FTHSMULD%rulgl.LeidenUniv.nl@CUNYVM.CUNY.EDU (Jeroen W. Pluimers) (03/20/91)
Hello all,
I received the following trough bitnet. It is a very bad example of
an ordinary hack.
_
# (_) Jeroen W. Pluimers (Alias: Charly Chaplin)
\___ | _
|~| \ snail: P.O. Box 266
|_| \_ 2170 AG Sassenheim
/ \ # The Netherlands
/ \ | phone: +31-2522-11809 18:00-21:00 UTC
\ / | fidonet: 2:281/521 (The White House)
__\ /__ | fidonet: 2:281/515.3 (Proxyon)
bitnet internet
- ---------------------------------------------------------
PLUIMERS@HLERUL5.BITNET pluimers@rulcri.LeidenUniv.nl
FTHSMULD@HLERUL52.BITNET fthsmuld@rulgl.LeidenUniv.nl
>By: Righard Zwienenberg
>Re: Itialian Virus Board
>At: Sun 17 Mar 91 19:51
>----------------------------------------------------------------------
>I just found out one of the most brutal and ordinary 'hacks' I
>have ever seen. I am talking about a 'Viruskit', which was sent
>to me, abusing Frisk (Parts of F-PROT), McAfee (VIRLIST.TXT), Patricia
>Hoffman (VSUM) and Jan Terpstra
>(VIRSCAN.DAT).
>
>The package, being a shareware package, is 'created' by Mauro Bollini
>of the Italian Virus Board. While unarchiving the file VKIT600.ZIP,
>the following message was be displayed inside a graphic box:
>
>VIRUSKIT ADVANCED RELEASE 6.00
>Il primo vero anti-virus Made in Italy
>Created by Mauro Bollini 1991
>* Shareware Version *
>
>The first thing I noticed was a 4588 byte .SYS-file named SYSCHECK.SYS.
>It tookmy attention because it had the same length as F-PROT's
>F-DRIVER.SYS (1.14a).
>After a short inspection it turned out to be F-DRIVER.SYS, with
>the text translated into Italian and the FRISK001-identifier removed.
>
>This made me susspicious and I checked out some other files. The
>result:
>
>VIR1.LST => SIGN.TXT of F-Prot, but the virusnames are also coded
>VIR2.LST => Slightly modified VIRSCAN.DAT
>VIRDOC.TXT => Virus Summary Headers and Reference Chart
>VIRUS => Modified VIRLIST.TXT
>
>I have not had the time to look at all the other files, but on
>run-time, most most of them look very familiar to the F-Prot package...
>Some of the files were missing because those will be send to one
>if one registers...
>
>The registration-fee for this package is 60.000 lire (about $45)...
>Although all documentation is in Italian and I do not read Italian,
>there isn't a single document stating the source of all the above
>and I doubt if the owners of the original documents/files will
>receive a single penny from it...
>
>The Italian Virus Board recently popped up in the Virus Echo persuading
>people to call it. The one sending me this package logged his session
>(including a chat with the sysop). It is nice to know that this
>system is an 'official member of the european virusnet'. There
>was a list displayed with all
>'members' and our good 'friend' Todor Toderov was on that same
>list as some other known participants of this conference!!!
>
>It is even more sceptical now, because Mr. Bollini loged on into
>INFOdesk claiming to be a researcher and wanted to exchange viruses
>to include new ones in his anti-virus-package...
>
>All data has been or will be forwarded to McAfee, Patti Hoffman,
>Frisk and Jan Terpstra so that they can take appropiate action
>on this.
>
>I do not have to state that downloading this package is a waste
>of money and unethical, do I?
>
>[RiZwi]