VIRUS HELP TEAM
Denmark & Canada


Index - News - Download - Warnings - Link - Virus Help - About VHT - Encyclopedia - Miscellaneous - Contact


    -------------------------
    Amiga Virus Encyclopedia
    UA Dialer 2.8g BBS Trojan
    -------------------------
    

    Dialer 2.8g Virus:
    

    This is a trojan horse for  AmiExpress.The SysopPW  will be  taken
    and put in the file "nocallersat300". Now the hacker can simply get
    the PW (when getting connected with 300 baud) and enter the BBS.
    The UADialer 2.8 is a bluebox. Therefore I did not code  a  repair-
    routine for this virus. Blueboxing is a crime and I do not want to
    support it.
    Due to the fact that it is spread in a crunched executable file,VW
    will only recognize the crunched file.


    The crunched executable  file does  not work  an a A4000 (MC68040)
    with activated CACHES.



    VirusStart:
    dosbase                DC.B        0
                    DC.B        0
                    DC.W        0
    filehandle        DC.W        0
                    DC.W        0
    destfilehandle        DC.W        0
                    DC.W        0
    memblock
                    dcb.l        40,0
    dosname                DC.B        'dos.library',0
    username        DC.B        'bbs:user.data',0
    desttext        DC.B        'bbs:node1/NOCALLERSAT300',0



    A little script,made with DosTouch,which shows us the inner
    workings of the Dialer28g:



            Load   ram:dialer
    ->        Open   bbs:user.data             Openmode:OLD
    ->        Open   bbs:node1/NOCALLERSAT300 Openmode:OLD
            CProc  DIALER-TASK
            Open   s:UADial.pref             Openmode:OLD
            Open   s:UADial.prefs             Openmode:OLD
            Open   s:UADial.conf             Openmode:OLD



    Detection and Termination tested on 18.03.93.

    This virus (like most BBS trojans) should only work with AmiExpress
    1.x and 2.x because the structures of AmiExpress 3.x are a little
    bit different, aren`t they ?


    Test by Markus Schmall


    

Virus Help Team
Denmark & Canada
Copyright © 1994-2020