waters@mosaic.dec.com (07/02/86)
------------------------------------------------------------------------
| HACKED & TROJAN HORSE PROGRAMS: |
------------------------------------------------------------------------
Name Category Notes
------------ -------- ----------------------------------------------
ARC.COM HACKED Someone keeps running SPACEMAKER or a similar
EXE squeezer on SEA, Inc.'s ARC archive
program, then uploading the resulting COM file
to BBS's without the author's permission. Not
kosher, whoever you are. SEA won't support the
COM version -- this is an unauthorized
modification.
ARC513.EXE *TROJAN* This hacked version of arc appears normal, so
beware! It will write over track 0 of your
[hard] disk upon usage, destroying the disk.
BALKTALK *TROJAN* This program used to be a good PD utility,
but some one changed it to be trojan.
Now this program will write/destroy sectors
on your [hard] disk drive. Use this with
caution if you aquire it, because it's more
than likely that you got a bad copy.
DISKSCAN.EXE *TROJAN* This was a PC-MAGAZINE program to scan a (hard)
disk for bad sectors, but then a joker edited
it to WRITE bad sectors. Also look for this
under other names such as SCANBAD.EXE and
BADDISK.EXE...
DOSKNOWS.EXE *TROJAN* I'm still tracking this one down -- apparently
someone wrote a FAT killer and renamed it
DOSKNOWS.EXE, so it would be confused with the
real, harmless DOSKNOWS system-status utility.
All I know for sure is that the REAL
DOSKNOWS.EXE is 5376 bytes long. If you see
something called DOSKNOWS that isn't close to
that size, sound then alarm. More info on this
one is welcomed -- a bagged specimen
especially.
EGABTR *TROJAN* BEWARE! Description says something like
"improve your EGA display," but when run it
deletes everything in sight and prints "Arf!
Arf! Got you!"
FILER.EXE *TROJAN* Labelled "Great new filing system" - wiped out
20 Megabyte HD. I'm looking for confirmation
on this.
LIST60 HACKED Vuern Buerg's LIST 5.1, patched to read 6.0.
QMDM110.ARC HACKED ONLY versions 1.10 and 1.10A! They are
QMDM110A.ARC HACKED copies of 1.09, hacked to read 1.10. There
have been rumors of a worm in 1.10, but I
haven't seen any evidence of it. Other
versions are OK.
QUIKRBBS.COM *TROJAN* This Trojan horse advertises that it will
load RBBS-PC's message file into memory
2 times faster than normal. What it really
does is copy RBBS-PC.DEF into an ASCII file
named HISCORES.DAT...
SECRET.BAS *TROJAN* BEWARE!! This may be posted with a note saying
it doesn't seem to work, and would someone
please try it; when you do, it formats your
disks.
STRIPES.EXE *TROJAN* BEWARE SYSOPS!! This one draws an American flag
(nice touch), but meanwhile it's busy copying
your RBBS-PC.DEF to another file (STRIPES.BQS)
so Bozo can log in later, download STRIPES.BQS,
and steal all your passwords. Nice, huh!
VDIR.COM *TROJAN* This is a disk killer that Jerry Pournelle
wrote about in BYTE Magazine. I have never
seen it.