home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hackers Underworld 2: Forbidden Knowledge
/
Hackers Underworld 2: Forbidden Knowledge.iso
/
VIRUS
/
CRPTLT.R10
< prev
next >
Wrap
Text File
|
1992-12-04
|
53KB
|
1,073 lines
▄▄▄ ▄▄▄▄▄▄▄▄ ▄▄▄ ▄▄▄▄▄▄ ▄▄ ▄▄ ▄▄▄ ▄▄▄▄▄ ▄▄▄▄▄▄▄ ▄▄▄▄▄
█▒▒█ █▒▒▒▒▒▒▒█ █▒▒█ █▒▒▒▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒▒▒█ █▒▒▒▒▒▒█ █▒▒▒▒█
█▒▒█ ▀▀▀▀▀▀▀▀ █▒▒█ ▀▀▀▀█▒▒█ █▒▒█ █▒▒█ █▒▒█ ▀▀▀█▒▒█ ▀▀▀█▒▒█ ▀▀▀▀▀
█▒▒█ █▒▒█ ▄▄▄▄█▒▒█ █▒▒█ █▒▒█ █▒▒█ ▄▄▄█▒▒█ █▒▒█
█▒▒█ █▒▒█ █▒▒▒▒▒█ ▀▀ █▒▒█ █▒▒█ █▒▒▒▒█ █▒▒█
█▒▒█ █▒▒█ ▀▀▀▀█▒▒█ █▒▒█ █▒▒█ ▀▀▀▀▀ █▒▒█
█▒▒█ ▄▄▄▄▄▄▄▄ █▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒█
█▒▒█ █▒▒▒▒▒▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒█
▀▀▀ ▀▀▀▀▀▀▀▀ ▀▀▀ ▀▀ ▀▀ ▀▀▀ ▀▀
NEWSLETTER NUMBER 10
**********************************************************************
Another festive, info-glutted, tongue-in-cheek training manual
provided solely for the entertainment of the virus programmer,
security specialist, casual bystander or PC hobbyist interested in
the particulars - technical or otherwise - of cybernetic data
replication and/or mutilation.
EDITED BY URNST KOUCH, early December 1992
**********************************************************************
TOP QUOTE: "From Hell's heart, I stab at thee!"
--Captain Ahab in Melville's "Moby Dick"
(or Khan, from a Star Trek movie, if you're
a Philistine)
IN THIS ISSUE: A virus ate my lunch money: South American
drug lord served by computer mishap . . . A virus ate my
lunch money, part II: Crypt newsletter and the PROTO-T
hoax revisited, Jeezus H. Christ . . . Consumer report:
Trend Micro Devices' PC-Rx anti-virus software . . .
GOBBLER II test drive . . . AMBULANCE CAR virus . . .
The first annual Crypt Virus/Anti-virus Awards . . . In the
READING ROOM: Bruce Sterling's "The Hacker Crackdown" . . .
Pallbearer's AT THE MOVIES: raiding BlockBuster Video over
"Sneakers", the movie . . . Thom Media cracks jokes . . .
URNST'S SCAREWARE TOOLS . . . stupid humor and more . . .
****************************************************************
A VIRUS ATE MY LUNCH MONEY: COLOMBIAN POLITICIANS AND PABLO
ESCOBAR SERVED BY "Ghost of La Catedral" VIRUS
****************************************************************
Reuters news service reports that on Nov. 13, Colombian officials
announced from Bogota that a computer virus had
nuked a report containing critical comments on government
ministers involved in the muffed prison transfer of drug lord
Pablo Escobar. Escobar and a number of accomplices escaped
during the June transfer and a national scandal erupted, resulting
in a formal investigation of government officials involved in
orchestrating the event. The virus allegedly eliminated the
investigation's conclusions mere hours before they were to be
publicly presented. The virus was called "Ghost of La
Page 1
Catedral," in reference to the prison from which Escobar escaped.
Reuters was one of the first international news agencies to
hype the threat of Michelangelo virus.
*****************************************************************
A VIRUS ATE MY LUNCH MONEY, PART II: CRYPT NEWSLETTER AND THE
PROTO-T HOAX REVISITED
*****************************************************************
In an odd case of art imitating life and life coming back to
bite it in the caboose, the "PROTO-T" virus from Crypt Newsletter
#9 has taken on a strange will of its own.
Alert Crypt readers will remember the editor ridiculing
bogus FidoNet alerts warning of the threat posed by a new
virus, PROTO-T, which could hide in COM port buffers, video
memory, etc. Further, readers with reading comprehension well
above the level of cabbage should recall the generic, memory
resident infector supplied with Newsletter #9. This virus,
clearly labeled as a program NAMED "in honor" of "the anonymous
electronic quacks" who LAUNCHED the PROTO-T HOAX in no way
constituted prima facie evidence that PROTO-T, as described
on the networks and elsewhere, existed.
Nevertheless, many readers missed this fine distinction, prefering
to believe that the Crypt newsletter had, indeed, supplied them
with a pure sample of the REAL THING: PROTO-T in all its horror.
Readers and virus collectors surfaced on the WWIVnet, and even
on PRODIGY, in the next few days, INSISTING that PROTO-T was real
and that they had the source code and DEBUG scripts, supplied by
the newsletter, to prove it. Some even went as far to execute
PROTO-T on their machines, but more on that later.
Well, PROTO-T most certainly DIDN'T exist prior to our covering
the hoax. There was no evidence that any viral or Trojan code
was in the hack PKZip 3.0., the alleged "carrier" of PROTO-T.
The claims that PROTO-T could hide in a COM port buffer were
patent bullshit. (Not our bullshit mind you, but still bullshit.)
However, for all intents and purposes, PROTO-T now exists
even though OUR "symbolic gesture" is nothing close to the shambling
monster confabulated by the original hoaxsters.
In short, IT WAS SUPPOSED TO BE A JOKE.
So, now you have PROTO-T and you don't recall its features
because you were so excited you messed yourself and forgot
to read issue #9 closely. Listen up, then! PROTO-T, the demo virus
supplied by Crypt newsletter, is a simple, memory
resident .COM infector which hooks interrupt 21 and monitors
the DOS "execute" function, contaminating files just before they
run. It reduces the apparent amount of memory by approximately
1 kilobyte, a phenomenon which can be observed by recording the
amount of available memory from a MEM /C command before and after
the virus is installed on a machine. PROTO-T is not stealthy; it
is not encrypted. It will not trash your drive although
IT WILL irreversibly infect programs, making them difficult
to use. The virus contains the ASCII string, "This program
Page 2
is sick. [PROTO-T by Dumbco, INC.]"
Now, if you temporarily lost your sanity and ran PROTO-T
before reading the documentation, here is a clip-list of
"Common PROTO-T trouble-shooting questions and answers."
-=Cut here and save=-
--------------------------------------------------------------
URNST'S QUICK TIPS ON REMOVING PROTO-T FROM A CARELESSLY
INFECTED IBM PC
______________________________________________________________
Q. I stupidly ran PROTO-T and promptly forgot about it. How
do I find the virus on my system?
A. If you have NORTON UTILITIES or any reasonable facsimile,
use its text searching capability to look for strings like
"PROTO-T" or "Dumbco, INC." Delete the files that turn up,
they contain the virus.
Q. My computer makes a strange quacking noise on boot, then
the drive light comes on, stays on and the machine appears
to hang. What's up?
A. PROTO-T has infected your COMMAND.COM and it's after 4:00
in the afternoon. Either wait until morning, or boot with
a CLEAN diskette from the A: drive and delete the infected
command processor. Restore the deleted processor from your
DOS backup disk.
Q. Ever since I foolishly ran PROTO-T without knowing what
I was doin