Contents | < Browse | Browse >
===========================================================================
                            AMIGA HACK REPORT
  Erik Loevendahl (SHI)                                       hlau@dou.dk 
===========================================================================
                                      ||
         The Hack Report              ||    Written by Erik Loevendahl
         for April, 1995              ||
                                      ||          Fidonet : 2:236/116.17
  Safe Hex International Support BBS: ||          Amiganet: 39:141/127.17 
                                      ||          Telefax : +45 5599 3498 
  DAN BBS: +45 43621655  V-Fast 28.8  ||
  Formula II: +45 43432463 V-Everyth. || Henrik Lauridsen Internet support:
                                      ||                       hlau@dou.dk
                                      ||      
                                      || 
  Lars Stockholm Packet Radio support:|| Benny Petersen Cbmnet support:     
         OZ1GYQ@OZ4BOX.SAX.LOL.DNK.EU ||       bennyp@bennyp.adsp.sub.org 
                                      ||
                                      ||  Number 4
  Released by Safe Hex International  ||  Report Date: 09 April, 1995
                                      ||
  =========================================================================
 
 
Welcome to the second issue of The Amiga Hack Report.  This is a series
of reports that aim to help all users of files found on BBSs avoid
fraudulent programs, and is presented as a public service by the FidoNet,
Internet and Amiganet International E-mail echos.
 
Thanks to everyone who has helped put this report together, and to those
that have sent in comments and suggestions.
 
 
NOTE TO SYSOPS: The Hack Report may be freely posted as a bulletin on your
BBS, subject to these conditions:

1) the latest version is used,
2) it is posted in its entirety, and
3) it is not altered in any way.

NOTE TO OTHER READERS: The Hack Report (file version) may be freely
uploaded to any BBS, subject to the above conditions, and only if you do
not change the filename. 
 
The author is not responsible for any loss of data nor is he responsible
for any information if it isn't correct.  This list is made as a help and
a lot of work is done to validate all the below mentioned informations to
be so correct as possible, but who knows?  .....
 
The idea is to make this information available freely.  However, please
don't cut out the disclaimers and other information if you use it, or
confuse the issue by spreading the file under different names.  Thanks!
 
If you see other fake or trojan versions NOT listed here, please contact
one of the above supporters or myself so that we can keep this listing up
to date.
 
                                                      Erik Loevendahl
 
  =========================================================================
 
 
                           HACKED AMIGA PROGRAMS

Here are the latest and most common versions of some programs known to
have hacked fake or trojan copies floating around.  Archive names are
listed when known, along with the person who reported the fraud.  (thanks
from us all!).
 
 
 
   20-03-94  X-Copy 8.5 66424 bytes is a trojan. Installs the  Fmfoj Xjsvt
             v2.2 (Eleni) boot virus, which can damage your harddisk.
 
   17-05-94  Decompiler (Autoboot Disc Creator), 53.992 bytes is a trojan.
             Renames your harddisk directories. Reported by W. Gorzkowski.
 
   25-05-94  Hacker 20.980 bytes unpacked is said to optimize your modem 
             settings, but in fact it is a trojan
 
   05-06-94  DMS 2.13 92.440 bytes packed in a file named "Dms213ur.lha" 
             will format your harddisk. Reported by Kim B. Jensen.
 
 * 15-06-94  NoCare27.lha 28.848 bytes unpacked will delete your HD files.
 
   18-06-94  DMS2.12 lha, Device-Masher System, DMS/FMS-Masher 2.12 Extra
             Turbo 92.208 bytes is a fake.
 
   20-06-94  Ua62.lha,  Ua-dialer v6.2 26828 bytes PPacked, 51956 bytes 
             unpacked is said to damage your S/Dir.
 
   22-06-94  Mformt12.lha, Mformat 1.2 unpacked 25168 bytes is said to
             format harddisks after 8. floppies. Reported by Gerard Sens
 
 * 02-07-94  NCOmm 3.09 221.056 bytes is said to be a trojan, which
             installs the eleni virus, that can damage your harddisk.
 
   07-07-94  Hd_speedup.exe, 6252 bytes unpacked found in "HD_Speedup.lha"
             will damage your harddisk. Reported by Steen Brusgaard.
 
   15-07-94  Clx_doom.lha, Doom 32020 bytes is a nasty trojan, which change
             your assign and setpatch command. Reported by Edwin Leenders.
 
   23-07-94  Elien_virus_checker 0.1 is  nasty  trojan. Found in a file
             called "elien.exe". 1016 bytes PPacked, 596 bytes unpacked.
 
 * 02-08-94  Esp-dmpd.lha (DiskMaster 2 PAL Fix) is said to contain a
             linkvirus.
 
   09-08-94  God-j12.lha, JiZaNSi 1.2 - IFF 2 ANSI converter 22.008 bytes
             unpacked is a trojan. Reported by Peter Hansen.
 
 * 24-08-94  Viewtek22.lha 93.844 bytes contains a link virus. Reported by
             Betasoft.
 
   01-09-94  Dskslv3.DMS. Disksalv 3.01 106584 bytes unpacked is said 
             to be a trojan. Reported by Dave Haynie.
 
   08-09-94  Vmk30.lha, Virus Memory Kill V3.00 2620 bytes is a trojan
             which will damage your harddisk. Reported by Chris Hames
 
   30-12-94  Surprise.exe 39296 bytes is spread at a demo at "The Party 94" 
             in Denmark will damage your harddisk. Reported by B. Petersen 
 
   31-01-95  VZII-114.lha is a fake version. Please use the new version
             VZ-115.lha 128182 bytes (unpacked 74028 bytes).
 
   01-01-95  DMS206.lha and CRY_206 contain DMS206.exe is a BBS infiltrator 
             program. Use the latest >original<... DMS 2.04 (96284 bytes).
 
   13-01-95  IStrip21.lha unpacked 12212 bytes is an infiltrator program
             which place BBS user.data in download dir named "eatme.lha".
             
   06-02-95  The Achtung.exe demo in the GATH95-!.lha archive will format
             your harddisk (COP trojan).  Reported by John Vickers.
 
   03-03-95  The archive axripii.lha, about 120046 bytes contains harddisk 
             damage program called Fucker virus in the file called AMIBBB.  
 
   14-03-95 Personal Paint version: 6.2 is a fake.  The last original
            PPaint version is 6.1.  Reported by the programmer M.C.
            Battilana
 
   21-03-95  ncomm32.lha, 121896 bytes Stonecracker 4.04 packed), 226116 
             bytes unpacked. Pretend to be NComm 3.2, but is in fact a COP
             trojan (harddisk tasher)
 
   25-03-95  opus5.lha, unpacked 347308 bytes. Pretend to be DirectoryOpus
             5.0, but is in fact a COP trojan (harddisk trasher)
 
   26-03-95  lha30.lha, 69888 bytes StoneCracker 4.04 packed, 105808 bytes
             unpacked. Pretend to be Lha 3.0, but is in fact a COP trojan
             (harddisk trasher)
 
   26-03-95  ced4.lha 174500 bytes unpacked. Pretend to be CygnusEd 4.0,
             but is in fact a COP trojan (harddisk trasher)
 
   31-03-95  sinfo10.lha, unpacked 2852 bytes. Pretend to be SInfo v1.0,
             but is in fact a COP trojan (harddisk trasher)
 
*  06-04-95  nxs-pt4.lha unpacked 180188 bytes. Pretend to be ProTracker 
             4.0, but is in fact a COP trojan (again a harddisk trasher)
 
   09-04-95  Commander virus is to-day spreaden in all the folowing files:
             dagis!up.exe, Denistro_1.exe, Denistro_2.exe, mn-acid.exe,
             Vampire.exe, Dpl-Mam1.DMS, Dpl-Mam2.DMS, Removcmd.lha,
             Network90.DMS
            
 
The above marked > * < trojans or fake versions isn't implementet in the
SHI virus killers yet, so please TAKE CARE AND SEND THESE TROJANS for new
updates to the mentioned SHI members/BBS'es in this list!!.
 
Do yo want more information please read more about the viruses and trojans
in Virus Info Base an excellent multi media datebase program made by SHI
and spread by ADS, achive name: "VIB9508.lha"
 
  =========================================================================
 
  SPECIAL FOR SYSOP'S
  -------------------
 
  * Did you know that today no file is safe anymore!
  * Did you know there is a lot of virus, trojans and fakes today?
  * Do you want to protect your harddisk 100%?
  * Do you want to use a simple and effective way?
 
 
  A little trick for SysOp's: Print this little list and use it to check 
  your new uploads!!
 
 
  Please use this form below if you find some fake versions or trojans and
  send it to Safe Hex Internalional by E-mail or by post.
 
 
  --> cut here
  ========================================================================
 
                              HACK REPORT FORM:
 
  ------------------------------------------------------------------------
  YOUR NAME:
  ------------------------------------------------------------------------
  ADDRESS:                                   ZIP CODE:
  ------------------------------------------------------------------------
  COUNTRY:                                   PHONE:
  ------------------------------------------------------------------------
  WHICH PROGRAM IS A FAKE OR A TROJAN :                     VERSION:
  ------------------------------------------------------------------------
  FOUND IN ARCHIVE NAME:                      ARCHIVE DATE:         
  ------------------------------------------------------------------------
  BYTES UNPACKED:
  ------------------------------------------------------------------------
  A LITTLE DESCRIPTION 
  (Why do you think this is a fake or a trojan)
 
  -------------------------------------------------------------------------
 
  ATTENTION IF.. 
 
