Dialer 2.8g Virus:
        ------------------

        This is a trojan horse for  AmiExpress.The SysopPW  will be  taken
        and put in the file "nocallersat300". Now the hacker can simply get
        the PW (when getting connected with 300 baud) and enter the BBS.
        The UADialer 2.8 is a bluebox. Therefore I did not code  a  repair-
        routine for this virus. Blueboxing is a crime and I do not want to
        support it.
        Due to the fact that it is spread in a crunched executable file,VW
        will only recognize the crunched file.


        The crunched executable  file does  not work  an a A4000 (MC68040)
        with activated CACHES.



        VirusStart:
        dosbase                DC.B        0
                        DC.B        0
                        DC.W        0
        filehandle        DC.W        0
                        DC.W        0
        destfilehandle        DC.W        0
                        DC.W        0
        memblock
                        dcb.l        40,0
        dosname                DC.B        'dos.library',0
        username        DC.B        'bbs:user.data',0
        desttext        DC.B        'bbs:node1/NOCALLERSAT300',0



        A little script,made with DosTouch,which shows us the inner
        workings of the Dialer28g:



                Load   ram:dialer
        ->        Open   bbs:user.data             Openmode:OLD
        ->        Open   bbs:node1/NOCALLERSAT300 Openmode:OLD
                CProc  DIALER-TASK
                Open   s:UADial.pref             Openmode:OLD
                Open   s:UADial.prefs             Openmode:OLD
                Open   s:UADial.conf             Openmode:OLD





                    Detection and Termination tested on 18.03.93.

        This virus (like most BBS trojans) should only work with AmiExpress
        1.x and 2.x because the structures of AmiExpress 3.x are a little
        bit different, aren`t they ?



        Test by Markus Schmall

[Go back]