Bastard Dropper - Amiga Virus Encyclopedia

VIRUS HELP TEAM


 ------------------------    
 Amiga Virus Encyclopedia
 Bastard Dropper
 ------------------------


 Hi All....                                               1 May 2001

 What we think is the installer of the "Bastard" link virus has been
 found. It was on Aminet (and has been there for about 14 days), but
 it has been removed now.


 Okay, here is what we know so far:

 Archive name  : Pointers.lha
 Archive size  : 6.874 bytes
 Installer name: Install
 Installer size: 4.748 bytes
 Virus name    : Batstard linkvirus
 Virus size    : About 2100 Bytes (uses polimorphic engine)


 Here is Zbigniew Trzcionkowski test:
 ------------------------------------
 The archive  'Pointers.lha'  (6874 bytes)  is the installer for the
 BASTARD LINKVIRUS. The executable is hidden inside installer script
 and I must admit I haven't seen such thing before.
 It was done ( in very clever way ) with  special tool which changes
 binary to valid installer script data.
 This can be seen as real MACRO virus for Amiga!

 NOTE:   There was no script icon, so I think almost noone installed
         the virus!

 This  installer script  generates  file  called RAM:temp,  which is
 stonecracked executable with BASTARD virus. This is just TH E FIRST
 file of virus. It contains also  some text and even the name of the
 virus:

 Antidisassemblishmentaryonism v1
 (I think everyone still use the name I have invented :-)

 There  was nothing new in file beside that additional text. It also
 says about the authors, which are  not the same people behind those
 lame 4ef9 trojans ( I came to this conclusion  only by watching the
 code, so You see the differences was large.).
 As  always I will not publish the text inside not to satisfy virus-
 makers  even  this is done  very clever  and not  to infect so many
 machines.

 Thanks to ' Zbigniew Trzcionkowski ' the programmer of Safe for the
 info.


    Regards....
       __          Jan Andersen     
  __  ///          ------------         
  \\\///        Virus Help Denmark        
   \XX/            www.vht-dk.dk             




Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk