIWORD.A TC A user of mine called this trojan in complaining that it destroyed his hard disk. Other than that, I know nothing about this program. WARDIAL1.A TC This Wardialer may scramble FAT tables