home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker Chronicles 2
/
HACKER2.BIN
/
263.CRPTLET.TR9
< prev
next >
Wrap
Text File
|
1992-11-11
|
33KB
|
746 lines
▄▄▄ ▄▄▄▄▄▄▄▄ ▄▄▄ ▄▄▄▄▄▄ ▄▄ ▄▄ ▄▄▄ ▄▄▄▄▄ ▄▄▄▄▄▄▄ ▄▄▄▄▄
█▒▒█ █▒▒▒▒▒▒▒█ █▒▒█ █▒▒▒▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒▒▒█ █▒▒▒▒▒▒█ █▒▒▒▒█
█▒▒█ ▀▀▀▀▀▀▀▀ █▒▒█ ▀▀▀▀█▒▒█ █▒▒█ █▒▒█ █▒▒█ ▀▀▀█▒▒█ ▀▀▀█▒▒█ ▀▀▀▀▀
█▒▒█ █▒▒█ ▄▄▄▄█▒▒█ █▒▒█ █▒▒█ █▒▒█ ▄▄▄█▒▒█ █▒▒█
█▒▒█ █▒▒█ █▒▒▒▒▒█ ▀▀ █▒▒█ █▒▒█ █▒▒▒▒█ █▒▒█
█▒▒█ █▒▒█ ▀▀▀▀█▒▒█ █▒▒█ █▒▒█ ▀▀▀▀▀ █▒▒█
█▒▒█ ▄▄▄▄▄▄▄▄ █▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒█
█▒▒█ █▒▒▒▒▒▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒█ █▒▒█
▀▀▀ ▀▀▀▀▀▀▀▀ ▀▀▀ ▀▀ ▀▀ ▀▀▀ ▀▀
NEWSLETTER NUMBER 9
**********************************************************************
Another festive, info-glutted, tongue-in-cheek training manual
provided solely for the entertainment of the virus programmer,
casual bystander or PC hobbyist interested in the particulars
of cybernetic data replication and/or destruction.
EDITED BY URNST KOUCH, November 1992
**********************************************************************
TOP QUOTE: "Concrete shoes! Neckties! Cyanide! Done dirt cheap!!"
--AC/DC from "Dirty Deeds Done Dirt Cheap" on
"Live 1992" late October, 1992
IN THIS ISSUE: News-news-news . . . Solomon's Anti-virus Toolkit
scrutinized for user happiness quotient . . . ACME virus and URNST's
continuing fetish with companion infections . . . RAUBKOPY virus:
a German anti-piracy product . . . intro to the first annual Crypt
letter virus\antivirus\virus software awards . . . In the READING
ROOM . . . stupid humor & lots more . . .
-*-
TOP O' THE NEWS: WEENIES STRIKE AGAIN - the PROTO-T hoax. Once
again, the chief dupes were FidoNet and WWIVnet users. The story
goes like this: anonymous electronic stooge posts e-mail message
from noble 'underground elite' sysops in the S.F. Bay Area who
see their systems decimated by a magical, virulent program
which 'hides' in COM port 1, etc., etc. Noble sysops band together
to spread word to "straight" world, with the exception of the
Software Publishers Association. Eegah!
Contagion spreads like wild fire. Call US NEWS & WORLD REPORT! We
reprint the original PROTO-T warning (spelling errors and all) for
your enjoyment and add that one of the viruses included in this
issue has been named PROTO-T, in honor of the quacks who started the
rumor.
Transcript:
*********************************************************************
This is an exact copy of a "Broadcast" letter sent to all members and
affiliates of THIEVCO INC; a group located somewhere in the San
Francisco Bay Area. While I do not support the general theology of
Thievco Inc, I must applaud thier actions. Thier warnings about a new
Page 1
virus called PROTO-T, will potentially save us computer users possibly
thousands of dollars - and hundreds of man hours.
Here is a copy of the broadcast letter, as received from a friend
at Thievco ...
<<*>> <<*>> <<*>> <<*>> <<*>> <<*>>
Retrieved BLUWAV 6921 / THIEV 00621*420 - Node 1:8 Sent T-Tymnet
Date : 9/24/92 11:14pm
To : All Thievco Members, and affil.
Re : PROTO - T
Class : Confidential (go public 9-26)
Dear Members,
At 7:34PM (pst) our attempt to isolate and contain the PROTO - T
virus failed. As we have discovered, PROTO - T has a *VERY* unique
feature, to hide in the RAM of VGA cards, hard disks, and possibly,
in modem buffers. Unfortunaly, we found out the hard way - after it
struck.
At this time, there is no known defence against this virus, save
formatting your hard/floppy disks - there isn't even a method of
detecting it yet...untill its too late. [ PROTO - T specs listed
later ].
Unearthly Vision ( Portland, Oregon ), and Chron ( Alameda, Calif )
were working on isolating the virus when it struck. Over 900 megabytes
of information was lost, of that about 214 megabytes is probably
recoverable.
Action :
Please assist us in implementing this plan, to warn the general public.
Our first priority is our fellow THIEVCO members. Please distribute this
letter to all contacts inside the U.S., upon recipt of this letter.
Please inform the public on 9-26-92. Start warning the elite boards
first, followed by the P.D. boards. Dont bother telling known SPA
locals, they aren't worth our time.
Blue Boar - Distribute the warning in Southern California, start
with L.A. first.
Chron - Distribute to San Francisco, Sacramento, and south east
coast.
Garfield - Distribute to Fido-Net, Vet-Net, Compuserve, and America
Online.
Unearthly Vision - Distribute to Oregon, and Washington.
Executioner - Distribute to San Jose, Monterey.
Page 2
=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=
What is known:
Proto - T was just a rumor, untill it was confirmed a few weeks ago.
Chron, being the most incredible skip-tracer, traced its origins to a
college campus in California. There, it was placed into two files.
The first, is a file called "TEMPLE" - which to our knowledge, has no
legitimate use; it seems to be a dummy file. The other file, was
placed in an unathorized version of PKZip by PKWare ( versions 3.0,
and 3.1 - these are not legitimate versions of PKZip! Quite possibly,
these versions of PKZip were created, for the reason of distributing
PROTO - T ).
Proto - T is very elusive. There is no program known to detect it.
From what we understand, it will only infect your system if certian
conditions are met. From what we know, it will infect your system only if
you run TEMPLE, or PKZip 3.x after 6:00pm. Even doing that wont nessaraly
cause infection - it took 6 days for Chron and Unearthly Vision to
become infected. Obviously some other criteria must be met.
Upon infection, the virus is written (as un-attached file chains), On
two parts of a hard disk - each capable of running independently without
the other half.
After infection, the virus seems to be written into the memory or memory
routines of a VGA or EGA monitor; or is written into the memory of the
hard drive, or quite possibly, into a modem - or COM port. Thus excaping
most or any known detection methods.
PROTO - T :
Proto - T when activated, corrupts data on a disk, stops VGA or EGA
from being used ( Thus either defaulting to CGA, or locking up ), and
prohibits memory from being used over 512K.
Known to be put into two files : TEMPLE.EXE ( 14,771 Bytes ) and PKZip
3.x (Varries always over 100,000 bytes when zipped). If you see these
files - do not get or use them.
Give this letter to all Thievco members and thier contacts, followed by
other boards.
With luck, we can stop the damage before it *REALLY* starts.
THIEVCO INC, San Francisco Bay
Area.
Special Thanks for Chron, Unearthly Vision, and Blue Boar for all thier
help with this "Early warning" and tech help.
Bill [A NOBLE CYBER-CITIZEN. -URNST]
*******************************************************************
Page 3
Crypt newsletter recommendations: Send a copy of the transcript and
PROTO-T to Pam Kane of Panda Systems. According to a recent COMPUSERVE
magazine story on viruses, Kane is working on a hi-tech novel with
a virus villain. PROTO-T could be ripe for even more embellishment
in a good novella. And there's no worry about royalties, either!
Boy, I love reading this stuff! It's cut from the same bolt of cloth
that supplies the endless numbers of computer chowderheads ready
willing and able to argue that a trojan or virus can blow up your
monitor. And here's more:
*******************************************************************
Proto-T is NOT a hoax... and from what I've heard through the grape
vien [VIEN? Is that in Austria?] is just about as nasty as they get.
The problem with detecting it is that no one's really sure where it
goes...com ports, video memory, you name it, and it might have
accessed it...
From all the information I've seen off internet proto-t ussually
strikes after 6:00pm, but is not totally dependant upon the time alone.
I believe it was a lab in Austin Texas that was doing the most
heaviest work on it, although I can't be 100(null)ure that it was Austin..
but at any rate Proto-T is legit, and from all I've been reading
probably one of the most intense virii written to date.. no one seems
to be able to lock it down as from all obersvation it writes to two
seperate sections of the hard disk and neither rely on one or the other
to activate.. and it *might* have reproductive
powers to boot (ie you destroy one of the writes, the other kicks
in and rebuilds it..).
I don't like the looks of this one, not at all..
Devin Davidson [ANOTHER NOBLE CYBER-CITIZEN. -URNST]
**********************************************************************
PATRICIA HOFFMAN, VSUM AUTHOR, QUITS AT 4:00pm
**********************************************************************
I snagged the next entry describing the MtE Spawn (real name: INSUFF3)
off the FidoNet. Someone had posted it from Patricia Hoffman's
VSUM in response to a question on Mutation Engine viruses. The
Crypt reader will recognize MtE Spawn as one of the INSUFF viruses
from a previous newsletter.
MTE Spawn: Received in September, 1992, MTE Spawn is a non-
resident spawning or companion virus which uses the Dark
Avenger Mutating Engine for its encryption. When an infected
program is executed, this virus will infect one .EXE file
in the current directory, creating a 6,666 to 6,746 byte
.COM file with the same base file name. This companion file
will have the read-only, system, and hidden attributes set,
and its date and time will be the system date and time when
infection occurred. The original .EXE file will not be
altered. Execution of an MTE Spawn virus infected program
will result in a system hang after five .EXE files in the
Page 4
current directory have become infected. Additionally,
the companion files will not be executed under some versions
of DOS due to a minor bug in this virus. To disinfect an
infection of MTE Spawn, simply delete the hidden companion
files.
Origin: Unknown September, 1992. [Crypt newsletter 6, actually.]
Note the size reported by Hoffman: 6,666 bytes. Pretty big for a
non-resident companion virus! Must be written in PASCAL, or
somethin'. Nope. Actually, the reader may remember this
particular virus carries a 4,000 byte payload: the NOIZ
trojan. The NOIZ program is dropped onto .EXE's in the current
directory anytime MtE Spawn is executed after 4:00 in the
afternoon. NOIZ is a joke program which installs itself in memory
and, obviously, makes noise. And it irreversibly soils any program
it lands on. This makes NOIZ difficult to ignore. So, Patricia
Hoffman either worked on MtE Spawn in the morning or went home
by 4:00 pm the day she examined it. Oh wow.
******************************************************************
CENTRAL POINT SOFTWARE VOWS "ALL PC's VIRUS FREE BY '93!" IN
MARKETING NEW CP ANTIVIRUS FREEWARE SCANNER. OH WOW.
******************************************************************
Central Point Software follows SYMANTEC into the retail program
offered as bait freeware by making the scanner engine in its
latest edition available as a no-strings downloadable file on
COMPUSERVE and AMERICA-ON-LINE.
The scanner, packaged as the archive CPAVSO.ZIP, SO standing for
"scanner only," is cosmetically very similar to SYMANTEC's
freeware NAVSCAN issued a month ago.
The SO version of CPAV's scanner engine claims to detect all
Mutation Engine viruses and Virus Creation Laboratory variants.
At the Crypt editorial offices it failed to detect the MtE-
equipped INSUFF viruses, noted in the latest edition of Patricia
Hoffman's VSUM as MtE Spawn. It also hiccuped when running against
any but the most basic Virus Creation Laboratory code samples.
CPAVSO continues the weird Central Point Software method of
counting a virus which infects both .COMfiles and .EXEfiles
as two strains, thereby inflating its detection claims.
However, as a brute force scanner, the SO edition is worth precisely
what you pay for it.
*****************************************************************
URNST TAKES THE PRODIGY CHALLENGE AND ORDER's DR. SOLOMON's
ANTIVIRUS TOOLKIT THROUGH ONTRACK SYSTEMS: A QUALITY REPORT
*****************************************************************
The Sears Roebuck administered "personal information service"
for yuppies, Prodigy, recently hyped an antivirus software offer
which, on the surface, appeared quite attractive. It offered
Page 5
a special data integrity package armed with the Solomon Toolkit's
FindVirus utility, an "unerase" program designed to allow
buyers to easily recover recently scotched files and a rudimentary
set of hard disk maintenance utilities. Not a bad deal for
$34 cash money until you consider that anyone running DOS 5.0,
NORTON UTILITIES or any equivalent already has the hard file
maintenance programs, reducing the Prodigy package to a $34
brute-force scanner. Nah, pass.
However, Prodigy did offer the complete Solomon Toolkit for
$39. The catch was it came sans manual. Of course, you could
also buy the manual, thereby bringing the total price up to
$99, just about what you would pay for the Toolkit anywhere.
Hah! But Prodigy hadn't counted on a Crypt newsletter editor
as a buyer. We don't need no stinking manuals!
And so we evaluated the Toolkit just for you, the Crypt reader!
The Toolkit is easy to install. You can either use the dumb
install program or copy the files manually into a TOOLKIT
directory on the hard file of choice. All Toolkit programs are
command line driven, but most will want to use the Toolkit
menu. The menu is perfunctory but clear.
The Toolkit sans manual offers little advice, although there
is plenty of embedded help to aid in understanding possible
functions.
The heart of the Toolkit is its two integrity checkers: Quick
Check Virus and CheckVirus. CheckVirus provides more complete
integrity data on executables and, therefore, according to
Solomon, is more sensitive than Quick Check Virus. It is
supposedly armored against advanced stealth viruses although
we didn't bother to test this. CheckVirus WAS slapped around
by the Crypt companion viruses VOTE and ACME (included in this
issue.) Like most current products, it failed to note the
significance of added files duplicates. Nay, it completely
missed them. This was startling, since the Toolkit virus list
claims it recognizes companion infections as special cases.
Presumably, we take this to mean only SCANNED companion infections
can be detected by the Toolkit's FindVirus program.
The Toolkit also sports a memory integrity utility called CheckMem.
It failed to notice VOTE - a resident comapnion virus - in memory
although it complained incessantly about only 639k of apparent RAM
on the test machine even when no viruses were being tested.
However, this is unlikely to matter to the average user. The
CheckMem utility does not present its information in any way that
the average Prodigy subscriber would understand. Don't believe
me? Start checking the Prodigy Computer Club help forums and you'll
see what I mean.
The Toolkit's Quick Check Virus and CheckVirus programs easily
detected changes made to files by the PROTO-T virus (in this
Page 6
newsletter). Since PROTO-T has no stealth properties and changes
in infected file size are fairly obvious, this was an easy hit for
the Toolkit.
However, the alarm message "*.COM has changed!!!" is not particularly
useful. When contrasted with Leprechaun Software's Virus-Buster
advisories/warnings and the redoubtable Integrity Master, by
Stiller Research, both of which attempt to explain the possible
reasons for change and a range of appropriate actions, the Toolkit's
response is laughable. In addition, the Toolkit makes the user
manually edit the files that contain its integrity data as programs
are removed or renamed. This is a fairly rudimentary task, but still
beyond the scope of the average Prodigy subscriber.
Included with the Toolkit are some special programs. BROWSE
lets the user look at a suspicious file for "gotcha" messages.
This is a nice touch and one all anti-virus programs should
include. NOHARD and NOFLOPPY write protect respective disks.
This is, IMHO, a useless and intrusive feature in everyday
computing, but handy if you're going in harm's way.
The Toolkit also offers a standard array of repair functions
for recognized viral infections. It rightly backs off on making
any grand claims about the efficacy of these measures and sure
enough, the program took a hands-off approach to some minor variants
of recognized infections by merely renaming the file. When
repairing file virus infections, the Toolkit will rescan
a program after removal - a good feature which uncovers
multiple infections.
The Toolkit also has an interesting embedded virus database.
In it, viruses are described with regards to incidence, type of
infection, damage, encryption, and stealth properties. I had to
laugh at the frequent incidence description: "Not in the wild, but
could be." This is the best example of a waffle I've seen in
a long time, and it's been an election year.
On a positive note, the Toolkit's FindVirus ably detected all
the Mutation Engine variants I was able to generate.
In conclusion, without the manual Solomon's Toolkit would seem like
impenetrable murk to most users. Indeed, it's not entirely
fair to judge the Toolkit - which despite some glaring faults
is serviceable software - without this component. But I ask you,
will the average Prodigy user read, use and understand a
$40 manual? Hahaha. Bet against.
*******************************************************************
RAUBKOPY: AN ANTI-PIRACY VIRUS FROM GERMANY. FOR YOUR PLEASURE
*******************************************************************
You're going to like RAUBKOPY. Supplied as a DEBUG script in
this issue, RAUBKOPY - which translates literally as "theft
copy" or pirate, I presume - is a direct-action infector of
Page 7
.COM and .EXE files. Infected .COMfiles have the virus
body added to their beginning; with .EXE's the virus is
appended to the end. RAUBKOPY restricts itself to a single
directory on call and attempts to infect as many as 5
executables in a single go. RAUBKOPY is encrypted and resists
simple methods of breaking 8 and 16-bit encryption schemes.
The interesting feature of RAUBKOPY is its anti-piracy message,
displayed often and in German. Run RAUBKOPY a few times -
you'll be sure to see it.
It is:
-----------------------
A C H T U N G !
_______________________
"The Benutzung einer Raubkopi ist strassbar.
Nur wer Original-Disketten, Handbucher,
oder PD-Lizenzen besitzt dank
Kopien verwenden.
Programmeirung ist muhevolle Detailarbeit.
Wer Raubkopien verwendet, betrugt
Programmierer und der Lohn ihrer Arbeit."
The machine waits a moment and then prompts the user again,
"Bist Du sauber" (Are you honest?) (J/N)
Hit J for "Ja!" and the infected program will function.
An on-the-fly (so don't sue if it's imprecise) translation is:
"Attention!
The use of "Raubkopi" is restricted.
Only those with the original diskettes, manuals
or PD licenses may distribute copies.
"Programming is strenuous, exacting work.
Those who distribute pirated files, betray
programmers and the integrity of their work."
RAUBKOPY will also try to meddle with the fixed disk very late in
the afternoon or after the 12th of any month. VSUM reports this
as a buggy routine which fails; on my machine RAUBKOPY hung
the processor after making the disk spin. Although
RAUBKOPY appears to be harmless, it would be wise to be a little
cautious when tinkering with it.
*****************************************************************
ACME VIRUS - ANOTHER COMPANION INFECTOR
*****************************************************************
Also in this issue: ACME. ACME is another nuisance companion
virus - simple but easy to drive through the holes of most
anti-virus file integrity schemes. ACME will try to create
Page 8
companion files for every .EXE in the current directory in
one pass. Those new to the Crypt newsletter will want to
know that these files are 912-byte hidden, read-only images
of the ACME virus renamed as a COMfile equivalent of the
"infected" target. When the "infected" target is executed,
ACME will gain control of the computer, a consequence
of the fact the DOS will choose .COM programs before .EXE
programs of the same name to execute first.
ACME will lock up the PC with some insane music at 4 in
the afternoon and release its grip right after midnight.
ACME won't pollute your data - remove the virus by
erasing all the hidden, read-only images it produces.
Try it against Solomon's Toolkit, CPAV or your favorite
installed software. You will be surprised how quickly
ACME crawls all over it. Since ACME is restricted to
a single directory, it is hard for me to imagine it getting
very far. However, since it is very infectious, an ill-informed
clumsy reader could have it get away from them. Fortunately,
ACME is not nasty at all.
***************************************************************
PROTO-T: A RESIDENT .COM infector NAMED AFTER ANOMYMOUS
ELECTRONIC QUACKS
***************************************************************
And here it is! The dangerous, baffling PROTO-T! PROTO-T is
a memory resident infector of .COMfiles. PROTO-T WILL also
successfully infect COMMAND.COM if given the opportunity while
in memory.
PROTO-T diminishes the amount of memory by around 1k and a
simple MEM /c command will reveal it, IF the user has enough
brains to remember what the free memory of his machine was
BEFORE PROTO-T was installed.
Files infected by PROTO-T gain the ASCII string, "This program
is sick. [PROTO-T by Dumbco, INC.]" In addition, after 4 in
the afternoon PROTO-T infected programs will issue two
ugly squawks from the speaker and then begin to read the
hard file very quickly, mimicking a massive disk trashing.
The programs won't function, of course, but the disk will
be unscathed. It's a good demonstrator and convincingly
unsettling.
Enjoy PROTO-T!
And remember, in the words of Devin What'shisname, "I don't
like the looks of this one, not at all..."
***************************************************************
LATE STUFF FYI: Here's a list of virus exchange BBS's pulled
off the FidoNet.
Page 9
1) U.S.S.R System PHALCON/SKISM (091) 514-975-9362 DS
Apply with John Johnson at Landfill BBS 914-hak-vmbs
2) Darkcoffin/Crypt HQ (091) 215-966-3576 V32bis
Sysop : Tim Caton
3) The VIRUS (091) 804-599-4152 2400
Fidonet 1:271/297, Sysop : Aristotle, John A.Buchanan
4) The VIRUS EXCHANGE (091) 602-569-2420 14.4
Sysop : Michael Coughlin
5) HSRC BBS, David Butler (012) 28-3124 2400
Location : Pretoria, South Africa
Time 24Hrs
To phone from outside South Africa: 27-12-283124
*Appears to be the Human Science Resource Center.
6) Nemesis Eye, BBS, Darth Vader (021) 405-3543 2400
Location : Cape Town, South Africa
Time 16Hrs to 07Hrs GMT
To phone from outside South Africa 27-21-4053543
Ionic Destruction 215-722-4524
Nun Beaters Anonymous 708-251-5094
The Hell Pit BBS 708-459-7267
Incidentally, you may also find new copies of the Crypt letter at
these points.
------------------------------------------------------------------
Nowhere Man reports that he is feverishly working on completion of
Virus Creation Laboratory 2.0 for a near holiday release. And look
for N.E.D. polymorphic viruses to start popping up in early
January.
******************************************************************
ATTENTION READERS! TIME TO GET YOUR DIGS IN FOR THE FIRST ANNUAL
CRYPT VIRUS/ANTI-VIRUS/VIRUS AWARDS!
******************************************************************
In December, we'll release our picks in a variety of topics for
best and worse in the virus/anti-virus community. A few of
the categories:
Most interesting virus:
Most valuable player, virus programmer or other:
Best virus exchange:
National Dummkopf:
Best a-v scanner:
Best a-v software, overall:
Best publication (we humbly disqualify ourselves):
Page 10
Biggest flaming idiot:
Since they're gonna be editor's choices, they'll be purely subjective.
Nyah! But you, the Crypt reader, can get into the action, too!
Post your picks and pans on the VxNet with your own trenchant wit
and I'll be looking for 'em to include in the article. Or, ensure
your place in the Crypt letter by e-mailing them to me, URNST
KOUCH, at the BBS's listed at the end of this Crypt letter.
********************************************************************
IN THE READING ROOM: A HUMDINGER, PHILIP ZIMMERMAN'S 'PRETTY GOOD
PRIVACY' DOCUMENTATION
********************************************************************
"Forbidden freeware" is how Philip Zimmerman describes his Pretty
Good Privacy 2.0 encryption programs. Hah? Yup, I'm reading the
docs to a freeware program! Docs you might like to browse
yourself.
In a testament to the evil of lawyers and government secrecy,
Zimmerman explains why he can't distribute Pretty Good Privacy
and why it's contraband, of sorts. The tangled story, according
to Zimmerman, revolves around a litigation firm known as Public
Key Partners who own the patent to the RSA encryption used in
his program. They don't own it in any other country, only the
U.S. and, apparently, PKP isn't interested in licensing it or
providing software which uses it. But the Pretty Good Privacy
methods are in the open literature, the source code is published
and anyone can see it. But no one is supposed to use it.
In the U.S.A. Wow.
Nevertheless, Pretty Good Privacy and its source code can be found
on thousands of BBS's across the country.
It's an absurd situation and answers this question: "What do
you do if you're trapped in a room with Adolf Hitler, Saddam
Hussein and a lawyer and your gun has two bullets?"
Answer: "Shoot the lawyer twice."
The Crypt newsletter recommends you find Pretty Good Privacy
and read the docs. Heh. They're free.
********************************************************************
THE FINAL CREDITS ROLL!
********************************************************************
Software included with this issue of the Crypt newsletter can be
assembled by ensuring the MS-DOS program, DEBUG.EXE, is in
the path and typing: DEBUG <*.scr, where *.scr is the scriptfile
of interest. Even simpler, throw DEBUG.EXE into your current
directory with all the files from this newsletter and type
MAKE. The enclosed MAKE.BAT file will do the rest, prompting your
machine to produce working copies of the ACME, RAUBKOPY and
PROTO-T viruses in the current directory.
Page 11
Keep in mind that in the hands of incompetents, the ill-informed
and/or lazy, viruses assembled from code in the newsletter can
mess up data on your machine, sometimes irretrievably. If this
happens, your day will seem overlong and you may want to kick
something. Don't curse the newsletter, puh-leez. We're telling
you viruses WILL mangle your programs, it's what they DO.
This issue of the newsletter should contain the following files:
CRPTLET.TR9 - this electronic document
ACME.SCR - DEBUG scriptfile for the ACME companion virus
ACME.ASM - A86 listing for the ACME virus
RAUBKOPY.SCR - DEBUG scriptfile for the RAUBKOPY virus
PROTO-T.SCR - DEBUG scriptfile for the PROTO-T virus, by Dumbco
PROTO-T.ASM - TASM/MASM listing for PROTO-T virus
MAKE.BAT - handy, dandy makefile for Crypt software. Add
DEBUG and stir.
If any of these files are missing, ensure completeness by grabbing a
copy of the Crypt newsletter from the following BBS's:
CryPt HQ ∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙∙ Dark Coffin VX ∙∙∙∙∙∙∙∙ 215.966.3576
Member Support ∙∙∙∙∙∙∙∙∙∙∙∙∙∙ VIRUS_MAN BBS ∙∙∙∙∙∙∙∙∙ ITS.PRI.VATE
Southwest Distribution ∙∙∙∙∙∙ Virus Exchange/CC ∙∙∙∙∙ 602.569.2420
And one last request: Don't upload copies of the Newsletter to the
Dark Coffin. It makes you seem stupid and waists your valuable long-
distance on-line time. Thankee for your support.
-*-
Page 12