home *** CD-ROM | disk | FTP | other *** search
/ ProfitPress Mega CDROM2 …eeware (MSDOS)(1992)(Eng) / ProfitPress-MegaCDROM2.B6I / UTILITY / VIRUS / PCV4RPT.ZIP / TWELVET.RPT < prev    next >
Encoding:
Text File  |  1991-05-09  |  5.5 KB  |  113 lines

  1.  
  2.              *********************************************
  3.              ***   Reports collected and collated by   ***
  4.              ***            PC-Virus Index             ***
  5.              ***      with full acknowledgements       ***
  6.              ***            to the authors             ***
  7.              *********************************************
  8.  
  9.  
  10. == Computer Virus Catalog 1.2: "12-TRICKS" Trojan (11-June-1990) ====
  11.  
  12. Entry...............: "12-Tricks" Trojan
  13. Alias(es)...........: ---
  14. Trojan Strain.......: ---
  15. Trojan detected when: ---
  16.               where.: Karlsruhe (West-Germany)
  17. Classification......: Trojan Horse
  18. Carrier of Trojan...: Contained in "CORETEST.COM", a file that will
  19.                       test the speed of a hard disk.
  20.  
  21. ------------------- Preconditions -----------------------------------
  22.  
  23. Operating System(s).: MS-DOS, PC-Dos
  24. Version/Release.....: ---
  25. Computer model(s)...: IBM PC, XT, AT and compatibles
  26.  
  27. ------------------- Attributes --------------------------------------
  28.  
  29. Easy Identification.: "MEMORY$", a text within the program, readable
  30.                          with HexDump-utilities.
  31. Infection Trigger...: The trojan searches at different adresses in the
  32.                          ROM-Area of the computer for strings that may
  33.                          be the entry of INT 13h (hard disk).
  34.                           Adresses:               String:
  35.                          C800H:0256H    080H,0FAH,080H,073H,005H,0CDH
  36.                          F000H:2A71H    080H,0FAH,080H,073H,005H,0CDH
  37.                          F000H:A935H    080H,0FAH,079H,077H,005H,0CDH
  38.                          F000H:3772H    0FBH,09CH,022H,0D2H,078H,00CH
  39.                          F000H:D1E7H    0FBH,080H,0FCH,000H,075H,00CH
  40.                          if any such string is found, the damage
  41.                          routine will be installed.
  42.  
  43. Storage media affected: Partition table of a hard disk.
  44.  
  45. Interrupts Hooked...: INT 08, INT 09, INT 0D, INT 0E, INT 10, INT 13,
  46.                       INT 16, INT 17, INT 1A.
  47.                          Either one or none of the interrupts will be
  48.                          hooked (random selection).
  49.  
  50. Damage..............: Permanent damage:
  51.                         Every time the computer boots, one entry in
  52.                         the FAT will be changed.
  53.                         The hard disk will be formatted (Track 0,
  54.                         Head 1, Sector 1, 1 Sector) followed
  55.                         by the message:
  56.                         "SOFTLoK+ V3.0 SOFTGUARD SYSTEMS,INC
  57.                          2840 St.Thomas Expwy,suite 201
  58.                          Santa Clara,CA 95051 (408)970-9420"
  59.                         (probability 1/4096).
  60.                       Moreover, either one or none of the following
  61.                       permanent or transient damages will occur:
  62.                         permanent: if INT 13 is hooked, *every access*
  63.                         to a floppy drive will be changed to *write-
  64.                         access*.
  65.                         transient damages:
  66.                         INT 08: will slow down the computer by a
  67.                                 random loop;
  68.                         INT 08: will point to a IRET; every routine
  69.                                 that was inserted within the INT 08-
  70.                                 chain will no longer be accessible;
  71.                         INT 09: every keystroke will change the BIOS-
  72.                                 variable [046dh];
  73.                         INT 0D: the interrupt will point to a IRET;
  74.                                 (probability: 1/4);
  75.                         INT 0E: the interrupt will point to a IRET.
  76.                                 (probability: 1/4);
  77.                         INT 10: will slow down the screen by a random
  78.                                 loop;
  79.                         INT 10: every time while scrolling up, the
  80.                                 screen will be blanked;
  81.                         INT 16: the BIOS-variable keyboard flag
  82.                                 [0417h] is modified;
  83.                         INT 17: Every character sent to the printer
  84.                                 is manipulated (randomly);
  85.                         INT 17: every character sent to the printer
  86.                                 is XORed with 020H;
  87.                         INT 1A: sometimes, this routine will return a
  88.                                 random system clock value.
  89.  
  90. Damage Trigger......: Every boot sequence
  91.  
  92. Particularities.....: During installation, a mark (0FFH) is set within
  93.                          the partition table at offset 01BDH, so the
  94.                          will be installed only once.
  95.                       The text
  96.                          "SOFTLoK+ V3.0 SOFTGUARD SYSTEMS,INC
  97.                          2840 St.Thomas Expwy,suite 201
  98.                          Santa Clara,CA 95051 (408)970-9420"
  99.                         is readable in the partition table.
  100.  
  101. -------------------- Acknowledgement ---------------------------------
  102. Location............: Virus Test Center, University Hamburg, FRG;
  103. Classification by...: Thomas Lippke, Michael Reinschmiedt
  104. Documentation by....: Thomas Lippke, Michael Reinschmiedt
  105. Date................: 11-June-1990
  106.  
  107. ==================== End of "12-TRICKS" - Trojan =====================
  108.  
  109.  
  110.   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  111.   ++++++++++++++++++++++++++ end of reports ++++++++++++++++++++++++
  112.   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  113.