VIRUS HELP TEAM


    -------------------------
    Amiga Virus Encyclopedia
    UA Dialer 2.8g BBS Trojan
    -------------------------
    

    Dialer 2.8g Virus:
    

    This is a trojan horse for  AmiExpress.The SysopPW  will be  taken
    and put in the file "nocallersat300". Now the hacker can simply get
    the PW (when getting connected with 300 baud) and enter the BBS.
    The UADialer 2.8 is a bluebox. Therefore I did not code  a  repair-
    routine for this virus. Blueboxing is a crime and I do not want to
    support it.
    Due to the fact that it is spread in a crunched executable file,VW
    will only recognize the crunched file.

    The crunched executable  file does  not work  an a A4000 (MC68040)
    with activated CACHES.


    VirusStart:
    dosbase         DC.B        0
                    DC.B        0
                    DC.W        0
    filehandle      DC.W        0
                    DC.W        0
    destfilehandle  DC.W        0
                    DC.W        0
    memblock
                    dcb.l        40,0
    dosname         DC.B        'dos.library',0
    username        DC.B        'bbs:user.data',0
    desttext        DC.B        'bbs:node1/NOCALLERSAT300',0


    A little script,made with DosTouch,which shows us the inner
    workings of the Dialer28g:


              Load   ram:dialer
    ->        Open   bbs:user.data             Openmode:OLD
    ->        Open   bbs:node1/NOCALLERSAT300  Openmode:OLD
              CProc  DIALER-TASK
              Open   s:UADial.pref             Openmode:OLD
              Open   s:UADial.prefs            Openmode:OLD
              Open   s:UADial.conf             Openmode:OLD


    Detection and Termination tested on 18.03.93.

    This virus (like most BBS trojans) should only work with AmiExpress
    1.x and 2.x because the structures of AmiExpress 3.x are a little
    bit different, aren`t they ?


    Test by Markus Schmall


    

Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk