Fake Miami - Amiga Virus Encyclopedia

VIRUS HELP TEAM
 


     ------------------------
     Amiga Virus Encyclopedia
     Miami v2.1g Fake 
     ------------------------
     
     
     - Miami.21g fake

         Filename: Miami.020 Length: 407596 Bytes
         Archive name: DC-MI21G.lha
         according to FileID:
                  .________________
              ____¦____  (   _____/__  - -------------
            _/     ___/ _/\_  T     ¬\_ ·  diGiTAL   ·
          .-\     ¦/    7--7  l       / · cORRUPTiON ·
          |  \____.-----¦  ¦----.____/------- -  -   -
          |   ¯¯¯¯¯             ¯¯¯¯¯
          |    Miami 2.1g - MUI based TCP/IP stack
          |    Cracked executables with fake keys!
          |
          `-[15/09/97]-------------------------[ 7eN ]
          
        But on the Miami homepage you could read:
        Note: The current version 2.1g is identical to 2.1f
        except for a new version of Miami Register. If you are
        currently using 2.1f and have already registered then you
        do not need to download 2.1g.
        So there was NO 2.1g version ?????
        The current version of the 2.1p was in Nov. 97
        So the danger should be minimal.
        
        File comparison:
            2.1g fake 2.1f orig
         64617920 73747265 day stre:  64617974 696d6520 daytime
         616d2074 63702064 am tcp d:  73747265 616d2074 stream t
         6f732062 696e2061 os bin a:  6370206e 6f776169 cp nowai
         206e6577 636c6920 newcli:    7420726f 6f742069 t root i
         7463703a 37373000 tcp: 770.: 6e746572 6e616c00 nternal.
         64617974 696d6520 daytime:   64617974 696d6520 daytime
               ; .....
         49002456 45523a20 I. $ VER:: 49002456 45523a20 I. $ VER:
         4d69616d 6920322e Miami 2nd: 4d69616d 6920322e Miami 2nd
         31672028 31352e30 1g (15.0:  31662028 33312e30 1f (31.0
         392e3937 29004e6f 9.97) .No: 382e3937 29004e6f 8.97) .No
               ; .....
         73656c65 63740000 select ..: 73656c65 63740000 select ..
         594f2f0c 2f4e0004 YO /./ N : 2f0c49f9 00008000 /.I .....
         49f90000 80002f08 I ..... /: 2f086100 fee8584f /.a...XO
               ;etc....
               
        Damage: (third-party statement)
        Ok guyz so this is supposed to be a dC release
        of Miami 2.1g ... cept those guyz didn't do it
        What it IS however is a totally pathetic attempt
        to release a fake in order to gain access to machines it
        is run on.
        
        The concept is that some sucker runs this crap and
        then n e 1 can telnet or letnet to their port 13 and all
        going to plan the remote sys will get a juicy shell prompt
        to steal various goodies like Miami.default etc :)
        
        Now for the funny bit ... this is so poorly done its
        the work of a braindead simpleton, and I'm not even sure
        that it works because of the implementation as there are
        a few things it relies on ... yes thats right, it still
        needs some help :)
     - You must MANUALLY configure this version in Miami.
     - Importing previous settings or using MiamiInit
       stuffs up their plan (methinks).
     - A rudimentary Miami Firewall screws it totally.
     - You have to be stupid enuff not to notice the
       CLI bit in the database settings
    
     Is all the above likey ... hahaha .... NO!
     So in summary ... thanx to the guyz that did this, it made
     my somewhat boring and miserable day ... I laughed for ages!

     - Later RaMoNsTeR :)
       I hope this version really does not exist in the original
       (see above), otherwise it could lead to error detection.
       VT offers deletions.


     Removal: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
              Kickstart all others: VirusZ III with Xvs.library installed


     Original test by Heiner Schneegold
     Translated from german to english by Google translate
Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk