informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/hacking/hack9301.rpt

805 lines
38 KiB
Plaintext
Raw Permalink Blame History

=========================================================================
||
From the files of The Hack Squad: || by Lee Jackson, Co-Moderator,
|| FidoNet International Echo SHAREWRE
The Hack Report || Volume 2, Number 1
for January, 1993 || Report Date: January 3, 1993
||
=========================================================================
Welcome to the first 1993 issue of The Hack Report. This is a series
of reports that aim to help all users of files found on BBSs avoid
fraudulent programs, and is presented as a free public service by the
FidoNet International Shareware Echo and the author of the report, Lee
Jackson (FidoNet 1:382/95).
This issue begins a brand new year for us here at Hack Central Station.
As you will soon note, this report is quite a bit shorter that the last
1992 issue. This is due to all previously reported (and confirmed) files
being removed from the list: they are still listed in the file
HACK92FA.RPT, which comes with the archive version of this report. Only
unsettled/unconfirmed listings from last year's issues are carried over.
If you have a copy of the December report, please don't delete it, since
you'll need it as a reference to previously reported files.
There are quite a few important listings this time around, including a
clarification of a file that has caused quite a bit of work for your Hack
Squad. Thanks to everyone who has helped put this report together, and
to those that have sent in comments and suggestions.
NOTE TO SYSOPS: The Hack Report may be freely posted as a bulletin on
your BBS, subject to these conditions:
1) the latest version is used,
2) it is posted in its entirety, and
3) it is not altered in any way.
NOTE TO OTHER READERS: The Hack Report (file version) may be freely
uploaded to any BBS, subject to the above conditions, and only if you do
not change the filename. You may convert the archive type as you wish,
but please leave the filename in its original HACK????.* format. The
Hack Report may also be cross-posted in other networks (with the
permission of the other network) as long as it meets the above conditions
and you give appropriate credit to the FidoNet International Shareware
Echo (and the author <g>).
The idea is to make this information available freely. However, please
don't cut out the disclaimers and other information if you use it, or
confuse the issue by spreading the file under different names. Thanks!
DISCLAIMER: The listings of Official Versions are not a guarantee of the
files' safety or fitness for use. Someone out there might just be
sick-minded enough to upload a Trojan with an "official" file name, so
>scan everything you download<!!! The author of this report will not be
responsible for any damage to any system caused by the programs listed as
Official Versions, or by anything using the name of an Official Version.
*************************************************************************
Much Ado about Telix - an Editorial
Before we begin this month's carnage and mayhem, please allow me to clear
up a question that has just about resulted in the total weardown of your
Hack Squad's keyboard.
When the December issue of The Hack Report was written, the latest
official release of Telix was version 3.15, which still carried the Exis
trademark. At that time, the new owners of Telix, deltaComm, were in the
process of beta testing a shareware upgrade to their program. Since it
is the official policy of this report not to advertise upcoming releases,
and since the version number was not known to this reporter, the pending
upgrade was not mentioned in the report.
Within a week after the December issue came out, deltaComm released their
upgrade. They chose 3.20 as the new version number, which is (of course)
their legal right. Unfortunately, this happened to coincide with a
previously reported hacked version number, which was listed in the
December issue.
Of course, the result of this was that there were many questions sent to
Hack Central Station, all asking for confirmation of this new Telix that
had been uploaded to the questioners' BBS systems, or seen on the
questioners' favorite boards. The response to all questions was the
same: the new version is legitimate, as long as it has deltaComm's logo
and a release date of either December 10th or December 14th, 1992.
This incident is entirely my fault: it is my responsibility, as author
of The Hack Report, to stay up to date on the latest official versions of
files listed in this report. I apologize for the inconvenience and
uncertainty that this has caused, and I hope that all of you, as readers
of this report, can forgive the oversight of a tired (and slightly
underpaid <g>) reporter.
=========================================================================
Hacked Programs
Here are the latest versions of some programs known to have hacked copies
floating around. Archive names are listed when known, along with the
person who reported the fraud (thanks from us all!).
Program Hack(s) Latest Official Version
------- ------- -----------------------
BNU FOSSIL Driver BNU202 BNU170
Reported By: Amauty Lambrecht (2:291/712) (not counting betas)
| BNU188B
| Reported By: David Nugent (3:632/348),
Author of BNU
| F-Prot Virus Scanner FP-205B FP-206B
| Reported By: Bill Lambdin (1:343/45)
PKLite PKLTE201 PKL115
| Reported By: Wen-Chung Wu (1:102/342)
PKZip PKZ301 PKZIP110
| Reported By: Mark Dudley (1:3612/601)
| Jon Grimes (1:104/332)
| Shez SHEZ72A SHEZ83
SHEZ73
Reported By: Bill Lambdin (1:343/45)
| Telix Telix v3.20 TLX320-1
| (Prior to Dec. 1992) TLX320-2
| Telix v3.25 TLX320-3
| Reported By: Brian C. Blad (1:114/107) TLX320-4
Peter Kirn (WildNet, via
Ken Whiton)
Telix v4.00
Telix v4.15
Reported By: Barry Bryan (1:370/70)
Telix v4.25
Reported By: Daniel Zuck (2:247/30, via Chris
Lueders (2:241/5306.1)
MegaTelix
Verified By Jeff Woods, deltaComm, Inc.
| Please Note - the 3.20 release dated either December 10th
| or December 14th, 1992, is legitimate: any earlier file
| calling itself v3.20 and carrying an Exis, Inc. trademark
| is not legitimate. Please thoroughly check your version
| prior to sending questions to this reporter! <g>
Telix Pro
Reported By: Jason Engebretson (1:114/36),
in the FidoNet TELIX echo
=========================================================================
Hoax Alert:
| HW Mikael Winterkvist received a program from Kai Sundren (2:201/150)
| called RAOPT. This file, which claims to "optimize" your RemoteAccess
| BBS files, appears to do nothing except read your USERS.BBS file and
| report how many users it has read. The program itself says it should be
| run twice. I don't know if Mikael did this, but I hope he didn't.
|
| The program contains a copyright for Continental Software and a version
| number of 1.11. It also asks for registration.
|
| Mikael asked the author of RemoteAccess, Andrew Milner, whether or not
| the program was legitimate. Andrew's response was a resounding No. So,
| even though the file doesn't appear to do anything destructive, your Hack
| Squad advises you to delete it if you see it.
| Last year, a warning about a virus called PROTO-T was widely circulated.
| The message warned that the virus had the ability to hide in the RAM of
| VGA cards, hard disks, and "possibly, in modem buffers." It went on to
| warn that the virus was placed in two files: one called "TEMPLE," and in
| a hack of PKZip, version "3.x".
|
| Your Hack Squad managed to obtain a copy of the hack of PKZip, PKZ305,
| and sent it to Bill Logan and Jeff White of the Pueblo Group for testing.
| Here, now, is the result of their efforts:
|
| Report for possible hack file PKZ305
|
| Filename: PKZ305.EXE
| Filesize: 110187
| Filedate: 9-10-92
| Filetime: 5:25p
|
| =====================================================================
|
| Contents of PKZ305.EXE:
|
| PKSFX (R) FAST! Self Extract Utility Version 1.1 03-15-90
| Copr. 1989-1990 PKWARE Inc. All Rights Reserved. PKSFX/h for help
| PKSFZ Reg. U.S. Pat. and Tm. Off.
|
| Searching EXE: C:/VIRUS/PKZ305.EXE
| Exploding: WHATSNEW.305 -AV
| Exploding: OMBUDSMN.ASP -AV
| Exploding: ADDENDUM.DOC -AV
| Exploding: BENCH.DOC -AV
| Exploding: DEDICATE.DOC -AV
| Exploding: LICENSE.DOC -AV
| Exploding: MANUAL.DOC -AV
| Exploding: ORDER.DOC -AV
| Exploding: README.DOC -AV
| Exploding: PKUNZIP.EXE -AV
| Exploding: PKZIP.EXE -AV
| Exploding: AUTHVERI.FRM -AV
| Exploding: APPNOTE.TXT -AV
|
| Authentic files Verified! # GPI257 PKWARE Inc.
| Thank you for using PKWARE! PKWARE Support BBS (414) 352-7176
| If The -AV Code Is Not GPI257, Then You Have Downloaded A Hack Version
| ======================================================================
|
| CRC Results:
|
| Searching ZIP: PKZ305.EXE
|
| Length Size Ratio Date Time CRC-32 Attr Name
| ====== ===== ===== ==== ==== ======== ==== ====
| 1094 727 34% 09-10-92 17:25 75959145 --w- WHATSNEW.305
| 595 442 26% 09-10-92 17:25 167904ac --w- OMBUDSMN.ASP
| 5487 2039 63% 09-10-92 17:25 af094473 --w- ADDENDUM.DOC
| 908 621 32% 09-10-92 17:25 e0ed85ab --w- BENCH.DOC
| 720 434 40% 09-10-92 17:25 253e799b --w- DEDICATE.DOC
| 9366 3228 66% 09-10-92 17:25 c917b5c2 --w- LICENSE.DOC
| 140642 34426 76% 09-10-92 17:25 4e0e8078 --w- MANUAL.DOC
| 4701 1464 69% 09-10-92 17:25 6e20e127 --w- ORDER.DOC
| 801 526 35% 09-10-92 17:25 191b5ddf --w- README.DOC
| 27908 18815 33% 09-10-92 17:25 b86b40de --w- PKUNZIP.EXE
| 35934 23943 34% 09-10-92 17:25 bcac5c03 --w- PKZIP.EXE
| 1748 866 51% 09-10-92 17:25 fc23095e --w- AUTHVERI.FRM
| 25811 8390 68% 09-10-92 17:25 4f35b70d --w- APPNOTE.TXT
| ====== ====== === =======
| 255715 95921 63% 13
|
| ======================================================================
|
| Results of ViruScan:
|
| SCAN /NOMEM *.EXE
|
| SCAN 8.9B97 Copyright 1989-92 by McAfee Associates. (408) 988-3832
| Scanning for known viruses.
|
| Directory C:. contains 3 files.
|
| No viruses found
|
| SCAN 8.9B97 Copyright 1989-92 by McAfee Associates. (408) 988-3832
|
| =====================================================================
|
| Compression test of PKZ305:
|
| Compression of PKZ305 was comparable to PKZ193A
|
| =====================================================================
|
| Memory report:
|
| The test machine had 655360 bytes total memory
|
| Available memory remained at 583312 bytes free before and after
| testing
|
| =====================================================================
|
| File activity:
|
| Using DISKMON, the only files PKZ305 affected were the test
| compression files (i.e., the ZIP file ZIPed and UNZIPed)
|
| =====================================================================
|
| Trojan activity:
|
| None
|
| =====================================================================
|
| Virus activity:
|
| VSHIELD loaded prior to testing, with no virus activity reported.
| Complete scan of drive after test showed nothing.
|
| =====================================================================
|
| So, this would seem to confirm earlier findings by Bill Lambdin that the
| hack of PKZip was nothing more than a hack. Please note, however, that
| human nature has reigned supreme here - there are apparently 3 different
| viruses in circulation calling themselves Proto-T now. None exhibit the
| behaviour described in the hoax warning, though.
=========================================================================
The Trojan Wars
The Trojan writers seem to have had a problem with RemoteAccess BBS
systems last month, since several of the reported files were aimed at RA
users. To see what happened, read on.
| Frans Hagelaars (2:512/2) posted a message in several echos last month
| concerning a Trojan version of the Blue Wave Offline Mail Reader that had
| been circulating in his area. According to the warning, the "hacked"
| version attacks your hard drive boot sector and partition table, and will
| then "play tricks" with RemoteAccess userlists and phone numbers.
|
| The filename of this version was not given in the report, nor was it made
| clear whether the BBS door or the Reader was involved. If you have any
| questions about the security of your copy, remember that you can always
| obtain a safe copy from the BBS of the author, George Hatchew, at FidoNet
| address 1:2240/176, phone number 1-313-743-8464, or from any of the
| official distribution sites (which I believe are listed in the
| documentation for the program).
| Sylvain Simard sent a file to Hack Central Station called RAFIX. The
| documentation of the file claims to fix "little bugs" in RemoteAccess BBS
| systems. I looked inside the file with a hex editor and found the string
| "COMMAND /C FORMAT C:". It would appear that the program intends to do
| more than fix your BBS.
| Michael Toth (1:115/220) forwards a report from David Gibbs, posted in
| his local Net115 SysOps Forum, concerning a file called ROLEX. The copy
| which David obtained contained the Keypress [Key] virus, according to
| McAfee's ViruScan. Probably an isolated incident, but be aware that such
| a file exists.
| Bill Dirks (1:385/17) has confirmed the sighting of the VGA BBS Ad Trojan
| reported by Stephen Furness (1:163/273). Stephen saw the file under the
| name RUNME. Bill reports it under the name ANSISCR, but containing the
| files RUNME.BAT, LOAD1.ANS, VGAC1.DAT, and VGAPAK.EXE.
|
| The batch file types out the LOAD1.ANS file, which contains a bit of
| profanity, and then renames VGAC1.DAT to VGAC1.BAT and runs it. This
| apparently invokes VGAPAK.EXE, which is a self-extracting archive that
| contains the Yankee Doodle and AntiChrist viruses, among other things.
| It then does quite a few other surprises, eventually winding up by
| trashing your hard drive, a possibly non-functional keyboard, and a
| couple of viruses on your system.
|
| This is a very elaborate Trojan, in that most of the activity can't be
| detected until you reboot your system and see its results. As Bill
| rightly says, "this isn't a very nice little program...."
| Another report from Bill Dirks involves an ANSI bomb called MUVBACK. The
| file is described as a keyboard utility "similar to Doskey." The bomb
| reprograms the D key of your keyboard to invoke DEBUG. It feeds a script
| file to DEBUG which creates two short .com files: due to a bug in the
| script, only one of them, EAT-ME.COM, actually works. This new program
| overwrites the first 500 sectors of your hard drive. If you press the
| spacebar instead of the D key, your system locks due to the bug in the
| script. Bill also says the file contains a text file called ALAMER.TXT,
| written in German. Quite ingenious, and also quite nasty.
| Rich Veraa (1:135/907) forwards a report by Victor Padron (1:3609/14) of
| yet another ANSI bomb, called REAPER.ANS. The file, when typed at the
| DOS prompt (an if an ANSI driver which allows key redefinition is
| installed), turns your keyboard into an insult generator, attempts to
| format your hard drive by invoking the FORMAT program, and deletes files.
| In Victor's case, it deleted the files in his BBS directory.
|
| ANSI bombs are quite nasty when they have access to an ANSI driver, such
| as ANSI.SYS (supplied with most DOS releases), which allows the user to
| redefine their keyboard. The bomb will take advantage of this and cause
| common keystrokes to be remapped to destructive commands.
|
| They can be thwarted in most cases by using an ANSI driver which either
| does not allow key redefinition, or which allows this feature to be
| disabled by the user. ZANSI, NANSI.SYS, NNANSI.COM, and ANSIPlus are a
| few such drivers which your Hack Squad is aware of. Also available is a
| driver called PKSFANSI, from PKWare, which works in tandem with any ANSI
| driver and traps out attempts to remap your keyboard.
| HW Nemrod Kedem received a file from a user called SPEED, which was
| described as a program to "check your PC speed." Here's the file info:
|
| FileName Size Date Time Attr CRC-32
| ========= ====== =========== ====== ==== ========
| SPEED.EXE 3134 23-Dec-1992 18:30 ...A 1E0AA3D7
|
| This program displayed the following on the screen when run:
|
| Please wait while SystemDisk is checking for directories in disk...
|
| @ECHO.
|
| ...and then proceeded to delete all files on drive C:, including
| directories. Avoid this if you see it.
| Mike Wenthold (1:271/47) sent in a couple of reports. The first involves
| a file called REDFOX, which is batch file that deletes all DOS and system
| files. The second involves LOGIM613, which appears to be some sort of
| mouse driver package (I can't verify if it is a Logitech driver, even if
| the archive has LOGI as part of its name). This probable isolated
| incident contains a file, MOUSE.COM, dated May 22, 1992, and 40681 bytes
| in size, which is infected with the VCL virus (according to McAfee's
| ViruScan v95).
