home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hackers Underworld 2: Forbidden Knowledge
/
Hackers Underworld 2: Forbidden Knowledge.iso
/
VIRUS
/
CRPTLET.TR7
< prev
next >
Wrap
Text File
|
1992-10-08
|
26KB
|
489 lines
*******************************************
The CRYPT Newsletter (#7) - Early Oct.,1992
Another in a continuing series of info-glutted
humorous monographs solely for the enjoyment
of the virus programmer or user interested
in the particulars of cyber-electronic data
replication and corruption.
--Edited by URNST KOUCH
********************************************
This issue's top quote!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
"Ross Perot is an empty valise."
-Ed Koch on the former Electronic Data
Systems leader's re-entry into the
presidential race.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
IN THIS ISSUE: SPECIAL Election Day viruses: VOTE and
VOTERASE...the DEICIDE virus...FIDO news...INCAPABILITIES:
Off-the-cuff evaluations & fear and loathing on PRODIGY...
from the Reading Room: "Cyberpunk" by Hafner and Markoff
...McAfee Associates close in on "fuck you money"...Vidkun
Quisling Medal awarded...more...
----------------------------------------------------------
NEWS! NEWS! NEWS! VITRIOL! NEWS!
This issue we award the Vidkun Quisling Gold Medal of Rank
Hypocrisy to Gary Watson of Data Systems.
Here at the newsletter bungalow we couldn't help but notice
programmer Gary Watson's insistence that he has
been the victim of a disinformation campaign launched by virus
exchange BBS's. "Do I upload source codes to virus
boards, not so, not so!" is the essence of this claim, aired
on the FidoNet VIRUS_INFO echo.
To help get at the truth, we're releasing a log and archive
listing documenting Watson's visit to the Dark Coffin BBS in
Pennsylvania.
What follows is a reprint of a BBS log generated by WWIV 4.21,
the software in use on Dark Coffin:
1702: Gary Watson #58 23:54:19 08/07/92 [Torrance CA]
Q, S, X, >, >, >, S, Q, Q, X, T, L, >, >, >, *, Q, X, T, *, X, Q, , Q
//S**T! I GOTTA CHECK THE F****N MESSAGE BASES...., T, ?, U, Z, <, >, <, <
<, <, <, <, <, F, //WELL, ONE OF EM AT LEAST, *, U, X, U
>>>+DANGER .ZIP uploaded on NEW UPLOADS<<<
C, C, H, A, T, X, /, \, \, Q, Q, ?, O,
Read: 20 Time on: 16
All comments following // are command line messages one of us used to
type to the other. Notice upload of DANGER.ZIP. Next, the PKUNZIP
listing of what was kept from that archive:
PKUNZIP (R) FAST! Extract Utility Version 1.93 ALPHA 10-15-91
Copr. 1989-1991 PKWARE Inc. All Rights Reserved. PKUNZIP/h for help
PKUNZIP Reg. U.S. Pat. and Tm. Off.
Searching ZIP: DANGER.ZIP
Length Method Size Ratio Date Time CRC-32 Attr Name
------ ------ ----- ----- ---- ---- -------- ---- ----
24704 Implode 7072 72% 09-25-91 10:44 26dbaec9 --w- MIX1.ASM
3193 Implode 1527 53% 03-05-89 22:21 1d1d5ed8 --w- AMST-847.ASM
13009 Implode 3179 76% 01-01-80 00:06 ec3b2f22 --w- BADBOY2.ASM
19037 Implode 6318 67% 06-05-90 11:54 ce10ca04 --w- MURPHEXE.ASM
12453 Implode 2783 78% 04-04-90 17:35 78c45414 --w- STONE.ASM
26586 Implode 5754 79% 04-04-90 17:35 50ad447b --w- DATACRIM.ASM
19495 Implode 7985 60% 01-03-90 23:19 31f550c8 --w- EDDIE.ASM
8897 Implode 2914 68% 05-05-90 18:13 0953d928 --w- DIAMOND.ASM
45577 Implode 10889 77% 05-05-91 18:51 065542d3 --w- V2100_.ASM
15042 Implode 2663 83% 04-18-91 16:58 19fc2ef6 --w- LEECH.ASM
58090 Implode 12176 80% 08-11-92 22:43 ddccc22e --w- VSOURCE.ASM
19310 Implode 6330 68% 03-09-91 15:53 50e8c26a --w- HORSE2.ASM
47596 Implode 11030 77% 03-13-91 18:29 21efc392 --w- 4096.ASM
3042 Implode 1139 63% 12-28-88 12:32 a7404cb9 --w- BOOT1.ASM
10830 Implode 2939 73% 08-11-92 22:43 a7ae08a6 --w- DIR2.ASM
7212 Implode 2215 70% 08-11-92 22:47 4de925cf --w- MASTER.ASM
------ ------ --- -------
334073 86913 74% 16
And an extracted header from one of the source codes, STONE.ASM:
; IMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM;
; : British Computer Virus Research Centre :
; : 12 Guildford Street, Brighton, East Sussex, BN1 3LS, England :
; : Telephone: Domestic 0273-26105, International +44-273-26105 :
; : :
; : The 'New Zealand' Virus :
; : Disassembled by Joe Hirst, November 1988 :
; : :
; : Copyright (c) Joe Hirst 1988, 1989. :
; : :
; : This listing is only to be made available to virus researchers :
; : or software writers on a need-to-know basis. :
; HMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM<
Now, while this isn't IRONCLAD proof of Gary Watson's
duplicity, it IS close enough for most purposes. And, yes, here
at the bungalow we can still imagine cries of "Disinformation!"
or "It's a FRAME-UP!" or "I never did that!" We feel confident
that the reasonable Crypt reader will weigh the veracity of a Gary
Watson (who self-admittedly views those unlike him as "targets" and
has an ego so big he is easily stroked into flaming on the
FidoNet by barbs from those much younger than he) against that
of the urbane and always courteous editors of the Crypt
Newsletter.
We are pleased to award Gary Watson the Quisling Medal.
When ex-New York City mayor Ed Koch was asked to comment on the
Quisling award, he said, "Gary Watson is an empty valise."
A HOT TIP!
Nowhere Man informs the Crypt Newsletter that he is readying
a polymorphic encryption module for domestic release. This is
in addition to his work on VCL 2.0 which could be coming to
you sometime around the holiday season!
*****************************************************************
A CRYPT NEWSLETTER SPECIAL: VOTE and VOTERASE, custom Election
Day viruses!!!
*****************************************************************
In this issue, we give the readers the VOTE! VOTE (or VOTE, SHITHEAD)
is a memory resident, spawning virus which is not detected by the
recent versions of SCAN, Thunderbyte's tbSCAN, Datatechnik's AVScan,
NORTON Antivirus or Central Point Antivirus.
Upon installation, VOTE will reside in a small hole in system memory
invisible to all but the most discerning eye. It hooks INT 21 and
monitors the DOS load function. From there, it will create hidden/
read-only 'companion' files for every .EXE program called. All
of these 'infected' programs will continue to function normally;
VOTE's disk writes are minimal and not likely to be noticed by
anyone NOT looking for the virus. VOTE will accumulate on the
infected system's hard file in an almost totally transparent
manner until Election Day. On Election Day, at the start of the
morning's computing, the first .EXE executed which has a VOTE
'companion' counterpart will result in activation. VOTE will lock
the machine into a loop in which the user is gently but insistently
reminded to go to the polling place. Computing will be impossible
on Nov. 3rd, unless VOTE is completely re