LHA V3 Trojan horse:
        --------------------

        Filelength 54440 bytes (unpacked)

        This file will be spreaded as new LHA V3.00 version. It`s a
        simple 1.38e release...

        This is the same mailbox hacking code as in the viewtek22 (vtek22-
        virus) installer. It seems to copy the userdatas and boxparameters
        to the private directory from a special user.

        This special user was at the upload time in holidays and cannot
        be the author. This means that the account was hacked...

        In the last time several boxes in the region Hannover got hacked, I
        think that there is somekind of connection.

        Probably against: FastCall

        (Sysops, please call me, I need some information about it ! Thx)



        'dos.library'
        'S:HauptPfad'
        'User/SysOp/UserDaten'
        'BoxDaten/BoxParameter'
        'User/Snoopy/.INDEX'
        'User/Snoopy/.TXT'
        'Absender  : xxxxxx'
        'Betreff   : Dies ist ein Test'
        'Datum     : 10.03.1994'
        'Uhrzeit   : 20:50:58'
        'Bytes     : 1024'
        'Empfänger : Snoopy'
        '10.03.1994 20.50.58    1 Asc Snoopy      '
        '     Dies ist ein Test'



        Test by Markus Schmall.         Detection tested 19.09.1994.

[Go back]