=========================================================================
Pirated Commercial Software
Program Archive Name(s) Reported By
------- --------------- -----------
| Psion Chess 3D-CHESS Matt Farrenkopf (1:105/376)
| Battle Chess CHESS Ron Mahan (1:123/61)
| Commander Keen _1KEEN5 Scott Wunsch (1:140/23.1701)
| (part 5)
| Darkside (game) DARKSIDE Ralph Busch (1:153/9)
| F-Prot Professional FP206SF Mikko Hypponen
| (mikko.hypponen@compart.fi)
| Over the Net OTNINC1 Tim Sitzler (1:206/2708)
| (volleyball game)
| Rack 'Em (game) RACKEM Ruth Lee (1:106/5352)
| SimCity (by Maxis) SIMCTYSW Scott Wunsch
=========================================================================
?????Questionable Programs?????
| First, a quick note - this section, along with the Information, Please
| section, are the only ones that have any information carried over from
| the 1992 report. This is because many of the listings in these sections
| were not completely resolved when the last 1992 issue was published. As
| usual, if anyone has any additional information on anything listed in
| these sections, _please_ help!
| HW Ken Whiton forwards messages from Harold Stein, Gary Rambo, and Gwen
| Barnes of Mustang Software, Inc., about a "patch" program aimed at
| OffLine Xpress (OLX) v1.0. The patch is supposed to allow OLX to
| read and reply to Blue Wave packets, along with a lot of other seemingly
| unbelievable feats. Gwen Barnes did not seem to know of the patch, but
| published the following advice in the WildNet SLMROLX conference to
| anyone considering trying it:
|
| 1. Make a complete backup of your system.
| 2. Make sure you've got all the latest SCAN stuff from McAfee
| 3. Try it, keeping in mind that it more than likely does nothing
| at all, or is a trojan that will hose your system.
| 4. Get ready to re-format and restore from backups if this is in
| fact the case.
|
| No filename was given for this patch. If anyone runs across a copy of
| it, please contact one of The HackWatchers or myself so that we can
| forward a copy to MSI for testing.
| Another message forwarded to Ken by Harold, this time from Brent Lynch in
| the WildNet GAMES Conference, concerns a game under the filename SF2BETA.
| I believe Brent is referring to the game Stick Fighter II (or Street
| Fighter II), which has received considerable discussion in the FidoNet
| PDREVIEW and SHAREWRE echos.
|
| Brent implies that the game is by a company called Capcom, and says that
| while the game is in Vietnamese (some have described the language as
| either Chinese or Korean - no way to tell, since I haven't seen a copy),
| the setup for the game is in English.
|
| Some folks have guessed that some of the screens of this game were
| "captured" from a Nintendo or other game cartridge using a device called
| either a Genlock or a Super Magicom (I think). While this might be legal
| for home use, it may well be illegal to distribute a file created in this
| manner.
|
| If someone can shed some light on this situation, please do so - it's
| starting to become very confusing.
| Bill Lambdin (1:343/45) reports that someone has taken all of McAfee
| Associates' antiviral programs and combined them into one gigantic (over
| 700k) archive. He did not say whether the files had been tampered with,
| but he did send a copy to McAfee for them to dissect. The file was
| posted under the filename MCAFEE99. I would not suggest downloading this
| file: as a matter of fact, this reporter prefers to call McAfee's BBS
| directly when a new version of any of their utilities comes out. I
| highly recommend this method, since it insures that you will receive an
| official copy.
HW Matt Kracht forwarded a message from Stu Turk in the DR_DEBUG
echo about possible Trojans going around as PKZIP 2.21 and/or 2.22. Stu
also says that there is a warning about these in circulation. If you
have a copy of this warning, please send a copy to Hack Central Station
(1:382/95).
