Hi ! I just recieved a new (old?) trojan, here the
analyse of it:
Susi_Drive_Stepper Trojan:
--------------------------
Filelength: 904 bytes unpacked
Programmed in: Assembly language
Processors: MC68000-MC68040(?)
On MC68060 it did not work
Typ: Trojan
This is a very easy programmed trojan. Via the use of
Disk Resource it will be tried to access a device (0)
and some IDs will be changed. The whole new "created"
DiskResource struct is not correct and contains a lot
of not understandable code. The trojan is not reset-
proof, it just tries the above mentioned diskresource
manipulation and some little hardwarehacks.The trojan
selects unit 0 and steps with the head around. The
direction will be changed at every loop and the head
moves always one track. The timing is so bad managed,
that the controller gets irritated and quits work
temporarly.
The name of the new created port is "susi". You can
see at the end of the file some names, but nothing
more. All in all a simple trojan.
0260: 00000000 00000000 00006469 736B2E72 ..........disk.r
0270: 65736F75 72636500 73757369 00616E64 esource.susi.and
0280: 72656100 76616C65 6E74696E 6100696E rea.valentina.in
0290: 67726964 00636872 69730000 0A000120 grid.chris.....
(IT`S HEREBY PROHIBIT, THAT SHI USES THIS ANALYSE IN ANY FORM
IN ANY RELEASE OF THEM !)
A special hello and thanks goes out to Jan Andersen for
his really great help all the time and all his work. He sended
me this trojan. Thanks Jan.
- Merry X-mas to all of you - Have a nice christmas celebration time -
Greets
Markus Schmall