FTHSMULD%rulgl.LeidenUniv.nl@CUNYVM.CUNY.EDU (Jeroen W. Pluimers) (03/20/91)
Hello all, I received the following trough bitnet. It is a very bad example of an ordinary hack. _ # (_) Jeroen W. Pluimers (Alias: Charly Chaplin) \___ | _ |~| \ snail: P.O. Box 266 |_| \_ 2170 AG Sassenheim / \ # The Netherlands / \ | phone: +31-2522-11809 18:00-21:00 UTC \ / | fidonet: 2:281/521 (The White House) __\ /__ | fidonet: 2:281/515.3 (Proxyon) bitnet internet - --------------------------------------------------------- PLUIMERS@HLERUL5.BITNET pluimers@rulcri.LeidenUniv.nl FTHSMULD@HLERUL52.BITNET fthsmuld@rulgl.LeidenUniv.nl >By: Righard Zwienenberg >Re: Itialian Virus Board >At: Sun 17 Mar 91 19:51 >---------------------------------------------------------------------- >I just found out one of the most brutal and ordinary 'hacks' I >have ever seen. I am talking about a 'Viruskit', which was sent >to me, abusing Frisk (Parts of F-PROT), McAfee (VIRLIST.TXT), Patricia >Hoffman (VSUM) and Jan Terpstra >(VIRSCAN.DAT). > >The package, being a shareware package, is 'created' by Mauro Bollini >of the Italian Virus Board. While unarchiving the file VKIT600.ZIP, >the following message was be displayed inside a graphic box: > >VIRUSKIT ADVANCED RELEASE 6.00 >Il primo vero anti-virus Made in Italy >Created by Mauro Bollini 1991 >* Shareware Version * > >The first thing I noticed was a 4588 byte .SYS-file named SYSCHECK.SYS. >It tookmy attention because it had the same length as F-PROT's >F-DRIVER.SYS (1.14a). >After a short inspection it turned out to be F-DRIVER.SYS, with >the text translated into Italian and the FRISK001-identifier removed. > >This made me susspicious and I checked out some other files. The >result: > >VIR1.LST => SIGN.TXT of F-Prot, but the virusnames are also coded >VIR2.LST => Slightly modified VIRSCAN.DAT >VIRDOC.TXT => Virus Summary Headers and Reference Chart >VIRUS => Modified VIRLIST.TXT > >I have not had the time to look at all the other files, but on >run-time, most most of them look very familiar to the F-Prot package... >Some of the files were missing because those will be send to one >if one registers... > >The registration-fee for this package is 60.000 lire (about $45)... >Although all documentation is in Italian and I do not read Italian, >there isn't a single document stating the source of all the above >and I doubt if the owners of the original documents/files will >receive a single penny from it... > >The Italian Virus Board recently popped up in the Virus Echo persuading >people to call it. The one sending me this package logged his session >(including a chat with the sysop). It is nice to know that this >system is an 'official member of the european virusnet'. There >was a list displayed with all >'members' and our good 'friend' Todor Toderov was on that same >list as some other known participants of this conference!!! > >It is even more sceptical now, because Mr. Bollini loged on into >INFOdesk claiming to be a researcher and wanted to exchange viruses >to include new ones in his anti-virus-package... > >All data has been or will be forwarded to McAfee, Patti Hoffman, >Frisk and Jan Terpstra so that they can take appropiate action >on this. > >I do not have to state that downloading this package is a waste >of money and unethical, do I? > >[RiZwi]