=========================================================================
Information, Please
This the section of The Hack Report, where your Hack Squad asks for
_your_ help. Several reports come in every week, and there aren't enough
hours in the day (or fingers for the keyboards) to verify them all. Only
with help from all of you can The Hack Report stay on top of all of the
weirdness going on out there in BBSLand. So, if you have any leads on
any of the files shown below, please send it in: operators are standing
by.
| Onno Tesink (2:283/318) has sighted a file called LHA255B. This claims
| to be version 2.55b of the LHA archiver, with a file date in the
| executable of 12/08/92. He compared the file to the latest known
| official release, v2.13, and found two additional program options which
| were mentioned when the program was invoked with no command line
| (generating a help screen). The archive contained nothing but the
| executable file. Viral scans were negative.
|
| I have not heard of any further development going on by the author of
| LHA, H. Yoshi, but that wouldn't be a first. <g> If anyone knows of a
| new version of LHA, please contact your nearest HackWatcher and lend a
| hand.
| Travis Griggs (1:3807/4.25) forwarded a report from a local board called
| The Forum (phone number 1-318-528-2107) by a user named Susan Pilgreen.
| The message referred to a file called BOUNCE, which she said was infected
| with the Russian Mirror virus. The file, according to Travis, claimed to
| be a game. I would appreciate further confirmation of this sighting.
| Brian Keahl (1:133/524) stated in the VIRUS_INFO echo that a program
| called PC-Mix (no archive name given) is a commercial program that is
| being erroneously distributed as shareware. HW Richard Steiner was
| contacted by Bill Ziegler (1:121/34), who says his copy appears to be the
| commercial program, but with a crippled manual to encourage registration.
| I think this is sufficient to resolve this situation.
| An update on a warning from Mark Stansfield (1:115/404), concerning
| the files KILL and PROTECT. He claims that these delete the user's hard
| drive when run. Dan Onstott (1:100/470) reported in the FidoNet SHAREWRE
| echo that he has a small utility called PROTECT.COM (205 bytes, dated
| 12-10-86), which is a write-protect utility for your hard drive. He says
| he has never had a problem with it. So, Mark's report may be an isolated
| incident. If anyone else sees the files Mark mentioned, please advise.
Bill Lambdin forwards a message from Mario Giordani in the ILink Virus
Conference about two files. The archives, called PHOTON and NUKE, are
possibly droppers, containing a file called NUKE.COM which "will trash
your HD."
| Pat Finnerty (1:3627/107) sent a reply to the last report of this,
| stating that he has a copy of a PC Magazine utility called NUKE.COM,
| which is used to remove subdirectories which contain "nested subs,
| hidden, read-only (you name it)." He says that the command NUKE C:\ will
| effectively delete everything on a hard drive, with no chance of repair.
| This is merely the way the program is designed.
I do not know if this is what happened in Mario's case, or if Mario
actually found a copy (read: isolated incident) which was infected. Bill
has asked Mario for further information, and I would like to echo his
call for help. If you know of this, please lend a hand.
Another one forwarded by Bill comes from Michael Santos in the Intelec
Net Chat conference, concerning a screen saver named IM. This is only a
"hearsay" report from one of Michael's friends, who says he downloaded it
and wound up with a virus. There is no way to tell if the infection came
from the file itself or if it was already present on his friend's system.
Once again, if anyone can clear this up, please do so.
Ned Allison (1:203/1102) forwarded a report into the FidoNet DIRTY_DOZEN
echo from a user of The Mailbox BBS in Cleveland (216/671-7534) named
Rich Bongiovanni. Rich reports that there is a file floating around
called DEMON WARS (archive name DMNWAR52) that is "infected with a
virus." If true, this may be an isolated incident. I would appreciate
confirmation on this.
Greg Walters (1:270/612) reports a possible isolated incident of a
problem with #1KEEN7. When he ran the installation, he began seeing on
his monitor "what looked like an X-rated GIF." The file apparently
scanned clean. Any information on similar sightings would be
appreciated.
A report from Todd Clayton (1:259/210) concerns a program called
ROBO.EXE, which he says claims to apparently "make RoboBoard run 300%
faster." He says he has heard that the program fools around with your
File Allocation Table. I have not heard any other reports of this, so I
would appreciate some confirmation from someone else who has seen similar
reports.
Kelvin Lawson (2:258/71) posted a message in the SHAREWRE echo about a
possible hack of FEBBS called F192HACK. I have not seen this file, nor
has the author of FEBBS, Patrik Sjoberg (2:205/208). He forwards the
file sizes in the archive, reported here:
Name Length Mod Date Time CRC
============ ======== ========= ======== ========
FEBBS.EXE 220841 09 Mar 92 21:17:00 96D2E08D
014734.TXT 1403 26 Aug 92 01:59:18 3B9F717F
============ ======== ========= ======== ========
*total 2 222244 26 Aug 92 01:59:24
Kelvin says the .TXT file is just an advert for a BBS, so it is "not
relevant!". As I said, the author of FEBBS has never seen this file, so
I've asked Kelvin to forward a copy of it to him.
Mark Draconis (1:120/324) has found a file called TELE214R, claiming to
be the latest version of Teledisk. He asked for verification in the
FidoNet SHAREWRE echo of its status. On this same line, Kelvin Lawson
reports TELE215R. Steve Quarrella (1:311/405) believes that the program
has gone commercial, perhaps after version 2.12 or 2.13. Your Hack Squad
has no idea, and has not yet had a chance to call Sydex by voice. Please
help.
| Your Hack Squad has seen several references to a release of Scorched
| Earth calling itself v2.0 (SCORCH20). The latest official version I am
| aware of is v1.21. If someone can verify the latest release number,
| please do so.
Andrew Owens (3:690/333.11) forwarded a report of a "Maximus BBS
Optimiser (sic)," going under the filenames MAX-XD and MAXXD20. Scott
Dudley, the author of Maximus, says he did not write any programs that
have these names, but he does not know whether they are or are not
legitimate third party utilities. I have requested further information
from Andrew on this topic, and would appreciate anyone else's
information, if they have any.
Yet another short warning comes from David Bell (1:280/315), posted in
the FidoNet SHAREWRE echo, about a file called PCPLSTD2. All he says is
that it is a Trojan, and that he got his information from another
"billboard" and is merely passing it on. Again, please help if you know
what is going on here.
Bud Webster (1:264/165.7) reports an Apogee game being distributed under
the filename BLOCK5.ZIP. He says that the game displayed a message that
said, "This game is not in the public domain or shareware." There was
only an .EXE file in the archive, and no documentation. I need to know
what the real name of this game is so that I can include it in the
pirated files section (if necessary).
A message in the FidoNet ASIAN_LINK echo from Choon Hwee (1:3603/263)
grabbed my attention the moment I saw it: in capital letters, it said,
"DO NOT RUN this file called MODTEXT.EXE, cause it is a TROJAN!!!". He
goes on to say that two BBSs have been destroyed by the file. However,
that's about all that was reported. I really need more to go on before I
can classify this as a Trojan and not just a false alarm (i.e., archive
name, what it does, etc.). Please advise.
Greg Mills (1:16/390) posted a question to Robert Jung in the ARJ Support
Echo (FidoNet) about a version of ARJ called 2.33. It was unclear as to
whether or not Mr. Mills had seen the file. Mr. Jung has repeated that
the latest version of ARJ is v2.30 (however, there is a legitimate public
beta version numbered 2.39b). It is possible that the references Greg
saw about 2.33 were typos, but you never know. Please help your Hack
Squad out on this one - if you see it, report it.
As the last item in this report, your Hack Squad could use some info on
the TUNNEL screen saver. Ove Lorentzon (2:203/403.6) reports that this
is an internal IBM test program for VGA monitors. HW Richard Steiner
forwarded a message from Bill Roark (RIME address BOREALIS, Shareware
Conference) that had some quoted text strings from the executable. One
says, "IBM INTERNAL USE ONLY."
This file is extremely widespread, however, so I need to hear from
someone who knows what IBM's position on this is. Has IBM changed its
mind and made it legal to distribute this via BBS? If you know for
certain, please advise.
=========================================================================
The Meier/Morlan List
For those of you who missed it last time, here is the list of files that
were forwarded by Joe Morlan (1:125/28), as compiled by Wes Meier, SysOp
of the WCBBS (1-510-937-0156) and author of the AUNTIE BBS system. Joe
says Wes keeps a bulletin of all rejected files uploaded to him and the
reasons they were rejected. Joe also says he cannot confirm or deny the
status of any of the files on the list.
I have included some of the files I can verify from this list in the
Pirated Commercial Files section of this report. However, there are some
that I am not familiar with or cannot confirm. These are listed below,
along with the description from Wes Meier's list.