  Possible please send the actual fake or trojan to Safe Hex International!
 
                   
            THANK YOU VERY MUCH FOR YOUR  HELP! WITHOUT YOUR
            VALUABLE HELP WE COULDN'T HAVE MADE THIS LIST!!!
 
 
  ========================================================================
  --> cut here
 
  Please send the hack or the infected file together with the above report
  to:
 
            SAFE HEX INTERNATIONAL MAIN 
            Erik Loevendahl                  Fidonet:  2:236/116.17
            Snaphanevej 10                   Amiganet: 39:141/127.17 
            DK-4720 Praestoe                 Telefax:  +45 5599 3498 
            Denmark  
 
  /or to ....
 
       __              
  __  ///   SAFE HEX INTERNATIONAL BULLETIN BOARD SUPPORT:
  \///    ::::::::::::::::::::::::::::::::::::::::::::: 
   XX/     
 
 
         * Formula II Amiga BBS: +45 43432463 US Robotics V-Everything
           SysOp: Flemming Lindeblad
 
 
         * Programmers Resort BBS: +45 98380575 ZyXEL/v32bis
                                   +45 96869090 ISDN
 
           Special support for the SHI programmers and disk copy service
           for SHI programmars without a modem.
 
           SysOp: Alex Holst, member of SHI 
 
           Address: Alex Holst
                 Jaettestuen 70
                 DK-9230 Svenstrup J
                 Denmark
  
            Tlf. Voice: +45 96869090
 
 
         * DAN BBS is one of the best and biggest BBS in Europe
           Anti-Virus PC and Amiga CoSysOP: Erik Loevendahl
 
 
           Server: 486DX2-66,32mb-RAM,Adaptec 2842VL
           Micropolis 1528+4110 (Micro2:86127799)
           Total  harddisks: 4.3 GIGA, 
           2/8 Giga Sony DAT streamer
           CD-Server: 386-40mhz,4MB, 18 CD's online
           ISDN workstation: 386-40mhz, 4MB, TELES
 
           Total 14 GB on-line
           (More than 30 PC's in system)
 
 
           Linie  1 payment line          42643990  V-Fast 28.8
           Linie  2                       43628230  ZyXEL/v32bis
           Linie  3                       43627750  ZyXEL/v32bis
           Linie  4                       43625880  ZyXEL/v32bis
           Linie  5-19 payment lines!     4362XXXX  ZyXEL/v32bis
           Linie 20                       42643827  V34/VFC 28.8      
           Linie 21                       43621655  VFC 28.8
           Linie 22+23                    43661070  ISDN
 
        DAN BBS fax:                42643357 Group 3 
 
 
        HOW TO DO:
        ---------
        Do you wish to contact our SHI >free< anti-virus areas for uploads
        of  new virus or download of the newest SHI anti-virus stuff type:
 
        "Guest", "Guest" (for free files), and "V" (for the SHI anti-virus
        free area)
 
 
  =========================================================================
 
WE NEED......YOUR SUPPORT CONCERNING NEW VIRUSES FOR FUTURE UPDATES of
this Virus Info Base program.
 
We are thinking that you can see how important your support is too if you
are using one of the following programs, which are using our
anti-virus.libraries:
 
 
  * Virus Checker by Johan Veldthuis

  * Virus Scanner by Gabriele Greco

  * Fides Professional by John Lohmeyer
 
  * DMS by ParCon Software

  * Virus Info Base by Safe Hex International
 
  * D-Copy by Stefan Bernbo  
 
  * X-Copy by Cachet Software (commercial)
 
  * Xtruder BBS virus killer by Martin Wulffeld

  * MT-Copy by Gert-Jan Strik
 
  * Harboot virus analyser by Martin Harbo

  * Bootwriter by Ralf Thanner
 
  * DMS Checker by Martin Wulffeld
 
  * AntiCicloVir by Mathias Gutt
 
ATTENTION: ARE YOU USING SOME OF THE ABOVE PROGRAMS, YOU HAVE OF COURSE
INTEREST TO HELP US, SO WE WE CAN HELP YOU TOO.  THEREFORE REMEMBER TO
SEND ALL NEW VIRUSE TO SHI FOR FUTURE UPDATES. 
 
     THANK YOU VERY MUCH AND REGARDS
 
           
                               "THE AMIGA LIVE"
 
 =========================================================================
 
  Kind regards your friend
 
 
  /~              ERIK LOEVENDAHL SOERENSEN, SAFE HEX INTERNATIONAL 
 C-oo)             Phone +45 5599 2512 | Fidonet:  2:236/116.17
  -)              Fax   +45 5599 3498 | Amiganet: 39:141/127.17
  /~