Due to the unconfirmed nature of the files below, the filenames are not
included in the columnar lists. I would appreciate any help that
anyone can offer in verifying the status of these files. Until I receive
some verification on them, I will not count them as either hacks or
pirated files. Remember - innocent until proven guilty.
My thanks go to Joe and Wes for their help.
Filename Reason for Rejection
======== =============================================
BARKEEP Too old, no docs and copyrighted with no copy
permission.
HARRIER Copyrighted. No permission to copy granted.
SLORGAME Copyrighted. No docs. No permission to copy
granted.
NOVELL Copyrighted material with no permission to
BBS distribute
DRUMS I have no idea if these are legit or not. No
docs.
SPACEGOO STARGOSE in disguise. Copyrighted.
GREMLINS No documantation or permission to copy given.
NAVM Copyrighted. No permission to copy granted.
TESTCOM Copyrighted. No permission to copy granted.
CLOUDKM A hacked commercial program.
ANTIX Couldn't make this work. No docs.
MEGAMAN Copyrighted. No docs. No permission to copy
granted.
MENACE Copyrighted. No docs. No permission to copy
granted.
AIRBALL A hacked commercial program.
WIN_TREK No documentation. No permission to copy.
SNOOPY Copyrighted. No docs. No permission to
copy granted.
SLORDAX Copyrighted. No docs. No permission to
copy granted.
ESCAPE Copyrighted. No docs. No permission to
copy granted.
AFOX A cracked commercial program.
BANNER Copyrighted. No docs. No permission to
copy granted.
FIXDOS50 Copyrighted. No permission to copy granted.
WINGIF14 The author's documentation specifically
requests this file to not be distributed.
INTELCOM Copyrighted. No docs. No permission to
copy granted.
3DPOOL Copyrighted. No docs. No permission to
copy granted.
387DX Copyrighted. No docs or permission to
copy granted.
WINDRV Copyrighted. No permission to copy granted.
=========================================================================
Acknowledgements
My thanks go out this time to Tom Lane, SysOp of FLOTOM Enterprises
(FidoNet 1:382/91), and Jim Westbrook, SysOp of JimNet (FidoNet 1:382/29)
for their assistance in forwarding files sent to me through them. It's a
dangerous business, this, and I appreciate their willingness to help.
*************************************************************************
Conclusion
If you see one of these on a board near you, it would be a very friendly
gesture to let the SysOp know. Remember, they can get in just as much
trouble as the fiend who uploads pirated files, so help them out if you
can.
***HACK SQUAD POLICY***
The intent of this report is to help SysOps and Users to identify
fraudulent files. To this extent, I give credit to the reporter of a
confirmed hack. On this same note, I do _not_ intend to "go after" any
BBS SysOps who have these programs posted for d/l. The Shareware World
operates best when everyone works together, so it would be
counter-productive to "rat" on anyone who has such a file on their board.
Like I said, my intent is to help, not harm. SysOps are strongly
encouraged to read this report and remove all files listed within from
their boards. I can not and will not take any "enforcement action" on
this, but you never know who else may be calling your board. Pirated
commercial software posted for d/l can get you into _deeply_ serious
trouble with certain authorities.
Updates of programs listed in this report need verification. It is
unfortunate that anyone who downloads a file must be paranoid about its
legitimacy. Call me a crusader, but I'd really like to see the day that
this is no longer true. Until then, if you _know_ of a new official
version of a program listed here, please help me verify it.
On the same token, hacks need to be verified, too. I won't be held
responsible for falsely accusing the real thing of being a fraud. So,
innocent until proven guilty, but unofficial until verified.
Upcoming official releases will not be included or announced in this
report. It is this Co-Moderator's personal opinion that the hype
surrounding a pending release leads to hacks and Trojans, which is
exactly the opposite of what I'm trying to accomplish here.
If you know of any other programs that are hacks, bogus, jokes, hoaxes,
etc., please let me know. Thanks for helping to keep shareware clean!
Lee Jackson, Co-Moderator, FidoNet International Echo SHAREWRE (1:382/95)
Reference in New Issue View Git Blame Copy Permalink